Rogue Z-Wave controllers: A persistent attack channel

Fuller, Jonathan D.; Ramsey, Benjamin W.

doi:10.1109/lcnw.2015.7365922

Cited by 29 publications

(16 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Of interest here are CPS implementations using ZWave WPAN devices that 1) lack robust security and 2) which are readily exploitable (hackable) [13], [14]. Device hardware ID and operating state discrimination for CI security applications has been reliably demonstrated using Physical (PHY) layer security enhancement [4], [9], [15].…”

Section: Introductionmentioning

confidence: 99%

An Optimization Framework for Generalized Relevance Learning Vector Quantization with Application to Z-Wave Device Fingerprinting

Bihl¹,

Temple²,

Bauer³

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

An Optimization Framework for Generalized Relevance Learning Vector Quantization with Application to Z-Wave Device Fingerprinting

Bihl¹,

Temple²,

Bauer³

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

“…To enable the industrial IoT, CPS devices are finding increasing use in critical infrastructure, smart metering, and home automation [2,52]. CPS devices employ either open or proprietary protocols, with open protocols offering more aftermarket security options, but possibly more threats, while proprietary protocols offer "security through obscurity," but less additional aftermarket security options [53].…”

Section: Application and Example Resultsmentioning

confidence: 99%

“…G.9959 recommendation [52]. Since Z-wave is known to have security vulnerabilities [54], vetting the claimed identity of Z-wave devices through RF fingerprinting is important.…”

Section: Application and Example Resultsmentioning

confidence: 99%

Cyber-Physical Security with RF Fingerprint Classification through Distance Measure Extensions of Generalized Relevance Learning Vector Quantization

Bihl

Paciencia

Bauer

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

Radio frequency (RF) fingerprinting extracts fingerprint features from RF signals to protect against masquerade attacks by enabling reliable authentication of communication devices at the “serial number” level. Facilitating the reliable authentication of communication devices are machine learning (ML) algorithms which find meaningful statistical differences between measured data. The Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier is one ML algorithm which has shown efficacy for RF fingerprinting device discrimination. GRLVQI extends the Learning Vector Quantization (LVQ) family of “winner take all” classifiers that develop prototype vectors (PVs) which represent data. In LVQ algorithms, distances are computed between exemplars and PVs, and PVs are iteratively moved to accurately represent the data. GRLVQI extends LVQ with a sigmoidal cost function, relevance learning, and PV update logic improvements. However, both LVQ and GRLVQI are limited due to a reliance on squared Euclidean distance measures and a seemingly complex algorithm structure if changes are made to the underlying distance measure. Herein, the authors (1) develop GRLVQI-D (distance), an extension of GRLVQI to consider alternative distance measures and (2) present the Cosine GRLVQI classifier using this framework. To evaluate this framework, the authors consider experimentally collected Z-wave RF signals and develop RF fingerprints to identify devices. Z-wave devices are low-cost, low-power communication technologies seen increasingly in critical infrastructure. Both classification and verification, claimed identity, and performance comparisons are made with the new Cosine GRLVQI algorithm. The results show more robust performance when using the Cosine GRLVQI algorithm when compared with four algorithms in the literature. Additionally, the methodology used to create Cosine GRLVQI is generalizable to alternative measures.

show abstract

“…The work in [56] capitalizes on a vulnerability to allow the placement of a rogue controller into the network, which allows building a hidden communication channel with any poorly-protected device. A more recent work on the security features of the same protocol [57] employs a real-world Z-Wave network and reverse engineered some critical networks aspects, including frame forwarding and topology management in an effort to identify intrinsic integrity vulnerabilities of the routing protocol.…”

Section: Z-wavementioning

confidence: 99%

A State-of-the-Art Review on the Security of Mainstream IoT Wireless PAN Protocol Stacks

Kambourakis

Kolias²,

Geneiatakis³

et al. 2020

Symmetry

View full text Add to dashboard Cite

Protocol stacks specifically designed for the Internet of Things (IoT) have become commonplace. At the same time, security and privacy concerns regarding IoT technologies are also attracting significant attention given the risks that are inherently associated with the respective devices and their numerous applications, ranging from healthcare, smart homes, and cities, to intelligent transportation systems and industrial automation. Considering the still heterogeneous nature of the majority of IoT protocols, a major concern is to find common references for investigating and analyzing their security and privacy threats. To this end, and on top of the current literature, this work provides a comprehensive, vis-à-vis comparison of the security aspects of the thus far most widespread IoT Wireless Personal Area Network (WPAN) protocols, namely BLE, Z-Wave, ZigBee, Thread, and EnOcean. A succinct but exhaustive review of the relevant literature from 2013 up to now is offered as a side contribution.

show abstract

Rogue Z-Wave controllers: A persistent attack channel

Cited by 29 publications

References 9 publications

An Optimization Framework for Generalized Relevance Learning Vector Quantization with Application to Z-Wave Device Fingerprinting

An Optimization Framework for Generalized Relevance Learning Vector Quantization with Application to Z-Wave Device Fingerprinting

Cyber-Physical Security with RF Fingerprint Classification through Distance Measure Extensions of Generalized Relevance Learning Vector Quantization

A State-of-the-Art Review on the Security of Mainstream IoT Wireless PAN Protocol Stacks

Contact Info

Product

Resources

About