2017 IEEE 13th International Symposium on Autonomous Decentralized Systems

Analysis on the Security Architecture of ZigBee Based on IEEE 802.15.4

Bo Fan1,2
1
School of Earth Sciences and ResourcesˈChina University of GeosciencesˈBeijing
2
Qilu Transportation Development Group
Jinan, China
fanbo@qljfjt.com

Abstract— With the rapid development of the network

technology and the wireless communication technology, ZigBee
now has an increasing wide application, which is an kind of
emerging technology in the field of wireless sensor network. so
the security of ZigBee is becoming more and more significant.
In this paper, ZigBee security architecture, security services,
security model, security components, security keys and the
Trust Center , security measures of each layers have been
exposited , in addition displayed the steps of security
implement of ZigBee.

Keywords- ZigBee Technology˗Wireless Sensor Network˗

Security Architecture˗Trust Center
I. INTRODUCTION
With the development of wireless network technology,
the trend of wireless network to replace the wired network is
becoming more and more obvious. Due to the properties of
low cost, low power consuming, high robust and flexibility,
the ZigBee protocol is getting more and more adopted in the
applications of short distance communication, daily
monitoring and short distance data transferring. The security
of ZigBee protocol is a crucial problem and has got more and
more attention. In this paper, the overall security architecture
of ZigBee technology is analyzed, in order to promote the
further development of ZigBee security technology.
According to the definition of the ZigBee protocol, there
are three types of logical devices: the coordinator, routers
and terminal equipment. According to the different
performance, they can be divided into two types: one is the
equipment [6] full function device FFD (Full Function
Device) as the main equipment, which undertakes the
network coordinator function. If the network enabled
security mechanisms, network coordinator and can become
Center Trust (TC). Another device which just has simple
functions is called RFD (Reduced Function Device). It
cannot be used as the network coordinator, and can just
communicate with the network coordinator. According to the
demand of the application, the ZigBee network has two
kinds of network topology as shown in Figure 1.
Figure 1. ZigBee Topology Graph
The ZigBee protocol stack is composed of a series of
layers. Each layer provides a specific service to its upper
layer. Data entities provide data transmission services and
manage entities provide all of the other services. Each
service entity provides interfaces through a service access
point (Service, Access Point SAP), and each SAP provides a
number of service units to meet the requirements [3].
ZigBee protocol stack totally has 4 layers, as shown in
Figure 2, PHY layer provides the basic communication
capabilities of physical wireless devices. The MAC layer
provides a reliable, single hop communication link between
the devices. NWK is responsible for the construction of
network topology, maintenance of network topology, naming
and binding. APL layer includes application support sub-
layer (APS), ZigBee device object (ZDO) and application
software. ZDO is responsible for the management of the
whole equipment, and APS provides services for ZDO and
ZigBee applications [2,4].
II. ZIGBEE SECURITY ELEMENTS
A. Security services
802.15.4 IEEE standard provides the ZigBee protocol
stack MAC layer can provide basic security services and
interoperability between devices. Among them, the basic
security services include: maintaining an access control list
(Control List Access, ACL); the use of symmetric
encryption algorithm to protect the transmission of data [5].
The upper layer of the MAC determines whether the MAC
layer uses security measures, and provides the key
information necessary for the security measures. In addition,
the upper layer is also responsible for the management of
key, the identification of the device and the protection of the
data, updates, etc.. Its main security services are:

