ZigBee specification. Security

ZigBee security concept is based on mutual trust ...

As noted earlier in my topics dedicated to ZigBee networks and the article , the distinguishing feature of ZigBee networks is guaranteed, resistant to interference, multipath attenuation, various failures and failures, data transfer.
It should be added: not only guaranteed, but also secure transmission, which is important for many critical applications.
It is not difficult to imagine the consequences of unauthorized interference with the operation of the process control system or the security system.
However, in less critical applications, it should be possible to reduce the price of devices due to some reduction in security requirements.
This approach is implemented in the ZigBee security model, which this topic is devoted to.

The main privacy mechanism in ZigBee networks is the proper protection of all key data. And the basis of security is trusting relationships that are required both during the initial installation of the keys and in the processing of information relating to security. That is, the exchange of data should be done only between trusted parties. This approach consistently permeates the entire hierarchy of data exchange.

The ZigBee specification regulates security at the levels of NWK and APS and relies on the basic security structure governed by the IEEE 802.15.4 standard. Application security is provided through application profiles (the stack of protocols can be viewed here ).
')
Keys are the cornerstone of the ZigBee security architecture. Their protection is of paramount importance, and keys should never be transmitted over non-secure channels. A short-term (and only) exception to this rule occurs only when a previously unconfigured device is connected to the network.

The ZigBee specification provides for special security measures, as otherwise created networks may be physically accessible to external devices, and specific operating environments may be unpredictable. Moreover, different applications launched simultaneously and using the same transceiver for communication must be mutually trusted, since, for cost reasons, the model does not provide for a firewall between application objects.

In the protocol stack, the various layers are not separated cryptographically, so the access policy is required and requires proper design. An open trust model inside the device allows key sharing, which especially reduces the potential cost of the device.
However, the layer that creates the frame is responsible for its security. If there is a risk of malicious devices appearing, all the payload on the layer creating it should be encrypted so that unauthorized traffic can be immediately cut off. The exception, as already mentioned, is the transfer of a network key to a new device to be attached, which transmits to it the level of unified network security.

Security architecture
The security system in accordance with the ZigBee specification is based on a 128-bit AES algorithm. The security services provided by the ZigBee specification define key generation, device management, and data protection.

ZigBee uses 128-bit keys to implement security mechanisms. The key can be associated either with the network (and used by the ZigBee and MAC sublayer) or with the communication channel. The key can be obtained by pre-installation, agreement or transfer. The creation of communication channel keys is based on the use of the master key, which controls the correspondence of the communication channel keys. The original master key must be obtained through a secure environment (by transfer or preset), since the security of the entire network depends on it. The master key and communication channel keys are visible only at the application level. Different services use different variations of the communication channel key to avoid leakage and security risk.

Key distribution is one of the most important network security features. In a secure network, one special device is assigned to which other devices trust the distribution of security keys - the security management center. Ideally, every device on the network should have a pre-loaded security control center address and initial master key. Applications with no special security requirements can use a network key transmitted by the security management center through a channel that is not protected at the time of the transfer.

Thus, the Trust Center supports the network key and provides point-to-point security. Devices will only accept messages encrypted using the key provided by the security management center, with the exception of the original master key.
The security architecture is shared across network layers:
The MAC sublayer is capable of establishing reliable communication with a neighboring device. As a rule, it uses the security level defined by the upper levels.
The network layer manages routing, processes received messages, and can send requests. Outgoing frames will use the key of the corresponding communication channel according to the routing, if available; otherwise, a network key will be used to protect the payload from external devices.
The application layer sets keys and provides transport services to both the device object (ZDO) and applications. He is also responsible for disseminating messages about changes in devices within the network, which can come from both the devices themselves (for example, a simple status change) and the Security Control Center (which can report that a particular device is being removed from the network). The layer also routes requests from Security Control Center devices and network key updates from the Trust Center to all devices.

The device object ZDO supports device security policies.

Security Management Center
A key element of the ZigBee security concept is the Security Control Center.
At the stage of forming or reconfiguring the network, the Security Management Center allows or prohibits new devices from joining the network.
The Trust Center may periodically update the network key and switch to a new key. First, it broadcasts a new key, encrypted with the old network key. Then informs all devices about the transition to a new key.
Typically, the security management center is also the network coordinator, but it can also be a dedicated device.
The control center plays the following roles in security:
a) authenticates devices wishing to join a network
b) supports and distributes network keys,
c) ensures the safety of device interaction.

Key Types
ZigBee uses three types of keys to manage security:
a) master key,
b) network key and
c) communication channel key.

Master key
This key is not used for encryption. It is used as a secret code shared by two devices when the devices perform the procedure for generating a key of the communication channel.
The master keys generated by the security management center are called the master keys of the security center, all other keys are called the primary keys of the application level.

Network keys
These keys provide network security. The network key has every device on the ZigBee network.
Wireless LAN high security network keys should only be sent in encrypted form. Standard network keys can be sent both in encrypted and unencrypted form.

Keys of communication channels
These keys provide secure unicast messaging between two devices at the application level.

Standard Security Mode
In the standard security mode, the list of devices, master keys, communication channel keys and network keys can be stored both in the security management center and in the devices themselves. The Security Control Center, however, is responsible for maintaining the standard network key and oversees the network admission policy. In this mode, the requirements for memory resources of the Security Management Center are much lower than for enhanced security mode.

Advanced Security Mode
In advanced security mode, the security management center stores a list of devices, master keys, communication channel keys, and network keys necessary to control and apply network key update policies and network access. In this mode, as the number of devices on the network grows, the memory required by the security management center quickly increases.