ZigBee AES 128-Bit Security
The ZigBee security suite is built on the Advanced Encryption (AES-128 bit) Standard, a well-respected block cipher algorithm published by the National Institute of Standards and Technology (NIST). To read more about AES, go to http://www.nist.gov.
If you read the security section in the ZigBee specification, you might get a headache. The language is pretty thick, and there are a lot of security options, including security levels, a variety of key types, CCM*, and so on. Security encompasses 120 pages of the 534-page ZigBee specification. But from an application standpoint, ZigBee security is simple. It is always there.
That's right! There are no code changes or special parameters to set on a data request to include security. It's just there (see Figure 4.28).
Figure 4.28: ZigBee Secure Data Frame
ZigBee both encrypts and authenticates packets. The encrypted portion (the NWK payload), cannot be understood by any nodes sniffing the air. This includes sensitive customer data, such as billing or medical records, or any other application payload, including what clusters, profile, and endpoints are used.
ZigBee authenticates the entire frame. Authentication is required in order to prevent replay attacks and to prevent any node from falsely injecting a packet into the network. A replay attack is simple to perform. Set an 802.15.4 device listening on a channel or set of channels. When a packet is heard, replay it byte-for-byte. ZigBee will simply throw away these packets, perhaps after a delay.
Denial of service is another type of wireless attack, and is something that's very difficult to prevent. I can write a small bit of code (no, I'm not providing it in the book!) that constantly transmits. Any radios within hearing range will not be able to transmit because all of the bandwidth is used. This is the equivalent to someone cutting the power to a building, or cutting the office broadband connection to the Internet. With ZigBee, using signal strength (LQI) makes it fairly easy to track down the culprit.
ZigBee uses a 128-bit key for the entire network, called a network key. It is assumed that if a node is allowed on a ZigBee network, it is trusted. This is similar to allowing someone in your home. You at least trust them not to steal the silver.
Some applications require additional security beyond the network key, for example, if multiple customers will be sharing the same network, but each customer may have his own sensitive data. In order to secure data on shared networks of this type, some vendors use a different AES 128-bit key to secure the APS payload. (This method is available to both ZigBee 2006 and ZigBee 2007 stacks.) Others use a link key, as described in ZigBee 2007 specification.
In short, ZigBee provides a very strong, solid, security solution.
Here is a challenge. Using only the over-the-air octets below, determine the AES 128-bit key. Just to make it easier, the following command is an HA OnOff Toggle command, that is, a switch is toggling a Home Automation Light:
0000: 61 88 2c aa 1a 00 00 6f a.,*...o
0008: 79 48 02 00 00 6f 79 0a yH...oy.
0010: 3c 28 03 00 00 00 00 3c < (..... <
0018: 03 98 07 c2 50 00 00 8f ...BP...
0020: 8b 0d f3 67 15 08 5a 11 ..sg..Z.
0028: da 03 83 09 9c ae .. .. Z.......