Introduction
The Growing Importance of IoT Network in Smart Homes and Industrial Automation
The evolution of IoT network has transformed smart homes and industrial automation by enabling seamless connectivity between devices. According to Statista, the number of smart home users is projected to reach 785.16 million by 2028, highlighting the widespread adoption of interconnected systems.
IoT networks facilitate automation by allowing devices to communicate, monitor, and execute tasks autonomously, improving energy efficiency, security, and convenience. From smart lighting and security systems to manufacturing processes and environmental monitoring, IoT networks play a pivotal role in modern applications.
However, the security and reliability of these networks remain critical concerns. As the number of connected devices increases, so do risks associated with unauthorized access, data manipulation, and network vulnerabilities. This study addresses one of the key challenges in IoT networks—encrypted Zigbee payloads—by presenting decrypted Zigbee network traffic data for advanced security and performance assessments.
Zigbee: A Key IoT Communication Protocol
Zigbee is a widely adopted low-power wireless communication protocol designed for IoT networks, particularly in smart homes, industrial automation, and medical applications. Based on the IEEE 802.15.4 standard, Zigbee enables secure and scalable mesh networking, allowing up to 65,000 devices to communicate efficiently within a network.
The advantages of Zigbee include:
- Low Power Consumption – Designed for battery-powered IoT devices, reducing energy usage.
- Mesh Networking Capabilities – Devices relay signals, ensuring reliable communication even in large-scale deployments.
- Two-Way Communication – Enables smart interaction between IoT devices, ensuring efficient automation.
- Cost-Effective Implementation – Compared to Wi-Fi or cellular connectivity, Zigbee offers low operational costs.
Despite its strengths, Zigbee encrypts network payloads, limiting visibility into device communication patterns and security vulnerabilities. Understanding how devices interact within an IoT network requires decryption of this data—a challenge this study successfully addresses.
Challenges in IoT Network Security: Encrypted Payloads and Traffic Analysis Limitations
Security remains a major concern in IoT networks, particularly when dealing with encrypted device communication. Zigbee employs encryption to protect sensor readings, device commands, and automation triggers, but this creates hurdles for:
- Security Testing – Without decryption, it’s difficult to analyze vulnerabilities in IoT device communication.
- Anomaly Detection – Encrypted traffic prevents researchers from identifying suspicious behavior or cyberattacks in IoT networks.
- Performance Optimization – Understanding traffic patterns requires analyzing real network data, which encryption obscures.
For IoT networks to remain secure and efficient, researchers must decrypt and analyze network traffic to uncover weaknesses, optimize device performance, and strengthen encryption protocols.
Research Focus: Decrypting Zigbee Network Traffic for Security and Performance Assessment
This study presents ZigBeeNet, a decrypted Zigbee IoT network traffic dataset, collected from a real smart home with 15 Zigbee devices over 20 days. The researchers extracted the network key, enabling them to:
- Analyze device communication behavior in a live IoT network.
- Identify security vulnerabilities by examining decrypted payloads.
- Optimize IoT network performance using real-world traffic patterns.
Table: Zigbee Network Traffic Dataset Overview
| Parameter | Details |
|---|---|
| Monitoring Period | 23 September – 14 October 2024 (20 days) |
| Total IoT Devices | 15 Zigbee-enabled smart home devices |
| Total Packets Captured | 24,679,823 packets |
| Average Packets per Minute | 822.55 packets |
| Captured Data Size | 930 MB |
| Packet Transmission Rate | 13.7 packets per second |
| Data Bit Rate | 4134 bits per second |
By decrypting Zigbee traffic, this research provides unprecedented insights into IoT network security and efficiency, paving the way for advanced security models, anomaly detection systems, and optimized network performance strategies.
Understanding IoT Networks and Zigbee Communication
Definition of IoT Networks and Their Role in Modern Digital Infrastructure
IoT networks are an interconnected system of smart devices that communicate autonomously, improving automation, monitoring, and efficiency across various industries. These networks enable real-time data exchange, allowing devices to operate seamlessly without human intervention. IoT networks play a pivotal role in smart homes, industrial automation, healthcare monitoring, and environmental sensing.
In the context of smart homes, Zigbee-based IoT networks power essential devices like motion sensors, smart locks, lighting systems, and environmental monitors, ensuring low-latency, energy-efficient communication. Unlike traditional networking solutions, IoT networks rely on lightweight, scalable protocols optimized for battery-powered and embedded devices.
