Looking Under the Hood of Z-Wave-Reference-Cited by-同舟云学术

Looking Under the Hood of Z-Wave

Published:2019-03-07 Issue:2 Volume:3 Page:1-24
ISSN:2378-962X
Container-title:ACM Transactions on Cyber-Physical Systems
language:en
Short-container-title:ACM Trans. Cyber-Phys. Syst.

Author:

Badenhop C. W.¹,Graham S. R.¹,Mullins B. E.¹,Mailloux L. O.¹

Affiliation:

1. Air Force Institute of Technology, USA

Abstract

Z-Wave is a proprietary Internet of Things substrate providing distributed home and office automation services. The proprietary nature of Z-Wave devices makes it difficult to determine their security aptitude. While there are a variety of open source tools for analyzing Z-Wave frames, inspecting non-volatile memory, and disassembling firmware, there are no dynamic analysis tools allowing one to inspect the internal state of a Z-Wave transceiver while it is running. In this work, a memory introspection capability is developed for three Z-Wave devices containing a ZW0301, a Z-Wave transceiver system-on-chip. In all three devices, the firmware image is modified to include the memory introspection capability by hooking an existing data exfiltration mechanism used by the device. The memory introspection capability is applied to determine how nonces are generated by Z-Wave devices to prevent replay attacks. Through a combination of static and dynamic analysis, the nonce generating algorithm is found to be based on a nonce round key that updates every secure frame transaction.

Publisher

Association for Computing Machinery (ACM)

Subject

Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3285030

Reference49 articles.

1. C. Badenhop J. Fuller J. Hall B. Ramsey and M. Rice. 2015. Evaluating ITU-T G.9959: Wireless systems in the critical infrastructure. In Critical Infrastructure Protection IX IFIPS WG 11.10 J. Butts and S. Shenoi (Eds.). Springer 61--79. C. Badenhop J. Fuller J. Hall B. Ramsey and M. Rice. 2015. Evaluating ITU-T G.9959: Wireless systems in the critical infrastructure. In Critical Infrastructure Protection IX IFIPS WG 11.10 J. Butts and S. Shenoi (Eds.). Springer 61--79.

2. C. Badenhop S. Graham B. Ramsey B. Mullins and L. Mailloux. 2017. The Z-Wave routing protocol and its security implications. Elsevier Journal of Computers 8 Security 68 (July 2017) 112--129. 10.1016/j.cose.2017.04.004 C. Badenhop S. Graham B. Ramsey B. Mullins and L. Mailloux. 2017. The Z-Wave routing protocol and its security implications. Elsevier Journal of Computers 8 Security 68 (July 2017) 112--129. 10.1016/j.cose.2017.04.004

3. C. Badenhop and B. Ramsey. 2016. Carols of the Z-Wave security layer; Or robbing keys from Peter to unlock Paul. PoC or GTFO 12 (2016) 6--12. C. Badenhop and B. Ramsey. 2016. Carols of the Z-Wave security layer; Or robbing keys from Peter to unlock Paul. PoC or GTFO 12 (2016) 6--12.

4. Extraction and analysis of non-volatile memory of the ZW0301 module, a Z-Wave transceiver

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. On Building Automation System security;High-Confidence Computing;2024-09

2. On Building Automation Systems and Attacks;2024 International Conference on Computing, Networking and Communications (ICNC);2024-02-19

3. Integrating the edge computing paradigm into the development of IoT forensic methodologies;International Journal of Information Security;2023-11-22

4. ZMAD: Lightweight Model-Based Anomaly Detection for the Structured Z-Wave Protocol;IEEE Access;2023

5. Zfinder: Automated Security Analysis of Z-Wave Smart Home Network;2023