ZB security ZigBee security model
XBee/XBee-PRO ZigBee RF Modules User Guide 77
If APS security is enabled, packets are encrypted and authenticated using 128-bit AES. This is shown in the figure
below:
Message integrity code
If APS security is enabled, the APS header and data payload are authenticated with 128-bit AES. A hash is
performed on these fields and appended as a 4-byte message integrity code (MIC) to the end of the packet. This
MIC is different than the MIC appended by the network layer. The MIC allows the destination device to ensure the
message has not been changed. If the destination device receives a packet and the MIC does not match the
destination deviceās own hash of the data, the packet is dropped.
APS link keys
There are two kinds of APS link keys ā trust center link keys and application link keys. A trust center link key is
established between a device and the trust center, where an application link key is established between a device
and another device in the network where neither device is the trust center.
APS layer encryption and decryption
Packets with APS layer encryption are encrypted at the source and only decrypted by the destination. Since APS
encryption requires a 5-byte header and a 4-byte MIC, the maximum data payload is reduced by 9 bytes when
APS encryption is used.
Network and APS layer encryption
Network and APS layer encryption can both be applied to data. The following figure demonstrates the
authentication and encryption performed on the final ZigBee packet when both are applied.
To Next Page
Loading...
Need help?
General
