XV International PhD Workshop OWD 2013, October Applications of control in intelligent house via ZigBee technology

Transcription

1 XV International PhD Workshop OWD 2013, October 2013 Applications of control in intelligent house via ZigBee technology Ján Ďurech, Mária Franeková, University of Žilina Abstract In the paper the authors attend to design a wireless networks used in intelligent houses via ZigBee technology with regard to security mechanisms. The realization part is focused on network design and description of the hardware and software necessary to control the devices. The network is created from modules of the company Texas Instrument. 1. Introduction The modern buildings contain large number of device, which provide ventilation, cooling, heating, security, etc. By implementing intelligence into buildings we can effectively interconnect these systems for purpose of obtain more comfort, safety and energetic efficiency. The main advantage of intelligent buildings is centralized management, control and therefore also easier connecting to other systems. The last two decades is in progress intensive research into intelligent houses, which is focused on new technologies in the field of sensor systems, methods of control, energy management in order to improve people s comfort. The big advantage of wireless networks is their easy reorganization and the possibility of additional connection of many devices. From large group of wireless networks, the market pushed ZigBee technology, which is used for efficient data exchange between sensors and control actuators. The ZigBee technology was conceived to minimize the power consumption of nodes to achieve longer lifetime of devices, when battery source is used. 2. ZigBee technology and its development The ZigBee standard which is developed by the ZigBee Alliance [1], is communications technology based on the standard IEEE ZigBee and IEEE are standards that provides network interface required for sensor networks. As is shown in fig.1, IEEE standard defines the physical and MAC layer, ZigBee defines network and application layer. The ZigBee Alliance was formed in 2002 as a nonprofit organization. In 2003 was released standard IEEE (later modified in 2006), which has adopted by ZigBee Alliance and in 14. December released firs ZigBee 1.0 specification [2]. Fig.1. Reference model of ZigBee network. 2.1 Types of devices used in ZigBee network ZigBee defines three different device types: ZigBee Coordinator - is primary device of each ZigBee network. Coordinator is responsible for route packets, network control, stores information about the network, can act as the Trust center. It also creates a bridge to other networks. In each network is only one coordinator. Requires continuous power. ZigBee Router - used to expand the network. Router is responsible for routing packets between coordinator and end devices. It can also serve as end device. A router is network subscriber and for end devices appears as a local coordinator. It also requires continuous power. ZigBee End Device (ZED) requires the least amount of memory and computing demands. ZED can just communicate to Coordinator or a Router. It cannot relay data from other devices. Mostly is powered by batteries. 2.2 Security services of ZigBee network In a wireless network we need deal with two challenges. The first challenge is error-free transmission of data and the integrity check, the second challenge is to secure data against their capture. For error-free data transmission ZigBee technology uses FCS (Frame Check Sequence), what 409

