A comparison of the security in ZigBee and the IEEE 802.15.9 standard and an experimental analysis of communication over IEEE 802.15.4

Abstract: The increasing number of IoT devices used in today’s society has led to a demand for better security in order to prevent attackers from gaining access to private information. The IoT brings a wide application scope and because of that there are a lot of ways to set up a secure network and manage keys in these kinds of networks. This paper presents a comparison between the security model in Zigbee and the new recommended practice for Key Management Protocols defined by the IEEE 802.15.9 standard. We investigate key establishment and transportation together with the vulnerabilities that this might bring regarding potential attacks like DoS and MitM. Since these protocols are built on the IEEE 802.15.4 standard, experimental tests have been made where we analyze the throughput, RTT and packet loss over varied distances and we try to determine the maximum transmission range for devices using IEEE 802.15.4 modules. The IEEE 802.15.9 standard works with different KMPs and depending on the KMP being used we can see both similarities and differences regarding key management and possible attacks when comparing it to ZigBee. Furthermore, we found that attacks on a ZigBee device is more likely to compromise the whole network while similar attacks would only affect the specific peers in an IEEE 802.15.9 communication. Based on the experiments we find that open areas, distance and interference have a negative effect on the throughput, RTT and packet loss of the communication.