IrDA(Infrared) |
No embedded security controls. |
Detect reflected infrared-light and filtering out the surrounding ambient noise. |
Eavesdrop attack. |
Physical security controls. |
|
RFID |
Embedded data are unprotected and read only. |
Active (continuously transmitting) and passive (electromagnetic field) RFID systems suffer from weaknesses. |
Side channel attack. |
Authentication-hash based protocols, encryption functions. |
|
NFC |
SSE, SCH, 3 modes of operation: Read/Write, Peer-to-Peer and Card Emulation Mode. |
Data exchange in close proximity, PICC emulations in protocol challenge-response requests. |
Near proximity, MITM, DoS, Modification attacks. |
Architecture and the distance limitations, secure channel with a standard key agreement protocol. |
|
Bluetooth/BLE |
Secure simple pairing (SSP), Connectivity issues over obstacles |
Encryption of the payload and not of all the entire packet, matching the connection’s frequency hops and then capturing data in that frequency range, address verification, PINs. |
Sniffinig, DoS, MITM, Brute-Force, device duplication attacks. |
AES-CCM, 4-byte MIC module, AES-128 |
|
ZWave |
AES encryption with three shared keys. |
Does not enforce a standard key exchange protocol, Z-Wave devices implicitly trust the source and destination fields of794the MPDU frame.a malicious node can assigned by the controller. |
Key Reset, impersonation, node spoofing, BlackHole attacks. |
AES-128 with three shared keys. |
|
UWB |
LRP/HRP secure ranging schemes, size of the UWB symbol. |
Long symbols length, wrong access control configuration or power failure. |
ED/LC, Same-Nonce attack. |
Localization and distancing protocols secure the range between nodes. |
|
WiFi |
WPA2, SSID hiding, MAC filtering and static IP addressing, Connectivity issues over obstacles |
Lack of granular device authentication, weakness against denial of service, limited protection of service integrity. |
DoS, Replay, Channel collision, Spoofing attacks. |
WPA, WPA2 capability, 128-bit WEP authentication. |
|
ZigBee |
128-bit AES with pre-share keys, frame-protection mechanisms, essential key(encryption in network layer), global link key and unique link key(App layer), Connectivity issues over obstacles |
Utilizing insecure key transportation for pre-shared keys, ACKs have no integrity checks, insufficient registration of network keys, the lack of verification in PAN IDs. |
Installing default link keys or sending security headers in clear text on auxiliary frames, looding that causes DoS, euses of Initiation Vectors which may lead to key compromise, energy-consuming attacks. |
AES for symmetric key, AES-CTR, AES-CBC-MAC, AES-CCM, Use the Non Volatile Memory of the node to store the nonce states, Key management algorithm. |
|
WIA-PA |
Join-key shared between device and security manager. |
Lack of public key encryption algorithm, no intrusion prevention, no broadcast key, The first request is not encrypted. |
Sybil, DoS, wormhole, Jaming , traffic analysis attack. |
AFS, AFH, TH, MIC. |
|
ISA100.11a |
Linchpin, AES-128, time limitations |
Requires some special conditions to be implemented in a secure path. |
Sniffing, Spoofing, Replay attacks and Data falsification. |
AES-128 on TL header. |
|
6LoWPAN |
AES cipher suit, ESP, IKEv2, DTLS, Connectivity issues over obstacles |
IP network, radio signal of implementations, Unchanged nodes address, fragmentation mechanism. |
Use of malicious intermediary network nodes, Signal jamming, traffic analysis, attackers selectively prevent correct packet reassembly. |
DTLS, HIP, IKE, cryptographic techniques. |
|
LoRa WAN |
128-bit application session key (AppSKey), AES. |
Resetting frame counters without re-keying, caching and replay of ACK packets, transmit falsified gateway beacons to repeatedly wake up sensors, utilize a dictionary of pastmessage. |
Replay attacks, recovery of passwords, malicious message modification, battery exhaustion and DoS. |
AES-CMAC, AAES-CTR, MIC. |
|
HL7 |
No built-in security. |
Message sources are often not validated by default, ize of HL7 messages is often not validated. |
Spoofing or integrity attacks, Flooding attacks. |
SSL, VPN. |
|
HTTP |
Basic-Digest authentication. |
Data transfer is not encrypted, Get request. |
Evasedropping- theft- breach and manipulation, flooding attacks |
SSL/TLS(HTTPS) |
|
COAP |
NoSec- SharedKey -MultiKey- Certificate mode. |
Proxies having to decide if DTLS implementation will be multi-cast or uni-cast message. |
Parsing, Cache, amplification, spoofing. Cross-protocol attacks. |
DTLS, Strong authentication technique. |
|
MQTT |
Four-way handshake mechanism. |
No embedded data encryption mechanism, IP broker (sometimes is unsecure). |
Traffic analysis, Port Obscurity, Botnet Over MQTT. |
SSL/TLS |
|