Manualshelf

Specifications

ManualsBrandsDigi-Frame ManualsComputer equipmentA4 Multi-Purpose
61626364656667686970
©2009DigiInternational,Inc. 61
5.Security
ZigBee supports various levels of security that can be configured depending on the needs of the
application. Security provisions include:
• 128-bit AES encryption
• Two security keys that can be preconfigured or obtained during joining
• Support for a trust center
• Provisions to ensure message integrity, confidentiality, and authentication.
The first half of this chapter describes various security features defined in the ZigBee-PRO
specification, while the last half illustrates how the XBee and XBee-PRO modules can be configured
to support these features.
Security Modes
The ZigBee standard supports three security modes – residential, standard, and high security.
Residential security was first supported in the ZigBee 2006 standard. This level of security requires
a network key be shared among devices. Standard security adds a number of optional security
enhancements over residential security, including an APS layer link key. High security adds entity
authentication, and a number of other features not widely supported.
XBee SE modules support high security mode when certificate keys are installed and
authentication is enabled.
ZigBee Security Model
ZigBee security is applied to the Network and APS layers. Packets are encrypted with 128-bit AES
encryption. A network key and optional link key can be used to encrypt data. Only devices with the
same keys are able to communicate together in a network. Routers and end devices that will
communicate on a secure network must obtain the correct security keys.
Network Layer Security
The network key is used to encrypt the APS layer and application data. In addition to encrypting
application messages, network security is also applied to route request and reply messages, APS
commands, and ZDO commands. Network encryption is not applied to MAC layer transmissions
such as beacon transmissions, etc. If security is enabled in a network, all data packets will be
encrypted with the network key.
Packets are encrypted and authenticated using 128-bit AES. This is shown in the figure below.