Auditing 6LoWPAN Networks using Standard Penetration Testing Tools

DEF CON 24

Presented by: Jonathan-Christofer Demay, Arnaud Lebrun, Adam Reziouk
Date: Sunday August 07, 2016
Time: 15:00 - 15:50
Location: DEF CON 101

The Internet of Things is expected to be involved in the near future in all major aspects of our modern society. On that front, we argue that 6LoWPAN is a protocol that will be a dominant player as it is the only IoT-capable protocol that brings a full IP stack to the smallest devices. As evidence of this, we can highlight the fact that even the latest ZigBee Smart Energy standard is based on ZigBee IP which itself relies on 6LoWPAN, a competitor of the initial ZigBee protocol. Efficient IP-based penetration testing tools have been available to security auditors for years now. However, it is not that easy to use them in the context of a 6LoWPAN network since you need to be able to join it first. In fact, the difficult part is to associate with the underlying IEEE 802.15.4 infrastructure.

Indeed, this standard already has two iterations since its release in 2003 and it provides with several possibilities regarding network topology, data transfer model and security suite. Unfortunately, there is no off-the-shelf component that provides, out of the box, with such a wide range of capabilities. Worst still, some of them deviate from the standard and can only communicate with components from the same manufacturer. In this paper, we present the ARSEN project: Advanced Routing for 6LoWPAN and Ethernet Networks. It provides security auditors with two new tools.

First, a radio scanner capable of identifying IEEE 802.15.4 infrastructures and for each one of them their specificities, including several deviations from the standard that we encountered in actual security audits.

Secondly, a border router capable of routing IPv6 datagrams between Ethernet and 6LoWPAN networks while adapting to the specificities identified by the scanner. As a result, the combination of both effectively allows security auditors to use available IP-based penetration testing tools on different 6LoWPAN networks.

Jonathan-Christofer Demay

Jonathan-Christofer Demay, PhD is the current penetration testing team leader at AIRBUS Defence and Space. As a former academic researcher, he has been working on IDS bypassing, intrusion detection and general network security. Now a consultant for various key industries and government bodies, he is working on incident response, penetration testing and social engineering.

Adam Reziouk

Adam Reziouk is an electronics and automation engineer currently working on wireless communications and industrial network security at AIRBUS Defence and Space. He holds a master's degree in electrical and electronic engineering and has been conducting vulnerability research activities on programmable logic controllers, connected devices and smart grids.

Arnaud Lebrun

Arnaud Lebrun is a command and control engineer currently working at AIRBUS Defence and Space. He is focusing on security issues for several projects in the aerospace industry and related areas such as radioactive waste disposal facilities or large telescopes. He also supports the penetration testing team for perimeters that include ICS infrastructures or embedded electronics.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats