Zigbee security Join window
Digi XBee® 3 Zigbee® RF Module
124
link key in this manner provides a moderate level of security while allowing for easy network
deployment. The security configuration can be done during manufacturing rather than at deployment.
If the joining node has a preconfigured link key that the trust center is not aware of, then it must be
registered using an out-of-band method. Issue a 0x24 registration frame on the trust center, which
contains the link key and serial number of the joining device.
Well-known default link key - low security
The Zigbee Alliance specifies a well-known default link key. You can use this link key to allow unsecure
devices to easily join a secured network. By default, the XBee 3 Zigbee RF Module rejects any device
that attempts to join using this well-known key. To allow these devices to join, set the EO bit 4
(EO=0x10) on the centralized trust center.
If a joining device has KY = 0 (default), it attempts to use the well-known default link key to join.
Install code derived link key - high security
Every device supporting Zigbee 3.0 is required to have an install code. Read the install code by
querying the I? command, which consists of a 16-byte install code + 2 byte CRC. The install code must
be read from the joining node and entered to the trust center through an out-of-band method.
Typically, the user reads an install code from some type of display or application on the joining node.
The user then provides the joiner's install code and serial number to the trust center using a locally
issued 0x24 registration API frame by setting bit 0 of the options field.
Using install codes for generating link keys is the most secure method, because it allows users to
clearly identify the joining node to the trust center, and it guarantees that each joining device has a
random link key.
For a joining device to use an install code, DC bit 0 (DC = 1) must be set on the joining device. This
generates a link key based on the install code and the KY parameter will be ignored.
Join window
Zigbee imposes a limited window of time in which a network can permit joining. The maximum joining
window time allowed by the Zigbee specifications is 254 seconds (NJ = 0xFE). Whenever the join
window opens, the NJ value of the device that opens the window is used. This timeout value is not
shared by the rest of the network.
The following conditions cause the network join window to open for NJ seconds:
n A network is formed.
n A router joins the network. This uses the router's NJ value to open the window.
n The commissioning button is enabled (D0 = 1) and pressed twice on a router or coordinator on
the network.
n A CB2 command is issued to a router or coordinator on the network.
n A device is successfully registered to the trust center via 0x24 API frame.
When the join window opens, the device sends a broadcast to the rest of the network. The joining
device does not need to be adjacent to the device that opened the joining window.
If NJ is set to 0, the join window remains closed unless explicitly opened via the commissioning button
or CB command. In this scenario, the join window open for a fixed period of 60 second when opened.
For a highly-secured network, Digi recommends setting NJ to 0 on every device so the join window
does not open inadvertently.
To Next Page
Loading...
Need help?
General
