Advance comprehensive analysis for Zigbee network-based IoT system security

Abstract

Zigbee is a wireless network technology that operates on a community-based infrastructure. The primary objective of this system is to allow for the effective and inexpensive transmission of information across intelligent devices, focusing on minimizing latency and addressing potential challenges. The prominence of security risks related to the Zigbee community has escalated due to the expanded implementation of Zigbee technology. The Zigbee community has implemented measures to mitigate network disruptions, prevent unauthorized access, and protect against the interception of statistical data. A plethora of encryption algorithms have been developed. The encryption technologies employed encompass a 128-bit Advanced Encryption Standard (AES) to encrypt data during transfer. Cryptographically safe protocols (CSPs) are implemented to ensure safe connections and authentication. This research introduces an innovative methodology for assessing the security of Zigbee community-based Internet of Things (IoT) systems. This article thoroughly examines the security concerns associated with Zigbee technology. Adopting intelligent design concepts in the construction of IoT devices facilitates the implementation of robust security measures and reliable detection systems to mitigate potential assaults. The system can implement access control mechanisms based on authentication, guaranteeing the secure management of devices, networks, and protocols and facilitating the secure installation of software updates.

1 Introduction

A short-range and low-energy wireless communication technology is called Zigbee. For embedded devices, it creates a broad network and communication protocol. A wide range of applications, including wireless mesh networks, domestic up-to-detention, and power tracking, have been made possible by this link [1]. Zigbee can build dependable wireless networks suitable for almost any demand for mesh networking and low-energy capabilities. Physical limits do not constrain the network. Instead, Zigbee enables communication between physically separated devices over great distances [2]. Devices may be swiftly supplied without wireless connectivity or removed from the network using the mesh networks built with Zigbee. It makes it practical for the majority of families and business environments. Low-power applications are suited for Zigbee connectivity [3]. It shows that it is more than suitable for using battery-powered sensors in the same area for extended periods without needing replacement or recharging. The conversation's low energy consumption also helps to update and reduce network interference. By prioritizing bandwidth for running essential applications, this option enables Zigbee networks to function similarly to modern and other wireless networks [4]. Control systems for lighting, temperature, and other in-home or Wi-Fi applications may be created using the Zigbee protocol. In large-scale facilities, Zigbee assists with monitoring various programs, security systems, and power use [5]. Zigbee network applications may be expanded to control a more extensive range of devices, from sophisticated appliances to modern corporate manipulation structures. Zigbee is a desirable period since it may be versatile and modern. With the discovery of a node, Zigbee network functionality begins to change [6]. The Zigbee community was established and is maintained by this node. The node is also in charge of networking the neighborhood and allocating addresses [7]. Figure 1 shows the active network attacks.

Fig. 1

Active Network Attacks

The attacks against the Zigbee generation can be categorized into two primary kinds: active and passive.Active attacks refer to a category of malicious activities in cyber security [8]. These attacks involve deliberate actions taken by threat actors.

• Jamming entails deliberate interference with transmitting information and control signals in the context of Zigbee technology. Through the emission of radio frequency signals with equal or similar frequencies, an adversary can disrupt communication between Zigbee devices [9].

• Spoofing refers to an active attack observed in Zigbee networks when an unauthorized entity assumes the identity of a legitimate node by employing a fabricated identity range. This deceptive behavior enables the attacker to disseminate false information to other nodes within the network [10].

• Replay attacks are a type of attack, involves the attacker capturing and subsequently retransmitting legal packets delivered by nodes within a network [11].

• Denial-of-service (DoS) attacks are deliberate attempts to disrupt communication among Zigbee devices by overwhelming the network with excessive and unnecessary traffic [12].

Passive attacks refer to a security breach where an unauthorized party gains access to sensitive information or resources without engaging [13]. Figure 2 shows the passive network attacks.

• Eavesdropping refers to intrusion wherein an assailant exploits a Zigbee-enabled device to intercept data packets being exchanged across authorized nodes. It allows the attacker to gain unauthorized access to confidential information [14].

• Masquerading refers to a type of attack wherein an assailant assumes the identity of an authorized node within the Zigbee network to obtain access to confidential data illicitly [15].

• Message manipulation refers to an attack in which an assailant modifies a legitimate packet's contents before the intended recipient's reception. It allows the assailant to gain unauthorized access to confidential information [16].

Fig. 2

Passive Network Attacks

A statistics connection layer in charge of sending and receiving records mediates communication. This layer, made up of numerous sub-layers, is in charge of handling, checking, and correcting errors in data being sent throughout the community [17]. The data link layer controls the MAC and physical levels of the Zigbee community. The MAC layer addresses statistics frames and links two nodes—the physical layer tracks encoding, modulation, and radio frequency transmission. Once the network is installed, devices may communicate with one another using a variety of Zigbee protocols. The instruction manual The Zigbee protocol that is most often used is sub-layer [18]. This layer enables current devices, current routing of data frame frames, and statistics update and shipping services.The Convergence Sub-layer and the Safety Carrier Sub-layer are two key Zigbee groups. These protocols allow for the relaxed transfer of records and the control of current discovery and connection. Modern, stable, and laid-back Zigbee networks are created [19]. They provide remarkably reliable Wi-Fi wireless connectivity, enabling devices to communicate over short distances with little power consumption. Modern Zigbee networks experience their main security risks throughout the community-building process. This method may include updating devices to be connected to the network, authenticated, and encrypted [20]. Zigbee does not strongly encrypt data before transferring it between devices, making it vulnerable to modern eavesdropping. Without adequate security measures, an attacker is likely new wireless updated with a network, which is up to sensitive information. Zigbee uses long encryption keys for data transport and security measures [21]. It denotes that they are current brute force assaults that enable an attacker to gamble the keys of the community. Every packet delivered across a Zigbee network may be intercepted and analyzed, allowing attackers to access and manipulate the data if the encryption is weak. Additionally, the community administrator keeps the community updated and maintains it by routinely monitoring and upgrading wireless versions on every connected device [22]. By doing this, the attack floor might decrease, and network security could increase.

The recent advancements in Zigbee security systems have significantly enhanced the security capabilities of this wireless network protocol. Zigbee is a significant type of wireless networking characterized by low power consumption and short-range connectivity [23]. It finds applications in various areas such as automation, control systems, consumer electronics, healthcare, and medicine. Zigbee networks employ encryptions to facilitate secure communication between distinct Zigbee devices. Recent advancements have significantly enhanced the safety features of Zigbee networks through robust cryptographic techniques [24]. It has resulted in heightened security against potential attackers and establishing a dependable connection between various devices. Advanced encryption techniques, such as AES-256, ensure communication security between two Zigbee devices, relying on a shared secret [25]. The encryption strategy effectively mitigates the risk of compromising the integrity and confidentiality of the transferred records. Recent developments in Zigbee technology have emphasized the authentication of device-to-device communication [26]. Figure 3 shows the layout of the paper.

Fig. 3

Layout of the paper

This focus aims to prevent unauthorized devices from communicating within the Zigbee network. The authentication mechanism is called gateways, which employ virtual certificates and public key encryption. Certificates are employed to authenticate the identification of electronic devices, hence facilitating the restriction of network access exclusively to authorized and legitimate devices.In addition to implementing authentication procedures, Zigbee utilizes relaxed multi-party protocols [27]. This approach involves the utilization of encryption keys that are not communicated across the network during the exchange of statistics. In this context, it is seen that each node within the community autonomously produces a unique set of cryptographic keys [28]. These keys are subsequently shared with other nodes when the occurrence of communication requirements. Due to this characteristic, no individual node can intercept the keys, ensuring a significantly high level of security for the discussion. Zigbee has made notable advancements in enhancing safety by implementing flexible, over-the-air firmware updates [29]. It enables Zigbee devices to leverage contemporary security protocols and algorithms without requiring physical interaction or sending the hardware to the manufacturer. The current advancements in Zigbee safety systems have facilitated customers' convenient utilization of Wi-Fi networks while effectively mitigating potential security threats associated with their devices [30]. As the current period progresses, the community's security will be enhanced by developing novel encryption algorithms and authentication techniques.

2 Related works

The management and usage of Zigbee networks cause several cyber security issues. For instance, nodes in a Zigbee community may be updated and undoubtedly vulnerable to updated assaults, provided it is properly designed and maintained. Depending on updated Zigbee networks in a crucial community might expose it to attack if the smart devices connected to the network need to be appropriately maintained. The presence of suitable defenses nearby is essential. It entails utilizing vital encryption keys, monitoring networks for questionable activity, and ensuring that each linked device has the most recent security updates and features.

2.1 Packet attacks

Packet attacks refer to hostile activity when the communication channels within a community are deliberately disrupted. This disruption is achieved by inundating the community with many bogus messages. These assaults can overwhelm the community, interrupt communications, disseminate false information, or restrict access for authorized users. Packet attacks encompass various techniques, including manipulating source addresses in transmissions, disrupting network frequencies through jamming, and the exploitation of vulnerabilities in encryption mechanisms. These assaults can have significant consequences, such as diminishing the community's performance, enabling unauthorized access, or conveying harmful data to network nodes.

Vaccari, I., et al. [29] has discussed the Remotely exploiting at-command attacks on Zigbee networks refers to a form of attack employed to gain control over a Zigbee network from a remote location to manipulate its operations for personal gain. Adversaries can transmit malevolent At commands towards the Zigbee coordinator or any other network tool to exploit inherent weaknesses within the protocol and it collect data about the community.Cao, X., et al. [31] has discussed the Power depletion attack refers to a type of attack that targets Zigbee-based wireless networks. The attacker should consider implementing several strategies to disrupt the network, such as initiating many conversation classes from a single source, inundating the network with useless packets, or deliberately disregarding the appropriate acknowledgments received from the nodes. These kinds of attacks can cause an interruption in communication and ultimately lead to a denial-of-service situation.Akestoridis, D. G., et al. [32] has discussed a network security monitoring framework for Zigbee networks refers to a collection of components designed to identify and address potential security issues within Zigbee networks. Typically, this architectural framework comprises a proper gateway, an intrusion detection system, and a response mechanism. The gateway facilitates centralized control over the entire network, encompassing the monitoring and managing of the entire Zigbee community. The Intrusion Detection System (IDS) is responsible for discovering potential dangers inside the community, whereas the reaction system manages and responds to any identified threats. Zigbee networks' community safety tracking framework can provide a comprehensive and robust approach to safeguarding.

Stelte, B., et al. [33] has discussed a Killer Bee Stinger was explicitly attacked for tracking Zigbee devices. It can cause a device to malfunction or disrupt its usual operation. Delaying the deployment of this technology may effectively impede unauthorized Zigbee devices since it hinders unauthorized individuals from infiltrating these devices and engaging in nefarious actions.Pirayesh, H., et al. [34] has discussed an Enhancing the Security of Zigbee Conventional Jamming Attacks Utilizing neural networks is a methodology that employs a multi-layer perception neural network to detect patterns of jamming attacks and implement appropriate countermeasures to enhance security. The neural network comprises input, hidden, and output layers, facilitating the processing of large amounts of data and diverse patterns. During a particular phase of the attack, the neural network is trained to identify patterns that may suggest the occurrence of a recognized attack. Once the threat has been recognized, the essential algorithms are activated to mitigate or prevent the attack. This methodology is potent for securing Zigbee communications against persistent jamming attacks. Table 1 shows the comprehensive analysis of about the packet attacks and Table 2,  Fig. 4 shows  active packet attacks models.

Table 1 Comprehensive analysis of packet attacks

Table 2 Active packet attack models

Fig. 4

Active Packet Attack models

2.2 Command attacks

Command attacks refer to a specific type of attack in which the perpetrator transmits commands to modify or erase a targeted device's established Zigbee community settings. Command assaults exploit the absence of encryption and authentication mechanisms in numerous Zigbee networks. For instance, the assailant may also transmit a directive to eradicate the network's encryption key or modify the operational settings of the device. Command attacks are prevalent within Zigbee networks and can potentially yield severe ramifications, as they grant unauthorized individuals the ability to assume control over the network or impede its normal functioning. Furthermore, these tokens include the capability to facilitate access to confidential data that is held within the nodes of the community.

