User Manual
Table Of Contents
- 1. Overview
- 2. RF Module Operation
- 3. XBee ZigBee Networks
- Introduction to ZigBee
- ZigBee Stack Layers
- Networking Concepts
- ZigBee Application Layers: In Depth
- Coordinator Operation
- Router Operation
- End Device Operation
- Channel Scanning
- 4. Transmission, Addressing, and Routing
- 5. Security
- 6. Network Commissioning and Diagnostics
- 7. Managing End Devices
- 8. XBee Analog and Digital IO Lines
- 9. API Operation
- API Frame Specifications
- API UART Exchanges
- Supporting the API
- API Frames
- AT Command
- AT Command - Queue Parameter Value
- ZigBee Transmit Request
- Explicit Addressing ZigBee Command Frame
- Remote AT Command Request
- Create Source Route
- AT Command Response
- Modem Status
- ZigBee Transmit Status
- ZigBee Receive Packet
- ZigBee Explicit Rx Indicator
- ZigBee IO Data Sample Rx Indicator
- XBee Sensor Read Indicator
- Node Identification Indicator
- Remote Command Response
- Over-the-Air Firmware Update Status
- Route Record Indicator
- Many-to-One Route Request Indicator
- Sending ZigBee Device Objects (ZDO) Commands with the API
- Sending ZigBee Cluster Library (ZCL) Commands with the API
- Sending Public Profile Commands with the API
- 10. XBee Command Reference Tables
- 11. Module Support
- Appendix A: Definitions
- Appendix B: Agency Certifications
- Appendix C: Migrating from ZNet 2.5 to XBee ZB
- Appendix D: Additional Information
XBee®/XBee‐PRO®ZBRFModules
©2011DigiInternational,Inc. 73
Trust Center
ZigBee defines a trust center device that is responsible for authenticating devices that join the network. The
trust center also manages link key distribution in the network.
Forming and Joining a Secure Network
The coordinator is responsible for selecting a network encryption key. This key can either be preconfigured or
randomly selected. In addition, the coordinator generally operates as a trust center and must therefore select
the trust center link key. The trust center link key can also be preconfigured or randomly selected.
Devices that join the network must obtain the network key when they join. When a device joins a secure
network, the network and link keys can be sent to the joining device. If the joining device has a pre-configured
trust center link key, the network key will be sent to the joining device encrypted by the link key. Otherwise, if
the joining device is not pre-configured with the link key, the device could only join the network if the network
key is sent unencrypted (“in the clear”). The trust center must decide whether or not to send the network key
unencrypted to joining devices that are not pre-configured with the link key. Sending the network key
unencrypted is not recommended as it can open a security hole in the network. To maximize security, devices
should be pre-configured with the correct link key.
Implementing Security on the XBee
If security is enabled in the XBee ZB firmware, devices acquire the network key when they join a network. Data
transmissions are always encrypted with the network key, and can optionally be end-to-end encrypted with the APS
link key. The following sections discuss the security settings and options in the XBee ZB firmware.