Sharpening the Stinger: Tuning KillerBee for Critical Infrastructure Warwalking

Wireless mesh networks are increasingly incorporated into systems recognized as critical infrastructure, including hospitals and smart electrical grids. The Killer Bee exploitation framework is a package of open source tools used to locate, analyze, and disrupt IEEE 802.15.4 low rate networks in these critical systems. Penetration testers use the tool named zbfind to rapidly locate wireless transmitters, estimating distance from received signal strength. Recent work demonstrates that the transmitter distance estimation model in the initial zbfind release is highly inaccurate. Results herein strongly suggest that the Atmel RZUSB stick is a viable hardware platform for zbfind war walking, but that CC2420-based boards are inadequate. This work also demonstrates improved distance estimation models for locating transmitters in hospitals and in smart utility meters while on foot (i.e., War walking). A distance estimation model fitted to data collected in a military hospital is shown to also improve accuracy against an operational ZigBee mesh network in a civilian hospital. Outdoor war walking necessitates different model parameters than used indoors, so this work also demonstrates a distance estimation model for use against smart utility meters.

[1]  Andrea Cavallaro,et al.  Distributed measurement selection for energy-efficient radio tracking , 2013, Proceedings of the 16th International Conference on Information Fusion.

[2]  Yunhao Liu,et al.  Robust Component-Based Localizationin Sparse Networks , 2014, IEEE Transactions on Parallel and Distributed Systems.

[3]  R A Tell,et al.  Radiofrequency fields associated with the Itron smart meter. , 2012, Radiation protection dosimetry.

[4]  Sergey Bratus,et al.  Api-do: Tools for Exploring the Wireless Attack Surface in Smart Meters , 2012, 2012 45th Hawaii International Conference on System Sciences.

[5]  Ryan Speers,et al.  IEEE 802.15.4 Wireless Security: Self-Assessment Frameworks , 2011 .

[6]  Benjamin W. P. Ramsey,et al.  Watching for Weakness in Wild WPANs , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[7]  Richard Booton,et al.  Method of Estimating Satellite Link Quality in a Time Slotted Tactical UHF SATCOM System , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[8]  Ryan W. Thomas,et al.  Modeling and Mitigating Noise and Nuisance Parameters in Received Signal Strength Positioning , 2012, IEEE Transactions on Signal Processing.

[9]  Benjamin W. P. Ramsey,et al.  Improved tools for indoor ZigBee warwalking , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[10]  Bradley Reaves,et al.  Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems , 2012, Int. J. Crit. Infrastructure Prot..

[11]  Annabelle Lee,et al.  Guidelines for Smart Grid Cyber Security , 2010 .

[12]  Yanghee Choi,et al.  How to Mitigate Signal Dragging during Wardriving , 2010, IEEE Pervasive Computing.