hh.sePublications
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security testing of the Zigbee communication protocol in consumer grade IoT devices
Halmstad University.
Halmstad University.
2019 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

With the ever increasing number of Internet of Things devices going out on the market for consumers that are Zigbee certified there is a need for security testing. This is to make sure that security standards are upheld and improved upon in order to make sure networks are protected from unauthorized users. Even though a lot of research and testing has been done on the Zigbee key exchange mechanism, called Zigbee commissioning, improvements have still not been enough with severe vulnerabilities in consumer grade devices still existing today. The devices tested in this study use EZ-mode commissioning in order to exchange the network key between a Zigbee coordinator and a Zigbee end device in order to encrypt later communication after being paired.  By using a simple radio receiver and a packet capturing program such as Wireshark an eavesdropping attack was conducted in order to capture the network key. The experiment demonstrates that this is still a weak point as the network key was successfully captured using eavesdropping. The analysis of the results show that previous criticisms of Zigbee commissioning have still not fully been addressed and can be a potential weak point in networks that use Zigbee certified IoT products.  

Place, publisher, year, edition, pages
2019. , p. 54
Keywords [en]
Zigbee, Protocol, IoT, Key Exchange, Internet of Things, Eavesdropping
National Category
Other Engineering and Technologies
Identifiers
URN: urn:nbn:se:hh:diva-40189OAI: oai:DiVA.org:hh-40189DiVA, id: diva2:1335987
Educational program
Master's Programme in Network Forensics, 60 credits
Supervisors
Examiners
Available from: 2019-07-15 Created: 2019-07-08 Last updated: 2019-07-15Bibliographically approved

Open Access in DiVA

fulltext(3354 kB)13 downloads
File information
File name FULLTEXT01.pdfFile size 3354 kBChecksum SHA-512
9ff7e4b313dfce7c650ffdd89b1641ad757bf2d2a6f4930f5e45d7ec5e0eacb2582ae6062259d57dede1e85dccc07d3a4f114659a96feb78f7ff834e63c2f8c9
Type fulltextMimetype application/pdf

By organisation
Halmstad University
Other Engineering and Technologies

Search outside of DiVA

GoogleGoogle Scholar
Total: 13 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 56 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf