Paper 2014/229

Investigating the Feasibility of LEAP+ in ZigBee Specification

Mohammad Rezaeirad, Muhammad Aamir Iqbal, Dmitri Perkins, and Magdy Bayoumi

Abstract

The ZigBee specification is an emerging wireless technology designed to address the specific needs of low-cost, low-power wireless sensor networks and is built upon the physical and medium access control layers defined in IEEE 802.15.4 standard for wireless personal area networks (WPANs). A key component for the wide-spread success and applicability of ZigBee-based networking solutions will be its ability to provide enhanced security mechanisms that can scale to hundreds of nodes. Currently, however, an area of concern is the ZigBee key management scheme, which uses a centralized approach that introduces well-known issues of limited scalability and a single point of vulnerability. Moreover, ZigBee key management uses a public key infrastructure. Due to these limitations, we suggest replacing ZigBee key management with a better candidate scheme that is decentralized, symmetric, and scalable while addressing security requirements. In this work, we investigate the feasibility of implementing Localized Encryption and Authentication Protocol (LEAP+), a distributed symmetric based key management. LEAP+ is designed to support multiple types of keys based on the message type that is being exchanged. In this paper, we first conduct a qualitative security analysis of LEAP+ and the current ZigBee key management scheme. Using the QualNet 5.0.2 simulator, we implement LEAP+ on the ZigBee platform for the very first time. Experimental results show that a distributed key management scheme such as LEAP+ provides improved security and offers good scalability.

Metadata
Available format(s)
-- withdrawn --
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
ZigBeeIEEE 802.15.4Key managementLEAP+
Contact author(s)
mohammad rad @ gmail com
History
2014-07-07: withdrawn
2014-04-01: received
See all versions
Short URL
https://ia.cr/2014/229
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.