7CS024 Internet of Things Security Assignment Sample 2024
ABSTRACT
Internet of things devices help to improve the user experience, the future success of the IOT devices depend on the security of these devices. The manufacturers should work on the security factors of these devices improvements in the security will help the users to trust these devices. Internet of things services include home security systems, high speed wireless internet, wearable health monitors, farming equipment, biometric security scanners, smart factory equipment, and logistic tracking.
The Internet of things involves a number of devices which are connected with the internet all over the world, these devices help to gather and share data. The availability of cheap computer chips and the wireless networks helps to transform devices into IOT devices. Although it is very simple to turn a device into an IOT device the security of these devices is a major concern. The Internet of things makes the devices smarter and improves the user experience by providing value added services.
1. INTRODUCTION
Internet of things devices are used widely to complex tusks without any complication however the security of these devices is a major concern for the manufacturers. Internet of thing devices are used for various purposes; it can be used by individuals or it can be used for businesses purposes.
IOT devices are designed for some particular scenarios the manufacturers are trying to improve these devices so that these devices can be more applicable in real life scenarios. The objective of conducting this research is to critically analyse IOT moreover to evaluate the challenges and limits of these devices. Security of Zigbee devices is evaluated in this research, the strengths and limitations of this technology and the application in real life scenarios is also analysed.
2. SURVEY AND RESEARCH GAP ANALYSIS
The survey for the research in security of the network is going to be conducted based on the literature survey the research has been conducted based on secondary data.
2.1. SURVEY AND RESEARCH
The purpose of this research is to evaluate the current state of technologies, tools and models moreover critically analyse the state of the earth in IOT security. Communication industry has several data rate communication standards however these standards are not as good as the Zigbee network communication standards [1].
The advanced communication services need low delay and low power consumption, the Zigbee network provides low cost and less energy consumption. The technology is used to control and sensor IEEE 802. 15.4 standards of wireless personal area networks [2].
The network service uses physical and Mac layers to operate several devices at less data rates. This communication technology can be utilized in embedded application, industrial control and home services.
CURRENT STATE OF ZIGBEE TECHNOLOGY
This network provides low cost, low energy consumption and is cheaper than other communication standards this technology is very easy to operate and supports different network configurations. Zigbee technology is implemented to control and monitor applications within the range of 10-100 meters.
This network is comparable with routers and provides a number of nodes to interconnect with one another to build a vast area of the network. The technologies operate with digital radios, it allows different devices to operate through each other these devices provide the instructions from coordinators to single end devices.
The coordinator is the most important device which is placed at the origin of the system, for each network there is a coordinator used to perform tasks [3]. The routers are placed between the coordinators and end devices they receive messages from the coordinator and keep them until the end devices are ready to receive the messages.
CURRENT STATE OF ZIGBEE SECURITY MODEL
The technology includes three devices: the router, coordinator and the end devices. One coordinator is needed in each network; it acts as a connector of the network, and the coordinator stores the information while receiving and transferring the messages.
This technology works as an interconnecting device which allows data to pass and transfers data to other devices. The end devices can perform a number of functions it helps to communicate with the parent nodes. Zigbee architecture includes a number of layers where physical and Mac layers define IEEE 802. 15.4 [4]. Based on the literature survey, it has been found that this architecture consists of numerous layers which are as follows:
Physical layer | Mac layer |
The physical layer performs modulation and demodulation, this layer does the transmitting and receiving of the signals. | Mac layer performs the transmission of data by utilizing various networks with CSMA it transmits beacon frames to synchronize communication. |
Network layer | Application support sub layer |
Network provides support to all network related services like network setup, routing and device configuration. | This layer provides the necessary services for the devices and applications to interact with network layers this layer helps to match two devices based on their services. |
Application framework | |
This delivers two different data operations as message services it is responsible for finding, initiating and connecting devices to the network. |
Table 1: Current state of Zigbee security model
2.2. VULNERABILITIES AND THREATS ZIGBEE SECURITY
The technology provides cost efficient and low powered network services however it has some protocol issues which can affect the security of the devices, the manufacturers made some errors in implementation that caused security issues.
IMPLEMENTATION ISSUES
Insecure key storage is a big threat for Zigbee technology its security is based on assumptions: the coordinator is connected with a network key and the other devices are connected with link keys. This key needs to be stored securely else extraction of these keys can be very easy [5].
The security related to key transportation is also at risk, any node which is connected to this network receives the network key over the air. As the network is connected with a number of devices the network key is not secure from attacks.
Zigbee network reuses the initialization vector value with the same key it raises the concern over security issues. This technology sends the security headers in clear text this can reduce the battery life of the devices significantly [6]. The networks stay in sleep mode for a particular amount of time to save energy and wake up at regular intervals. Knowing the poll rates helps the attacker to send messages to the end device in regular intervals which forces the devices to use more energy.
PROTOCOL ISSUES
Zigbee technology utilizes a number of protocols there are some issues in the protocols which affects the overall security of the network. The manufacturer uses default key values for the devices, if a person has a new device which he wants to add to his network however it does not have any authorization [7].