978-1-5090-4042-1/17 $31.00 © 2017 IEEE 245

243
241
DOI 10.1109/ISADS.2017.23
 Access control˖each device controls the access to its
own by maintaining an access control table (ACL).
Data encryption˖based on 128 bit AES algorithm, the
symmetric key method is used to protect the data. In the
ZigBee protocol, the net load of the beacon frame, the net
load of the command frame and the net load of the data
frame should be encrypted.
Data integrity˖integrity of the data using the message
complete code MIC (Integrity Code Message), you can
prevent the illegal modification of information.
Sequential anti replay protection ˖ the use of BSN
(beacon serial number) or DSN (data serial number) to
reject the replay of the data attacks [1,3].
B. Security mode and security components
The MAC layer allows for safe operation of the data,
but it is not mandatory for safe transmission, but according
to the operational mode of the device and the selected
security components, to provide different security services
to the device. ZigBee protocol stack provides three security
modes [2]:
Non secure mode˖In the MAC layer, the mode is the
default security mode and does not take any security
services.
Access control (ACL) mode ˖ This mode only
provides access control, as a simple filter only allows
messages from specific nodes.
Safe mode˖At the same time using access control and
frame load password protection, provides a more perfect
security services [9]. Only in this mode, the four security
services mentioned in the 2.1 are used, and the security
components mentioned in Table 1 are used.
The identification of security components include:
symmetric key algorithm, the model and the length of the
integrity check code, etc.. ZigBee security mechanism is
implemented in the MAC layer, application by setting the
appropriate parameters in the protocol stack to call a level of
security components, the default is no security measures.
IEEE802.15.4 provides the [11] Security Suite 8 optional,
should be selected according to the needs of any security
components in one, each security component provides
various types of security attributes and security guarantees,
such as table 1 (the "X" logo of the security component can
provide the security service).
III. ZIGBEE SECURITY KEY AND TRUST CENTER
A. Security key
The ZigBee device using a 128 bit symmetric key in
the network to provide security services, which can use 3
basic key [8] in the process of data encryption: master key
(Mast, Key, MK) (Link Key, LK key link) and network key
(Network Key NK). MK is used to establish the key and it is
shared by 22 devices in the network, which can be used as
the basis for the long-term secure communication of the 2
242
244
246
devices, and also can be used as a general LK. Therefore, it
is necessary to maintain the confidentiality and correctness
of the master key. LK is shared between 2 devices in the
network, which is used to ensure the security of unicast
communication between a group of application layer peer
entities. It can be used in MAC, NWK and APL layer [7].
LK in high security mode (Security High, HS) in the use of
security services (such as key transmission, authentication,
etc.) the basis of service. NK is shared by all devices in the
network, which is used to protect the broadcast
communication in a network. NK in standard Standard SS
(Security) in the use of security services (such as
authentication and frame security services), the basis of. LK
and NK are constantly on the periodic update (high security
mode). Therefore, in the high security mode, TC memory is
to increase with the number of devices in the network
increased, but in the standard security mode is not the case.
When 2 devices have both LK and NK, the LK
communication. Although the overhead of storing NK is
small, it can reduce the security of the system and can not
prevent the internal attacks from [10]. The intended
recipient knows the key type of the protected frame.
Security keys can be obtained in a variety of ways,
different types of key access different, as shown in table 2.
Key transmission refers to the TC in the network to send the
key to the device. A key establishment method based on a
pre shared key (MK) can be used to establish a pair of two
device shared keys. Pre installation is the key to get the key
before the device is added to the network.
Table 2˖Methods of key obtaining
Get method \ key type NK MK LK
key transmission YES YES YES
key establishment NO NO YES
pre installation YES YES YES
In ZigBee, NK has two types: Standard (SNK) and
high security (HSNK) [12]. The distribution of NK and the
initialization of the frame counter depend on the type of NK,
but the two types of NK are protected in the same way. The
availability of security keys in different layers and different
security modes is shown in table 3. Some key types are