2 is creating checksum of framework. For the integrity check is used Message Integrity Code MIC. For data confidentiality is used encryption standard AES (Advanced Encryption Standard). ZigBee standard supports use of the following security mechanisms: Data encryption. Data verification and devices verification. Protection against duplicate frames Frame Check Sequence FCS Based on IEEE generating FSP checksum and its check runs according to the following steps: On the transmitter site is created polynomial M(x) from the information part which is determined from the MAC packet header and payload. Polynomial M(x) is multiplied by the highest power of generating irreducible polynomial g(x), which is defined: g(x)= x 16 + x 12 + x Thus obtained polynomial is divided by g(x), thereby creating remainder of dividing r(x) is added to the information part. Receiving side start again dividing received polynomial, corresponding receives data, agreed by generating polynomial g(x). If the division is without remainder in the incoming packet error was not detected, when division is with remainder packet was corrupted while transmitting. According to knowledge of coding theory [3] this method of securing - generating polynomial 16th order, should be able to detect in the packet simple error and also a cluster of errors corresponding generating polynomial degree. Described CRC (Cyclic Redundancy Check) code is used to detect errors in received packet to the link layer. To verification of data, which integrity could be disturbed willfully, ZigBee standard uses message authentication code MIC (Message Integrity Code) Data confidentiality The IEEE standard supports the use of Advanced Encryption Standard (AES) to encrypt their outgoing messages. The AES algorithm is 128- bit block cipher which supports three key lengths (128, 256, 512 bits) announced by NIST (National Institute of Standards and Technology) [4], which is also used by the ZigBee standard with key length of 128-bits. One of the main constraints in implementing security features in a ZigBee wireless network is limited resources. The nodes are mainly battery powered and have limited computational power and memory size. ZigBee is targeted for low-cost applications and the hardware in the nodes might not be tamper resistant. If an intruder acquires a node from an operating network that has no tamper resistance, the actual key could be obtained simply from the device memory [5]. Fig.2 shows the basic concept of encryption in ZigBee network based on symmetric encryption scheme with private key Fig.2. Encryption scheme in ZigBee network Data authentication Data integrity is achieved based authentication code messages MIC. Message authentication code is a function that by a secret key produces an output fixed-length value that serves as the authenticator. The cryptographic checksum MIC is a block of bits of constant length, which is attached to the original message. If MIC provided by the transmitter is equal with MIC calculated by the receiver, the data will be considered as authentic. The level of data authenticity is increased by increasing the number of bits in the MIC. The ZigBee and IEEE standards support 32-bit, 64-bit, and 128-bit MIC options. Note: The MIC is also referred to as Message Authentication Code (MAC*), but the ZigBee and IEEE standard documents use MIC instead of MAC to avoid confusion with the Message Authentication Code (MAC*) and the Medium Access Control (MAC). The MIC in ZigBee is generated using the enhanced Counter with Cipher Block Chaining Message Authentication Code (CCM*) protocol. The CCM* is defined to be used in conjunction with 128- bit AES and shares the same security key with AES. The responsibility of the AES-CCM* is to encrypt the data and generate an associated MIC, which is sent to the receiver along with the frame. On the transmitter side, the plaintext in the form of 128-bit blocks of data enters the AES-CCM*. The receiver uses the AES-CCM* to decrypt the data and generate its own MIC from the received frame to be compared with the received MIC. The CCM* is referred to as a generic mode of operation that combines the encryption and data authentication. 3. Design of ZigBee wireless network for controlling smart houses We realized practical application with development kit CC2530ZDK [6] from Texas Instruments. Application development consisted in 410

3 the designed appropriate hardware accessories, programming of applications for each device, compiled it and upload it to these devices. Our application is focused for control lighting, heating and other external devices (coffee maker, computer) communicating as it is illustrated in Fig.3. Fig.3. Concept of realized ZigBee network. For controlling we used board SmartRF05EB. Software realization of all devices was made in program IAR Embedded Workbench. It was necessary to determine the basic parameters of the network, while network was designing: communication channel (we have chosen 25), Network identifier PAN ID (we have chosen 2013) and address of each devices (Tab.1). Device Coordinator Control unit Lights Heater Temperature sensor Coffee maker Computer Addresses of devices Address of device 0x2520 0x1111 0xBEE1 0x2222 0xBEE7 0xBEE6 0xBEE5 Tab.1. Description of devices: Coordinator main unit of ZigBee network. Coordinator takes care about all communication and we have implemented inside security mechanism. As coordinator we are using board SmartRF05BB. End devices - light, computer, coffee maker and heater role of these devices are perform action variables or manage attached external devices. As end devices we are using boards SmartRF05BB. Sensor purpose of this device is periodically sending information about required value. In our case sensor is sending information s about temperature. As temperature sensor we are using board CC2430DB. Control unit purpose of this unit is to provide information about status of other devices, allowing control device via coordinator, it have role of human interface. As control unit we are using board CC2530EB. 3.1 SW realization of applications For each device in the network we made individual code. While we were creating the ZigBee network we were using part of codes delivered with kit. These codes were used to initialize the devices and control peripherals. Boards were programmed using SmartRF Flash Programmer. Program for control unit is composed from menus that serve user to control the devices. We made program in C language, because partial programs for control the periphery is already written in this language. At the beginning of programming we were defined addresses of all devices according to tab.1 In the program we used shortened addressing, which is preferably in network with smaller number of devices. The ZigBee coordinator receives data from the sensor and end devices, where the program compares data with the data received from the control unit. Control unit sends a data to ZigBee coordinator for turn on, turn off the devices or information s about setting temperature. ZigBee coordinator then takes care about achievement of requirements way of sending data to end devices. Sending data to all devices working according to the flow subprogram shown in fig. 4 Fig.4. Subprogram for sending data. The more detail in the paper we mentions only one application - control the coffee maker through ZigBee network. Other applications are described in detail in [7]. 3.2 Example of application control of coffee maker Principle of controlling coffee maker consists in turning on the power of coffee maker for the time needed for making a given quantity of coffee. After an initial analysis of time variables for different amounts of coffee we determined that for 38 second 411