Wang, X., et al. [35] has discussed an Evaluating and protecting Zigbee networks against attacks and potential threats involves utilizing software that incorporates safety features and tools. These tools are designed to discover, analyze, and mitigate potential security risks and network attacks based on the Zigbee protocol. The task involves evaluating the security of Zigbee networks and protocols, finding potential attack vectors, developing countermeasures to prevent them, and examining the networks for any vulnerability that may lead to the compromising of user data.Cayre, R., et al. [36] has discussed the Bluetooth Low Energy (BLE) chips are currently the subject of attention due to a specific attack known as “BLE Crown Jewelling,” which explicitly targets Zigbee networks. This attack is executed by diverting Bluetooth Low Energy (BLE) chips from their original devices and pairing them with the tool belonging to the attacker. The attacker gains unauthorized access to Zigbee networks while it’s paired without any issues. It is potentially compromising the security of the networks and the integrity of the data inside them.

Vaccari, I., et al. [37] has discussed a contemporary security mechanism to mitigate remote AT command attacks on Zigbee networks incorporates authentication protocols. This measure serves the purpose of verifying the legitimacy of devices inside the network and preventing unauthorized devices from executing any destructive commands. Zigbee networks can be protected by implementing secure tunnels between devices, which encrypt the transmission of commands and data, as well as ensure the secure deployment of firmware upgrades.Akestoridis, D. G., et al. [38] has discussed the safety of Zigbee-enabled devices is examined. The analysis of intelligent houses involves examining and comparing various aspects, such as the safety features of the devices, the networking infrastructure, and the techniques for transmitting statistics, the access controls, and the overall system design. Clever home electronics often incorporate many safety features, such as encryption, authentication, intrusion detection, and patch control. Furthermore, the network infrastructure must be fortified against external vulnerabilities, including unauthorized entry and malicious intrusions. The data transfer techniques should be further optimized, and appropriate access restrictions should be developed to mitigate unauthorized access to data or devices. The comprehensive design of the machine should prioritize safety considerations, encompassing systems for effectively monitoring and promptly responding to safety incidents.

Morgner, P., et al. [39] has discussed the method of using touch link commissioning to infiltrate Zigbee 3.0 networks and devices without the user's awareness or agreement is employed by malevolent individuals. By utilizing a method referred to as touch link commissioning, an assailant can effectively join a Zigbee network by virtue of physical proximity to a device and initiating a wireless connection with it. The assailant can access the network's data and manipulate connected devices.Dowling, S., et al. [40] has discussed a Zigbee honeypot is a cyber security device that assesses and responds to hostile cyber attack behavior targeting IoT systems. The system is built upon the Zigbee wireless communication protocol and serves the purpose of detecting, analyzing, and promptly addressing any harmful activities targeted against Zigbee-enabled devices. The honeypot system is designed to catch and retain all incoming visitors, including potentially malicious requests and responses. It enables security teams to analyze and respond to these captured elements selectively.Shafqat, N., et al. [1] has discussed a Passive inference attacks in a Zigbee-based smart home refer to a specific threat that aims to illicitly obtain unauthorized access to identifying information by monitoring the existing data traffic without actively disrupting it. This method of attack exploits the wireless communication protocols and utilizes their inherent features to get unauthorized access to sensitive information or engage in illicit activities. There are two methods by which this sort of attackcan be carried out: eavesdropping or sniffing. In network security, an eavesdropping attack refers to the passive act of an attacker listening to packets being transmitted or received through a system to gather data. On the other hand, a sniffing attack involves the active efforts of the attacker to deduce device identifications or network keys. Table 3 shows the comprehensive analysis of about the command attacks and  Table 4, Fig. 5 shows active command attack models.

Table 3 Comprehensive analysis of command attacks

Table 4 Active command attack models

Fig. 5

Active Command Attack models

2.3 LDoS attacks

The Link Denial-of-Services (LDoS) attack refers to a deliberate act of impeding legitimate communication within a Zigbee network by disrupting the supervisor link, which facilitates communication between nodes within the network. This type of attackis typically executed by employing malevolent nodes compromised to impede regular interaction among network participants. The attack breaks communication by employing tactics such as overwhelming the server link with incorrect packets or unauthorized authentication attempts.

Okada, S., et al. [41] has discussed a newly identified Low-Rate Denial-of-Service attack represents a malevolent act that aims to disrupt a Zigbee network’s regular and environmentally friendly operations. The purpose of these attacks to disrupt community functionality by persistently overwhelming device registration mechanisms, hence impeding the ability of newer devices to join the community. Countermeasures to mitigate the recently emerged LDoS attackinvolve implementing many strategies. These strategies include extending the duration of community keys, conducting network surveillance to detect any anomalous activities, prohibiting unauthorized manipulation of the network using encryption mechanisms, and, if necessary, reinstating community keys in response to suspicious network events. Ensuring the presence of robust safety procedures in Zigbee devices is of paramount importance to prevent unauthorized access or malicious attacks. Implementing a contour-based coordination protocol in conjunction with a celebrity-meshed topology can enhance network security and promote the robust operation of Zigbee networks under LDoS attacks.Chen, H., et al. [42] has discussed the method for identifying malicious activities in a Zigbee wireless sensor network is a novel methodology that combines Hilbert-Huang Transformation (HHT) with belief evaluation. This low-fee Denial of provider attack detection method is practical. The HHT methodology is an adaptive method used for evaluating signs. It involves breaking down a sign into its inherent mode capabilities, which include amplitude, frequency, and correlation additives. The concept of TE is utilized to assess the level of a node by considering its behavior statistics as well as those of its acquaintances. The suggested methodology integrates the Hilbert-Huang Transform (HHT) and Transfer Entropy (TE) techniques to address Low-Rate Denial-of-Service assaults in a Zigbee wireless sensor network. This strategy leverages the Intrinsic Mode Functions (IMFs) to identify and detect potentially malicious actions dynamically. The proposed method can detect Low-rate Denial of Service (LDoS) assaults without relying on prior knowledge of the attack rate or the need to establish specific criteria. The detection is adjusted by utilizing reduced resources in Zigbee nodes and enhanced accuracy in detecting Low-Rate Denial of Service (LDoS) attacks.

Hongsong, C., et al. [43] has discussed the Apache Spark platform to analyze data streams from a wireless sensor network. Its primary objective is to identify and detect instances of low-rate Denial of Service (DoS) attacks. The conventional methods for identifying Denial of Service and Distributed Denial of Service (DDoS) attacks consist of signature-based and statistical anomaly detection techniques. The signature-based evaluation approach may not always be appropriate for detecting low-fee DOS assaults. The Spark-assisted correlation assessment technique is a preferable approach in detecting low-charge attacks due to its utilization of correlation techniques for identifying harmful behavior. The technique suggested in this study aims to effectively manage the information streams generated by a wireless sensor network in real time. It accomplishes this by calculating the correlation coefficients between nodes within the network. The technique above can identify attacks that originate from the same attacker and facilitate the implementation of mitigation strategies through the dynamic reconfiguration of the network.Okada, S., et al. [44] has discussed a concept of reminiscence-saving has been discussed in the literature. This study aims to investigate the effectiveness of Low Duty Cycle dispensed Denial of Service attacker detection algorithms, precisely the MSLADAs, in the context of Zigbee networks. These algorithms have been specifically built to identify and detect attackers operating within Zigbee networks. The methods utilized in this context are primarily grounded in the idea of distributed detection, which involves identifying and eliminating superfluous packets of information. This approach effectively mitigates the impact of Low-Rate Denial-of-Service attacks while reducing the expenses associated with heightened communication loads.

Tang, D., et al. [45] has discussed a detection system for LDoS assaults is based on fractal residuals. It employs machine learning techniques to detect DDoS attacks in real-time. The detection system utilizes a combination of capabilities, including fractal residuals, spectral entropy, k-nearest neighbors, and support vector machines, to identify different types of attacks. A hybrid logistic regression variant is employed to enhance the accuracy of identifying fraudulent network data. The gadget can effectively mitigate up to 95% of DDoS attacks in real time.Okada, S., et al. [46] has discussed a topic of discussion pertains to the concept of LDOS assault. Using indirect transmission serves as an attack vector that targets Zigbee networks. In this attack, a malicious entity manipulates the routing request of a node in order to exert pressure on the coordinator, compelling it to transmit numerous management messages from other nodes to the targeted node. Consequently, this leads to an overwhelming load and disruption of communication. It enables the assailant to exercise control over the network with minimal effort and without becoming part of it. One potential countermeasure to mitigate this attack involves implementing authentication mechanisms for routing requests within a community. Additionally, it is advisable to remain vigilant of suspicious patterns site users’ exhibit, such as unusually high requests. The community must also consider implementing a countermeasures module to detect this attack vector. Furthermore, incorporating a relaxed routing protocol can enhance the network's security by providing protection against such hostile attacks.Hussein, N., et al. [47] has discussed a Message Queuing Telemetry Transport (MQTT) protocol attacks the security vulnerabilities of IoT devices within Zigbee networks. This protocol is frequently employed to manipulate sensors and other networked devices while simultaneously having the potential to bypass security measures and get unauthorized access to sensitive information. Adversaries can employ a range of techniques, such as brute-force attacks and man-in-the-middle attacks, among others, in order to gain unauthorized access to the Zigbee network and exploit its vulnerabilities. Subsequently, the assailants can access the information stored within the sensor devices and exert control over their functionalities. Table 5 shows the comprehensive analysis of about the LDoS attacks and  Table 6, Fig. 6 shows active  LDos attack models.

Table 5 Comprehensive analysis of LDoS attacks

Table 6 Active LDoS Attack models

Fig. 6

Active LDoS Attack models

2.4 Practical attacks

Common security vulnerabilities in Zigbee networks encompass several practical attacks, including replay attacks, man-in-the-middle attacks, and jamming attacks. In a replay assault, an assailant intercepts data communication between two nodes and replays it to inject false information into the network. A person-in-the-middle attack occurs when an assailant intercepts or hijacks the communication between nodes by masquerading as the message's intended recipient. Ultimately, a jamming attack occurs when an assailant emits radio waves that disrupt the transmission of Zigbee network signals.

Wu, Z., et al. [48] has discussed a present study focuses on the coherent detection of synchronous low-price signals. The detection of Denial of Service (DoS) attacks involves identifying patterns within network traffic to detect attacks that are executed over extended periods at a relatively cheap cost. This approach employs a fusion of statistical and signal-processing techniques to detect patterns of low-rate Denial of Service (DoS) attacks that may be challenging or unfeasible to identify using conventional methods. Coherent detection can identify and mitigate several types of low-rate Denial-of-Service (DoS) attacks, such as TCP fragmentation, TCP SYN flooding, UDP flooding, and similar forms of assault. It is achieved by analyzing the traffic's attributes and discerning discernible patterns.Olawumi, O., et al. [49] has discussed a Practical attacks on Zigbee security encompass several techniques, such as channel hopping, flood attacks, MAC address cloning, hash collision attacks, replay attacks, unsecured Routing Course Setup Protocol (RPSP), and using susceptible encryption algorithms. Furthermore, it is essential to note that inside the Zigbee network, there is a possibility for malicious nodes. These nodes can be strategically placed to engage in eavesdropping or overwhelm the network with excessive traffic. As a result, this can lead to Denial of Service (DoS) attacks, which disrupt the normal functioning and provision of services within the network.Ďurech, J., et al. [50] has discussed a Zigbeeattack refers to a malevolent intrusion into the Zigbee network using a vulnerability or weakness inherent in the security architecture of the Zigbee protocol. Attacks on Zigbee networks can be categorized into two distinct types: Active attacks involve the injection of malicious code into the Zigbee community, enabling the manipulation of network data and control through the execution of malicious instructions. On the other hand, passive eavesdropping assaults involve a malicious actor attempting to gain unauthorized access to information transmitted within the network by monitoring radio transmissions and exploiting the data contained therein.