Table: IoT Network Applications and Use Cases
| Industry | Application | IoT Protocols Used |
|---|---|---|
| Smart Homes | Smart lighting, security systems | Zigbee, Z-Wave |
| Industrial IoT | Automation, predictive maintenance | Zigbee, LoRaWAN |
| Healthcare | Wearable sensors, remote monitoring | Bluetooth, Wi-Fi |
| Environmental | Smart farming, air quality monitoring | Zigbee, LPWAN |
Comparison of Major IoT Protocols: Zigbee, Z-Wave, Wi-Fi, Bluetooth, and Matter
Several communication protocols cater to IoT network requirements, differing in terms of range, energy consumption, scalability, and security.
Table: Comparison of IoT Communication Protocols
| Protocol | Range | Devices Supported | Power Consumption | Security | Scalability |
|---|---|---|---|---|---|
| Zigbee | 100m | 65,000 | Low | AES Encryption | High |
| Wi-Fi | 100m | 250 | High | WPA/WPA2 | Moderate |
| Bluetooth | 10m | 20 | Low | Encrypted | Low |
| Z-Wave | 30m | 232 | Low | S2 Encryption | Moderate |
| Matter | 100m | Variable | Low | Secure Framework | High |
Zigbee emerges as the preferred choice for IoT networks, particularly in smart home automation, due to its low power consumption, extensive device support, and mesh networking capabilities.
Advantages of Zigbee Within IoT Networks
Zigbee’s widespread adoption is fueled by its efficiency and adaptability across diverse IoT applications. Some of its key advantages include:
- Scalability – Supports up to 65,000 devices, making it ideal for large-scale IoT deployments.
- Energy Efficiency – Operates on low power, significantly extending battery life in devices like sensors and switches.
- Mesh Networking – Ensures stable connections even in large infrastructures by allowing devices to relay signals.
- Secure Communication – Uses AES encryption for end-to-end data protection, minimizing security risks.
The study highlights Zigbee’s ability to maintain network integrity through mesh connectivity, ensuring consistent data transmission across smart homes and industrial environments.
Role of Encryption and Network Keys in Zigbee Security
Zigbee’s security framework employs multi-layer encryption protocols, ensuring that transmitted data remains confidential and protected from unauthorized access.
Key Security Mechanisms in Zigbee IoT Networks
- Network Key Encryption – Encrypts all payloads with AES 128-bit encryption to prevent interception.
- Link Keys – Establishes secure communication between paired devices, limiting access to trusted entities.
- Message Integrity Codes (MICs) – Prevents data tampering by verifying each transmitted packet.
- Replay Protection – Prevents attackers from resending captured packets to disrupt the network.
Table: Security Features of Zigbee Encryption Mechanisms
| Security Feature | Functionality | Purpose |
|---|---|---|
| AES Encryption | Encrypts Zigbee network communications | Prevents unauthorized access |
| Network Keys | Protects all device-to-device transactions | Secures IoT network traffic |
| Link Keys | Ensures authentication between paired nodes | Prevents device hijacking |
| Replay Protection | Blocks repeated malicious transmissions | Mitigates cyberattacks |
The decrypted Zigbee network traffic dataset presented in this study provides valuable insights into device communication patterns, security vulnerabilities, and network performance, enabling future advancements in IoT security models.
Methodology: Capturing and Analyzing Zigbee IoT Network Traffic
Data Collection Process
Capturing Zigbee IoT Network Traffic Using Wireshark and CC2531 USB Dongle
The research involved capturing real-time Zigbee IoT network traffic using a Texas Instruments CC2531 USB dongle, a commonly used Zigbee packet sniffer. The dongle was connected to a Raspberry Pi 3, which served as the data collection platform. Wireshark, a popular network analysis tool, was configured on the Raspberry Pi to capture Zigbee packets from the smart home IoT network operating on channel 11, ensuring precise traffic monitoring.
To manage the large dataset, the recording process was structured so that each hour of network traffic was saved into a separate pcap file. Remote access to the Raspberry Pi was also enabled, allowing real-time monitoring and immediate issue resolution during data collection.
Duration and Scope: 20-Day Zigbee Packet Analysis Across 15 Devices
The study captured Zigbee IoT network traffic continuously for 20 days, covering 15 Zigbee-enabled smart home devices. These devices included smart bulbs, motion sensors, dimmer switches, and power plugs, forming a dynamic home automation network.