4 coffee maker makes 100 ml of coffee. In the control unit was created menu to set the desired amount of coffee, see fig.5. On display in the menu you can set two entries: size of cup and number of portions. After selecting enters in the control unit, is first multiplied the number of portions with the size of the cup, so we get the desired amount of coffee we need to make. In the program we are using conditions for not to exceed the maximum capacity of the coffee maker. In the next step we were solved transfer method. ZigBee standard supports a maximum 8 bit payload. Therefore we final data in control unit divided ten and then multiplied with corresponding constant and then sent to the coordinator, which it sends to the coffee maker. The program for control the coffee maker is shown by the flowchart in fig. 6 Fig.5. Display in control unit of coffee maker. Fig.6. Calculation the amount of coffee in control unit. After transferring data from the control unit, coffee maker calculates the time required for making required amount of coffee (Fig. 7). Since we cannot directly insert value of delay, the delay in the program is realized through the cycle "for" in second interval. 4. Results of realizations attacks to ZigBee network If intruder is able to capture packet in unsecure network, he can get access to entire network. For intruder is enough to know source address, destination address and he can start sending captured packet, or he can generate own packet. For capture and resend packet we are using program SmartRF Studio 7. Capturing is making via special USB key, which can be used after connecting to computer for purpose of capturing packet, connecting external devices or for communication computer with ZigBee network. Sending captured unencrypted packet is shown in fig. 8. We have captured the packet between control unit and coordinator. While packet was sending, we were also changing sequence number and then we were able to control light. If we captured more packets, or start generate own packets it is very probable we could take control of entire network. Fig.7. Flow graph of coffeemaker control. 412

