ITU-T G.9959 wireless connectivity is increasingly incorporated in the critical infrastructure. However, evaluating the robustness and security of commercially-available products based on this standard is challenging due to the closed-source nature of the transceiver and application designs. Given that ITU-T G.9959 transceivers are being used in smart grids, building security systems and safety sensors, the development of reliable, open-source tools would enhance the ability to monitor and secure ITU-T G.9959 networks. This chapter discusses the ITU-T G.9959 wireless standard and research on ITU-T G.9959 network security. An open-source, software-defined radio implementation of an ITU-T G.9959 protocol sniffer is used to explore several passive reconnaissance techniques and deduce the properties of active network devices. The experimental results show that some properties are observable regardless of whether or not encryption is used. In particular, the acknowledgment response times vary due to differences in vendor firmware implementations.
Z-Wave is a proprietary Internet of Things substrate providing distributed home and office automation services. The proprietary nature of Z-Wave devices makes it difficult to determine their security aptitude. While there are a variety of open source tools for analyzing Z-Wave frames, inspecting non-volatile memory, and disassembling firmware, there are no dynamic analysis tools allowing one to inspect the internal state of a Z-Wave transceiver while it is running. In this work, a memory introspection capability is developed for three Z-Wave devices containing a ZW0301, a Z-Wave transceiver system-on-chip. In all three devices, the firmware image is modified to include the memory introspection capability by hooking an existing data exfiltration mechanism used by the device. The memory introspection capability is applied to determine how nonces are generated by Z-Wave devices to prevent replay attacks. Through a combination of static and dynamic analysis, the nonce generating algorithm is found to be based on a nonce round key that updates every secure frame transaction.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.