User Manual
Table Of Contents
- 1. Overview
- 2. RF Module Operation
- 3. XBee ZigBee Networks
- Introduction to ZigBee
- ZigBee Stack Layers
- Networking Concepts
- ZigBee Application Layers: In Depth
- Coordinator Operation
- Router Operation
- End Device Operation
- Channel Scanning
- 4. Transmission, Addressing, and Routing
- 5. Security
- 6. Network Commissioning and Diagnostics
- 7. Managing End Devices
- 8. XBee Analog and Digital IO Lines
- 9. API Operation
- API Frame Specifications
- API UART Exchanges
- Supporting the API
- API Frames
- AT Command
- AT Command - Queue Parameter Value
- ZigBee Transmit Request
- Explicit Addressing ZigBee Command Frame
- Remote AT Command Request
- Create Source Route
- AT Command Response
- Modem Status
- ZigBee Transmit Status
- ZigBee Receive Packet
- ZigBee Explicit Rx Indicator
- ZigBee IO Data Sample Rx Indicator
- XBee Sensor Read Indicator
- Node Identification Indicator
- Remote Command Response
- Over-the-Air Firmware Update Status
- Route Record Indicator
- Many-to-One Route Request Indicator
- Sending ZigBee Device Objects (ZDO) Commands with the API
- Sending ZigBee Cluster Library (ZCL) Commands with the API
- Sending Public Profile Commands with the API
- 10. XBee Command Reference Tables
- 11. Module Support
- Appendix A: Definitions
- Appendix B: Agency Certifications
- Appendix C: Migrating from ZNet 2.5 to XBee ZB
- Appendix D: Additional Information
©2011DigiInternational,Inc. 70
5.Security
ZigBee supports various levels of security that can be configured depending on the needs of the application. Security
provisions include:
•128-bit AES encryption
•Two security keys that can be preconfigured or obtained during joining
•Support for a trust center
•Provisions to ensure message integrity, confidentiality, and authentication.
The first half of this chapter describes various security features defined in the ZigBee-PRO specification, while the last
half illustrates how the XBee and XBee-PRO modules can be configured to support these features
Security Modes
The ZigBee standard supports three security modes – residential, standard, and high security. Residential security
was first supported in the ZigBee 2006 standard. This level of security requires a network key be shared among
devices. Standard security adds a number of optional security enhancements over residential security, including an
APS layer link key. High security adds entity authentication, and a number of other features not widely supported.
XBee ZB modules primarily support standard security, although end devices that support residential security can join
and interoperate with standard security devices. The remainder of this chapter focuses on material that is relevant
to standard security.
ZigBee Security Model
ZigBee security is applied to the Network and APS layers. Packets are encrypted with 128-bit AES encryption. A
network key and optional link key can be used to encrypt data. Only devices with the same keys are able to
communicate together in a network. Routers and end devices that will communicate on a secure network must
obtain the correct security keys.
Network Layer Security
The network key is used to encrypt the APS layer and application data. In addition to encrypting application
messages, network security is also applied to route request and reply messages, APS commands, and ZDO
commands. Network encryption is not applied to MAC layer transmissions such as beacon transmissions, etc. If
security is enabled in a network, all data packets will be encrypted with the network key.
Packets are encrypted and authenticated using 128-bit AES. This is shown in the figure below.