The network allows a default key hacker can easily collect data which can affect network security. The network does not provide confidentiality protection for acknowledgement packets attackers can hamper the acknowledgement packets.
Attackers can hamper channels with frames at the Mac layer which focus the network to block communication, this happens because this network utilizes CSMA/CA. Single network key is sent unscripted by the trust centre at the time a non-pre -configured device joins the network, attackers can damage the security of the network using this error. PAN IDs which are predictable are used in the Zigbee network resulting in possible attacks on the network [8].
This technology has insufficient replay protections, the attackers can easily use previously observed data for their purpose.
2.3. RESEARCH GAP ANALYSIS
The purpose of research gap analysis is to find out the gaps and the limitations of the technology, here Zigbee technology is used to conduct the research. There are several drawbacks in the network which can be utilized by the attackers [9]. This technology can be used in Internet of things devices however the manufacturers need to address the security concerns of the networks.
Internet of thing devices are designed to provide premium user experience and secure service. Zigbee networks have some major security issues, it has a number of implementational and protocol issues.
The implementation issues include key storage key transportation, reusing IV, security headers, sensor polling rates. These are caused by poor implementation security methods the attackers can utilize these security gaps to breach the networks. The protocol issues include default link key values, acknowledgement packets, CSMA/CA, encrypted keys, relay protections [10].
These issues depend on the protocols of the technology the network security is very minimal when a new device joins the network. The attackers can extract information by using new devices on the network.
These issues are noticed after a critical evaluation on this network however there can be more security issues in the network. There are some gaps in this research due to insufficient practical experience, in depth practical exposure is very crucial to evaluate these security issues properly.
3. APPLICATION IN REAL LIFE SCENARIO
The Zigbee technology provides low power consumption and it is cost efficient, Zigbee is a communication technology which connects a number of devices. This technology is used for a number of different purposes like home automation, wireless sensor networks, industrial control system, medical data collection. These devices have several protocol and implementation issues however these issues can be solved by taking different security measures.
The key storage of the system is not secured hackers can breach the system and extract these keys the manufacturers need to deploy more secure key storage. Key transportation is crucial for operating the systems but it is not secure [11]. The designers need to provide security at the time of key transportation it happens over the air they need to bring more secure channels for the transportation.
This network reuses initialization vector values; they need to provide different values for this purpose. Using different values will increase the security of the system and protect it from the hackers. The network stays in sleep mode to save power, this helps the attackers to send information in intervals, they need to reduce the sleep time and implement security check-up to avoid complications.
The manufacturers use the same key values for the devices which reduces the level of security, they need to implement different key values for the devices in this way the devices will be more secure. They allow the use of the same key the designers need to deploy more secure methods to increase the security levels of the network.
This network does not provide protection for the packets which increases the security risks. They need to implement security layers for the packets in this way the acknowledgement packets will be more secure. The breachers can change the channels with frames in the Mac layer because they use CSMA/CA the designers need to implement different technology to avoid this security risk [12]. They need to come up with designs and technologies which are effective and highly secure it will help to reduce the risk factors of the network.
The trust centre sends a single network key without any security measures, a device which is not previously configured can be used by the hackers to hack the network. The manufacturers need to use more secure network keys and they need to block the new devices from collecting any kind of data inside the network. The networks don’t have any relay protections therefore the attackers can easily see the data which are observed previously [13].
The manufacturers news to apply more security layers and they need to avoid insecure replay of the data. This will help them to increase the overall security of the technology and prevent the hackers from breaching the system.
This communication network can be implemented with Internet of thing devices, it will provide the users a secure network and it will be available at a low budget [14].
New technologies can be implemented to improve the security level of the system and increase the efficiency of the network. IOT technologies are more trustworthy than the traditional devices users trust these devices for their day-to-day use [15]. The users demand more value-added services from their devices, IOT technology helps the designers to implement more user-friendly services in the devices.
4. CONCLUSION AND RECOMMENDATION
Evaluating the working of Zigbee technology and its services helped to understand how this network works and what are the advantages of this technology. This technology is used as IOT devices and it has many applications in real world scenarios. Security is one of the highest priorities of these devices’ users trust these devices because they provide an effective and secure service.
This network has some security issues which are discussed in the security threat section, these threats need to be considered by the manufacturers and they need to provide more secure solutions. These security limitations can be fixed by applying security layers and using structured methods.
This technology offers services at a less price and consumes less energy, however the designers need to bring more customer centric approaches to improve the overall quality of the devices. This network has potentials to become more secure and trustworthy to the users, they need to focus on the risk factors of the network.
