Zigbee security Key management
Digi XBee® 3 Zigbee® RF Module
125
WARNING! An always-open join window is permitted (NJ = 0xFF), but this causes the
network to operate outside of the Zigbee specifications. This option is provided for ease of
development and should not be used on the finished product.
Key management
Zigbee defines two security models for key management: centralized security model and distributed
security model.
Centralized security
A centralized trust center network is defined as a Zigbee network where one node acts as the
centralized key authority. This centralized trust center defines the network key and manages its
distribution, determines when and if nodes can join the network, and issues application link keys.
Upon formation of the network, the network coordinator assumes the role of the trust center. The
trust center has a reserved address of 0 on the network, and any traffic sent to this address is routed
to the trust center.
When a node attempts to join, it first establishes a MAC association with a router on the network. The
router sends a request to the trust center, indicating the node wants to join. The trust center decides
if the node can join based on the current join policy (Open join window + EO options). If the trust
center approves the attempt to join, the network key is encrypted using a trust center link key and
sent to the joining node. The joining node must have a copy of the link key in order to decrypt the
network key and successfully join the network.
If the joining node does not have a link key that matches the network or has an install code derived
link key, then it must be registered to the trust center. Registration is the means by which a link key is
given to the trust center using an out-of-band method. Registration requires the trust center operate
in API mode (AP=1 or 2) and cannot be performed in Command or Transparent mode.
Distributed security
A distributed trust center does not have a node designated as a coordinator. All routers in the
network have a copy of the network key and are able to authorize joining devices, meaning every
router on the network is a trust center. The network key is set at the time the network is formed and
cannot change. The network forms on the device that has CE=1, and there will be no coordinator on
the network (the device forms the network as a router.) This means any traffic directed to a 0 address
fails.
When a node joins a distributed trust center network, an adjacent router shares a copy of the network
key to the joining device. The network key is protected by encrypting the exchange with the joining
device with a global link key. The network key can optionally be sent in-the-clear by setting EO bit 1 on
every device on the network. Digi strongly discourages this setting, because it allows unsecure
devices access the network key.
You can perform device registration on a distributed trust center, but the 0x24 registration frame
must be issued on a router that is adjacent to the joining device; registration information is not shared
with the rest of the network.
Device registration
When a device attempts to joins a secure network, it must obtain a copy of the network key to
successfully communicate.
To Next Page
Loading...
Need help?
General