optional for some security modes and are marked with "O"
in the table. In addition, all layers must share the active
network key and the associated receive frame counter or
send a frame counter.
Table 3 The Application of Keys
layer mode
secret key
network application safe High
layer layer mode security
Network
YES YES YES YES
key
 master
NO YES NO YES(O)
Network Initial active NK or Secure key
key management update NK transmission
Link key NO YES YES(O) YES(O)
configuration MK or LK Secure key
management transmission
In order to avoid the reuse of key in different security
services, it is necessary to generate different keys from LK.
LK one-way function can be used to get no association key,
so that the implementation of different security protocols TC is not a device type, but a kind of application,
can be logically separated from each other. Three types of usually by the coordinator.
security keys can be derived from the LK, as shown in In the ZigBee Protocol Version (ZigBee PRO) also
Table 4. In addition to the data key, the other key is derived defines two safe modes: high safety mode (High Security,
from the calculation of the key hash function corresponding HS) and the standard of safe mode (Standard Security, SS),
to the message authentication code. All derived keys must the standard in safe mode or high safety mode, TC is
be shared by the joint frame counter. configured as the operating state is optional [8]. Standard
Table 4 The Production of Keys safe mode design for residential applications. In this mode,
TC maintains SNK and controls network access policies.
Key type Derived form Purpose High security mode design for commercial applications. In
this mode, TC needs to maintain a list of all devices in the
Key HMAC(0x00) Protection for network (in standard security mode this application is
transmission LK transmission of NK optional), all the relevant key (MK, LK and HSNK) and
key control network access policy. In addition, in the high
Protected security mode, symmetric key exchange protocols and multi
Key loading HMAC(0x02)
transmission of MK entity authentication to be forced to achieve [12].
key LK
and LK
C. ZigBee key management problem
Data key LK Same role as LK At present, most ZigBee applications have NK and LK
keys, if the use of NK, although it can save the node's
Note: 1 HMAC: key HASH message authentication mechanism 2 storage resources, but when a node is captured, the entire
0x00/0x02 refers to the link key with the input string 0x00 or
0x02"
network will be threatened. When LK is used, only a small
part of the node is affected when a node is captured in the
network, but the system overhead is increased. Regardless
B. Trust Center of the use of the preset mode, or the use of MK based key
In each ZigBee network security applications, there transmission mode, there is a great risk of leakage of the key.
must be a network of devices must trust the Trust Center The strength of a security system depends on the weakest
(Center TC, Trust) [7]. TC as part of the network, link. The weakest link in ZigBee is the distribution and
responsible for key distribution and end to end application storage of the security key in all devices [7]. Therefore, the
configuration management. In the high security mode key management scheme is perfect or not determines the
(business model), the application of the device are used to degree of security of ZigBee, and it also largely determines
initialize the MK and TC security communications, and in its scope of use.
the standard security model, the use of NK. In comparison
IV. SECURE IMPLEMENTATION OF ZIGBEE
of various key acquisition methods in Table 2, it is known
that both NK and MK can be obtained by pre installation or A. Common safety factor
by means of a kind of non-secure key transmission. There is
no doubt that the latter option is not acceptable in an ZigBee protocol stack to achieve security, some use a
insecure environment. In Table 5, the interaction between lot of security related features, such as the NWK layer and
ZigBee devices and TC in different purposes is given. APS layer are used in the auxiliary frame header, security
Table 5
parameters and the implementation of the policy, etc..
objective The device receives channel (1) Auxiliary frame header
content from TC The auxiliary frame header includes a security control
domain, a frame counter domain, a source address field and
Trust Initial MK or active Non secure key a key sequence number field. Security domain composed of
management NK transmission security level, the key domain identifier, and extend the
existing reserved domain. The auxiliary frame frame
counter pillow can provide the frame refresh function,
prevent frame retransmission. The security level identifier
of the security level sub domain shows which security