Vidgren, N., et al. [51] has discussed a Zigbee-enabled systems are susceptible to several security threats, including but not limited to node impersonation, denial-of-service attacks, packet spoofing, replay attacks, wormhole attacks, and man-in-the-middle attacks. These risks have the potential to be utilized to gain unauthorized access to information or cause disruptions to the operation of a network. ZigBee-enabled systems are also subject to security vulnerabilities resulting from the limited processing power and bandwidth available in low-cost hardware, rendering them prone to brute force attacks and replay attacks. Moreover, due to the mesh architecture employed in the network, identifying malevolent nodes or infiltrating malicious packets within the network community becomes challenging.Rana, S. S., et al. [52] has discussed a security development framework for Zigbee networks to increase the security functionality and enable efficient monitoring of IoT devices. The framework aims to address the security concerns associated with deploying Zigbee networks in IoT platforms. The framework comprises two distinct components: security control and encryption modules. The safety control module is responsible for regulating device access, authentication of devices and nodes, preservation of communication integrity, recording security events, and establishing access control policies. The encryption module is responsible for the encryption and decryption of all communication between the devices included in the Zigbee network. The encryption module relies exclusively on robust and sophisticated cryptographic techniques, such as AES-128 or AES-256. The framework also provides periodic key exchange and rotation mechanisms to enhance security efficiency. In addition, the device also enables convenient tracking of IoT devices utilizing Zigbee, facilitating remote management, configuration, and data monitoring. This measure guarantees the secure handling of data originating from IoT devices, reducing vulnerability to potential attacks. Table 7 shows the comprehensive analysis of about the practical attacks and  Table 8, Fig. 7 shows active practical attack models.

Table 7 Comprehensive analysis of practical attacks

Table 8 Active practical attack models

Fig. 7

Active Practical Attack models

3 Analytical discussion

Ensuring security measures for a Zigbee community-based IoT device is crucial for the effective operation of the overall system. Ensuring the security of a Zigbee community necessitates using authentication and encryption protocols to mitigate the risk of unauthorized access and malicious activities perpetrated by those without proper authorization [53].The implementation of authentication mechanisms should encompass both individual authentication and node authentication. User authentication is a crucial measure implemented to ensure that only individuals with proper authorization are granted access to the system [54]. The solution necessitates incorporating several access control mechanisms, such as username/password or biometric authentication [55].

Node authentication is a mechanism that guarantees that only nodes that have been authenticated are permitted to join the network. The crucial nature of this measure lies in its ability to prevent unauthorized entities from gaining membership in the network and engaging in destructive activities, such as data theft [56].It is necessary to employ encryption techniques to secure records before transmitting them across network devices in conjunction with the authentication process [57]. The encryption should also be utilized to guarantee the integrity of the transmitted data. The selection of encryption algorithms should be based on the nature of the data being transmitted by the device, and it is advisable to update these algorithms to maintain the device's security periodically [58].It is imperative to diligently observe and oversee any alterations inside the network infrastructure that may indicate a compromise in security. In security, utilizing automated systems comprising intrusion detection mechanisms notifies administrators of any potentially dubious activities [59, 60]. Furthermore, these systems provide expeditious responses from directors in the face of security concerns.

3.1 Purpose of the study

The topic of discussion pertains to the protection of Internet of Things (IoT) devices. Zigbee devices have gained popularity as a cost-effective and secure means of connecting various devices and sensors [61]. They offer enhancements in residential automation, electricity management, and various other applications. In terms of Zigbee device security, Zigbee devices employ AES-128 encryption as a means of safeguarding data. This encryption method is activated using the default settings and requires no additional configuration [62]. Zigbee devices employ contemporary iterations of the Zigbee protocol, encompassing features such as Mesh Networking, physical Layer Encryption, and delivery Layer security. Mesh Networking enables Zigbee devices to communicate over an extended distance without relying on a central server [63]. The utilization of physical layer encryption ensures the encryption of data transmitted across wireless communication channels, safeguarding against unauthorized interception and modification of information. Delivery Layer Protection (DLP) is an extra layer of security that facilitates the transmission of safe data by operating within the Zigbee network. It is a security mechanism implemented in the Zigbee network to ensure the confidentiality, integrity, and authenticity of data being sent and received by devices within the network. It acts as an extra layer of security on top of the network layer to protect against potential attacks and unauthorized access. In the Zigbee network, devices communicate using radio waves, which can be picked up by anyone with a receiver in range. It presents a potential vulnerability as sensitive data, such as personal information or control commands, could be intercepted and tampered with by unauthorized parties [64].

The Intrusion Detection system is an automated security and monitoring device that utilizes specialist wireless communication to detect potential malicious activity on IoT networks. This system aims to identify and obstruct specific connections, detect potentially suspicious activity, and monitor the overall health and efficiency of the network [65]. By real-time monitoring of the environment and providing notifications for any anomalous activities, the system can detect unauthorized access and safeguard the network against potentially harmful individuals. The IDS can be implemented on the purchaser's premises or in a cloud environment [66, 67]. This versatility enhances its effectiveness as a robust solution for safeguarding sensors and other interconnected devices. Moreover, incorporating computerized policies and signals inside the system ensures that the safety administrator can promptly identify suspicious behaviors occurring within the network. This capability enables swift response and remedial actions to be taken [68, 69]. Most commonly, light bulbs and switches are linked to the slider in the primary consumer mode of Zigbee networks. However, other devices such as thermostats, sensors, and dimmers can also be linked and controlled through the slider. Ultimately, any Zigbee-enabled device that is compatible with the specific slider can be linked and controlled.

Vulnerability analysis refers to the systematic process of identifying and assessing the flaws in the Zigbee protocol and the corresponding products that rely on it [70]. The review aims to discover potential vulnerabilities and weaknesses in Zigbee that malicious actors could exploit to interfere with or disrupt its functioning. The review also examines strategies for mitigating or eliminating the identified risks. The process involves [71]

• Evaluating the security of the underlying network architecture,

• Analyzing the authentication and encryption methods employed, and

• Exploring the available countermeasures that can be utilized to safeguard the network from potential flaws.

When making decisions regarding the selection of communication protocols for data exchange in Internet of Things (IoT) systems, it is imperative to consider the specific context and requirements of the device carefully [72]. Specific protocols may be more appropriate depending on the nature of the statistics being sent. For instance, when dealing with sensitive information, choosing a secure protocol such as HTTPS or VPN is advisable. Due to the low latency requirements of the network of factors, protocols such as MQTT or CoAP can be employed, prioritizing reduced overhead in packet transfer [73]. Furthermore, it is advisable to use protocols compatible with the existing infrastructure and technology to achieve optimal scalability and availability while also being adaptable to future changes. When considering communication protocols for IoT architectures, assessing and comparing multiple factors is crucial to ensure the system fulfills all of its needs [74].

3.2 Impacts of the study

To ensure the community's data integrity, the security of a Zigbee community-based IoT system is crucial. Poor security procedures can result in unauthorized access to data and devices, posing a severe threat to the confidentiality of the statistics [75]. In some cases, a weekly protected Zigbee network could be exploited to breach the security of a safe network and remotely access or control equipment [76]. Additionally, if a hacker can identify the data packets transferred through a Zigbee network, they may have access to analytics data that contains essential information about an organization. The impacts of proposed study has shown in the following Fig. 8.

Fig. 8

Impacts of Proposed Study

Zigbee networks’ constrained bandwidth, faster security measures like encryption could negatively affect the network’s overall performance [77, 78].

• Preventing Unauthorized Access: Zigbee provides end-to-end encryption of data packets to shield the nodes from uninvited access.

• Network security: Zigbee-enabled devices include a complex security layer to ease data communication between numerous nodes and an access control device to identify and verify each node.

• Unbreakable Networks: Zigbee networks are reliable and unbreakable because encryption keys are hidden from nodes that are not allowed access.

• Secured data transmission: Zigbee networks offer easy transmission, ensuring that data is unmodified in transit and communicates smoothly over a Wi-Fi mesh network.

• Comfortable network: Zigbee network maintenance is comfortable since all network statistics and tool settings are encrypted on a single node and updated often to maintain secure data transmissions.

3.3 Identified issues

• Limited Network Security: Zigbee is characterized by its low bandwidth, short-range capabilities, and inherent vulnerabilities. The absence of encryption in facts and communications renders Zigbee networks susceptible to intrusions and malevolent entities [79].

• Limited Authentication: Zigbee networks rely on binary security keys, which can facilitate the unauthorized interception of data and unauthorized access.

• Data Integrity: The compromise of the Zigbee protocol may lead to concerns over data integrity. How information is conveyed may undergo modification or corruption during the transfer process, rendering it uncertain as to the true origin of the message [80].

• Key Control: It refers to exercising self-control or exhibiting moderate and controlled behavior. Essential control is an important aspect within a Zigbee community, wherein static encryption keys are utilized. These keys have the potential to be randomly produced, but once generated, they remain unmodified. However, this characteristic makes them susceptible to exploitation by malicious actors, posing a significant security risk [81].

• Malware Detection: In the context of Engineering, it is observed that a significant amount of information is disseminated inside a Zigbee network, hence facilitating the potential for adversaries to engage in reverse engineering of the protocol. It poses a heightened risk for various malicious activities such as creating Botnets, deploying malware, conducting port scanning, or initiating ransomware attacks [82].

• Access Control: The access control mechanisms of Zigbee networks are susceptible to spoofing attacks, which enable unauthorized individuals to obtain access and exert control over wireless devices [83].

• Inadequate security: Zigbee networks employ a simplistic authentication mechanism for safeguarding data, rendering them vulnerable to exploitation by unscrupulous actors.

• Community Exploitation: The responsibility of connecting all devices inside a Zigbee network lies with a singular Zigbee router. This situation presents a possible vulnerability since hackers may seek to exploit this singular router in order to get unauthorized access to the entire network [84].

• The interception of information: The interception of facts from Zigbee networks is susceptible to record tampering and replay attacks due to the absence of robust authentication or encryption mechanisms implemented by users [85].

• Susceptibility to Replay Attacks: Due to ZigBee's reliance on a singular public key for authentication, users are exposed to the risk of replay attacks occurring over the air. This vulnerability creates the potential for man-in-the-middle attacks and other related security breaches [86].

• Standardization: One significant issue is the need for more standardization in Zigbee. Currently, Zigbee lacks the implementation of contemporary communication protocols and encryption methods, which renders its applications vulnerable to security breaches [87].

• Inadequate Security Measures for Endpoints: Endpoints inside the Zigbee network, such as sensors or other intelligent devices, may possess insufficient security measures, hence enabling unauthorized entities to acquire access to these endpoints [88]. This unauthorized access can be exploited to gain admission into the entire network.

• The low bandwidth of Zigbee means that devices can only transmit small amounts of data at a time. It makes it difficult to transfer large amounts of data quickly and can limit the functionality of specific devices, such as those that require high-definition video or audio streaming. Zigbee's short-range capabilities also have an impact on network security.

• The limited range means that devices must be physically close to each other to communicate, making it easier for an attacker to access the network and compromise devices physically.

• Zigbee's low power consumption design makes it vulnerable to attacks. As devices are constantly in a low-power state, they may be unable to monitor for potential threats or react quickly to prevent attacks. It can open them to malicious attacks like eavesdropping, spoofing, or network jamming.

• Zigbee's inherent vulnerabilities, such as the lack of encryption or authentication, can pose security challenges. With proper security measures, data transmitted over the network can be intercepted and protected. These constraints on network security can make Zigbee a less secure option for specific applications, especially those that require high-speed data transfer or have strict security requirements.

