Professional Documents
Culture Documents
Analysis On The Security Architecture of Zigbee Based On Ieee 802.15.4
Analysis On The Security Architecture of Zigbee Based On Ieee 802.15.4
Bo Fan1,2
1
School of Earth Sciences and ResourcesˈChina University of GeosciencesˈBeijing
2
Qilu Transportation Development Group
Jinan, China
fanbo@qljfjt.com
242
244
246
master
NO YES NO YES(O)
Network Initial active NK or Secure key
key management update NK transmission
Link key NO YES YES(O) YES(O)
configuration MK or LK Secure key
management transmission
In order to avoid the reuse of key in different security
services, it is necessary to generate different keys from LK.
LK one-way function can be used to get no association key,
so that the implementation of different security protocols TC is not a device type, but a kind of application,
can be logically separated from each other. Three types of usually by the coordinator.
security keys can be derived from the LK, as shown in In the ZigBee Protocol Version (ZigBee PRO) also
Table 4. In addition to the data key, the other key is derived defines two safe modes: high safety mode (High Security,
from the calculation of the key hash function corresponding HS) and the standard of safe mode (Standard Security, SS),
to the message authentication code. All derived keys must the standard in safe mode or high safety mode, TC is
be shared by the joint frame counter. configured as the operating state is optional [8]. Standard
Table 4 The Production of Keys safe mode design for residential applications. In this mode,
TC maintains SNK and controls network access policies.
Key type Derived form Purpose High security mode design for commercial applications. In
this mode, TC needs to maintain a list of all devices in the
Key HMAC(0x00) Protection for network (in standard security mode this application is
transmission LK transmission of NK optional), all the relevant key (MK, LK and HSNK) and
key control network access policy. In addition, in the high
Protected security mode, symmetric key exchange protocols and multi
Key loading HMAC(0x02)
transmission of MK entity authentication to be forced to achieve [12].
key LK
and LK
C. ZigBee key management problem
Data key LK Same role as LK At present, most ZigBee applications have NK and LK
keys, if the use of NK, although it can save the node's
Note: 1 HMAC: key HASH message authentication mechanism 2 storage resources, but when a node is captured, the entire
0x00/0x02 refers to the link key with the input string 0x00 or
0x02"
network will be threatened. When LK is used, only a small
part of the node is affected when a node is captured in the
network, but the system overhead is increased. Regardless
B. Trust Center of the use of the preset mode, or the use of MK based key
In each ZigBee network security applications, there transmission mode, there is a great risk of leakage of the key.
must be a network of devices must trust the Trust Center The strength of a security system depends on the weakest
(Center TC, Trust) [7]. TC as part of the network, link. The weakest link in ZigBee is the distribution and
responsible for key distribution and end to end application storage of the security key in all devices [7]. Therefore, the
configuration management. In the high security mode key management scheme is perfect or not determines the
(business model), the application of the device are used to degree of security of ZigBee, and it also largely determines
initialize the MK and TC security communications, and in its scope of use.
the standard security model, the use of NK. In comparison
IV. SECURE IMPLEMENTATION OF ZIGBEE
of various key acquisition methods in Table 2, it is known
that both NK and MK can be obtained by pre installation or A. Common safety factor
by means of a kind of non-secure key transmission. There is
no doubt that the latter option is not acceptable in an ZigBee protocol stack to achieve security, some use a
insecure environment. In Table 5, the interaction between lot of security related features, such as the NWK layer and
ZigBee devices and TC in different purposes is given. APS layer are used in the auxiliary frame header, security
Table 5
parameters and the implementation of the policy, etc..
objective The device receives channel (1) Auxiliary frame header
content from TC The auxiliary frame header includes a security control
domain, a frame counter domain, a source address field and
Trust Initial MK or active Non secure key a key sequence number field. Security domain composed of
management NK transmission security level, the key domain identifier, and extend the
existing reserved domain. The auxiliary frame frame
counter pillow can provide the frame refresh function,
prevent frame retransmission. The security level identifier
of the security level sub domain shows which security
243
245
247
component is used to protect the output frame and the input C. NWK layer security
frame, and the security component of the security level sub The NWK layer provides protection for the correct
domain is listed in Table 1. operation of the MAC layer and provides a suitable service
(2) Security parameter interface for the APL layer. When a NWK layer frame
ZigBee frame protection mechanism using CCM*, needs security protection, the NWK layer uses the AES
AES-128 security operation module. CCM* mode is the encryption and authentication protection frame security in
expansion of the CCM model, both CCM, but also can be the enhanced counter with the CBC-MAC operation mode.