243
245
247
component is used to protect the output frame and the input C. NWK layer security
frame, and the security component of the security level sub The NWK layer provides protection for the correct
domain is listed in Table 1. operation of the MAC layer and provides a suitable service
(2) Security parameter interface for the APL layer. When a NWK layer frame
ZigBee frame protection mechanism using CCM*, needs security protection, the NWK layer uses the AES
AES-128 security operation module. CCM* mode is the encryption and authentication protection frame security in
expansion of the CCM model, both CCM, but also can be the enhanced counter with the CBC-MAC operation mode.
used to separate the CTR and CBC-MAC mode to achieve The upper layer (e.g. application layer) controls the safe
encryption or authentication. The most important is the process operation by setting the security key, the frame
CCM* mode for all CCM* security level only using a key, counter, and the security level.
that is, better than CCM* using ZigBee mode, MAC, NWK The secure NWK layer frame format is shown in
and APL layer can be reused with the same key [8]. Table 1 Figure 4, and the auxiliary frame header is located between
gives the relationship between the security level identifier the NWK header and the payload field. The safe NWK
and the CCM* encryption or authentication used in the payload in the diagram is not a must, if an encrypted
operation. payload, but a complete protection. Security level fields can
CCM* the current input for the CCM* mode be any one of the table 1.
encryption and authentication transfer, but also for the
CCM* encryption and authentication transmission. Table 7
illustrates the order and length of the CCM* current domain.
The current security control field and the frame counter field
should be the same as the security control field and the Figure 3˖Secure NWK frame
frame counter field of the frame header of the frame that is
being processed. The current source address field is set to
Table 7 NWK layer input / output frame safe operation
the MAC 64bit address of the device that initiates the Output frame protection Input frame protection
security protection of the device. When the auxiliary frame
1. From the NIB in the NWK 1. Determine the security
is extended in the current sub domain to 1, the MAC 64bit to retrieve the active NK, level from the NIB, and
address of the device which is initiated by the security the output frame counter,
rewrite the security level
protection of the frame will be consistent with the source in the sub domain.
the number of key 2. To determine the number
address field of the auxiliary frame header of the [8] which sequences and security of key sequences from the
is being processed. levels, and other attributes frame header, send the
Table 6 CCM* at present address and receive the
parameters.
byte˖8 4 1 frame counter
2. Frame header with
source Frame safety 3. The security data
auxiliary frame in 1
address counter control corresponding to the
parameters. number of the key
3. The operation of CCM* sequence is obtained from
B. MAC layer security model using the following the NIB, and if the
parameters of the receiving frame counter is
MAC layer is responsible for its own security process, smaller than the frame
encryption and
and the upper level should decide which security level to counter, the frame is
authentication parameters:
use. discarded.
the length of MIC (from
In ZigBee network, according to MAC PIB (Personal 4. CCM* mode encryption
security level), NK and and authentication using
area network Information Base, a network information
CCM* (the CCM* the same parameters as the
database) safety data in the macDefaultSecurityMaterial and
currently used auxiliary output frame.
macACLEntryDescriptorSet parameters of the two safety
frame header values in the 5. The frame counter is
process for treatment. The upper (for example: application arranged to receive the
following form: the
layer) and NWK layer should be value from the shared frame counter +1, and the
composition of the source
value consensus neighbor device APS LK key frame counter and the
address || frame counter || sending address are stored
macDefaultSecurityMaterial, set safety control). in the NIB.
macACLEntryDescriptorSet values consistent with the 4. According to the
values from the NWK layer of the active network, key conditions of encryption,
counter. The security component should be CCM*, and the constitute the output
security level should be the value of the nwkSecurityLevel frame.
identifier in the NIB. 5. Increase the value of the
For the MAC layer, the LK key should be the first output frame counter in
choice, and if you fail to get it, then apply the default key NIB.
(i.e., the value of the macDefaultSecurityMaterial ID).

