Title: A novel vulnerability detection method for ZigBee MAC layer

Authors: Siwei Peng; Baojiang Cui; Ru Jia; Shurui Liang; Yiying Zhang

Addresses: Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China ' Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China ' Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China ' Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China ' Department of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing, China; State Grid Information & Telecommunication Company Ltd, Beijing, 100761, China

Abstract: Due to the hostile environment, open communication and implementation vulnerability, ZigBee is vulnerable to various attacks. But there are few effective vulnerability detection methods. In this paper, we design the ZigBee Border Conditions Based Tester (ZBCBT) to detect vulnerabilities on MAC layer. It generates elaborated frames (test cases) transmitting to the target nodes. Based on ZBCBT, we present a ZigBee Border Conditions Algorithm (ZBCA) and a hostile test framework (HTF) for better test performance. Comparing with Random Testing (RT) or fuzz methods, ZBCA tests border values of every field in the frame to improve the efficiency. HTF is a unique framework that ZBCBT simulates an attacker is utilised for further tests. The experimental results, including one frame triggers the network crash, have proved ZBCBT's effectiveness. Thus, by using ZBCA and HTF, this novel vulnerability detection method is a significant add-on approach for ZigBee security.

Keywords: vulnerability detection; ZigBee security; MAC layer; medium access control; test tools; border condition; ZBCBT; ZigBee attacks.

DOI: 10.1504/IJGUC.2013.056249

International Journal of Grid and Utility Computing, 2013 Vol.4 No.2/3, pp.134 - 143

Received: 25 Aug 2012
Accepted: 23 Sep 2012

Published online: 18 Sep 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article