Show simple item record

dc.contributor.advisorGhobakhlou, Akbar
dc.contributor.advisorSabit, Hakilo
dc.contributor.authorCato, James
dc.date.accessioned2022-04-26T02:38:39Z
dc.date.available2022-04-26T02:38:39Z
dc.date.copyright2022
dc.identifier.urihttp://hdl.handle.net/10292/15074
dc.description.abstractZigBee is a wireless technology standard for connecting Internet of Things (IoT) devices based on the IEEE 802.15.4 specification. Similarly to other IoT protocols, ZigBee faces numerous security issues that threaten the confidentiality, integrity and availability of its networks and services. ZigBee is implemented with a variant of the 128-bit Advanced Encryption Standard with symmetric keys for node authentication and data confidentiality. However, ZigBee’s technology incorporates certain constraints, such as low cost and low power into its design, which has allowed certain security issues to persist across the protocol revisions over the years. These constraints raise concerns because ZigBee is often deployed in data-sensitive applications. Although previous studies have addressed the main security issues found in the earlier protocol revisions, limited studies have been conducted on the latest ‘ZigBee 3.0’ standard. Therefore, this research contributes to addressing this research gap by investigating the impact of the identified and prevalent security issues against ZigBee 3.0 networks. Three core issues were investigated in this study based on the findings in the related literature: (a) ‘Security of Symmetric Keys’, which relates to how an attacker could obtain ZigBee’s symmetric keys through exploiting known vulnerabilities and whether the implemented security mechanisms are sufficient to protect the keys; (b) ‘Compromised Symmetric Keys’, which concerns the breach against a network’s confidentiality if one or more of its symmetric keys have been exposed by an attacker; and (c) ‘Insufficient Denial of Service Protection Mechanisms’, which enables the protocol to be susceptible to specific denial of service attacks. The research was conducted as a practical undertaking against real ZigBee 3.0 networks comprising XBee 3 radio modules and ZigBee-compatible hardware. Attacks associated with each issue were performed to determine their impact, and where necessary, both security models provided by ZigBee 3.0 were evaluated separately. In addition, the study outlined the security controls within the device’s configuration, as well as best practices that can be applied to address or mitigate the attacks considered in this study and strengthen the network’s security over symmetric keys. The compiled results revealed that certain attacks under each investigated security issue continue to affect the confidentiality or availability of ZigBee 3.0 networks. However, the enhancements made to the protocol’s security controls combat the elements of each security issue, reducing their overall impact compared with its earlier revisions.en_NZ
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.subjectZigbeeen_NZ
dc.subjectZigbee 3.0en_NZ
dc.subjectIEEE 802.15.4en_NZ
dc.subjectInternet of Thingsen_NZ
dc.subjectSecurityen_NZ
dc.subjectNetworken_NZ
dc.subjectPrivacyen_NZ
dc.subjectVulnerabilitiesen_NZ
dc.subjectExploitationen_NZ
dc.subjectSymmetric Keysen_NZ
dc.subjectDecryptionen_NZ
dc.subjectCompromised Dataen_NZ
dc.subjectDenial of Serviceen_NZ
dc.titleAn Assessment of Prevalent Security Issues on ZigBee 3.0 Networksen_NZ
dc.typeThesisen_NZ
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Information Security and Digital Forensicsen_NZ
dc.rights.accessrightsOpenAccess
dc.date.updated2022-04-12T20:55:35Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record