Security Use#

An installation code is used to create a preconfigured link key. The installation code is transformed into a link key by use on an AES-MMO hash algorithm. For more information and sample code, consult the Install Codes section of the Security chapter of the Zigbee Alliance’s Base Device Behavior Specification (Zigbee document #13-0402).

The installation code, while not exactly a secret, cannot be easily guessed by a malicious device that hears the initial exchange between the joining device and the Trust Center. Without knowledge of the installation code and thus the key, the malicious device cannot decrypt the messages.

The derived Zigbee link key will be known only by the Trust Center and the joining device. The Trust Center uses that key to securely transport the Zigbee network key to the device. Once the device has the network key, it can communicate at the network layer to the Zigbee network. It has the ability to perform service discovery and begin the application’s initialization process. In Zigbee 3.0 (non-ZSE) networks, having the network key is often enough for standard messaging across various clusters. However, ZSE networks have additional restrictions as discussed below. See Example: Joining a Z3 Light to a Z3 Gateway Using an Installation Code-Derived Link Key for a step-by-step procedure to use an installation code-generated link key for network joining.

The initial link key derived from the installation code does not have full access privileges on a ZSE network. Attempts to use it for Smart Energy messaging are not allowed and will be ignored by other ZSE devices. Shortly after joining a network, a device must use the Key Establishment cluster to establish a new link key with the Trust Center via the CBKE process. Only when key establishment completes successfully will a device have full privileges on the network and be able send and receive certain ZSE messages.