Document Type

Article

Publication Date

7-2017

Abstract

Z-Wave is a proprietary technology used to integrate sensors and actuators over RF and perform smart home and office automation services. Lacking implementation details, consumers are under-informed on the security aptitude of their installed distributed sensing and actuating systems. While the Physical (PHY) and Medium Access Control (MAC) layers of the protocol have been made public, details regarding the network layer are not available for analysis. Using a real-world Z-Wave network, the frame forwarding and topology management aspects of the Z-Wave routing protocol are reverse engineered. A security analysis is also performed on the network under study to identify source and data integrity vulnerabilities of the routing protocol. It is discovered that the topology and routes may be modified by an outsider through the exploitation of the blind trust inherent to the routing nodes of the network. A Black Hole attack is conducted on a real-world Z-Wave network to demonstrate a well-known routing attack that exploits the exposed vulnerabilities. As a result of the discoveries, several recommendations are made to enhance the security of the routing protocol.

Comments

Sourced from the version of record at ScienceDirect:
Badenhop, C. W., Graham, S. R., Ramsey, B. W., Mullins, B. E., & Mailloux, L. O. (2017). The Z-Wave routing protocol and its security implications. Computers & Security, 68(July), 112–129. https://doi.org/10.1016/j.cose.2017.04.004

This is an open access article under the terms of the Creative Commons Attribution‐NonCommercial‐NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non‐commercial and no modifications or adaptations are made. CC BY-NC-ND 4.0. https://creativecommons.org/licenses/by-nc-nd/4.0/

The publisher embargo period for this journal was observed.

DOI

10.1016/j.cose.2017.04.004

Source Publication

Computers and Security

Share

COinS