Table: Overview of Zigbee Network Traffic Collection
| Parameter | Details |
|---|---|
| Monitoring Duration | 23 September – 14 October 2024 (20 days) |
| Number of Devices | 15 Zigbee-based IoT devices |
| Total Packets Captured | 24,679,823 packets |
| Average Packets per Minute | 822.55 packets |
| Data Size | 930 MB |
| Storage Format | pcap files segmented hourly |
| Transmission Rate | 13.7 packets per second |
| Data Bit Rate | 4134 bits per second |
This structured approach enabled accurate tracking of IoT traffic patterns, crucial for assessing device communication, encryption protocols, and security vulnerabilities.
Storage and Preprocessing Techniques: Pcap File Segmentation and Error Correction
During data collection, some captured files were found to be corrupted, displaying errors such as incomplete packet captures. This issue stemmed from Wireshark limitations, including resource constraints on the Raspberry Pi and interruptions during data recording.
To address these errors, a data preprocessing pipeline was implemented:
- Packet Repair Using Editcap – Corrupted files were processed using the editcap tool, correcting malformed packets to ensure usability.
- Merging Files for Comprehensive Analysis – The mergecap tool was used to consolidate pcap files, creating a single dataset for detailed exploration.
- Segmentation for Time-Based Analysis – To maintain manageable file sizes, data was divided into equal one-hour segments, aiding time-series traffic evaluation.
These preprocessing steps ensured data integrity, allowing structured Zigbee network traffic analysis for security evaluations and performance assessments.
Network Key Extraction for Traffic Decryption
Understanding Zigbee Encryption Mechanisms: Transport Key vs. Network Key
Zigbee employs multi-layer encryption to secure IoT communication:
- Transport Key – Publicly known and used for decrypting headers of Zigbee packets, but not payload data.
- Network Key – Private key distributed during device pairing, essential for decrypting full payloads in Zigbee network traffic.
While the transport key allows limited analysis, decrypting Zigbee traffic fully requires extracting the network key, which was successfully obtained in this study.
Step-by-Step Process of Extracting the Network Key
To decrypt payloads, the researchers followed a structured key extraction process:
- Capturing Device Pairing Data – A new Zigbee device was added to the network while the packet sniffer monitored traffic exchanges.
- Intercepting the Network Key Transmission – During the pairing process, the coordinator transmitted the network key to the new device.
- Extracting the Key Using Wireshark – The network key was identified within special Zigbee data frames, allowing full decryption of previously encrypted payloads.
- Applying Decryption to Captured Traffic – With the network key extracted, researchers decoded Zigbee messages, unveiling detailed device communication behavior and data interactions.
Importance of Decryption in IoT Network Security Research
Decrypting Zigbee IoT network traffic serves several critical purposes:
- Device Behavior Analysis – Understanding how Zigbee devices transmit, receive, and process commands, helping optimize network efficiency.
- Anomaly Detection – Identifying unusual network activity that could indicate intrusions, data leaks, or malfunctioning devices.
- Security Vulnerability Assessment – Examining encryption weaknesses, allowing improvements in IoT security protocols.
By decrypting real-time Zigbee traffic, this study provides valuable insights into IoT network security, helping researchers strengthen encryption mechanisms and optimize smart home communication.
Working of the IoT Network Analysis Model
Traffic Analysis and Classification
Packet Density and Transmission Patterns
The dataset contains 24,679,823 captured packets, each recorded over a 20-day monitoring period. Researchers analyzed traffic distribution across seconds, minutes, and hours, identifying fluctuations in network activity.
Table: Packet Density Analysis Across Time Intervals
| Time Interval | Average Packets Transmitted | Peak Transmission Rate |
|---|---|---|
| Per Second | 13.7 packets | 140 packets |
| Per Minute | 822.55 packets | 1750 packets |
| Per 10 Minutes | ~8000 packets | Highly variable |
Graphical analysis shows sudden increases in packet transmission, indicating peak device activity periods. The study examines why these traffic surges occur, uncovering correlations between device triggers, environmental factors, and automation routines.
Device-Level Communication Behavior
Different IoT devices exhibit distinct communication behaviors within Zigbee networks. The study categorizes traffic by device type, tracking interactions among:
- Hubs – Centralized routing nodes managing the network.
