A novel vulnerability detection method for ZigBee MAC layer

Authors:
Siwei Peng;Baojiang Cui;Ru Jia;Shurui Liang;Yiying Zhang
Affiliations:
Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China;Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China;Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China;Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China;Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China/ State Grid Information & Telecommunication Company Ltd, Beijing, 100761, China
Venue:
International Journal of Grid and Utility Computing
Year:
2013

Citing 16
Cited 0

SPINS: security protocols for sensor networks

Wireless Networks
Violating Assumptions with Fuzzing

IEEE Security and Privacy
Wireless sensor networks: A survey on the state of the art and the 802.15.4 and ZigBee standards

Computer Communications
Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities

HASE '07 Proceedings of the 10th IEEE High Assurance Systems Engineering Symposium
Wireless sensor network survey

Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting Communication Protocol Security Flaws by Formal Fuzz Testing and Machine Learning

FORTE '08 Proceedings of the 28th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
ZigBee Wireless Networks and Transceivers

ZigBee Wireless Networks and Transceivers
An enhanced security architecture for wireless sensor network

DNCOCO'09 Proceedings of the 8th WSEAS international conference on Data networks, communications, computers
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Dynamic test generation to find integer bugs in x86 binary linux programs

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Improving Fuzz Testing Using Game Theory

NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
A Key Management Protocol for Multiphase Hierarchical Wireless Sensor Networks

EUC '10 Proceedings of the 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing
Study and Application of Security Based on ZigBee Standard

MINES '11 Proceedings of the 2011 Third International Conference on Multimedia Information Networking and Security
Towards enhanced key management in multi-phase ZigBee network architecture

Computer Communications
Centroidal Voronoi Tessellations—A New Approach to Random Testing

IEEE Transactions on Software Engineering
A model-based approach to security flaw detection of network protocol implementations

ICNP '08 Proceedings of the 2008 IEEE International Conference on Network Protocols

Quantified Score

Hi-index	0.00

Visualization

Abstract

Due to the hostile environment, open communication and implementation vulnerability, ZigBee is vulnerable to various attacks. But there are few effective vulnerability detection methods. In this paper, we design the ZigBee Border Conditions Based Tester ZBCBT to detect vulnerabilities on MAC layer. It generates elaborated frames test cases transmitting to the target nodes. Based on ZBCBT, we present a ZigBee Border Conditions Algorithm ZBCA and a hostile test framework HTF for better test performance. Comparing with Random Testing RT or fuzz methods, ZBCA tests border values of every field in the frame to improve the efficiency. HTF is a unique framework that ZBCBT simulates an attacker is utilised for further tests. The experimental results, including one frame triggers the network crash, have proved ZBCBT's effectiveness. Thus, by using ZBCA and HTF, this novel vulnerability detection method is a significant add-on approach for ZigBee security.