In recent times, the security of sensor networks, especially in the field of IoT, has become a priority. This article focuses on the security features of the Zigbee protocol in Xbee devices developed by Digi International, specifically in the Xbee 3 (XB3-24) devices. Using the TI LaunchXL-CC26X2R1 kit, we intercepted and analyzed packets in real-time using the Wireshark application. The study encompasses various stages of network formation, packet transmission and analysis of security key usage, considering scenarios as follows: without security, distributed security mode and centralized security mode. Our findings highlight the differences in security features of Xbee devices compared to the Zigbee protocol, validating and invalidating methods of establishing security keys, vulnerabilities, strengths, and recommended security measures. We also discovered that security features of the Xbee 3 devices are built around a global link key preconfigured therefore constituting a vulnerability, making those devices suitable for man-in-the-middle and reply attacks. This work not only elucidates the complexities of Zigbee security in Xbee devices but also provides direction for future research for authentication methods using asymmetric encryption algorithms such as digital signature based on RSA and ECDSA.
Read full abstract