Evaluating Security of Low-Power Internet of Things Networks

Abstract

Internet of Things (IoT) is one of the most prominent technologies on the Internet. Simple objects gain the ability to store, process and exchange information among themselves or with external entities, by observing and controlling the environment. Thanks to the rapid development of this innovation, IoT opens possibilities to a huge number of objects and applications that promise to improve our daily life. The main scenarios of the development of IoT are home automation/domestic and Industrial IoT. According to such scenarios, several applications could be implemented: from smart thermostats, light bulbs, refrigerators, ovens, door window sensors to volumetric, flow, heat and connected data processing devices. Since this is a new phenomenon, it has not yet been studied and analyzed for its entirety, also due to the lack of a definitive standard that can provide an overview of these devices. The objective of this paper is to implement different well-known attacks against IoT networks, by adopting the ZigBee communication protocol to analyze devices and network security. For our aim, we have considered different scenarios involving an attacker aiming to dismantle the IoT network (jamming, flooding DoS), retrieve sensitive information (sniffing, brute force password crack) and to actively communicate on the network to impersonate legitimate nodes (replay). Such exploitation provides us the ability to analyze the effects of attacks designed to target common wireless networks, when they are perpetrated against IoT environments. Obtained results prove that IoT devices and networks (often embedded in sensitive environments such as hospitals or critical infrastructures) are vulnerable to several attacks.