ZigBee security ZigBee security model
XBee/XBee-PRO® S2C ZigBee® RF Module
104
Message integrity code
If you enable APS security, the APS header and data payload are authenticated with 128-bit AES. The
device performs a hash on these fields and appends as a 4-byte message integrity code (MIC) to the
end of the packet. This MIC is different than the MIC appended by the network layer. The MIC allows
the destination device to ensure the message has not been changed. If the destination device
receives a packet and the MIC does not match the destination device’s own hash of the data, it drops
the packet.
APS link keys
There are two kinds of APS link keys: trust center link keys and application link keys. A trust center
link key is established between a device and the trust center, where an application link key is
established between a device and another device in the network where neither device is the trust
center.
APS layer encryption and decryption
Packets with APS layer encryption are encrypted at the source and only decrypted by the destination.
Since APS encryption requires a 5-byte header and a 4-byte MIC, the maximum data payload is
reduced by 9 bytes when APS encryption is used.
Network and APS layer encryption
Network and APS layer encryption can both be applied to data. The following figure demonstrates the
authentication and encryption performed on the final ZigBee packet when both are applied.
To Next Page
Loading...
Need help?
General