• Network administrators and device manufacturers need to implement additional security measures to mitigate these potential risks and ensure the overall security of the Zigbee network

4 Proposed model

The proposed model is primarily grounded in applying various challenges inside the network. The fundamental objective of this cryptographic assignment is to implement an authentication mechanism that guarantees the integrity of messages exchanged between nodes and the corresponding hub, hence preventing any message forgery. The second project is a hardware assignment that operates at the network's physical layer and is designed to authenticate the nodes. Each node within the system contains a memory component responsible for storing private keys. These private keys are transmitted to a specific node inside a separate network. When a node transmits a message, the recipient node evaluates the originating address of the message and cross-references it with its stored data. It is optimal for the authentication process to be successful, as this allows the message to be transmitted to its intended destination and, after that, undergo processing. Furthermore, the suggested version incorporates a position-based access control mechanism that provides varying levels of access and privileges to distinct nodes based on their kind. The block diagram of the proposed model has shown in the following Fig. 9.

Fig. 9

Proposed Block diagram

In security, input user information refers to any data or commands entered by a user into a system. This could include login credentials, personal information, or any other instructions given to the system. Before this information can be used or analyzed, it must undergo a process known as pre-processing. Pre-processing involves cleaning, validating, and formatting the input user information to ensure it is suitable for further analysis. This step is crucial as it eliminates any errors or anomalies that could affect the accuracy of the subsequent steps. Once the input user information has been pre-processed, the next step is feature extraction. This refers to identifying and extracting relevant data points or features from the input information. These features are then used to create a profile or representation of the user's behavior, which can be compared against known patterns to detect potential threats. Threat detection identifies any actions or behaviors that threaten the system's security. This could include malicious activities, unauthorized access attempts, or other suspicious behavior. By using the extracted features and comparing them to known threat patterns, potential threats can be identified and flagged for further investigation. Threat classification refers to categorizing detected threats based on their severity and type. This step allows for a more efficient response to potential threats, as resources can be allocated accordingly. It also helps to identify common patterns or trends in the types of threats faced by the system, which can aid in developing better security measures. The process of inputting user information, pre-processing, feature extraction, threat detection, and threat classification is essential for ensuring system security. Federated learning allows the central server to distribute the computational workload among the IoT devices, reducing the burden on the individual devices and avoiding potential performance bottlenecks. The use of federated learning minimizes the communication overhead between the central server and the IoT devices by only transferring model updates instead of the entire dataset, reducing latency. This approach allows the system to efficiently handle a larger number of devices without sacrificing performance or causing delays.

The pre-processing activities involved in ensuring safety in Zigbee network-based IoT systems encompass several stages. The procedures include authentication, encryption, network topology management, statistics integrity control, and authorization. The stages of pre-processing has shown in the following Fig. 10.

• Authentication: It is a critical security technique within a Zigbee network, prioritizing its significance. This process entails the validation of the individuality of each node within the network. The execution of the task can be facilitated through the utilization of a shared secret key, certificates, or a Public Key Infrastructure (PKI). Authentication mechanisms play a crucial role in preventing unauthorized nodes from forging messages within a network. One such mechanism is digital signatures, which use cryptographic algorithms to verify the sender's identity and ensure the integrity of the message. This is achieved by generating a unique digital signature using the sender's private key, which can only be decrypted and verified by the recipient using the sender's public key. Any attempts by unauthorized nodes to forge the message will result in an invalid signature, thereby preventing them from successfully impersonating the sender. Additionally, authentication protocols such as SSL/TLS and IPsec also use public key encryption and digital certificates to authenticate network nodes and prevent unauthorized access. These mechanisms provide a secure and reliable way to verify the identity of nodes within a network, preventing unauthorized and malicious activity.

• Encryption: It is a cryptographic technique employed to ensure the confidentiality and integrity of information. Within a Zigbee network, the data sent between nodes is subjected to encryption using a symmetric encryption method known as Advanced Encryption Standard (AES). It enables the protection of statistics from unauthorized nodes, preventing their examination.

• Topology Management: The term "network" refers to a system or structure composed of interconnected elements or nodes. Topology management refers to using community topology control techniques to prevent unauthorized access to the network by regulating the flow of communication. The term “network topology” is employed to delineate the configuration and arrangement of a network, including the interconnection of nodes and the allocation of access privileges to each node.

• Integrity control: The field of statistics encompasses the collection, analysis, interpretation, presentation, and organization of numerical Integrity control, which pertains to the implementation of measures aimed at safeguarding the integrity of data during its transmission, ensuring that its content remains unaltered. It encompasses several methodologies employed for data integrity verification, such as checksum, hash, or message authentication code.

• Authorization: It refers to the process through which individuals are granted access to valuable resources or services within a particular community. The primary purpose of its implementation is to ensure that only authorized users can access the network and its designated resources. The enforcement of authorization is achieved by implementing authentication and encryption mechanisms.

Fig. 10

Stages of Pre-Processing

Feature extraction is a process in which relevant information is extracted from a dataset for analysis. In the context of a community's unique dynamics and characteristics, feature extraction is adapted to capture the essential elements specific to the community and its behavior. Feature extraction for safeguarding Zigbee network-based IoT systems refers to extracting significant characteristics from the data, which can be utilized to differentiate between benign and malicious network traffic. These functions may encompass attributes such as source and destination addresses of packets, packet length, packet delivery protocol, and packet payload. Feature extraction enables the community to differentiate between various types of visitors, facilitating the prompt identification of evil intent compared to traditional detection methods. Moreover, the feature extraction process can provide the network with a comprehensive comprehension of the collective behavior exhibited by the community. This acquired understanding can be utilized to adapt and promptly address harmful intentions.Initially, feature extraction involves understanding the community and its dynamics. It involves researching and gaining knowledge about the community's cultural, social, and economic background. It is essential as it helps identify the relevant features to be extracted for analysis. The data is collected from various social media platforms, surveys, interviews, and other online activities. The data should be relevant to the community and their behavior. For example, if the community mainly communicates through online forums, the data collected should be from these forums. Once the data is collected, the feature extraction process begins. It involves selecting and extracting relevant features from the data. A standard tool for feature extraction in Zigbee network IoT systems is the Zigbee Cluster Library (ZCL). This library includes a set of standardized application profiles and clusters that define the functionality of devices in a Zigbee network. Using the ZCL, feature extraction can be easily implemented as it provides a structured framework for defining and organizing device features, commands, and attributes. Other tools commonly used for feature extraction in Zigbee networks include IEEE 802.15.4 compliant stack and Zigbee Application Programming Interface (API) libraries.

User authentication is verifying an individual's identity before granting them access to a network or system. In the context of ZigBee networks, user authentication involves verifying the user's identity and attempting to connect to the network via a ZigBee device.

Node authentication, on the other hand, is the process of verifying the identity of a device before allowing it to join a network. In the context of ZigBee networks, node authentication involves verifying the identity of the ZigBee device before including it in the network. This process helps ensure that only authorized devices can join the network, preventing unauthorized access and potential security risks.

The detection of attacks in Zigbee community-based IoT systems encompasses various approaches, typically involving monitoring communication traffic, messages, and device activity inside the network. The examination of this communication or activity should enable the identification of various types of suspect behavior, such as unauthorized access requests, malicious malware, or other malicious actions. Corporations can lease protection monitoring systems for their network, which can actively monitor device communication, identify harmful traffic, notify administrators, and respond to such malicious activities. Another crucial factor in safeguarding Zigbee-based IoT infrastructures is incorporating security mechanisms, including encryption. Encryption is crucial in safeguarding sensitive information from unauthorized access or tampering. It commonly relies on sophisticated technology such as the Advanced Encryption Standard (AES) or Transport Layer Security (TLS). It aids in mitigating various risks, including but not limited to man-in-the-middle assaults. Various authentication and authorization procedures may be implemented to ensure that only legitimate users are granted access to the network or its respective resources. It could involve implementing several authentication procedures, such as enforcing authentication protocols, MAC address filtering, or other authentication and authorization methods. An Intrusion Detection System (IDS) is a security mechanism that monitors and detects any malicious activities or unauthorized access in a network. It works by analyzing network traffic and detecting any unusual or suspicious behavior. IDS is an essential component in protecting modern networks, including those in Internet of Things (IoT) devices. One type of IoT communication protocol is Zigbee, which is designed specifically for low-power wireless devices with short-range communication capabilities. Zigbee networks have some unique characteristics that make IDS implementation different from other IoT protocols. For starters, Zigbee networks operate on the IEEE 802.15.4 standard, which uses a different communication frequency (2.4 GHz) compared to other IoT protocols like Bluetooth or Wi-Fi. This means that IDS for Zigbee networks must be capable of monitoring and analyzing specific frequencies to detect any malicious activities accurately. Zigbee networks are built on a mesh topology, where each device can act as a router and potentially forward data packets to other nodes. This makes it difficult for IDS to monitor the entire network as traffic can be routed through multiple devices, making it challenging to pinpoint the source of any suspicious activity accurately. Another significant difference of IDS in Zigbee networks is the limited resources of the devices. Since most Zigbee devices are low-power and have a limited memory and processing capabilities, the IDS must be designed to consume minimal resources while still providing sufficient protection against intrusions.

The security of Zigbee network-based IoT systems necessitates classifying various attack types into distinct groups based on their unique traits or behavior. The utilization of typing can aid in the identification and resolution of novel attacks, as well as the mitigation of existing ones. It can also contribute to understanding the device's vulnerability and improving the Zigbee network's overall security. Additionally, it contributes to enhancing the security stance of the system by effectively mitigating potential attacks and enhancing incident detection and response capabilities. Typically, this category encompasses DoS attacks, spoofing and session hijacking, man-in-the-middle attacks, packet sniffing, unauthorized access, and code injection.

Authentication is a crucial component of any system's security posture as it verifies the identity of the users and nodes accessing the system and ensures that only authorized entities are granted access. It prevents unauthorized access and protects the system from various security threats, such as data theft, manipulation, and sabotage. Authentication mechanisms provide a strong layer of defense by verifying the identity of individual users and nodes in a system. It is achieved through different techniques and protocols, such as passwords, biometric factors, digital certificates, and encryption techniques, which are implemented at different system levels.

Individual authentication is the process of verifying the identity of individual users who are accessing the system. It is typically based on a combination of something the user knows (e.g., password or PIN), something the user has (e.g., smart card or security token), or something the user is (e.g., biometric factors like fingerprint or face recognition).

Password-based authentication is the most widely used form of individual authentication, where a user enters a unique username and associated password to gain access to the system. However, passwords are prone to various vulnerabilities, such as brute force attacks, dictionary attacks, and phishing attacks. Additional measures like multi-factor authentication (MFA) can be implemented to enhance the security of password-based authentication. MFA combines two or more authentication factors to provide a higher level of security. For example, a user can be asked to enter a password and undergo a biometric scan to validate their identity.

Biometric authentication uses an individual's unique biological characteristics, such as fingerprints, iris scans, face recognition, or voice recognition, to verify their identity. These factors are difficult to replicate and provide a higher level of security than passwords. However, biometric authentication has limitations such as cost, compatibility, and false accept/reject rates. Another commonly used method of individual authentication is the use of digital certificates. A digital certificate is a document issued by a trusted authority that verifies the identity of a user. It contains the user's name, public key, and expiration date. When a user presents their digital certificate, the system can verify its authenticity using the public key, which ensures that the user is who they claim to be.

Node authentication, also known as device or machine authentication, is verifying the identity of a device or machine accessing the system. This is essential in systems where multiple devices or machines communicate with each other, such as in a networked environment. Node authentication is typically based on digital certificates and network access control (NAC) protocols.

Digital certificates are also used for node authentication, where each device or machine has a unique certificate validated during the authentication process. It ensures that only trusted devices are granted access to the system. NAC protocols, such as 802.1x, use a combination of digital certificates and access control lists to authenticate devices before allowing them to join the network. It ensures that only authorized and trusted devices are granted access to the system, reducing the risk of unauthorized access by rogue devices.