244
246
248
 6. Set the auxiliary frame
header security level sub
domain to "000".
Note: in the table || said: cascade
D. APL layer security
(1) APL frame security
APS frame format is composed of APS frame header
and APS load domain. The APS frame header includes a
frame control domain and an address field. When a security
policy is applied to an APS, the security domain of the
APDU frame control domain is set to: 1, to identify the
presence of the secondary frame header. The secure APS
frame format is the same as the secure NWK frame in
Figure 3.
(2) APS sub layer security
Key establishment˖APSME (application support sub
layer management entity) to provide two devices to allow
each other to establish a LK service, initial trust information
(such as: MK) must be installed in the operation of the key
agreement before the installation of each device.
Key transport service˖Transmission of NK, LK, or
MK for devices in a secure or non secure manner.
Device update service ˖ When a node device in a
ZigBee router changes (such as adding or leaving the
network), the ZigBee router provides a secure way to notify
the TC (Trust Center) of the device status change.
Device removal service˖Provides a secure way for
TC to notify the router that a child device needs to be
removed from the network.
Request key service˖For a ZigBee device to provide a
safe way from another device (such as: TC) request to get an
active NK or an end to end application MK.
Exchange key service˖Provide a secure way for TC
to notify a device exchange mutual NK.
E. Security process
Security implementation process includes: adding
security network, Jian Quan, NK update, end to end
application key establishment and leave the network. The
required security services are completed by the common
cooperation of all the security operations mentioned in the
2-6. We envision the security process of [13] in a network
as shown in figure 4:
245
247
249
V. CONCLUSIONS
ZigBee is a new short-range wireless communication
technology, it based on IEEE802.15.4, and the security
system and many safety measures, such as: AES-128
encryption algorithm, CCM* mode of operation, TC etc..
But because of its own memory is small, easy to capture the
characteristics of its ZigBee is still not perfect, there are still
some security risks. For example, key management issues,
security issues, secure routing issues, etc.. In this paper, the
security system of ZigBee is analyzed and studied in this
paper, in order to look forward to a more perfect security
scheme.
ACKNOWLEDGMENT
This work was supported in part by following funds:
Shandong Provincial Natural Science Foundation
(ZR2015FM020, ZR2014FQ007); National Natural Science
Foundation (61502258); National Spark Program
(2015GA740096).
REFERENCES
[1] [1]TingJiang Chenglin Zhao. Zigbee Technology and
Application.(IEEE 802.15.4)[M]. Beuing University of Press and
Telecommunications Press, 2006.
[2] [2]Chun Jin㸪Zuqiu Luo, Feng Luo, Qianbin Chen. Technology Base
of ZigBee and Case Analysis(M).Beijing: National Defense Industry
Press, 2008.
[3] [3]ZigBee Specification, ZigBee Alliance, r06[S], June 2005.
[4] [4] Xiuli Du. Wireless Analysis of WSN Based on Zigbee
Technology [J]. Computer Science, 2006,33(10).
[5] [5]Xiaotao Xu, Yonghong Gao, Wei Zhang, Jiagao Li. Research on
The Wireless Network Transmission Security Based on IEEE
802.15.4 [J]. Research, 2009.
[6] [6]Kinney P. ZigBee technology 㸸 Wireless control that simply
works[DB/OL]. Communication Design Conference, 2003.
[7] [7]Ondrej Hyncica, Peter Kacz, Petr Fiedler, Zdenek Bradac. On
Security of PAN Wireless Systems[J]. S. Vassiliadis et al. (Eds.):
SAMOS 2006, LNCS 4017, pp. 178 – 185, 2006.
[8] [8]ZigBee Specification, ZigBee Alliance, r17[S], January 2008.
[9] [9]Jian Xu, Xiaomin Li. MAC research of Zigbee [J]. Network and
Communication,2009.
[10] [10] Songzhi Tan, Tinglei Huang. Research and Improvement of
ZigBee Wireless Network’s Security [J]. Embedded System
Application, 2010.
[11] [11] Jing Sun. Security Analysis of Zigbee[J]. Computer &
Telecommunication㸪2010.
[12] [12]Ender Y / ksel, Hanne Riis Nielson, Flemming Nielson. ZigBee-
2007 Security Essentials[R],2007ࠋ
[13] [13]Bin Yang. ZigbeeSecurity Mechanism Analysis Based on
AES[J]. Computer Engineer and Science, 2010.
 Figure ˖=LJ%HHSURWRFROVWDFNDUFKLWHFWXUHGLDJUDP

Table 1˖ZigBee security component table

Security services
Security
level Security Security data Sequence Data
Identifier access Frame
sub component attributes encrypti update integrity
domain control integrity
on (optional)

0x00 000 None ᰐ M=0

0x01 001 AES-CTR ENC X X X M=0
0x02 010 AES-CCM- ENC-MIC-
128 128
X X X X M=16
0x03 011 AES-CCM-64 ENC-MIC-
64
X X X X M=8
0x04 100 AES-CCM-32 ENC-MIC-
32
X X X X M=4
0x05 101 AES-CBC- MIC-128
MAC-128
X X M=16
0x06 110 AES-CBC- MIC-64
MAC-64
X X M=8
0x07 111 AES-CBC- MIC-32
MAC-32
X X M=4

Figure 4˖Security Process Diagram

246
248
250