Manualshelf

Specifications

ManualsBrandsDigi-Frame ManualsComputer equipmentA4 Multi-Purpose
61626364656667686970
XBee®/XBeePRO®SERFModules
©2009DigiInternational,Inc. 63
Since network encryption is performed at each hop, packet latency is slightly longer in an
encrypted network than in a non-encrypted network. Also, security requires 18 bytes of overhead
to include a 32-bit frame counter, an 8-byte source address, 4-byte MIC, and 2 other bytes. This
reduces the number of payload bytes that can be sent in a data packet.
Network Key Updates
ZigBee supports a mechanism for changing the network key in a network. When the network key
is changed, the frame counters in all devices reset to 0.
APS Layer Security
APS layer security can be used to encrypt application data using a key that is shared between
source and destination devices. Where network layer security is applied to all data transmissions
and is decrypted and re-encrypted on a hop-by-hop basis, APS security is optional and provides
end-to-end security using an APS link key that only the source and destination device know. APS
security can be applied on a packet-by-packet basis. APS security cannot be applied to broadcast
transmissions.
If APS security is enabled, packets are encrypted and authenticated using 128-bit AES. This is
shown in the figure below:
Message integrity Code
If APS security is enabled, the APS header and data payload are authenticated with 128-bit AES. A
hash is performed on these fields and appended as a 4-byte message integrity code (MIC) to the
end of the packet. This MIC is different than the MIC appended by the network layer. The MIC
allows the destination device to ensure the message has not been changed. If the destination
device receives a packet and the MIC does not match the destination device’s own hash of the
data, the packet is dropped.
APS Link Keys
There are two kinds of APS link keys – trust center link keys and application link keys. A trust
center link key is established between a device and the trust center, where an application link key
is established between a device and another device in the network where neither device is the
trust center.