Discovering the “Key” to Security for Wireless
Zigbee 3.0’s security features empower designers to create new, innovative, and secure products now and in the future.
While we may not realize it at first glance, the ease of use that we modern consumers count on is built upon device interoperability. As the Internet of Things (IoT) continues to evolve and grow at exponential rates, we can control and monitor connected smart lighting, heating, cooling and security systems from our phone or virtual voice assistant at our leisure. The wireless protocols powering these networks and allowing them to communicate with one another, such as Zigbee or Thread, offer distinct advantages and trade-offs including power consumption, network management, latency and more.
For home and building automation, Zigbee prioritizes something that cannot slip through the cracks: security.
For home and building automation, Zigbee prioritizes something that cannot slip through the cracks: security. Wireless home or industrial networks can be tempting targets for hackers looking for data. Without proper security safeguards, home or building security systems are vulnerable to attackers looking to disable these systems, tamper with them, or steal information.
Zigbee is an industry-proven worldwide standard for low-power, self-healing, robust mesh networks offering a complete and interoperable IoT framework for home and building automation systems. Zigbee 3.0, the latest specification from the Zigbee Alliance incorporates improved security and robustness features such as trust center link key updates and install code enhancements to counter threats every day.
New Features Add Significant Security
Zigbee 3.0 provides well-defined security procedures to request and change keys. In a Zigbee network, two devices must share the same keys in order to communicate.
There are two layers of encryption in Zigbee: the application support sublayer (APS) and the network layer (NWK). Previously, it was not mandatory to update the APS layer encryption key after joining the network.
The new functionality mandates that devices joining a Zigbee 3.0 centralized network must request a randomly generated trust center link key upon joining the network, which is used for all ongoing encrypted APS-layer communication.
This feature adds significant security to the system because a device won’t compromise the NWK key if it leaves and tries to rejoin the network; there is a second layer of mandatory encryption. As Figure 1 shows, Zigbee 3.0 coordinators are configurable to accept or reject legacy devices that do not initiate the trust center link key update procedure.
To enhance security even further, Zigbee 3.0 now offers the option to use pre-configured keys and install codes. Install codes are 128 bits of random data and a 16-bit cyclic redundancy check (CRC) that pass through a hash function to generate a trust center link key. Instead of using the global trust center link key to obtain the NWK key, Zigbee 3.0 enables developers to generate these keys with install codes.
Trust center link keys eliminate the use of well-known keys such that no well-known key is ever used to encrypt data over the air, making the system significantly more secure. Generally, install code-derived trust center link keys are hard-coded into devices during manufacturing, and the corresponding install code is included with the device and programmed into the network leader through an out-of-band method such as a user interface.
Safeguarding What’s Valuable
It is possible to build connected IoT home and building automation systems without the fear of malicious hackers or cyber security threats. Our information and privacy should be treated as a very valuable commodity that must be vigilantly protected. But robust security features and enablers are not always top of mind for design engineers who are trying to differentiate their product. Zigbee 3.0 allows designers the freedom and flexibility to create their own unique product without the worry or hassle of thinking through how to secure a home or building network. Zigbee 3.0 will allow designers to create new, innovative products while remaining competitive in the current landscape and as the IoT continues to evolve. Zigbee 3.0 is clearly one of the keys to a secure home and building network now and in the future.
Nick Smith currently serves as a product marketing engineer for the Low Power RF group at Texas Instruments. Working primarily with Sub-1 GHz, Thread, Zigbee, Bluetooth Low Energy, and multi-standard ultra-low power wireless microcontrollers, he focuses efforts on helping customers incorporate these solutions into a variety of designs.
Prior to his time in Low Power RF, Nick served as a marketing specialist for broad market customers in the Americas for the wider Wireless Connectivity Solutions team. During his 5+ years at Texas Instruments, he also served in a variety of applications engineering roles where Nick contributed to motor drivers, inductive to digital converters and USB Type-C products.
Nick holds a masters degree in electrical engineering with a focus in machine learning and pattern recognition from the University of Missouri.