ZB security XBee security examples
XBee/XBee-PRO ZigBee RF Modules User Guide 80
APS encryption can be enabled in API firmware on a per-packet basis. To enable APS encryption for a given
transmission, the “enable APS encryption” transmit options bit should be set in the API transmit frame. Enabling
APS encryption decreases the maximum payload size by nine bytes.
Using a trust center
The EO command can be used to define the coordinator as a trust center. If the coordinator is a trust center, it will
be alerted to all new join attempts in the network. The trust center also has the ability to update or change the
network key on the network.
In ZB firmware, a secure network can be established with or without a trust center. Network and APS layer
encryption are supported if a trust center is used or not.
Updating the network key with a trust center
If the trust center has started a network and the NK value is changed, the coordinator will update the network key
on all devices in the network. (Changes to NK will not force the device to leave the network.) The network will
continue to operate on the same channel and PAN ID, but the devices in the network will update their network
key, increment their network key sequence number, and restore their frame counters to 0.
Updating the network key without a trust center
If the coordinator is not running as a trust center, the network reset command (NR1) can be used to force all
devices in the network to leave the current network and rejoin the network on another channel. When devices
leave and reform then network, the frame counters are reset to 0. This approach will cause the coordinator to
form a new network that the remaining devices should join. Resetting the network in this manner will bring the
coordinator and routers in the network down for about ten seconds, and will likely cause the 16-bit PAN ID and
16-bit addresses of the devices to change.
XBee security examples
This section covers some sample XBee configurations to support different security modes. Several AT commands
are listed with suggested parameter values. The notation in this section includes an '=' sign to indicate what each
command register should be set to - for example, EE=1. This is not the correct notation for setting command
values in the XBee. In AT command mode, each command is issued with a leading 'AT' and no '=' sign - for
example ATEE1. In the API, the two byte command is used in the command field, and parameters are populated
as binary values in the parameter field.
Example 1: forming a network with security (pre-configured link keys)
1 Start a coordinator with the following settings:
1 ID=2234 (arbitrarily selected)
a. EE=1
b. NK=0
c. KY=4455
d. WR (save networking parameters to preserve them through power cycle)
2 Configure one or more routers or end devices with the following settings:
a. ID=2234
b. EE=1
To Next Page
Loading...
Need help?
General