Implementing individual and node authentication mechanisms adds multiple layers of security to a system. It verifies the identity of users and devices and helps detect unauthorized access and suspicious activities. Furthermore, it also enables organizations to monitor and track all user and device access, facilitating better control and management of the overall security posture of the system. Implementing robust and multi-layered authentication mechanisms, like passwords, biometric factors, digital certificates, and NAC protocols, contributes significantly to the overall security posture of a system. It helps prevent unauthorized access and mitigate potential security threats, ensuring the system's confidentiality, integrity, and availability.

Zigbee uses a combination of authentication and encryption protocols to ensure the security of its networks. These include using public-key cryptography, which enables secure communication even if the keys are intercepted.

Authentication: It is the process of confirming the identity of a device or user attempting to access a Zigbee network. It is typically done through the use of security keys and certificates. When a device attempts to join a Zigbee network, it must first authenticate itself by presenting the correct keys and certificates.Authentication is critical in ensuring that only authorized devices can access a Zigbee network. Without proper authentication, unauthorized devices could join the network and compromise security. Devices need to have unique keys and certificates that can be verified by the network when attempting to join. Once a device is authenticated, it can utilize the appropriate encryption protocols to secure its communication on the network. It prevents eavesdropping and ensures that any sensitive data being transmitted remains private.

User authentication is verifying a user's identity before granting them access to a service, system, or application. It is a critical security component that is crucial in preventing identity theft and unauthorized account access. Here are some ways in which user authentication helps in preventing identity theft and unauthorized account access:

• Verification of identity: User authentication requires users to provide credentials such as a username and password, biometric information, or a security token to prove their identity. These credentials are unique to each user and help verify that the person accessing the account is a legitimate user, not an imposter.

• Strong passwords: User authentication encourages users to create strong and unique passwords that are difficult to guess or brute force. It makes it harder for hackers to access the account and reduces the risk of identity theft.

• Multi-factor authentication: Multi-factor authentication (MFA) is an additional layer of security that requires users to provide multiple forms of identification before gaining access. It could include a password, a code sent to the user's phone, or a fingerprint scan. MFA adds an extra level of protection against unauthorized access to user accounts.

• Continuous monitoring: User authentication also allows for continuous monitoring of user activity, making detecting suspicious activity or unauthorized access easier. For instance, if a user logs in from a new device or location, the system can flag it as a potential security risk and prompt further verification.

• Limiting access: User authentication can restrict access to sensitive information or functions, such as financial transactions or administrative controls, to authorized users only. It reduces the chances of unauthorized account access and protects against identity theft.

• Authentication protocols: Different authentication protocols, such as Secure Sockets Layer (SSL) encryption, tokenization, and biometric authentication, add an extra layer of protection and make it harder for unauthorized users to intercept or access sensitive information.

User authentication is essential in preventing identity theft and unauthorized account access. It strengthens a system's overall security by verifying users' identity and limiting access to sensitive information or functions. Individuals and organizations must implement robust user authentication measures to protect against identity theft and ensure the security of their accounts. Some of the strategies to enhance node authentication mechanisms are listed below,

• Regular Vulnerability Scanning: Organizations should regularly conduct vulnerability scans on their network and nodes to identify any weaknesses in their authentication mechanisms. It will help identify potential vulnerabilities that hackers or unauthorized users can exploit.

• Multi-factor Authentication: Implementing multi-factor authentication adds more security to the node authentication process. This method requires users to provide multiple forms of identification, such as a password and biometric scan, before gaining access to the node.

• Strong Password Policies: Enforcing strong password policies can help prevent unauthorized access to nodes. Organizations should require users to create complex passwords that are changed regularly and not easily guessed.

• Security Audits: Regular security audits can help identify gaps or weaknesses in the node authentication process. It will allow organizations to take necessary actions to enhance their authentication mechanisms.

• Two-Factor Authentication: In addition to multi-factor authentication, organizations can implement two-factor authentication, which involves using a secondary device, such as a mobile phone, to verify a user’s identity.

• User Training and Education: It is essential to educate users on best practices for creating strong passwords, identifying phishing attempts, and other security measures. It can help prevent unauthorized access to nodes due to human error.

• Implementation of Biometric Authentication: Biometric authentication uses unique physical characteristics of an individual, such as fingerprints or facial recognition, to verify their identity. Implementing this type of authentication can increase the security of node access.

• Continuous Monitoring: Organizations should monitor their network and nodes for suspicious activity or attempted breaches. It will help identify and address any security issues promptly.

• Regular Software Updates: Keeping software and operating systems updated with the latest security patches can help prevent exploit attacks on the authentication mechanisms.

• Access Control Management: Implementing a robust access control system can help prevent unauthorized users from gaining access to nodes. It includes limiting access to sensitive nodes to only authorized personnel.

Encryption: It is the process of converting readable data into code in order to prevent unauthorized access. In the context of Zigbee, encryption is used to protect the privacy of sensitive data being transmitted over the network. It is achieved through encryption keys, which are shared among devices in a network and used to scramble and unscramble data.The following are how encryption techniques enhance the overall security of records during transmission across network devices:

• Confidentiality: Encryption techniques use algorithms to scramble data, making it unreadable to anyone except the intended recipient. It ensures that even if the data is intercepted during transmission, it cannot be understood without the decryption key. This way, sensitive information such as personal data, financial records, or trade secrets remains confidential and inaccessible to unauthorized parties.

• Integrity: Encryption techniques also protect data integrity by detecting any unauthorized changes made during transmission. It is achieved through hashing algorithms, which generate a unique code for each data set. The hash code will change if any alteration is made, indicating that the data has been tampered with. It ensures the data's integrity, preventing malicious actors from modifying or corrupting the records during transmission.

• Secure Key Exchange: Encryption techniques use keys to scramble and unscramble data. These keys must be exchanged between the sender and receiver. This process is securely done through crucial exchange protocols, which ensure that attackers do not intercept the keys during transmission.

• Protection against Man-in-the-Middle Attacks: In a Man-in-the-Middle attack, a third party intercepts communication between two parties, making accessing and modifying the transmitted data possible. However, encryption techniques make it difficult for attackers to understand or modify the intercepted data, ensuring records' security during transmission.

• Compliance with Regulations: Many industries and regulatory bodies have specific requirements for data protection during transmission. Encryption techniques help organizations comply with these regulations and avoid penalties for data breaches. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to encrypt sensitive patient data during transmission to protect patient privacy.

Encryption techniques are methods used to convert data into code, making it unreadable to unauthorized individuals. It ensures that only authorized parties have access to sensitive information, which enhances the overall security of records during transmission across network devices. This incorporation of encryption techniques ensures the confidentiality, integrity, and authenticity of data, making it extremely difficult for attackers to intercept, access, or modify the transmitted records.

Both authentication and encryption play vital roles in maintaining the security of a Zigbee network. It is essential for users and manufacturers to properly implement these protocols in order to protect their data and devices from potential threats.

4.1 Proposed algorithm

The proposed algorithm employed in a Zigbee network-based IoT device is founded upon the principles of the Zigbee Security Framework. The primary objective of this architecture is to enhance community security by providing authentication and encryption mechanisms for communication between devices within the network. Typically, the algorithm operates through a sequence of three distinct phases. Facilitating data communication between nodes and an access control device involves several steps. Here is the step of the process:

1. 1.

   Establishing a Network: The first step is establishing a network between the nodes and the access control device. The type of network used will depend on the specific requirements and limitations of the system.

2. 2.

   Assigning IP Addresses: Once the network is established, each node and the access control device must be assigned unique IP addresses. It will allow them to communicate with each other over the network.

3. 3.

   Protocols: Protocols are used to ensure efficient and standardized communication. The most common protocol used for data communication between nodes and access control devices is the Transmission Control Protocol/Internet Protocol (TCP/IP). This protocol ensures reliable and error-free communication between devices.

4. 4.

   Data Encryption: The data transmitted between the nodes and access control devices may contain sensitive information, such as user credentials or access logs. To protect this data from being intercepted and accessed by unauthorized users, it should be encrypted using a secure encryption algorithm.

5. 5.

   Communication Modes: There are two primary modes of communication between nodes and access control devices: half-duplex and full-duplex. In half-duplex mode, communication can only occur in one direction at a time, while in full-duplex mode, communication can co-occur.

6. 6.

   Data Format: Establishing a standard data format for communication between nodes and access control devices is essential. It could be a Common Object Request Broker Architecture or a Simple Object Access Protocol. It ensures that all devices can understand and interpret the data being transmitted.

7. 7.

   API Integration: The access control device will have an application programming interface to communicate with other devices. The API will have rules, protocols, and tools for building software applications, enabling data exchange between the nodes and the access control device.

8. 8.

   Message Routing: Messages sent between nodes and the access control device must be routed through the network. Depending on the system's architecture, it can be done through a central server or a peer-to-peer network.

9. 9.

   Authorization and Authentication: Before allowing access to the system, the access control device will need to verify the identity of the nodes. It can be done using various methods such as passwords, biometric authentication, or digital certificates.

10. 10.

    Data Transfer: Once all the above steps are completed, data can be transferred between the nodes and the access control device. The access control device can send commands to the nodes, receive data from them, and store or process the information as needed.

Facilitating data communication between nodes and an access control device involves setting up a network, assigning IP addresses, using protocols, encrypting data, establishing communication modes, standardizing data formats, integrating APIs, routing messages, and ensuring proper authorization and authentication. These steps are crucial for establishing secure and efficient data exchange between the nodes and the access control device. The proposed algorithm has shown in the following.

An IoT device that relies on a Zigbee network has primary and secondary security mechanisms. Safety algorithms for user class number one are employed to authenticate the devices associated with individuals who contribute to the Zigbee network. The sum of all device priorities in each zone is,

$$x * = \frac{{x - mean}}{{std}}$$

(1)

where, X is number of element

$$\iota _{{C_{1} C_{2} }} = \frac{{Cov\left( {C_{1} ,C_{2} } \right)}}{{\sqrt {BC_{1} * BC_{2} } }} = \frac{{NC_{1} C_{2} - NC_{1} * NC_{2} }}{{\sqrt {BC_{1} * BC_{2} } }}$$

(2)

The standard deviation of the device priority values is,

$$S\left( {i,j} \right) = \left( {I * K} \right)\left( {i,j} \right) = \sum\limits_{m} {\sum\limits_{n} {I\left( {i - m,j - n} \right)K\left( {m,n} \right)} }$$

(3)

Here, xi represents individual node priority values

$$\max W\left( \lambda \right) = \sum\limits_{i = 1}^{N} {\lambda_{i} - \frac{1}{2}\sum\limits_{i,j = 1}^{N} {y_{i} y_{j} \lambda_{i} \lambda_{j} \left( {x_{i} x_{j} } \right)} }$$

(4)

$$subjectto\left\{ \begin{gathered} 0 \le \lambda_{i} \le C \hfill \\ \sum\limits_{i = 1}^{N} {\lambda_{i} y_{i} = 0,i = 1,2,....,N} \hfill \\ \end{gathered} \right.$$

(5)

The safety rules described below form the fundamental framework of the safety system. During the authentication process, security keys are established, and the user and the network undergo verification. The memory component in each node is a crucial aspect of the overall security architecture of the system. This memory component stores private keys, which are used for secure communication and authentication between nodes. Private keys are essential for ensuring the confidentiality, integrity, and authenticity of the information exchanged between nodes. They are used in cryptographic algorithms to encrypt and decrypt data, generate digital signatures, and authenticate the identity of the communicating nodes. Storing private keys in a dedicated memory component in each node ensures they are protected from unauthorized access and tampering. The memory component can be a physical chip or a secure storage area within the node's hardware. Figure 11 shows the flow diagram of the proposed model.

Fig. 11

Proposed Flow Diagram

This memory component is designed to be tamper-resistant, meaning it can detect and prevent any attempts to access or modify the private keys stored within it. This ensures that only authorized users or processes can access the keys, making it difficult for hackers to compromise the system's security. The memory component can also be designed to self-destruct in case of a physical attack or tampering, further enhancing the security of the private keys. The memory component can also be used for key management, which includes generating, storing, and revoking private keys. It helps maintain the confidentiality and integrity of the keys and reduces the risk of them getting lost or stolen. The memory component in each node plays a critical role in the overall security architecture of the system by securely storing and managing private keys. It ensures that the communication between nodes is secure and that the system is protected from external threats.

