Telegesis ETRX357-LR - 12 Appendix A. Forming a secure network

To Next Page

To Previous Page

R309 AT Commands

12 Appendix A. Forming a secure network

The default S-register settings lead to a network that is easy to set up and to which extra devices

can easily be added, but it is not very secure. Not only can malicious devices intrude themselves,

but there is also no safeguard against your devices joining a nearby network established by

another user with similar Telegesis devices and register settings, and vice-versa. The use of a

pre-defined Trust Centre Link Key can avoid all these problems. ZigBee PRO normally uses a

Network Key common to all devices for general network traffic, and a Trust Centre Link Key

common to all devices for key distribution. More specific applications such as Smart Energy

systems can use a higher level of security such as a different link key for each point-to-point link.

The default register settings produce the following behaviour when a device establishes a PAN

and another node joins:

1. ZC selects a random Link Key and Network Key

2. ZC sends Network Key to new node, unencrypted

3. ZC sends Link Key to new node, encrypted with Network Key

To create a secure network, use the following settings:

 Write your own Link Key into S09 on every device. If you do this off-line it can never be

hacked

 Set bit 8 of register S0A on all devices that will join the PAN (Use Pre-Configured Trust

Centre Link Key when joining)

 Set bits 4 and 2 of register S0A on the coordinator (Send Network key encrypted with the

link key to nodes joining; Send Network key encrypted with the link key to nodes re-joining

unsecured)

 (For simplicity, you can set bits 8, 4 and 2 of S0A on every device)

The joining procedure now becomes:

1. ZC selects a random Network Key

2. ZC sends the Network Key to new node, encrypted with Link Key

A sniffer can now no longer read the Network Key and use it to decrypt your messages, because

the Link Key is never sent over the air.

You can choose a Network Key and write it into S08 in the coordinator, but there is not much point

in doing this. The other devices ignore S08 as they receive the key from the coordinator, and if the

key is ever updated over the air S08 no longer contains the current value. A pre-defined Network

Key will be needed, however, if your device has to join a secure ZigBee 2006 network.

Bit A of S0A (When joining don’t ask for Trust Centre link key) is intended for use when your

ZigBee PRO device needs to join a ZigBee 2006 network, since ZigBee 2006 does not use Link

Keys. In normal use bit A is not set.