Marco Tiloca

Considerations on Security in ZigBee Networks

ZigBee outlines a new suite of protocols targeted at low-rate, low-power devices and sensor nodes. ZigBee Specification includes a number of security provisions and options. The security model specified in the Smart Energy Profile seems bound to become the reference security model for most of ZigBee applications. In this paper we review this security model and highlight places where its specification presents concerns and possible inefficiencies in security management. Specifically, we show that the specification does not adequately address the forward security requirement so allowing a number of threats at the routing and application layer. Furthermore, we show inefficiencies in managing both the Network Key and devices certificates. Finally, we make some proposals to address these problems.

SAD-SJ: A self-adaptive decentralized solution against Selective Jamming attack in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are currently used in many application scenarios, including industrial applications and factory automation. In such scenarios, Time Division Multiple Access (TDMA) is typically used for data communication among sensor nodes. However, TDMA-based WSNs are particularly prone to Selective Jamming attack, a specific form of Denial of Service attack aimed at severely thwarting network reliability. In this paper, we present SAD-SJ, a self-adaptive and decentralized MAC-layer solution against selective jamming in TDMA-based WSNs. SAD-SJ does not need a central entity, requires sensor nodes to rely only on local information, and allows them to join and leave the network without hindering other nodes activity. We show that SAD-SJ introduces a limited overhead, in terms of computation, communication and energy consumption.

On experimentally evaluating the impact of security on IEEE 802.15.4 networks

IEEE 802.15.4 addresses low-rate wireless personal area networks, enables low power devices, and includes a number of security provisions and options (the security sublayer). Security competes with performance for the scarce resources of low power, low cost sensor devices. So, a proper design of efficient and secure applications requires to know the impact that IEEE 802.15.4 security services have on the protocol performance. In this paper we present the preliminary results of a research activity aimed at quantitatively evaluating such impact from different standpoints including memory consumption, network performance, and energy consumption. The evaluation exploits a free implementation of the IEEE 802.15.4 security sublayer.

IEEE 802.15.4 and ZigBee as Enabling Technologies for Low-Power Wireless Systems with Quality-of-Service Constraints

This book outlines the most important characteristics of IEEE 802.15.4 and ZigBee and how they can be used to engineer Wireless Sensor Network (WSN) systems and applications, with a particular focus on Quality-of-Service (QoS) aspects. It starts by providing a snapshot of the most relevant features of these two protocols, identifying some gaps in the standard specifications. Then it describes several state-of-the-art open-source implementations, models and tools that have been designed by the authors and have been widely used by the international community. The book also outlines the fundamental performance limits of IEEE 802.15.4/ZigBee networks, based on well-sustained analytical, simulation and experimental models, including how to dimension such networks to optimize delay/energy trade-offs.

HISS: A HIghly Scalable Scheme for Group Rekeying

Group communication is a suitable and effective communication model for large-scale distributed systems. To be fully exploitable, group communication must be protected. This is normally achieved by providing members with a group key which is revoked and redistributed upon every member’s joining (backward security) or leaving (forward security). Such a rekeying process must be efficient and highly scalable. In this paper, we present HISS, a highly scalable group rekeying scheme that efficiently rekeys the group into two broadcast rekeying messages. HISS features two novel contributions. First, it exhibits a rekeying cost which is constant and independent of the group size, thus being highly scalable with the number of users. At the same time, memory occupancy and computational overhead are affordable on customary platforms. Second, HISS considers collusion as a first-class attack and recovers the group in such a way that it does not require a total group recovery. Efficiency of collusion recovery gracefully decreases with the attack severity. We prove the correctness of HISS, analytically evaluate its performance and argue that it is deployable on customary platforms. Finally, we show that it is possible to practically contrast or even prevent collusion attacks by properly allocating users to subgroups.

On simulative analysis of attack impact in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are frequently adopted in industrial applications. However, they are particularly prone to cyber-physical attacks. Since addressing all possible attacks is not viable, due to performance and economic reasons, it is vital to choose which attacks to address and which countermeasures to adopt. Hence, a quantitative analysis of attack impact is crucial to make an effective choice. In this paper, we present a simulative approach to attack impact analysis, and show that simulation results provide valuable insights on the attack severity. To fix ideas, we refer to a WSN monitoring pollutant emissions of a critical infrastructure. We analyze effects of cyber-physical attacks against the network, and rank them according to their impact severity. This supports designers in deciding which attacks to address and which countermeasures to select.

JAMMY: A Distributed and Dynamic Solution to Selective Jamming Attack in TDMA WSNs

Time division multiple access (TDMA) is often used in wireless sensor networks (WSNs), especially for critical applications, as it provides high energy efficiency, guaranteed bandwidth, bounded and predictable latency, and absence of collisions. However, TDMA is vulnerable to selective jamming attacks. In TDMA transmission, slots are typically pre-allocated to sensor nodes, and each slot is used by the same node for a number of consecutive superframes. Hence, an adversary could thwart a victim node’s communication by simply jamming its slot(s). Such attack turns out to be effective, energy efficient, and extremely difficult to detect. In this paper, we present JAMMY, a distributed and dynamic solution to selective jamming in TDMA-based WSNs. Unlike traditional approaches, JAMMYxa0changes the slot utilization pattern at every superframe, thus making it unpredictable to the adversary. JAMMYxa0is decentralized, as sensor nodes determine the next slot utilization pattern in a distributed and autonomous way. Results from performance analysis of the proposed solution show that JAMMYxa0introduces negligible overhead yet allows multiple nodes to join the network, in a limited number of superframes.

Models and Tools

An accurate planning and dimensioning of the network parameters and resources is paramount for the overall system to behave as expected. This is particularly important when there are more demanding quality-of-service requirements to be met, namely related to the correct and timely execution of the tasks and transmission of messages. This chapter outlines a set of analytical and simulation models and tools to help the system designer to setup and fine tune all relevant settings and parameters, as well as to anticipate hardware problems and identify the network behavior and its performance limits.

A solution to the GTS-based selective jamming attack on IEEE 802.15.4 networks

The IEEE 802.15.4 standard allows devices to access the medium not only in contention mode but also in a contention-free way, in order to support quality of service (QoS). In contention-free mode, devices access the medium according to the guaranteed time slot (GTS) mechanism, which is vulnerable to the selective jamming attack. This is a particularly insidious form of denial of service that allows an attacker to thwart QoS while limiting her own exposure at the minimum. In this paper, we present selective jamming resistant GTS , a solution against the GTS-based selective jamming. We also show that our solution is standard compliant and affordable for resource-scarce devices like Tmote Sky motes.

ASF: An attack simulation framework for wireless sensor networks

Wireless Sensor Networks are vulnerable to quite a good deal of logical and physical security attacks. However, providing security countermeasures for every possible attack is practically unfeasible for cost and performance reasons. Thus, it is vital to properly rank security attacks in order to establish priorities and then select appropriate countermeasures. In this paper, we present ASF, an attack simulation framework that allows us to describe attacks and quantitatively evaluate their effects on the application and network behavior and performance. ASF helps users to evaluate the impact of an attack, a crucial step in the attacks ranking activity. Also, we present an early prototype of ASF built on top of the popular simulator Castalia. Finally, we show the capabilities of ASF by analysing four attacks against a realistic application scenario.