上QQ阅读APP看书，第一时间看更新

Zigbee security

Zigbee builds off the security provisions of IEEE 802.15.4. Zigbee provides three security mechanisms: access control lists (ACL), 128-bit AES encryption, and message freshness timers.

The Zigbee security model is distributed across several layers:

Application layer provides key creation and transport services to ZDO
Network layer manages routing, and outgoing frames will use the link key defined by the routing if available; otherwise, a network key is used
MAC layer security is managed through an API and controlled by the upper layers

There are multiple keys that are managed by a Zigbee network:

Master key: The master key may be pre-installed by a manufacturer or entered by a manual process with the user. It forms the basis of security of the Zigbee device. Master keys are always installed first and transmitted from the trust center.
Network key: This key will provide protection at a network level for outside attackers.
Link key: This forms a secure binding between two devices. If two devices have a choice between using installed link keys or network keys, they will always default to link keys to provide more protection.

Link keys are resource heavy in the sense of key storage on constrained devices. Network keys can be used to alleviate some of the storage cost at the risk of decreased security.

Key management is critical for security. The distribution of keys is controlled by establishing a trust center (one node to act as the distributor of keys to all other nodes in the fabric). The ZC is assumed to be the trust center. One may implement a Zigbee network with a dedicated trust center outside of the ZC. The trust center performs the following services:

Trust management: Authenticates devices joining the network
Network management: Maintains and distributes keys
Configuration management: Enables device to device security

In addition, the trust center can be placed in a residential mode (it will not establish keys with network devices) or it can be in commercial mode (establishes keys with every device on the network).

Zigbee uses 128-bit keys as part of its specification within the MAC and NWK layers. The MAC layer provides three modes of encryption, AES-CTR, AES-CBC-128, and AES-CCM-128 (all defined in the IEEE 802.15.4 section). The NWK layer, however, only supports AES-CCM-128 but is tweaked slightly to provide encryption-only and integrity-only protection.

Message integrity ensures messages have not been modified in transit. This type of security tool is used for man-in-the-middle attacks. Referring back to the Zigbee packet structure, the message integrity code and auxilliary header provide fields to add extra checks for each application message sent.

Authentication is provided through a common network key and individual keys between pairs of devices.

Message freshness timers are used to find messages that have timed-out. These messages are rejected and removed from the network as a tool to control replay attacks. This applies to incoming and outgoing messages. Any time a new key is created, the freshness timers are reset.