Zigbee-enabled systems utilize inexpensive hardware with limited processing capabilities and bandwidth, making them vulnerable to illegal information breaches. To resolve this, implementing robust encryption algorithms and regularly updating security patches can enhance the system's security. Additionally, using network segmentation can limit any potential breach's impact, and strict access control measures can prevent unauthorized access. Secure communication protocols like Transport Layer Security (TLS) can protect against unauthorized data interception. Regular security audits and risk assessments can help identify and address any potential vulnerability in the system.

The following is the difference (yi) between the total device priorities (W) in each zone and the priorities of each particular zone.

$$subjectto\left\{ \begin{gathered} 0 \le \lambda_{i} \le C \hfill \\ \sum\limits_{i = 1}^{N} {\lambda_{i} y_{i} = 0,i = 1,2,....,N} \hfill \\ \end{gathered} \right.$$

(6)

$$P\left( {{A \mathord{\left/ {\vphantom {A B}} \right. \kern-0pt} B}} \right) = \frac{{P\left( {{B \mathord{\left/ {\vphantom {B A}} \right. \kern-0pt} A}} \right)P\left( A \right)}}{P\left( B \right)}$$

(7)

The primary goal of this application of Bayesian optimization is to determine the appropriate value for each SVM parameter. We must take into account at least three crucial real-world options: The kernel operates

$$K_{M52} \left( {x,x^{\prime}} \right) = \theta_{0} \left( {1 + \sqrt {5r^{2} \left( {x,x^{\prime}} \right)} + \frac{5}{3}r^{2} \left( {x,x} \right)\exp \left\{ { - \sqrt {5r^{2} \left( {x,x^{\prime}} \right)} } \right\}} \right)$$

(8)

These algorithms primarily focus on functionalities like data encryption and decryption, message origin verification, and guaranteeing that only authorized communication nodes can access the network. It must keep a large amount of

$$mean = E_{i} = \sum\limits_{j = 1}^{N} {\frac{1}{N}P_{ij} }$$

(9)

$$S = \sigma_{i} = \sqrt {\left( {\frac{1}{N}\sum\limits_{j = 1}^{N} {\left( {P_{ij} - E_{i} } \right)^{2} } } \right)}$$

(10)

$$C_{d} \left( {i,j} \right) = \left| {\left\{ {\left( {r,c} \right):I\left( {r,c} \right) = iandI\left( {r + d_{r} ,c + d_{c} } \right) = j} \right\}} \right|$$

(11)

$$N_{d} \left( {i,j} \right) = \frac{{C_{d} \left( {i,j} \right)}}{{\sum\nolimits_{i} {\sum\nolimits_{j} {C_{d} \left( {i,j} \right)} } }}$$

(12)

$$S_{d} \left( {i,j} \right) = C_{d} \left( {i,j} \right) + C_{ - d} \left( {i,j} \right)$$

(13)

The proposed algorithm uses complex mathematical calculations to encode data, making it difficult for unauthorized parties to access and decipher sensitive information. The proposed algorithm regularly exchanges cryptographic keys to maintain the security of the encryption module and prevent potential security vulnerabilities.

$$energy = \sum\limits_{i} {\sum\limits_{j} {N_{d}^{2} \left( {i,j} \right)} }$$

(14)

Binary optimization can be used to solve this particular problem if it can be solved or simplified.

$$X_{i} = \left( {x_{i1} ,x_{i2} ,...,x_{id} } \right)^{T} x_{i,d} \in \left\{ {0,1} \right\}d = 1,2,.....,D$$

(15)

$$p_{i} = \left( {p_{i1} ,p_{i2} ,....,p_{id} } \right)^{T} ,p_{id} \in \left\{ {0,1} \right\}d = 1,2,...,D$$

(16)

$$v_{id} = v_{id} + c_{1} rand_{1} \left( {p_{id} + x_{id} } \right) + c_{2} rand_{2} \left( {p_{gd} - x_{id} } \right)$$

(17)

$$X_{id} = \left\{ \begin{gathered} 1ifU\left( {0,1} \right) < sigm\left( v \right) \hfill \\ 0otherwise \hfill \\ \end{gathered} \right.,d = 1,2,..,D;i = 1,2,...,N$$

(18)

$$sigm\left( {v_{id} } \right):\frac{1}{{1 + \exp \left( { - \lambda v_{id} } \right)}}$$

(19)

A random forest classifier is made up of several classification trees, each of which k represents a distribution of vectors uniformly and independently. The primary user mode of Zigbee community-based IoT devices enhances network performance by implementing node control, which determines the transmission privileges of individual nodes at any given moment.

$$Unary{\text{Cos}} \left( U \right) = \psi_{n} = \left( {X_{n} = {w \mathord{\left/ {\vphantom {w I}} \right. \kern-0pt} I}} \right)$$

(20)

This process is conducted by assigning protected time slots to devices with top user priority, which are then uploaded to a central coordinator. The same label in conjunction with k, a real positive scalar This cost, based on our prior knowledge that objects are often continuous, pushes close pixels to take on the same label if they have different labels.

$$Pairwise{\text{Cos}} t = \psi_{mn} \left( {X_{n} = w,X_{m} = {v \mathord{\left/ {\vphantom {v I}} \right. \kern-0pt} I}} \right)$$

(21)

Since inference is simpler and the model parameters are simpler to understand in this scenario. When a primary user device is actively operating within a network, it restricts access to the channel for all other nodes. A network node can be positioned to listen in on the communication between other nodes, also known as eavesdropping. This could disrupt the regular operation and delivery of services within the network, as sensitive information and data can be intercepted and compromised. Strategic placement of nodes can also allow for manipulation and interception of data, leading to a breach of security and confidentiality within the network. Eavesdropping can undermine the network's smooth functioning and threaten its integrity, making it crucial to have measures in place to prevent and detect such activities.

Finding a structure w that minimizes the total unary and pair wise energy is necessary for inferring the CRF. This turns the conditional probability maximization problem into an energy minimization problem, which is then applied to computer vision problems.

$$Energy\left( {w,I} \right) = \sum\limits_{U \in V} {\Psi \left( {X_{n} = \frac{{w_{n} }}{I}} \right) + \Psi_{U,V} \left( {X_{n} ,X_{m} = \frac{{w_{m} }}{I}} \right)}$$

(22)

The complexity of the methods used to address the energy minimization problem rises as the graph gets thicker. optimisation methods usually only find a local minimum; the pairwise costs were the product of two Gaussian kernels: Blurring filter Gaussian as in Eq.

$$\left( {GBF} \right) = \exp \left( { - \left\| {p_{n} - p_{m} } \right\|^{2} } \right)/2$$

(23)

$$\exp \left( { - \left\| {p_{n} - p_{m} } \right\|^{2} 2\sigma_{\alpha }^{2} } \right) - \left( {\left\| {I_{m} - I_{m} } \right\|2\sigma_{\beta }^{2} } \right)$$

(24)

where the positions are indicated by pn and pm, their intensity vectors are indicated by In and Im, and their filters' ϼ bandwidth is indicated by these. As a result, individuals with the highest priority consistently have their data transferred without encountering any competition or collisions.

A closer value to zero for Yule's statistic indicates greater diversity among the classifiers. Q, the statistic for Yule, is provided by

$$Q_{i,j} = \frac{{\left( {a \times d - a \times b} \right)}}{{\left( {a \times d + a \times b} \right)}}$$

(25)

$$P\left( {y = {1 \mathord{\left/ {\vphantom {1 f}} \right. \kern-0pt} f}} \right) = \frac{1}{{\left( {1 + \exp \left( {A \times f + B} \right)} \right)}}$$

(26)

$$\arg \min_{A,B} \left\{ { - \sum\limits_{i} {y_{i} \log p_{i} } + \left( {1 - y_{i} } \right)\log \left( {1 - p_{i} } \right)} \right\}$$

(27)

If we define fi as the classifier's prediction and beyi as the associated real target, we may define the isotonic regression.

$$y_{i} = m\left( {f_{i} } \right) + \varepsilon_{i}$$

(28)

The primary consumer mode effectively minimizes interference caused by nodes with secondary priority and low transmission power, thereby reducing energy consumption and enhancing network stability and security.

• Stage 1—Authentication: The process of community authentication necessitates the establishment of identities for both the sender and the receiver. A shared key algorithm is employed to accomplish this task. In order to establish secure communication, it is necessary for both the sender and recipient to possess an identical shared key and mutually authenticate each other's identities.

• Stage 2—Encryption: The utilization of encryption is employed as a means to safeguard data that is being transported across a network. The AES or RSA algorithms provide a secure communication channel between the sender and recipient.

• Stage 3—Authorization: This refers to the process through which a network determines the devices granted permission to access specific resources within the network. The permissible legal devices are authorized to transmit and retrieve statistical data, whereas unauthorized devices are prohibited from accessing these resources.

The authentication and encryption protocols have periodically updated by the proposed algorithm. This could involve using complex encryption methods or implementing multi-factor authentication. Regular security audits and vulnerability assessments should be conducted to identify any weaknesses in the system. If necessary, further security measures, such as firewalls or intrusion detection systems, can be implemented. In the case of compromised keys, they should be immediately revoked, and new keys should be generated and securely distributed. It is also essential to regularly educate users about the importance of strong authentication and encryption practices to ensure they are following best security practices. The proposed algorithm regularly monitors and analyzes monitors and analyzes network data to detect anomalies or suspicious behavior. It employs traffic encryption protocols to prevent data tampering. Implement access control measures to restrict network access to authorized users only. This algorithm regularly updates and patches network software to address any vulnerability. It can also use intrusion detection systems to detect and prevent malicious attempts.

The proposed authentication mechanism employs symmetric key cryptography to prevent message forgery. It means that the sender and receiver share a secret key, which is kept confidential and used to encrypt and decrypt messages. The algorithm used in this mechanism is the Advanced Encryption Standard (AES). It uses a fixed block size of 128 bits and a key size of 128, 192, or 256 bits. It operates on a 4 × 4 matrix of bytes and applies multiple rounds of substitution, permutation, and mixing operations to provide strong encryption. The proposed algorithm will use real-time monitoring and analysis of system data to promptly identify any suspicious or malicious activity. It will then automatically initiate counteractive measures to mitigate any potential security risks without causing any delays in the system's operations. A key expansion algorithm is used to expand the original key into a more extensive key schedule, which generates round keys for each round of encryption. The AES algorithm employs a message authentication code (MAC) technique in which a unique tag is generated and attached to the message. This tag is generated by applying a cryptographic hash function to the encrypted message using the shared secret key. The receiver can then verify the message's authenticity by performing the same hash function on the received message and comparing it to the received tag. The proposed mechanism includes using a key exchange protocol to share the secret key between the sender and receiver securely. It ensures that only authorized parties have access to the key, thus preventing unauthorized users from forging messages. Using AES and MAC in the proposed authentication mechanism ensures the integrity and authenticity of messages exchanged between the sender and receiver, thus effectively preventing message forgery. Secondary user classes provide supplementary levels of security beyond the authentication process once the user has been granted access to the network.

The proposed model can surmount this predicament by implementing stronger encryption techniques such as using longer and more complex keys, implementing multi-factor authentication, and regularly updating the shared keys. They can also enhance key management practices by limiting access to the keys, regularly rotating them, and implementing strict protocols for sharing them. It can continuously monitor and audit their network to identify any vulnerability and promptly address them. It is crucial for authors to stay informed about the latest advancements in encryption technologies and regularly update their security measures to stay ahead of potential threats.

The primary consumer mode for Zigbee community-based IoT devices enables users to adjust the volume settings of connected devices manually. This mode utilizes a "clever extent slider" to determine the appropriate degree of extension.

