Introduction#

Security is a major concern in the Zigbee architecture. Although Zigbee uses the basic security elements in IEEE 802.15.4 (for example, Advanced Encryption Standard (AES) encryption and Counter with CBC-MAC (CCM) security modes), it expands upon this with:

  • 128-bit AES encryption algorithms

  • Strong, U.S. National Institute of Standards and Technology (NIST)-approved security

  • Defined key types (link, network)

  • Defined key setup and maintenance

  • Keys can be hardwired into an application

  • CCM* (Unified/simpler mode of operation)

  • Trust centers

  • Security that can be customized for the application

As the following figure (from Zigbee document 05-3474-21: Zigbee Specification) illustrates, the security services provider block interactions with both the application and network layers.

Zigbee now supports a single defined security mode called Standard Security. Various policies exist within that mode to control how devices behave or interact on the network. Earlier versions of the Zigbee standard utilized modes known as Residential Security and High Security. These have been deprecated.

Note: IEEE 802.15.4 MAC-level security is not used by Zigbee and is therefore not supported by EmberZNet PRO and not described here. Zigbee implements message security at the network and application layers.

Zigbee Stack Architecture Zigbee Stack Architecture

This document first describes some basic security concepts, including network layer security, trust centers, and application support layer security features. It then discusses the types of standard security protocols available in EmberZNet PRO. Coding requirements for implementing security are reviewed in summary. Finally, information on implementing Zigbee Smart Energy security is provided. Details may be found in document AN714: Smart Energy ECC-Enabled Device Setup.

Those already familiar with Zigbee security concepts can jump to section Zigbee Smart Energy (ZSE) Security.