used to separate the CTR and CBC-MAC mode to achieve The upper layer (e.g. application layer) controls the safe
encryption or authentication. The most important is the process operation by setting the security key, the frame
CCM* mode for all CCM* security level only using a key, counter, and the security level.
that is, better than CCM* using ZigBee mode, MAC, NWK The secure NWK layer frame format is shown in
and APL layer can be reused with the same key [8]. Table 1 Figure 4, and the auxiliary frame header is located between
gives the relationship between the security level identifier the NWK header and the payload field. The safe NWK
and the CCM* encryption or authentication used in the payload in the diagram is not a must, if an encrypted
operation. payload, but a complete protection. Security level fields can
CCM* the current input for the CCM* mode be any one of the table 1.
encryption and authentication transfer, but also for the
CCM* encryption and authentication transmission. Table 7
illustrates the order and length of the CCM* current domain.
The current security control field and the frame counter field
should be the same as the security control field and the Figure 3˖Secure NWK frame
frame counter field of the frame header of the frame that is
being processed. The current source address field is set to
Table 7 NWK layer input / output frame safe operation
the MAC 64bit address of the device that initiates the Output frame protection Input frame protection
security protection of the device. When the auxiliary frame
1. From the NIB in the NWK 1. Determine the security
is extended in the current sub domain to 1, the MAC 64bit to retrieve the active NK, level from the NIB, and
address of the device which is initiated by the security the output frame counter,
rewrite the security level
protection of the frame will be consistent with the source in the sub domain.
the number of key 2. To determine the number
address field of the auxiliary frame header of the [8] which sequences and security of key sequences from the
is being processed. levels, and other attributes frame header, send the
Table 6 CCM* at present address and receive the
parameters.
byte˖8 4 1 frame counter
2. Frame header with
source Frame safety 3. The security data
auxiliary frame in 1
address counter control corresponding to the
parameters. number of the key
3. The operation of CCM* sequence is obtained from
B. MAC layer security model using the following the NIB, and if the
parameters of the receiving frame counter is
MAC layer is responsible for its own security process, smaller than the frame
encryption and
and the upper level should decide which security level to counter, the frame is
authentication parameters:
use. discarded.
the length of MIC (from
In ZigBee network, according to MAC PIB (Personal 4. CCM* mode encryption
security level), NK and and authentication using
area network Information Base, a network information
CCM* (the CCM* the same parameters as the
database) safety data in the macDefaultSecurityMaterial and
currently used auxiliary output frame.
macACLEntryDescriptorSet parameters of the two safety
frame header values in the 5. The frame counter is
process for treatment. The upper (for example: application arranged to receive the
following form: the
layer) and NWK layer should be value from the shared frame counter +1, and the
composition of the source
value consensus neighbor device APS LK key frame counter and the
address || frame counter || sending address are stored
macDefaultSecurityMaterial, set safety control). in the NIB.
macACLEntryDescriptorSet values consistent with the 4. According to the
values from the NWK layer of the active network, key conditions of encryption,
counter. The security component should be CCM*, and the constitute the output
security level should be the value of the nwkSecurityLevel frame.
identifier in the NIB. 5. Increase the value of the
For the MAC layer, the LK key should be the first output frame counter in
choice, and if you fail to get it, then apply the default key NIB.
(i.e., the value of the macDefaultSecurityMaterial ID).
244
246
248
6. Set the auxiliary frame V. CONCLUSIONS
header security level sub ZigBee is a new short-range wireless communication
domain to "000". technology, it based on IEEE802.15.4, and the security
Note: in the table || said: cascade system and many safety measures, such as: AES-128
encryption algorithm, CCM* mode of operation, TC etc..
