ZB security Implementing security on the XBee
XBee/XBee-PRO ZigBee RF Modules User Guide 78
Trust center
ZigBee defines a trust center device that is responsible for authenticating devices that join the network. The trust
center also manages link key distribution in the network.
Forming and joining a secure network
The coordinator is responsible for selecting a network encryption key. This key can either be preconfigured or
randomly selected. In addition, the coordinator generally operates as a trust center and must therefore select the
trust center link key. The trust center link key can also be preconfigured or randomly selected.
Devices that join the network must obtain the network key when they join. When a device joins a secure network,
the network and link keys can be sent to the joining device. If the joining device has a pre-configured trust center
link key, the network key will be sent to the joining device encrypted by the link key. Otherwise, if the joining
device is not pre-configured with the link key, the device could only join the network if the network key is sent
unencrypted (“in the clear”). The trust center must decide whether or not to send the network key unencrypted
to joining devices that are not pre-configured with the link key. Sending the network key unencrypted is not
recommended as it can open a security hole in the network. To maximize security, devices should be pre-
configured with the correct link key.
Implementing security on the XBee
If security is enabled in the XBee ZB firmware, devices acquire the network key when they join a network. Data
transmissions are always encrypted with the network key, and can optionally be end-to-end encrypted with the
APS link key. The following sections discuss the security settings and options in the XBee ZB firmware.
To Next Page
Loading...
Need help?
General
