论文标题
S0-NO-MORE:Z-Wave非首要否决服务攻击使用,但脱机节点
S0-No-More: A Z-Wave NonceGet Denial of Service Attack utilizing included but offline NodeIDs
论文作者
论文摘要
在本文中,Z-WAVE协议规范中的漏洞,尤其是在S0 Z-WAVE协议中。支持此标准的设备可以通过连续的S0非会员请求阻止(拒绝服务)。这样,如果攻击的设备是Z-Wave网络控制器,则可以阻止整个网络。只要S2网络控制器支持S0非会员请求,这也会影响S2网络控制器。由于进行攻击只需要最少数量的非CE请求(每〜2秒1),因此无法通过标准对策来阻止这种攻击。
In this paper a vulnerability in the Z-Wave protocol specification, especially in the S0 Z-Wave protocol is presented. Devices supporting this standard can be blocked (denial of service) through continuous S0 NonceGet requests. This way a whole network can be blocked if the attacked devices are Z-Wave network controller. This also effects S2 network controller as long as they support S0 NonceGet requests. As only a minimal amount of nonce requests (1 per ~2 seconds) is required to conduct the attack it cannot be prevented by standard countermeasures against jamming.
