SENA ProBee-ZE20S-SEME User Manual

Page 25

Advertising
background image

ProBee-ZE20S-SExx User Guide Rev 1.8

25

3.1

ZigBee Security

Security is a major concern in the ZigBee architecture. Although ZigBee uses the basic security elements

in IEEE 802.15.4 (e.g., AES encryption & CCM security modes), the ZE20S increases the security level

with:

128 bit AES encryption algorithms

Strong, NIST-approved security

Defined Key Types (Link, Network)

Defined Key setup and maintenance

CCM (Unified/Simpler mode of operation)

Trust Centers

3.1.1

Security Level

In order to use security in the application, a user should set security level using the AT command below.

Set 1 defines both Authentication and Encryption at the network layer. Set 0 defines no security. Disabling

security in the application is not ZigBee compliant. All nodes in the network should have the same security

level setup. The security level is configured using the AT command below.

AT+SECURITY=n or AT+SE=n, where n is encryption level. (0=disable, 1=enable)

ZigBee Smart Energy Network is required to high level security and use Pre-configured Link Key with

Certificate-Based Key Establishment solution in each device.

3.1.2

CBKE (Certificate-Based Key Establishment)

The CBKE (Certificate-Based Key-Establishment) solution uses public-key technology with digital

certificates and root keys. Each device has a private key and a digital certificate that is signed by a

Certificate Authority (CA). The digital certificate includes:

Reconstruction data for the device's public key

The device's extended 64-bit IEEE address

Profile specific information (e.g., the device class, network id, object type, validity date, etc.).

Certificates provide a mechanism for cryptographically binding a public key to a device's identity and

characteristics. Trust for a CBKE solution is established by provisioning a CA root key and a digital

certificate to each device. A CA root key is the public key paired with the CA's private key. A CA uses its

private key to sign digital certificates and the CA root key is used to verify these signatures. The

trustworthiness of a public key is confirmed by verifying the CA's signature of the digital certificate.

Certificates can be issued either by the device manufacturer, the device distributor, or the end customer.

For example, in practical situations, the CA may be a computer (with appropriate key management

software) that is kept physically secure at the end customer's facility or by a third-party. At the end of

Advertising
Popular Brands
Popular manuals