ZigBee outlines a new suite of protocols targeted at low-rate, low-power devices and sensor nodes. ZigBee Specification includes a number of security provisions and options. The security model specified in the Smart Energy Profile seems bound to become the reference security model for most of ZigBee applications. In this paper we review this security model and highlight places where its specification presents concerns and possible inefficiencies in security management. Specifically, we show that the specification does not adequately address the forward security requirement so allowing a number of threats at the routing and application layer. Furthermore, we show inefficiencies in managing both the Network Key and devices certificates. Finally, we make some proposals to address these problems.
Considerations on Security in ZigBee Network
DINI, GIANLUCA;TILOCA, MARCO
2010-01-01
Abstract
ZigBee outlines a new suite of protocols targeted at low-rate, low-power devices and sensor nodes. ZigBee Specification includes a number of security provisions and options. The security model specified in the Smart Energy Profile seems bound to become the reference security model for most of ZigBee applications. In this paper we review this security model and highlight places where its specification presents concerns and possible inefficiencies in security management. Specifically, we show that the specification does not adequately address the forward security requirement so allowing a number of threats at the routing and application layer. Furthermore, we show inefficiencies in managing both the Network Key and devices certificates. Finally, we make some proposals to address these problems.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