The slider is interconnected with various devices, including audio systems, amplifiers, televisions, receivers, and other equipment. As the user manipulates the slider, the corresponding device undergoes adjustments accordingly. Individuals can modify the number of each device sequentially or collectively, contingent upon the specific demand. This arrangement can be utilized to ensure that the devices connected to the Zigbee network emit consistent levels of sound volume. Binary security keys in Zigbee networks are symmetric encryption where a single key is shared between all devices. While this method may provide some level of security, it also has some weaknesses that can make the network vulnerable to attacks. A single key means that if the key is compromised or leaked, all devices in the network will be vulnerable. It is because once the key is known; an attacker can easily decrypt all network communication, compromising the data's confidentiality and integrity. Moreover, binary security keys are typically static, meaning they remain the same for the network's lifetime. It makes the network susceptible to replay attacks, where an attacker can intercept and replay previously captured encrypted messages using the same key. Additionally, as the key is shared among all devices, it can be challenging to revoke or update it without affecting the entire network. This lack of crucial management would make removing compromised devices or adding new ones to the network difficult.The user can activate a feature that enables automatic volume adjustment in response to changes in the ambient sound levels. The primary user mode of Zigbee community-based IoT devices provides users with a convenient means to configure and manage the connectivity of their devices. Individuals can manually modify the sound level for each device separately or collectively and enable features for automated volume modifications as desired.

The computation of a threat score for an IoT device based on a Zigbee network entails examining and assessing several factors associated with the device to ascertain its security profile. The primary objective of this examination is to facilitate comprehension regarding the machine's susceptibility or susceptibility to attack, as well as the potential hazards and consequences of a successful breach.Aligned with the Zigbee Alliance, these viewpoints must consider factors such as the code of the Zigbee device, its communication protocol, data integrity, and authentication methods. It is necessary to do a thorough examination of the physical and logical configurations of the device in order to identify any potential security risks associated with the inclusion of wireless components, such as mice and keyboards. In due course, it is imperative to subject structures that rely on the distinctive safety protocols established by the Zigbee Alliance, which include AES-128 encryption, to rigorous monitoring and vulnerability assessments. A hazard rating can be calculated based on the evaluation results, enabling administrators to assess the system's security level and identify improvement areas to enhance its protection.The safety protocols governing Zigbee community-based IoT systems guarantee that solely devices that have been authorized and certified are granted access to the network and its associated resources. This feature facilitates the safeguarding of the community by preventing unauthorized access and malicious intrusions.End-to-end encryption is a security measure that ensures the confidentiality and integrity of data transmission from sender to receiver. It involves encrypting data at the source and decrypting it at the destination, making it nearly impossible for anyone outside the intended recipient to access the transmitted information. This technology is becoming increasingly popular, especially in the context of wireless networks, as it enhances the confidentiality and security of data. The deployment of end-to-end encryption in Zigbee networks can have several effects, both positive and negative. Let us first consider the positive impact. With the growing trend of smart homes and the increasing number of connected devices, secure communication, and data transfer are more critical than ever. In Zigbee networks, end-to-end encryption can provide an additional layer of security, making it difficult for hackers or unauthorized users to intercept or manipulate data. It is essential as the limited bandwidth of Zigbee networks means that any cyber attacks or data breaches can significantly impact their performance. The position-based access control mechanism helps define the roles and responsibilities of the different types of processes in the system. It makes the access control system simpler than most other system’s access control systems that limit access to users by IP addresses or domain names. Some of the prominent features of the Position-based access control system include:

• Attribute-based Credentials: The position-based access control mechanism introduces the concept of credentials used as a means to grant access. Credentials are based on attributes, characteristics, or properties of a particular user or node. Attributes may include user ID, group membership, or job title data.

• Dynamic Allocation of Privileges: In a position-based access control system, privileges are assigned based on the user’s current role. It means that as the role of a user changes, their privileges will be automatically updated. It helps ensure that users have access to resources relevant to their current responsibilities.

The network is designed to be secure and efficient, but there are still potential risks associated with hackers identifying and accessing data packets transferred through the network. One of the main risks is that the hacker can intercept and modify the data packets, potentially compromising the entire network. It can be particularly problematic if the data packets contain critical information, such as analytics data, that is used to monitor and control the devices in the network. If hackers can manipulate this data, they can sabotage the functioning of the network and cause chaos within the smart home or building. Identifying data packets can also give the hacker valuable insight into the devices and their usage within the network. It can aid the hacker in identifying vulnerable devices and exploiting them to gain access to the network or gather sensitive information. For example, suppose the data packets reveal that a particular device is connected to a security system. In that case, the hacker may target that device to access the entire system. Another concern is the exposure of personal or sensitive information.

• Improved user experience: The automatic volume adjustment feature ensures that the sound output is optimized for each user, providing a better overall experience.

• Consistency: With the automatic volume adjustment, the sound level will remain consistent even if there are changes in the environment or the distance between the device and the user.

• Energy efficiency: The volume adjustment feature can save energy by reducing the device's power consumption when the sound level needs to be lowered.

The Zigbee network may transfer data related to user preferences, schedules, and habits, which a hacker could use to understand the user's daily routine better and potentially invade their privacy. It can lead to a breach of personal information or even physical harm if the hacker can use this knowledge to plan a break-in or other malicious activity. Identifying data packets in a Zigbee network by a hacker poses various risks, such as network compromise, device manipulation, and exposure to personal information. These potential risks highlight the importance of implementing strong security measures, such as encryption and authentication protocols, to safeguard the data and devices within the network. Continuous monitoring and updates of these security measures are essential to prevent and mitigate the impact of potential attacks. The Data exchange in IoT systems has the following factors,

• Data Transfer Speed: One of the primary factors to consider when choosing a communication protocol for IoT systems is the data transfer speed. Since IoT systems can generate a large volume of data, the communication protocol must be capable of handling high-speed data transfers.

• Bandwidth: The bandwidth required for data transfer is another crucial factor. The communication protocol must effectively utilize the available bandwidth without causing congestion and delays.

• Connection Reliability: IoT systems often require uninterrupted connections for seamless data transfer. The communication protocol must provide reliable connectivity to ensure data is transmitted without disruptions.

• Latency: The delay between data transmission and reception, known as latency, can significantly impact real-time IoT applications. The communication protocol must have low latency to enable real-time data processing and control.

• Power Consumption: Many IoT devices are battery-powered, and the communication protocol must operate efficiently while consuming minimal power.

4.2 Zigbee community-based IoT device security measures

Zigbee is a wireless communication protocol widely used in the Internet of Things (IoT) devices. It offers low-cost, low-power and easy-to-use connectivity options for IoT devices. However, as with any wireless technology, Zigbee devices are vulnerable to security threats such as eavesdropping, man-in-the-middle attacks, and tampering. Therefore, the Zigbee community needs to implement security measures that align with industry standards and best practices to ensure the security of connected devices and the data they transmit.

• Authentication and Encryption: The most fundamental security measure for IoT devices is strong authentication and encryption techniques. The Zigbee protocol uses the IEEE 802.15.4 standard, which provides security through 128-bit symmetric encryption and a 64-bit initialization vector. Additionally, Zigbee supports using Transport Layer Security (TLS) for secure communication between devices.

• Access Control: One of the significant security risks for IoT devices is unauthorized access. Implementing access control measures such as user authentication, authorization, and privilege management is essential. The Zigbee protocol provides access control features such as user authentication, authorization, and a secure communication channel between devices.

• Firmware and Software Updates: Regularly updating the firmware and software of IoT devices is crucial to address known vulnerabilities and security issues. The Zigbee community should have a process to release updates and patches for devices regularly, and users should be encouraged to install them promptly.

• Physical Security: Physical security measures protect IoT devices from theft, tampering, and other physical attacks. The Zigbee community should ensure that devices are manufactured with tamper-resistant materials and that appropriate mechanisms are in place to detect and respond to physical attacks.

• Network Security: IoT devices connected to a Zigbee network can also risk network-level attacks, such as denial-of-service (DoS) or spoofing attacks. The Zigbee community should implement network security measures such as firewalls, intrusion detection systems, and access control lists to mitigate these risks.

• Secure Boot: in a secure boot process, the device checks the authenticity and integrity of the firmware before loading it. It helps prevent a device from booting up with compromised or malicious firmware. The Zigbee protocol supports secure booting, and the community should encourage its implementation in IoT devices.

• Data Privacy: with the increase in data breaches and privacy concerns, protecting the data transmitted by IoT devices is crucial. The Zigbee community should implement data encryption and anonymization techniques to protect user data from unauthorized access.

• Strong Password Policies: Weak passwords are one of the primary causes of IoT device vulnerabilities. The Zigbee community should encourage users to set strong, unique passwords for their devices and implement a policy to enforce strong passwords.

• Compliance with Industry Standards: The Zigbee community should align with industry standards and best practices for device security. For example, following guidelines from organizations such as the National Institute of Standards and Technology (NIST), the Internet Engineering Task Force (IETF), and the Institute of Electrical and Electronics Engineers (IEEE) can help ensure a robust security posture.

• Regular Security Audits: Periodic security audits can help identify potential vulnerabilities and risks in IoT devices and networks. The Zigbee community should conduct regular security audits of their devices and implement necessary fixes and updates to address any issues identified.

The Zigbee community must prioritize security in all its operations, including device development, manufacturing, and deployment. By implementing these security measures, the community can enhance the security of IoT devices, protect user privacy, and build trust in using Zigbee technology.Diligent observation and oversight of changes within the network infrastructure are crucial for maintaining security. It involves closely monitoring any changes to the network, such as upgrades, updates, additions, or modifications, and ensuring that they align with established security protocols and policies. Some of the key reasons why diligent observation and oversight are critical for maintaining security include:

• Early detection of security issues: By constantly monitoring changes in the network infrastructure, any potential security issues can be identified and addressed early on. It helps to prevent these issues from escalating and causing significant harm to the network.

• Ensuring compliance: Network security is governed by various compliance regulations, such as the General Data Protection Regulation and the Health Insurance Portability and Accountability Act. By closely monitoring changes to the network, organizations can ensure that they remain compliant with these regulations, avoiding potential penalties and legal consequences.

• Vulnerability management: Malicious actors constantly threaten networks by finding new ways to exploit vulnerabilities. Diligent observation and oversight of changes in the network infrastructure can help organizations identify any potential vulnerabilities introduced by these changes. It allows for timely detection and remediation before they can be exploited.

• Maintaining network access controls: Network access controls are essential for preventing unauthorized access to sensitive information and resources. Diligent observation and oversight of changes to the network infrastructure can help ensure that access controls are not compromised and that only authorized individuals have access to the network.

• Establishing a change management process: Diligent observation and oversight of network infrastructure changes help organizations establish a formal change management process. It involves documenting and tracking all changes made to the network, which can help identify any unauthorized or unapproved changes. It also promotes accountability and enables organizations to revert to previous configurations if necessary.

• Optimal configuration management: Network configuration is critical to network security. Diligent observation and oversight of changes to the network infrastructure can help ensure that configurations are optimized for security and that any changes adhere to established guidelines and standards.

The diligent observation and oversight of changes within the network infrastructure are essential for maintaining security. By closely monitoring changes, organizations can identify and address potential security issues early on, ensure compliance with regulations, manage vulnerabilities, maintain network access controls, establish a change management process, and optimize network configurations for security. It helps organizations proactively protect their networks and sensitive information from threats.

4.3 Secure essential recertification:

• Implementing role-based access control (RBAC): This security feature allows access to the essential recertification process only to authorized personnel with appropriate privileges.

• Multi-factor authentication (MFA): MFA adds an extra layer of security by requiring users to provide multiple forms of authentication, such as a password and a code sent to their phone, to access the essential recertification system.

• Centralized user management: This enables real-time tracking of user activity, ensuring that only authorized users have access to the essential recertification system.

• Encryption: All data related to essential recertification is encrypted both in transit and at rest, ensuring that authorized users can access sensitive information.

• Regular audits: Regular audits of the essential recertification system help identify and address any security vulnerabilities, ensuring the system is up-to-date and secure.