- Bulbs & Lights – Frequent transmitters for lighting automation.
- Sensors – Motion detectors sending event-triggered data.
- Switches – User-activated controllers generating command signals.
Table: Zigbee Device Traffic Distribution
| Device Type | Total Packets Sent | Percentage of Network Traffic |
|---|---|---|
| Hub | 3,257,732 packets | 43.4% |
| Smart Bulbs | 1,747,384 packets | 14.9% |
| Sensors | 28,291 packets | 0.4% |
| Power Plugs | 243,766 packets | 3.3% |
Bulbs and lights dominate Zigbee communication, transmitting constant updates for automation. Hubs handle high network traffic, ensuring seamless device coordination.
Unicast vs. Broadcast Packet Analysis
Zigbee networks rely on two transmission types:
- Unicast Packets (78.1%) – Direct device communication.
- Broadcast Packets (21.9%) – Network-wide transmissions.
The study identifies high unicast reliance, signaling efficient device-to-device interactions. Mesh networks, however, require broadcast packets for routing and synchronization, influencing retransmission behavior.
Table: Broadcast Traffic Distribution Across Zigbee Layers
| Layer | Broadcast Packets | Unicast Packets |
|---|---|---|
| IEEE 802.15.4 | 151,110 packets | Majority Unicast |
| Zigbee NWK | 5,096,603 packets | High Broadcast |
| Zigbee HA | 135,045 packets | Moderate Unicast |
Zigbee networks depend on broadcast messaging for device synchronization, especially within routing protocols.
Mesh Networking Insights: Retransmission Behavior and Routing Structure
Retransmission ensures packet delivery in IoT networks. Analysis reveals that:
- 52.3% of traffic originates from devices.
- 47.7% consists of retransmitted packets.
- Only 22.2% of packets reach destinations without retransmission.
Table: Packet Transmission Efficiency Across Zigbee Layers
| Layer | Source Packets | Relay Packets | Direct Packets |
|---|---|---|---|
| NWK | 64.8% | 35.2% | 0.1% |
| ZDP | 23.4% | 76.6% | 0.1% |
| HA | 67.2% | 32.8% | 41.4% |
Retransmissions support network resilience, preventing communication failures due to signal loss.
Security Implications of IoT Network Traffic
Anomaly Detection in IoT Networks
Decrypting Zigbee traffic allows detailed security assessments. Researchers identify unexpected packet transmission patterns, indicating anomalous activity. Unusual spikes in broadcast traffic raise concerns about unauthorized device interactions.
Role of Decrypted Data in Security Vulnerability Assessments
Decryption exposes critical security gaps within IoT networks. Attackers can analyze traffic flow, identifying patterns in automation routines. Without proper encryption updates, malicious entities can manipulate device behavior, leading to unauthorized access and automation control bypasses.
Results and Performance Evaluation
Key Findings on IoT Network Security and Performance
Performance Comparison: Carbon-Intensive vs. Green IoT Networks
Traditional IoT networks consume excessive energy due to constant device interactions. Zigbee-based mesh networks demonstrate energy-efficient behavior, reducing unnecessary retransmissions.
Table: Energy Efficiency Metrics of IoT Network Models
| Network Model | Energy Consumption | Packet Transmission Efficiency |
|---|---|---|
| Standard IoT | High Power Usage | Frequent Retransmissions |
| Zigbee IoT | Low Power Usage | Optimized Routing |
Efficiency Improvements Using Decrypted Zigbee Traffic for Network Optimization
Decryption allows traffic modeling, enabling:
- Adaptive packet scheduling to reduce network congestion.
- Optimized device response timing for energy conservation.
- Real-time security monitoring, detecting anomalies faster.
Identification of IoT Security Gaps
Researchers uncovered encryption weaknesses affecting Zigbee networks. Attackers could intercept pairing processes, extracting the network key. Without frequent key rotation, devices remain susceptible to unauthorized access
Reference and License
Reference: Keleşoğlu, N.; Sobczak, Ł. (2024). ZigBeeNet: Decrypted Zigbee IoT Network Traffic Dataset in Smart Home Environment. Applied Sciences, 14, 10844. https://doi.org/10.3390/app142310844
License: This blog follows the Creative Commons Attribution 4.0 International (CC BY 4.0) License, which allows free use, distribution, and adaptation of the material, provided proper credit is given to the original authors.