Abstract
Zigbee is an energy-efficient wireless IoT protocol that is increasingly being deployed in smart home settings. In this work, we analyze the privacy guarantees of Zigbee protocol. Specifically, we present ZLeaks, a tool that passively identifies in-home devices or events from the encrypted Zigbee traffic by 1) inferring a single application layer (APL) command in the event’s traffic, and 2) exploiting the device’s periodic reporting pattern and interval. This enables an attacker to infer user’s habits or determine if the smart home is vulnerable to unauthorized entry. We evaluated ZLeaks’ efficacy on 19 unique Zigbee devices across several categories and 5 popular smart hubs in three different scenarios; controlled RF shield, living smart-home IoT lab, and third-party Zigbee captures. We were able to i) identify unknown events and devices (without a-priori device signatures) using command inference approach with 83.6% accuracy, ii) automatically extract device’s reporting signatures, iii) determine known devices using the reporting signatures with 99.8% accuracy, and iv) identify APL commands in a public capture with 91.2% accuracy. In short, we highlight the trade-off between designing a low-power, low-cost wireless network and achieving privacy guarantees. We have also released ZLeaks tool for the benefit of the research community.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Zigbee Devices not previously observed, i.e., no a-priori access to their traffic.
- 2.
Range can be extended with a high gain directional antenna.
References
Marchal, S., Miettinen, M., Nguyen, T.D., Sadeghi, A.-R., Asokan, N.: AuDI: toward autonomous IoT device-type identification using periodic communication. IEEE J. Sel. Areas Commun. 37(6), 1402–1412 (2019). https://doi.org/10.1109/JSAC.2019.2904364
Meidan, Y., et al.: ProfilIoT: a machine learning approach for iot device identification based on network traffic analysis. In: Proceedings of the Symposium on Applied Computing, Morocco, pp. 506–509. ACM (2017)
Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., Tarkoma, S.: IoT sentinel: automated device-type identification for security enforcement in IoT. In: 37th International Conference on Distributed Computing Systems, USA, pp. 2177–2184. IEEE (2017)
Pierre Marie Junges, J.F., Festor, O.: Passive inference of user actions through IoT gateway encrypted traffic analysis. In: IEEE Symposium on Integrated Network and Service Management, USA. IEEE (2019)
Trimananda, R., Varmarken, J., Markopoulou, A., Demsky, B.: Packet-level signatures for smart home devices. In: Network and Distributed System Security Symposium, NDSS, USA, vol. 10, no. 13, p. 54 (2020)
Copos, B., Levitt, K., Bishop, M., Rowe, J.: Is anybody home? Inferring activity from smart home network traffic. In: IEEE Security and Privacy Workshops (SPW), USA, pp. 245–251. IEEE (2016)
Acar, A., et al.: Peek-a-Boo: i see your smart home activities, even encrypted! In: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Austria, WiSec 2020. ACM (2020)
Zhang, W., Meng, Y., Liu, Y., Zhang, X., Zhang, Y., Zhu, H.: HoMonit: monitoring smart home apps from encrypted traffic. In: Proceedings of the SIGSAC Conference on Computer and Communications Security, Canada, pp. 1074–1088. ACM (2018)
Akestoridis, D.G., Harishankar, M., Weber, M., Tague, P.: Zigator: analyzing the security of zigbee-enabled smart homes. In: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Austria, WiSec 2020. ACM (2020)
Zigbee Alliance: ZigBee Specification, 05-3474-21 (2015)
Zigbee Alliance: 2020 and Beyond. https://zigbeealliance.org/news_and_articles/zigbee-momentum/. Accessed June 2021
Zigbee Alliance: Zigbee Cluster Library Specification, 07-5123-06 (2016)
Smart Home Enthusiast’s Guide to ZigBee (2019). https://linkdhome.com/articles/what-is-zigbee-guide. Accessed June 2021
Mon(IoT)r Lab. https://moniotrlab.ccis.neu.edu/. Accessed June 2021
Wireshark bug. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9423
Zigator CRAWDAD dataset CMU. (v. 2020-05-26). https://crawdad.org/cmu/zigbee-smarthome/20200526. Accessed May 2021
TI CC2531 zigbee. https://www.ti.com/product/CC2531. Accessed June 2021
Zigbee Compliance Document of Lightify bulb (2014). https://zigbeealliance.org/zigbee_products/lightify-classic-a60-rgbw/. Accessed June 2021