Wireless devices communicate with each other using wireless signals, which can be intercepted and manipulated by unauthorized individuals. This makes them vulnerable to spoofing attacks, where a malicious party impersonates a legitimate device or network, gaining access to sensitive information or controlling the targeted device. Wireless devices are prone to spoofing attacks because wireless communication relies on radio waves, which can easily be intercepted and manipulated. Unlike wired communication, where physical access is required to intercept the data, wireless communication can be accessed remotely, making it more vulnerable. Additionally, many wireless devices use outdated or weak security protocols, making it easier for hackers to gain access. Another factor that makes wireless devices susceptible to spoofing is that many networks and devices broadcast their SSID (Service Set Identifier), which is the name of the network or device. This SSID is used by devices to identify and connect to the network, so it is vulnerable to spoofing if not adequately secured. The wireless devices often rely on weak and commonly used default passwords, making it easier for hackers to gain access through brute force attacks. Once the attacker gains access to the device or network, they can monitor and manipulate the transmitted data, impersonate the device or network, and even take control of the device. Wireless communication, weak security protocols, easily accessible networks, and commonly used default settings make wireless devices vulnerable to spoofing attacks. Users must take necessary precautions, such as using strong encryption and securing their network with strong passwords, to protect their wireless devices from spoofing attacks.

4.4 Data integrity

• Data validation: The safety architecture includes data validation mechanisms that ensure only legitimate and accurate data is entered into the system, preventing any malicious or corrupted data from being processed.

• Data encryption: As mentioned before, all data is encrypted both in transit and at rest, preventing unauthorized access or tampering.

• Data backup and recovery: The safety architecture has mechanisms to regularly backup and recover data in case of system failures or disruptions, ensuring data can be restored to its original state.

• Secure data transmission protocols: The safety architecture uses secure communication protocols, such as SSL/TLS, to protect data as it is transmitted between different systems or over the internet.

• Access controls: RBAC, discussed earlier, also plays a crucial role in ensuring data integrity by restricting access to sensitive data only to authorized personnel.

HTTPS and VPN are two protocols that are commonly used for secure communication over the internet. While protocols like MQTT and CoAP are also used for communication, there are certain situations where HTTPS or VPN may be preferred.

1. 1.

   Handling Sensitive Information: One of the main reasons to use HTTPS or VPN is to ensure the security of sensitive information. HTTPS and VPNs use encryption to secure the transmitted data, making it difficult for anyone to intercept and access the information. It is crucial when dealing with sensitive information, such as personal or financial data, as any breach can have serious consequences.

2. 2.

   Need for Strong Authentication: HTTPS and VPN both require a level of authentication before access to the network or website is granted. It adds an extra layer of security, as only authorized individuals can access the network. It is essential for companies and organizations that deal with confidential data or have strict security protocols in place.

3. 3.

   Compliance with Regulations: Many industries, such as healthcare and finance, have strict regulations in place regarding data security. In these cases, HTTPS or VPN is often necessary to comply with these regulations. For instance, the Health Insurance Portability and Accountability Act (HIPAA) require strong encryption to protect patient data, making HTTPS and VPN essential.

4. 4.

   Remote Access: HTTPS and VPN are also valid in situations where remote access is required. Both protocols allow users to securely access networks and data remotely without compromising security. It is essential for employees who must work from home or while traveling, as it ensures that sensitive information remains protected.

4.5 Preventing the transmission of harmful traffic

• Firewall: A firewall is implemented as the first line of defense to prevent unauthorized network traffic from entering the system.

• Intrusion detection and prevention systems (IDPS): These systems monitor network traffic for any abnormal or malicious activity and immediately block or prevent it from entering the system.

• Antivirus and anti-malware software: The safety architecture includes robust antivirus and anti-malware software that constantly scans the system for any malicious software and prevents it from being executed.

• Secure network protocols: The architecture uses protocols such as HTTPS or SSH for remote access and file transfer, preventing harmful traffic from transmitting over the network.

• Regular security updates and patches: The safety architecture receives updates and patches to address known vulnerabilities and ensure the system is protected against new threats.

Encryption converts plain, readable data into an unreadable format using a specific algorithm and a key. It ensures that only authorized individuals or systems can access and decipher the data. Encryption plays a crucial role in compliance with various industries' data protection regulations and security standards. It is because it helps protect sensitive information from unauthorized access, modification, or theft. Encryption helps in aligning with the principles of data protection regulations. These require organizations to implement appropriate measures to safeguard personal data, including encryption. By encrypting personal data, organizations ensure that even if the data is breached, the information will be unreadable and useless to any unauthorized party. It helps prevent the misuse of personal data, thus complying with data protection regulations. Encryption is crucial to industry-specific security standards like the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA). These standards require organizations to protect sensitive data, such as credit card information and medical records, from potential cyber-attacks. Encryption is one of the critical controls in these standards, ensuring that sensitive data is protected from unauthorized access. Encryption helps organizations demonstrate their compliance with data protection regulations and security standards. Through encryption, organizations can show that they have taken appropriate measures to protect sensitive data and prevent potential breaches. It can also help avoid fines and penalties for non-compliance with regulations and standards. Encryption significantly contributes to compliance with data protection regulations and industry-specific security standards by providing a secure way to protect sensitive information. It aligns with the principles of data protection regulations, helps meet security standards requirements, and allows organizations to demonstrate their compliance. Therefore, encryption is essential in ensuring data protection and compliance in various industries.

Encryption methods are crucial in ensuring the security and privacy of wireless communication. One of the most prominent encryption methods used in wireless communication is physical layer encryption. This method involves securing data at the physical layer of the wireless network, making it the first line of defense against threats. Physical layer encryption involves transforming the radio signal at the transmitter and then decrypting it at the receiver, preventing unauthorized users from intercepting and understanding the transmitted data. Compared to other encryption methods, such as network layer encryption, which only secures data at the network layer, physical layer encryption offers a more robust and efficient security solution. It is because physical layer encryption operates at a lower level, directly manipulating the signals, making it harder for attackers to decipher and manipulate the data. Physical layer encryption does not require any changes to the existing network infrastructure, making it easier to implement and less vulnerable to attacks. The physical layer encryption also offers better protection against insider attacks, where authorized individuals misuse their access for malicious purposes. With physical layer encryption, any data transmitted over the wireless network is encrypted at the source, ensuring that even if an insider gains access to the network, they cannot decipher the data without the encryption key. The physical layer encryption has become increasingly important in the Internet of Things (IoT) age. With billions of devices connected to the internet and transmitting data wirelessly, the need for secure communication has never been greater. Physical layer encryption provides a secure and cost-effective solution for securing the vast amount of data transmitted between these devices, ensuring their privacy and protecting against potential cyber-attacks.

4.6 State-of-art of the review

The rapid growth of the Internet of Things (IoT) has led to developing a wide range of applications and services that rely on exchanging information between devices. One of the key technologies in this space is Zigbee, a wireless communication protocol commonly used in smart home and industrial IoT applications. As more devices become connected to the internet, the security of these systems becomes increasingly important. The non-conventional review aims to provide a comprehensive and up-to-date overview of the state-of-the-art in Zigbee network-based IoT system security. This includes a detailed analysis of the current threats and vulnerabilities in Zigbee networks and the various security measures proposed to address them. The review also covers novel research and developments in the field for securing IoT systems. It discusses the strengths and limitations of these approaches and highlights potential areas for further research. The non-conventional review also addresses the challenges and issues in implementing security measures in Zigbee IoT systems. It provides insights into the current and future research directions in this field. It serves as a valuable resource for researchers, practitioners, and stakeholders in the IoT industry, providing a comprehensive understanding of the current security state of Zigbee network-based IoT systems.

4.7 Benefits of the proposed model:-

• Low Power Consumption: Zigbee operates on a low-power, wireless mesh network, making it ideal for IoT devices constantly transmitting data.

• Data Transfer Speed: Zigbee supports data transfer speeds of up to 250 kbps, which is sufficient for most IoT applications.

• Strong Security: Zigbee utilizes Advanced Encryption Standard (AES) encryption, providing strong security for data transmitted over the network.

• Scalability: Zigbee is highly scalable, allowing for the addition of new devices to the network without disruption.

• Range: Zigbee has a range of up to 100 m, making it suitable for IoT systems that require long-distance communication.

4.8 Limitations of the proposed model:-

• Limited Bandwidth: Zigbee has limited bandwidth compared to other wireless technologies, making it unsuitable for high-speed data transfer applications.

• Interference: Zigbee operates on the 2.4 GHz frequency band, also used by other wireless devices such as Wi-Fi and Bluetooth. This can lead to interference and signal degradation.

• Network Congestion: As more devices are added to the network, congestion can occur, reducing performance.

• The proposed algorithm partially capable of resolving the issue of delays in responding to security risks caused by the limitations of network monitoring techniques

• 128-bit AES and CSPs require significant computing power and resources to be effectively implemented. This can be a limitation for low-power devices such as those used in Zigbee networks, as it may impact their battery life and overall performance.

• While 128-bit AES is considered secure against classical computers, it may not be resistant to quantum attacks, which can pose a threat to the security of data transmitted over Zigbee networks.

4.9 Applications of the proposed model:-

• Home Automation: Zigbee is commonly used in home automation systems, allowing for the control of various devices such as lights, thermostats, and security systems.

• Smart Grids: Zigbee can be used in innovative grid systems to monitor and control energy usage.

• Healthcare Monitoring: Zigbee can be used in healthcare systems to monitor and track patient vitals and transmit data to healthcare providers.

• Industrial Automation: Zigbee is suitable for industrial automation, enabling wireless communication between machines and systems.

• Automotive: Zigbee can be used in vehicles for wireless communication between various components and systems.

• Agriculture: Zigbee can monitor and control irrigation systems, monitor soil conditions, and track livestock

Zigbee technology was chosen because it is specifically designed for low-power, low-cost wireless networks, making it well-suited for the Internet of Things (IoT) and smart home applications. It uses a low data rate and low power consumption protocol, making it energy-efficient and scalable. This is important for meeting the identified issues, such as the need for reliable communication and long battery life in IoT devices. Zigbee's mesh network architecture also allows multiple devices to communicate and relay data, ensuring more comprehensive coverage and better connectivity. The Zigbee's features align with the demands of IoT and smart home applications, making it suitable for addressing the identified issues. The proposed method may not have a direct connection or integration with the Zigbee/Matter ecosystem, as it does not utilize the same protocol or standard. However, it may be possible for the proposed method to coexist or work alongside the Zigbee/Matter ecosystem by using a gateway or bridge to translate the different communication protocols. The proposed method could potentially be developed into a new framework that could be adopted by the Zigbee/Matter ecosystem.

5 Conclusion

Zigbee networks facilitate communication between devices within proximity, presenting numerous advantages compared to conventional cable solutions. Zigbee may still be used in various IoT devices and networks, so it is crucial to understand its capabilities and limitations. Conducting periodic analyses of Zigbee can also help identify potential security vulnerabilities and improve overall performance. Zigbee networks have a low latency and high throughput, rendering them well-suited for a wide range of applications. Network security measures are designed to protect against known and identified threats, but new and evolving attacks may not be caught by these measures. Additionally, security measures can sometimes have vulnerabilities or gaps that can be exploited by attackers. This can be due to human error in configuring the security protocols or due to limitations in the technology itself. Furthermore, attackers may use sophisticated techniques or zero-day vulnerabilities to bypass security measures. Therefore, despite taking all necessary precautions and implementing the most up-to-date security measures, there is always a risk of an attack successfully infiltrating the network. As technology and attack methods continue to evolve, it is crucial for organizations to regularly update and strengthen their network security measures. Zigbee networks have garnered increasing appeal as a secure and dependable communication method for low-power wireless sensor networks. Ensuring their protection still has a considerable distance to go regarding foolproof measures. In order to ensure the confidentiality and security of information, it is imperative to implement appropriate security measures. Security concerns can manifest in various aspects of Zigbee communication, including the network construction process, information transfer, protection methods, and the control and utilization of Zigbee networks.