Ghost-in-the-Wireless: Energy Depletion Attack on ZigBee

Abstract: ZigBee has been recently drawing a lot of attention as a promising solution for ubiquitous computing. The ZigBee devices are normally resource-limited, making the network susceptible to a variety of security threats. This paper presents a severe attack on ZigBee networks termed as ghost, which leverages the underlying vulnerabilities of the IEEE 802.15.4 security suites to deplete the energy of the devices. We manifest that the impact of ghost is severe as it can reduce the lifetime of devices from years to days and facilitate a variety of threats including denial of service and replay attacks. We highlight that merely deploying a standard suite of advanced security techniques does not necessarily guarantee improved security, but instead might be leveraged by adversaries to cause severe disruption in the network. We propose several recommendations on how to localize and withstand the ghost and other related attacks in ZigBee networks. Extensive simulations are provided to show the impact of the ghost and the performance of the proposed recommendations. Moreover, physical experiments also have been conducted and the observations confirm the severity of the impact by the ghost attack. We believe that the presented work will aid the researchers to improve the security of ZigBee further.