5 Fig.8. Sending unencrypted data. 4.1 Physical attack To secure ZigBee network development kit CC2530ZDK use AES encryption with 64 bit MIC for data authentication. Advantage of this type of security is that encryption the same plaintext two times will result in two different cipher texts because the sequence number in NONCE is used in encryption. This is known as semantic security. Breaking so secure network is almost impossible. Disadvantage of ZigBee network is that all passwords are stored unencrypted in storage. If intruder get to the device, he can copy device memory to computer, in which can he find the key. We did this physical attack with one device which had USB enter. Then we had copy all device memory to the computer, in which we had found the unencrypted key: c0c1c2c3c4c5c6c7c8c9cacbcccdcecf (see fig. 9). Fig.9. Key kept from memory of equipment. 4.2 Same-NONCE attack Encrypting the same two plaintext two times will always result in two different cipher texts, because in encryption is also used sequence number of frame. If for any reason device sent two consecutive messages m1 and m2 with same sequence number (NONCE) eavesdropper will have two different encrypted data c1 a c2 encrypted with same key and using XOR operation (1), listening device will be able to recover partial information about the original text using the formula: c1 c2 = [ m1 E( key, nonce)] [ m2 E( key, nonce)] = (1) m m 1 2 This attack is known as the same-nonce attack. One of the occasions on which a same-nonce attack can happen is after a power failure that results in a clear of accumulator. If the last nonce states are unknown after the power failure, the system might reset the nonce states to a default value. This reset action increases the chance of reusing the same nonce with a key that has been used before the power failure [5]. We did this attack while we controlled lights, when every time after sending one message we reset device taking out the battery. The result of XOR original transmitted data was: 66h 67h=01. We used XOR operation also for captured encrypted data: C515E5F9DF5193C C485107A5FBADA5151 = f58380eb where you can see in the result the original data 01 after XOR operation. If intruder known more dates, he can easily calculate missing dates. Storing the nonce states in a nonvolatile memory and recovering them after each power failure is one way of protecting the system from same-nonce attacks due to power failure. 4.3 Denial of Service (DoS) attack DoS attack causes a node to reject all received messages [5]. Attack is an attempt to prevent legitimate users use the network. The most common method consists overwhelmed the system with requirements, which causes fall of system. Basic types of attacks are: bandwidth overload or overload the processor. In the test application we use attack for overload the processor. We was realized this attack using program SmartRF Studio 7. At first we captured a packet. This packet we was resending at speed 30 packet for second. Because the transmission mode works with confirmation of framework, i.e. the coordinator must send an acknowledgment packet to every frame, even if spurious packet is discarded when received, because it is a duplicate frame, after 250s of attack and 7442 sended packets coordinator stop reacting. Prevention against the attack would be change of channel after received hundred duplicate packets. 4.4 Replay attack Simple networks which are not using trust center and all time are using same key are vulnerable against resended old captured packet. For intruder is enough to capture data and after the time send it again. We was realized this attack also by using program SmartRF Studio 7. We did captured encrypted packet for control of light. After the time and resend this packet we were able to turn on light. Prevention against the attack would be controlling sequence number at the application layer. We have defined in the program that each received packet sequence number must be greater than sequence number of previous packet, or sequence number can be zero, in case of device reset. 413

6 5. Conclusion The aim of this paper was analysis of technological possibilities of ZigBee networks realization for using in intelligent house with orientation to description of advantages and disadvantages several ZigBee standards. ZigBee technology offers large solution for monitoring, control of different devices. Big advantage is that is compatible for several devices and supports energy economy communications with sufficient assuring. It offers chances of creating own applications together. The own HW and SW applications were realized in 2,4 GHz band which are examples of end-devices control used within intelligent house. In the paper safety mechanism of ZigBee network based on ciphering and verification techniques and assuring of data integrity were described. In the laboratory conditions were realized four cryptography attacks to networks and were described the recommendations how prevent them. Authors: Ďurech Ján, Ing. University of Žilina ul. Univerzitná 8215/ Žilina tel Franeková Mária, prof. Ing, PhD. University of Žilina ul. Univerzitná 8215/ Žilina tel Acknowledgement This work has been supported by the Educational Grant Agency of the Slovak Republic (KEGA) Number: 024ŽU-4/2012: Modernization of technology and education methods orientated to area of cryptography for safety critical applications. Bibliography [1] ZigBee Alliance: [online]. In: [2] IEEE : Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs), IEEE Computer Society, ISBN [3] MUZIKÁŘOVÁ, Ľ.- FRANEKOVÁ, M: Teória informácie a signálov, Žilina: EDIS. ISBN [4] Federal Information Processing Standards Publication 197: Announcing the ADVANCED ENCRYPTION STANDARD (AES), In:< 197/fips-197.pdf>. [5] FARAHANI, S.: ZigBee Wireless Networks and Transceivers, Oxford: Newnes, Elsevier Inc, s. ISBN: [6] Texas Instruments: CC2530 ZigBee Development Kit User s Guide, In: < 9b.pdf>. [7] Ďurech, J.: Použitie siete ZigBee v inteligentnej budove, diploma thesis, Žilina: Žilinská univerzita v Žiline,