Zigbee Security Toolsets
Total Page:16
File Type:pdf, Size:1020Kb
SECURITY ISSUES AND VULNERABILITY ASSESSMENT OF ZIGBEE ENABLED HOME AREA NETWORK IMPLEMENTATIONS A Project Presented to the faculty of the Department of Computer Science California State University, Sacramento Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in Computer Science by Roger Meyer SPRING 2012 © 2012 Roger Meyer ALL RIGHTS RESERVED ii SECURITY ISSUES AND VULNERABILITY ASSESSMENT OF ZIGBEE ENABLED HOME AREA NETWORK IMPLEMENTATIONS A Project by Roger Meyer Approved by: __________________________________, Committee Chair Isaac Ghansah, Ph.D. __________________________________, Second Reader Martin Nicholes, Ph.D. ____________________________ Date iii Student: Roger Meyer I certify that this student has met the requirements for format contained in the University format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the project. __________________________, Graduate Coordinator ___________________ Nikrouz Faroughi, Ph.D. Date Department of Computer Science iv Abstract of SECURITY ISSUES AND VULNERABILITY ASSESSMENT OF ZIGBEE ENABLED HOME AREA NETWORK IMPLEMENTATIONS by Roger Meyer Smart meters are typically equipped with a ZigBee wireless interface. ZigBee enables a customer to connect intelligent displays (called In-Home Displays, or IHD) wirelessly to the smart meter to receive real-time energy consumption data. ZigBee gives customers ways to save energy by connecting a washing machine or a fridge to the utility's current electricity price feed and adjust their time of use automatically. Although currently all smart meters have the wireless interface disabled, the utilities are starting to enable it for pilot users. However, this new wireless functionality comes with security risks. This project is about the analysis of security and privacy issues of ZigBee implementations. This involved a number of steps. First, ZigBee device firmware was modified so that well-known attack frameworks such as KillerBee and Scapy could be used to do security testing of other ZigBee devices. Second, Scapy, which is a packet manipulation program, was improved to support more ZigBee packets. This allows the use of the Python programming language for fast creation of standard compliant frames and an easy parsing of received v frames. This work will help future attack frameworks to build on this existing Scapy system. Major contributions of this project are an improved implementation of the 802.15.4/ZigBee layer in Scapy, a command-line tool to generate Matyas-Meyer-Oseas (MMO) hashes (converts installation codes to preconfigured link keys), and a security analysis of a closed ZigBee network. _______________________, Committee Chair Isaac Ghansah, Ph.D. _______________________ Date vi ACKNOWLEDGEMENTS I would like to thank my project advisor Dr. Isaac Ghansah for providing me a wonderful opportunity to work on this project, which provided a great exposure to the field of Smart Grid. I thank him for providing all the help, support and necessary resources to complete the project successfully. I am also thankful to Dr. Martin Nicholes for his willingness to serve on the committee. I benefited very much from the professor’s advice. Thank you for helping me and guiding me through the project. My special thanks go to Dr. Nikrouz Faroughi, Graduate Coordinator, for his advice throughout my master degree and for his support and help in making this project possible. vii TABLE OF CONTENTS Page Acknowledgements ..................................................................................................... vii List of Tables ............................................................................................................... xi List of Figures ............................................................................................................. xii Chapter 1. INTRODUCTION ...................................................................................................1 1.1 The Smart Grid .................................................................................................1 1.2 Smart Meters ....................................................................................................2 1.2.1 Smart Meter communication to the utility ................................................3 1.3 Privacy Issues ...................................................................................................5 1.4 Significance ......................................................................................................5 1.5 Related Work ....................................................................................................6 1.5.1 ZigBee Security Toolsets ..........................................................................7 1.5.2 Home Area Networks (HAN) Security .....................................................7 1.5.3 Smart Grid Security ..................................................................................8 1.5.4 Smart Meter Security ................................................................................9 1.6 Objectives .......................................................................................................10 2. THE 802.15.4 AND ZIGBEE STANDARDS .......................................................11 2.1 IEEE 802.15.4 ................................................................................................11 2.2 ZigBee ............................................................................................................12 2.2.1 ZigBee layers ..........................................................................................13 2.2.2 Technology comparison ..........................................................................14 2.2.3 ZigBee device and node types ................................................................15 2.2.4 ZigBee star and mesh network ................................................................16 2.2.5 ZigBee encryption ...................................................................................17 2.2.6 ZigBee keys ............................................................................................18 viii 2.2.7 ZigBee security challenges .....................................................................20 2.2.8 Smart Energy Profile (SEP) ....................................................................21 3. ZIGBEE DEVICE HARDWARE AND SOFTWARE CONFIGURATION FOR SECURITY TESTING..................................................................................27 3.1 Atmel RZUSBSTICK .....................................................................................27 3.1.1 Flashing the RZUSBSTICK firmware ....................................................29 3.2 Memsic TelosB ...............................................................................................33 3.2.1 Loading the precompiled KillerBee firmware onto TelosB ...................35 3.3 SimpleHomeNet ZOE-MP1 ...........................................................................36 3.4 Telegesis ETRX2USB-IHD ...........................................................................37 3.4.1 Connecting to ETRX2USB-IHD ............................................................38 3.4.2 Using the Telegesis Demo Program on Linux ........................................40 3.4.3 Configuring the Telegesis “mock meter” firmware ................................41 4. ATTACKS AND TOOLS......................................................................................44 4.1 KillerBee ........................................................................................................44 4.2 Scapy ..............................................................................................................45 4.2.1 Implementation of the 802.15.4 and ZigBee layers in Scapy .................46 4.2.2 How to use the Scapy layer implementation ...........................................49 4.3 The Installation Code .....................................................................................52 4.4 An analysis of a closed ZigBee network ........................................................54 4.4.1 Communication with Scapy and KillerBee.............................................55 4.4.2 Encryption ...............................................................................................56 4.4.3 Authentication .........................................................................................58 4.4.4 Privacy ....................................................................................................58 4.5 The ZigBee Alliance ......................................................................................59 4.6 Helpful tools ...................................................................................................59 4.7 Source code ....................................................................................................60 5. CONCLUSION ......................................................................................................61 ix 5.1 Which ZigBee device shall it be? ...................................................................62 5.2 Limits of TelosB/RZUSBSTICK Hardware/Software ...................................63 5.3 Future work ....................................................................................................64 References ....................................................................................................................67