Ghost-in-ZigBee: Energy Depletion Attack on ZigBee-Based Wireless Networks

ZigBee has been widely recognized as an important enabling technique for Internet of Things (IoT). However, the ZigBee nodes are normally resource-limited, making the network susceptible to a variety of security threats. This paper closely investigates a severe attack on ZigBee networks termed as ghost, which leverages the underlying vulnerabilities of the IEEE 802.15.4 security suites to deplete the energy of the nodes. We show that the impact of ghost is very large and that it can facilitate a variety of threats including denial of service and replay attacks. We highlight that merely deploying a standard suite of advanced security techniques does not necessarily guarantee improved security, but instead might be leveraged by adversaries to cause severe disruption in the network. We propose several recommendations on how to localize and withstand the ghost and other related attacks in ZigBee networks. Extensive simulations are provided to show the impact of the ghost and the performance of the proposed recommendations. Moreover, physical experiments also have been conducted and the observations confirm the severity of the impact by the ghost attack. We believe that the presented work will aid the researchers to improve the security of ZigBee further.