+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      RESTful HTTPS over Zigbee: Why and how?

      , , ,
      6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR)
      Cyber Security Research
      10th-12th September 2019


            With the advent of the Internet-of-Things (IoT), there has been a wave of wireless protocols aimed at providing communication between connected devices. One of the most widely used protocols is Zigbee, a derivative of the IEEE 802.15.4 protocol for building low power mesh networks. Whilst Zigbee has largely found a use in consumer grade devices, it has also been explored as a protocol for use in industrial and building automation systems. A number of vulnerabilities have been found within the Zigbee and IEEE 801.15.4 standard which could damage the integrity of the transmitted data. Therefore, we propose a solution wherein a RESTful HTTPS protocol is transmitted over Zigbee networks, effectively providing a double layer of security. We demonstrate that RESTful HTTPS over Zigbee is possible, and evaluate its performance.


            Author and article information

            September 2019
            September 2019
            : 107-116
            [0001]Bristol Cyber Security Group

            University of Bristol

            Bristol, UK
            © Soo Yee Lim et al. Published by BCS Learning and Development Ltd. 6th International Symposium for ICS & SCADA Cyber Security Research 2019

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            6th International Symposium for ICS & SCADA Cyber Security Research 2019
            Athens, Greece
            10th-12th September 2019
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product Information: 1477-9358BCS Learning & Development
            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/icscsr19.14
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction


            1. A security analysis for wireless sensor mesh networks in highly critical systems IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 40 4 419 428 July 2010

            2. ZigBee Specification ZigBee Document 053474r20 2012

            3. Digi Xbee S1 802.15.4 RF Modules http://attie.co.uk/libxbee 2012 2019-04-30

            4. Security analysis of wirelesshart communication scheme Foundations and Practice of Security 223 238 Cham 2017 Springer

            5. A Low-Cost ZigBee-Based Wireless Industrial Automation System 739 749 Springer 2017

            6. WirelessHART: Real-Time Mesh Network for Industrial Automation Springer 1st edition,2010

            7. ZigBee/IEEE 802.15.4 Summary UC Berkeley September 10 2004.

            8. Daniel Stenberg. libcurl - the multiprotocol file transfer library https://curl.haxx.se/libcurl/ 1997 2019-04-29

            9. Digi Xbee S1 802.15.4 RF Modules https://www.digi.com/pdf/ds_xbeemultipointmodules.pdf 2019-04-29

            10. The emergence of zigbee in building automation and industrial control Computing Control Engineering Journal 16 2 14 19 April 2005

            11. REST APIs must be hypertext-driven http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven 2008 2019-04-25

            12. Architectural Styles and the Design of Network-based Software Architectures PhD thesis, University of California Irvine 2000 AAI9980887

            13. IEEE. IEEE 802.15 WPAN Task Group 4 (TG4) http://www.ieee802.org/15/pub/TG4.html Accessed: 2019-04-27

            14. Zigbee security basics (part 3) https://research.kudelskisecurity.com/2017/11/21/zigbee-security-basics-part-3/ 2017

            15. Ulfius https://github.com/babelouest/ulfius

            16. Power analysis attacks against ieee 802.15.4 nodes Constructive Side-Channel Analysis and Secure Design 55 70 Cham 2016 Springer

            17. Message denial and alteration on ieee 802.15.4 low-power radio networks 2011 4th IFIP International Conference on New Technologies, Mobility and Security pages 1 5 Feb 2011

            18. Three practical attacks against zigbee security: Attack scenario definitions, practical experiments, countermeasures, and lessons learned 2014 14th International Conference on Hybrid Intelligent Systems 199 206 IEEE 2014

            19. On the choice of the appropriate AES data encryption method for ZigBee nodes Security and Communication Networks 9 12 2010

            20. Zigbee in building industrial control and automation International Journal of Wireless Communications and Networking 3 2 Dec 2011

            21. Security considerations for the wirelesshart protocol 2009 IEEE Conference on Emerging Technologies Factory Automation 1 8 Sep 2009

            22. Security considerations for ieee 802.15.4 networks Proceedings of the 3rd ACM Workshop on Wireless Security, WiSe ’04 32 42 New York, NY, USA 2004 ACM

            23. Classification and analysis of security attacks in wsns and ieee 802.15.4 standards : A survey 2017 3rd International Conference on Advances in Computing,Communication Automation (ICACCA) (Fall) 1 5 Sep 2017

            24. On the ieee 802.15.4 mac layer attacks: Gts attack 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008) 673 678 Aug 2008

            25. An investigation on ieee 802.15.4 mac layer attacks Proc. of WPMC 41 42 92 2007

            26. Security threats in zigbee-enabled systems: Vulnerability evaluation, practical experiments, countermeasures, and lessons learned 2013 46th Hawaii International Conference on System Sciences 5132 5138 Jan 2013

            27. A Note on Distributed Computing. Technical report IEEE Micro 1994

            28. Practical Message Manipulation Attacks in IEEE 802.15.4 Wireless Networks MMB DFT 2012 Workshop Proceedings 29 31 Mar 2012

            29. Killerbee: Practical zigbee expliutation framework https://www.willhackforsushi.com/presentations/toorcon11-wright.pdf 2011


            Comment on this article