Zigbee Compliance Document of Sengled Bulb (2018). https://zigbeealliance.org/zigbee_products/sengled-element-3/. Accessed July 2021
Tshark captures. https://tshark.dev/search/pcaptable/. Accessed May 2021
Pyshark. https://github.com/KimiNewt/pyshark. Accessed June 2021
US-CERT: CVE. http://cve.mitre.org/. Accessed May 2021
Ronen, E., Shamir, A., Weingarten, A.O., OFlynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: IEEE Symposium on Security and Privacy, USA (2017)
Herwig, S., Harvey, K., Hughey, G., Roberts, R., Levin, D.: Measurement and analysis of Hajime, a peer-to-peer IoT botnet. In: Network and Distributed Systems Security Symposium (NDSS), USA (2019)
Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D., Fu, K.: Light commands: laser-based audio injection attacks on voice-controllable systems. In: 29th USENIX Security Symposium, USA, pp. 2631–2648. USENIX (2020)
Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: IEEE Symposium on Security and Privacy, USA, pp. 19–30. IEEE (2002)
Leu, P., Puddu, I., Ranganathan, A., Čapkun, S.: I send, therefore i leak: information leakage in low-power wide area networks. In: Proceedings of 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Sweden (2018)
Liu, X., Zeng, Q., Du, X., Valluru, S.L., Fu, C., Fu, X.: SniffMislead: non-intrusive privacy protection against wireless packet sniffers in smart homes. In: 24th International Symposium on Research in Attacks, Intrusions and Defenses (2021)
Matter. https://buildwithmatter.com/. Accessed May 2021
Anantharaman, P., et al.: IoTHound: environment-agnostic device identification and monitoring. In: 10th International Conference on Internet of Things. ACM (2020)
Thangavelu, V., Divakaran, D.M., Sairam, R., Bhunia, S.S., Gurusamy, M.: DEFT: a distributed IoT fingerprinting technique. IEEE Internet Things J. 6(1), 940–952 (2019)
Cho, K.T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: USENIX Security Symposium, USA, pp. 911–927 (2016)
Salman, O., Elhajj, I.H., Chehab, A., Kayssi, A.: A machine learning based framework for IoT device identification and abnormal traffic detection. Trans. Emerg. Telecommun. Technol. 33, e3743 (2019)
Earlence Fernandes, J.J., Prakash, A.: Security analysis of emerging smart home applications. In: 37th IEEE Symposium on Security and Privacy, USA (2016)
Perdisci, R., Papastergiou, T., Alrawi, O., Antonakakis, M.: IoTFinder: efficient large-scale identification of IoT devices via passive DNS traffic analysis. In: European Symposium on Security and Privacy (EuroS&P), virtual, pp. 474–489. IEEE (2020)
Babun, L., Aksu, H., Ryan, L., Akkaya, K., Bentley, E.S., Uluagac, A.S.: Z-IoT: passive device-class fingerprinting of ZigBee and Z-Wave IoI devices. In: IEEE International Conference on Communications (ICC), Ireland, pp. 1–7. IEEE (2020)
Gu, T., Fang, Z., Abhishek, A., Fu, H., Hu, P., Mohapatra, P.: IoTGaze: IoT security enforcement via wireless context analysis. In: IEEE Conference on Computer Communications (INFOCOM), virtual, pp. 884–893. IEEE (2020)
Gu, T., Fang, Z., Abhishek, A., Mohapatra, P.: IoTSpy: uncovering human privacy leakage in IoT networks via mining wireless context. In: IEEE 31st Annual International Symposium on Personal, Indoor and Mobile Radio Communications, virtual, pp. 1–7. IEEE (2020)
Brown, F., Gleason, M.: ZigBee hacking: smarter home invasion with ZigDiggity. In: Black Hat, USA (2019)
Olawumi, O., Haataja, K., Asikainen, M., Vidgren, N., Toivanen, P.: Three practical attacks against ZigBee security: attack scenario definitions, practical experiments, countermeasures, and lessons learned. In: 14th International Conference on Hybrid Intelligent Systems, Kuwait, pp. 199–206. IEEE (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Shafqat, N., Dubois, D.J., Choffnes, D., Schulman, A., Bharadia, D., Ranganathan, A. (2022). ZLeaks: Passive Inference Attacks on Zigbee Based Smart Homes. In: Ateniese, G., Venturi, D. (eds) Applied Cryptography and Network Security. ACNS 2022. Lecture Notes in Computer Science, vol 13269. Springer, Cham. https://doi.org/10.1007/978-3-031-09234-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-09234-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-09233-6
Online ISBN: 978-3-031-09234-3
eBook Packages: Computer ScienceComputer Science (R0)