D. APL layer security
But because of its own memory is small, easy to capture the
(1) APL frame security characteristics of its ZigBee is still not perfect, there are still
APS frame format is composed of APS frame header some security risks. For example, key management issues,
and APS load domain. The APS frame header includes a security issues, secure routing issues, etc.. In this paper, the
frame control domain and an address field. When a security security system of ZigBee is analyzed and studied in this
policy is applied to an APS, the security domain of the paper, in order to look forward to a more perfect security
APDU frame control domain is set to: 1, to identify the scheme.
presence of the secondary frame header. The secure APS
frame format is the same as the secure NWK frame in ACKNOWLEDGMENT
Figure 3. This work was supported in part by following funds:
(2) APS sub layer security Shandong Provincial Natural Science Foundation
Key establishment˖APSME (application support sub (ZR2015FM020, ZR2014FQ007); National Natural Science
layer management entity) to provide two devices to allow Foundation (61502258); National Spark Program
each other to establish a LK service, initial trust information (2015GA740096).
(such as: MK) must be installed in the operation of the key
agreement before the installation of each device. REFERENCES
Key transport service˖Transmission of NK, LK, or [1] [1]TingJiang Chenglin Zhao. Zigbee Technology and
MK for devices in a secure or non secure manner. Application.(IEEE 802.15.4)[M]. Beuing University of Press and
Telecommunications Press, 2006.
Device update service ˖ When a node device in a [2] [2]Chun Jin㸪Zuqiu Luo, Feng Luo, Qianbin Chen. Technology Base
ZigBee router changes (such as adding or leaving the of ZigBee and Case Analysis(M).Beijing: National Defense Industry
network), the ZigBee router provides a secure way to notify Press, 2008.
the TC (Trust Center) of the device status change. [3] [3]ZigBee Specification, ZigBee Alliance, r06[S], June 2005.
Device removal service˖Provides a secure way for [4] [4] Xiuli Du. Wireless Analysis of WSN Based on Zigbee
Technology [J]. Computer Science, 2006,33(10).
TC to notify the router that a child device needs to be
[5] [5]Xiaotao Xu, Yonghong Gao, Wei Zhang, Jiagao Li. Research on
removed from the network. The Wireless Network Transmission Security Based on IEEE
Request key service˖For a ZigBee device to provide a 802.15.4 [J]. Research, 2009.
safe way from another device (such as: TC) request to get an [6] [6]Kinney P. ZigBee technology 㸸 Wireless control that simply
active NK or an end to end application MK. works[DB/OL]. Communication Design Conference, 2003.
Exchange key service˖Provide a secure way for TC [7] [7]Ondrej Hyncica, Peter Kacz, Petr Fiedler, Zdenek Bradac. On
Security of PAN Wireless Systems[J]. S. Vassiliadis et al. (Eds.):
to notify a device exchange mutual NK. SAMOS 2006, LNCS 4017, pp. 178 – 185, 2006.
E. Security process [8] [8]ZigBee Specification, ZigBee Alliance, r17[S], January 2008.
[9] [9]Jian Xu, Xiaomin Li. MAC research of Zigbee [J]. Network and
Security implementation process includes: adding Communication,2009.
security network, Jian Quan, NK update, end to end [10] [10] Songzhi Tan, Tinglei Huang. Research and Improvement of
application key establishment and leave the network. The ZigBee Wireless Network’s Security [J]. Embedded System
required security services are completed by the common Application, 2010.
cooperation of all the security operations mentioned in the [11] [11] Jing Sun. Security Analysis of Zigbee[J]. Computer &
Telecommunication㸪2010.
2-6. We envision the security process of [13] in a network
[12] [12]Ender Y / ksel, Hanne Riis Nielson, Flemming Nielson. ZigBee-
as shown in figure 4: 2007 Security Essentials[R],2007ࠋ
[13] [13]Bin Yang. ZigbeeSecurity Mechanism Analysis Based on
AES[J]. Computer Engineer and Science, 2010.
245
247
249
Figure ˖=LJ%HHSURWRFROVWDFNDUFKLWHFWXUHGLDJUDP
246
248
250