Digi International Inc XBEEPRO2 Manual Do Utilizador
© 2011 Digi International, Inc.
71
5. Security
ZigBee supports various levels of security that can be configured depending on the needs of the application. Security
provisions include:
provisions include:
•128-bit AES encryption
•Two security keys that can be preconfigured or obtained during joining
•Support for a trust center
•Provisions to ensure message integrity, confidentiality, and authentication.
•Two security keys that can be preconfigured or obtained during joining
•Support for a trust center
•Provisions to ensure message integrity, confidentiality, and authentication.
The first half of this chapter describes various security features defined in the ZigBee-PRO specification, while the last
half illustrates how the XBee and XBee-PRO modules can be configured to support these features
half illustrates how the XBee and XBee-PRO modules can be configured to support these features
Security Modes
The ZigBee standard supports three security modes – residential, standard, and high security. Residential security
was first supported in the ZigBee 2006 standard. This level of security requires a network key be shared among
devices. Standard security adds a number of optional security enhancements over residential security, including an
APS layer link key. High security adds entity authentication, and a number of other features not widely supported.
was first supported in the ZigBee 2006 standard. This level of security requires a network key be shared among
devices. Standard security adds a number of optional security enhancements over residential security, including an
APS layer link key. High security adds entity authentication, and a number of other features not widely supported.
XBee ZB modules primarily support standard security, although end devices that support residential security can join
and interoperate with standard security devices. The remainder of this chapter focuses on material that is relevant
to standard security.
and interoperate with standard security devices. The remainder of this chapter focuses on material that is relevant
to standard security.
ZigBee Security Model
ZigBee security is applied to the Network and APS layers. Packets are encrypted with 128-bit AES encryption. A
network key and optional link key can be used to encrypt data. Only devices with the same keys are able to
communicate together in a network. Routers and end devices that will communicate on a secure network must
obtain the correct security keys.
network key and optional link key can be used to encrypt data. Only devices with the same keys are able to
communicate together in a network. Routers and end devices that will communicate on a secure network must
obtain the correct security keys.
Network Layer Security
The network key is used to encrypt the APS layer and application data. In addition to encrypting application
messages, network security is also applied to route request and reply messages, APS commands, and ZDO
commands. Network encryption is not applied to MAC layer transmissions such as beacon transmissions, etc. If
security is enabled in a network, all data packets will be encrypted with the network key.
messages, network security is also applied to route request and reply messages, APS commands, and ZDO
commands. Network encryption is not applied to MAC layer transmissions such as beacon transmissions, etc. If
security is enabled in a network, all data packets will be encrypted with the network key.
Packets are encrypted and authenticated using 128-bit AES. This is shown in the figure below.