TY - GEN
T1 - Z-wave network reconnaissance and transceiver fingerprinting using software-defined radios
AU - Hall, Joseph
AU - Ramsey, Benjamin
AU - Rice, Mason
AU - Lacey, Timothy
PY - 2016
Y1 - 2016
N2 - Wireless Sensor Networks (WSNs) are a growing subset of the emerging Internet of Things (IoT). WSNs reduce the cost of deployment over wired alternatives; consequently, use is increasing in home automation, critical infrastructure, smart metering, and security solutions. Few published works evaluate the security of proprietary WSN protocols due to the lack of low-cost and effective research tools. One such protocol is ITU-T G.9959-based Z-Wave, which maintains wide acceptance within the IoT market. Concurrently, the use of software-defined radios (SDRs) is experiencing significant growth due to low-cost and open-source platforms. Using SDRs, network security professionals are able to evaluate WSNs and identify avenues of attack which historically required large investments in RF equipment and specialized skill sets. Recent work introduces Scapy-radio, a generic SDR-based wireless monitor/injection tool, designed to simplify the development of penetration testing capabilities for wireless networks. Other works demonstrate methods for fingerprinting transceivers for the IEEE 802.11b and IEEE 802.15.4 standards by analyzing packet reception rates when preamble lengths are manipulated. This work significantly expands Scapy-radio, providing broad support for the Z-Wave protocol using the low-cost HackRF SDR to investigate cooperative and non-cooperative fingerprinting techniques. Specifically, this work demonstrates transceiver type fingerprinting through experimental analysis of packet reception with respect to preamble length across eight devices from five manufactures, utilizing the two most widely-used Z-Wave transceivers. Furthermore, this work presents EZ-Wave, a set of Z-Wave network reconnaissance tools capable of network discovery and enumeration, device fingerprinting, and gathering device status information. Herein this work successfully demonstrates methods for conducting network reconnaissance on a Z-Wave Home Area Network and transceiver type fingerprinting through preamble manipulation with greater than 99% accuracy.
AB - Wireless Sensor Networks (WSNs) are a growing subset of the emerging Internet of Things (IoT). WSNs reduce the cost of deployment over wired alternatives; consequently, use is increasing in home automation, critical infrastructure, smart metering, and security solutions. Few published works evaluate the security of proprietary WSN protocols due to the lack of low-cost and effective research tools. One such protocol is ITU-T G.9959-based Z-Wave, which maintains wide acceptance within the IoT market. Concurrently, the use of software-defined radios (SDRs) is experiencing significant growth due to low-cost and open-source platforms. Using SDRs, network security professionals are able to evaluate WSNs and identify avenues of attack which historically required large investments in RF equipment and specialized skill sets. Recent work introduces Scapy-radio, a generic SDR-based wireless monitor/injection tool, designed to simplify the development of penetration testing capabilities for wireless networks. Other works demonstrate methods for fingerprinting transceivers for the IEEE 802.11b and IEEE 802.15.4 standards by analyzing packet reception rates when preamble lengths are manipulated. This work significantly expands Scapy-radio, providing broad support for the Z-Wave protocol using the low-cost HackRF SDR to investigate cooperative and non-cooperative fingerprinting techniques. Specifically, this work demonstrates transceiver type fingerprinting through experimental analysis of packet reception with respect to preamble length across eight devices from five manufactures, utilizing the two most widely-used Z-Wave transceivers. Furthermore, this work presents EZ-Wave, a set of Z-Wave network reconnaissance tools capable of network discovery and enumeration, device fingerprinting, and gathering device status information. Herein this work successfully demonstrates methods for conducting network reconnaissance on a Z-Wave Home Area Network and transceiver type fingerprinting through preamble manipulation with greater than 99% accuracy.
KW - Internet of things
KW - Software-defined radios
KW - Transceiver fingerprinting
KW - Wireless sensor networks
KW - Z-Wave
UR - http://www.scopus.com/inward/record.url?scp=84969178629&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84969178629
T3 - Proceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016
SP - 163
EP - 171
BT - Proceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016
A2 - Zlateva, Tanya
A2 - Greiman, Virginia A.
PB - Academic Conferences Limited
T2 - 11th International Conference on Cyber Warfare and Security, ICCWS 2016
Y2 - 17 March 2016 through 18 March 2016
ER -