Professional Documents
Culture Documents
DEFCON 24 Demay Auditing 6LoWPAN Networks Using Standard Penetration Testing Tools
DEFCON 24 Demay Auditing 6LoWPAN Networks Using Standard Penetration Testing Tools
It shall not be communicated to any third party without the owner’s written consent | [Airbus Defence and Space Company name]. All rights reserved.
Adam Reziouk
Arnaud Lebrun
Jonathan-Christofer Demay
Auditing 6LoWPAN networks
Using Standard Penetration Testing Tools
The 6LoWPAN protocol
• Packet fragmentation
• MTU 127 bytes Vs 1500 bytes
• 80 bytes of effective payload
Arnaud Lebrun 2
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
What’s the big deal ?
Arnaud Lebrun 3
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
The IEEE 802.15.4 standard
• PHY layer and MAC sublayer
• Multiple possible configurations
• Network topology
• Data transfer model
Arnaud Lebrun 4
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
Deviations for the standard
Arnaud Lebrun 5
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
The ARSEN project
• Advanced Routing between 6LoWPAN and Ethernet Networks
• Detect the configuration of existing 802.15.4 infrastructure
• Network topology
• Data transfer model
• Security suite
• Standard revision
• Standard deviations
Arnaud Lebrun 6
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
Based on Scapy-radio
Arnaud Lebrun 7
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
Two main components
Arnaud Lebrun 8
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
New Scapy layers
• Dot15d4.py
• Several bug fixes
• Complete 2003 and 2006 support
• Sixlowpan.py
• Uncompressed IPv6 support
• Complete IP header compression support
• UDP header compression support
• Fragmentation and defragmentation support
Arnaud Lebrun 9
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
Demonstration
Arnaud Lebrun 10
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices
Thank you for
your attention
Arnaud Lebrun 11
CANSPY
Jonathan-Christofer Demay A Platform for Auditing CAN Devices