REFERENCES
- Fan, X., Susan, F., Long, W. and Li, S., 2017. Security analysis of zigbee. MWR InfoSecurity, pp.1-18. https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/158/17.pdf
- Moridi, M.A., Kawamura, Y., Sharifzadeh, M., Chanda, E.K., Wagner, M. and Okawa, H., 2018. Performance analysis of ZigBee network topologies for underground space monitoring and communication systems. Tunnelling and Underground Space Technology, 71, pp.201-209. https://cs.adelaide.edu.au/~markus/pub/2017tunnelling.pdf
- Akestoridis, D.G., Harishankar, M., Weber, M. and Tague, P., 2020, July. Zigator: analyzing the security of zigbee-enabled smart homes. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks(pp. 77-88). https://dl.acm.org/doi/pdf/10.1145/3395351.3399363
- Wang, Y., Chen, C. and Jiang, Q., 2019. Security algorithm of Internet of Things based on ZigBee protocol. Cluster Computing, 22(6), pp.14759-14766. http://lib.21h.io/library/CXWRK35M/download/DNAIC93P/2019_Security_algorithm_of_Internet_of_Things_based_on_ZigBee_protocol_14759-14766p_Cluster_Computing.pdf
- van Leeuwen, D. and Ayuk, L.T., 2019. Security testing of the Zigbee communication protocol in consumer grade IoT devices. https://www.diva-portal.org/smash/get/diva2:1335987/FULLTEXT01.pdf
- Rana, S.M., Halim, M.A. and Kabir, M.H., 2018. Design and implementation of a security improvement framework of Zigbee network for intelligent monitoring in IoT platform. Applied Sciences, 8(11), p.2305. https://www.mdpi.com/2076-3417/8/11/2305/pdf
- Khanji, S., Iqbal, F. and Hung, P., 2019, June. ZigBee security vulnerabilities: Exploration and evaluating. In 2019 10th International Conference on Information and Communication Systems (ICICS)(pp. 52-57). IEEE. https://www.academia.edu/download/59059317/ZigBee-Security-Khanji20190428-36059-b0e43z.pdf
- Adaramola, O.J. and Olasina, J.R., 2018. Network Investigation and Performance Analysis of ZigBee Technology Using OPNET. Journal of Advances in Computer Engineering and Technology, 4(4), pp.209-218. http://jacet.srbiau.ac.ir/article_13226_ae09ff24162a377107f71536e53daa43.pdf
- Hassan, N.A. and Farhan, A.K., 2019. Security improve in ZigBee protocol based on RSA public algorithm in WSN. Engineering and Technology Journal, 37(3B), pp.67-73. http://www.engtechjournal.org/index.php/et/article/download/53/440
- Vaccari, I., Aiello, M. and Cambiaso, E., 2020. Innovative Protection System Against Remote AT Command Attacks on ZigBee Networks. Acta Sci. Comput. Sci, 2, pp.2-8. https://www.researchgate.net/profile/Ivan-Vaccari/publication/340886002_Innovative_Protection_System_Against_Remote_AT_Command_Attacks_on_ZigBee_Networks/links/5ea29da0299bf1438943f708/Innovative-Protection-System-Against-Remote-AT-Command-Attacks-on-ZigBee-Networks.pdf
- Sharma, J., Pratim Bhattacharya, P. and Kumar Jha, M., 2017. Performance analysis of ZigBee in beacon enabled and beacon-less network for smart grid environments. International Journal of Sensors Wireless Communications and Control, 7(1), pp.39-43. https://www.researchgate.net/profile/Jeetu_Sharma3/publication/309467315_Performance_Analysis_of_ZigBee_in_Beacon_Enabled_and_Beacon-less_Network_for_Smart_Grid_Environments/links/5ae847bd45851588dd7fe316/Performance-Analysis-of-ZigBee-in-Beacon-Enabled-and-Beacon-less-Network-for-Smart-Grid-Environments.pdf
- Shrestha, S. and Shakya, S., 2020. Technical Analysis of ZigBee Wireless Communication. Journal of trends in Computer Science and Smart technology (TCSST), 2(04), pp.197-203. https://irojournals.com/tcsst/V2/I4/04.pdf
- Cayre, R., Galtier, F., Auriol, G., Nicomette, V., Kaâniche, M. and Marconato, G., 2021, June. WazaBee: attacking Zigbee networks by diverting Bluetooth Low Energy chips. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). https://hal.laas.fr/hal-03193299/document
- Rao, P.M., Rao, Y.C. and Kumar, M.A., 2018, January. Performance analysis of ZigBee wireless sensor networks using Riverbed simulation modeler. In 2018 2nd International Conference on Inventive Systems and Control (ICISC)(pp. 1272-1277). IEEE. https://www.researchgate.net/profile/Y_Chalapathi_Rao/publication/326078567_Performance_analysis_of_ZigBee_wireless_sensor_networks_using_Riverbed_simulation_modeler/links/5b6b160ea6fdcc87df6da132/Performance-analysis-of-ZigBee-wireless-sensor-networks-using-Riverbed-simulation-modeler.pdf
- Ge, M., Hong, J.B., Guttmann, W. and Kim, D.S., 2017. A framework for automating security analysis of the internet of things. Journal of Network and Computer Applications, 83, pp.12-27. https://www.researchgate.net/profile/Dan_Kim28/publication/309563139_A_framework_for_modeling_and_assessing_security_of_the_internet_of_things/links/5ec546df92851c11a8784e44/A-framework-for-modeling-and-assessing-security-of-the-internet-of-things.pdf
Know more about UniqueSubmission’s other writing services: