Icon LinkedinLinkedIn Icon TwitterTwitter Icon RSSNews feed Icon RSSNewsletter Google+Google+

ZigBee Security

- notes regarding Zigbee security, how it is implemented and how it is included within the Zigbee specification.

Security is an issue which is of paramount importance for any wireless system. Zigbee security is no less important than that for any other system.

With Zigbee being used for monitoring and control applications, its security needs to be more than sufficient to fend off any hackers who may want to take control of the system it is controlling or monitoring.

Zigbee susceptibility to attack

There are many ways in which a system such as Zigbee can have its security compromised, or suffer some form of attack.

  • Signal interference:   One way in which a Zigbee network could be attacked is to introduce interference onto the frequency used. Although Zigbee can move channels in the presence of interference, this is relatively slow - it is not a frequency hopping ability
  • Denial of Service:   Full Denial of Service attacks can be overcome to some degree by changing frequency, although as mentioned above the frequency change process is relatively slow, and any hacker would be able to follow. .

    However Zigbee transmissions are not particularly easy to detect - they are low power and normally very intermittent, although within a large mesh net, transmissions will be much more frequent negating this aspect.

Zigbee authorisation

In order to prevent unwanted users accessing a network, Zigbee authorisation is used. Although the original releases of the Zigbee standard did not have a particularly robust system, this has not been largely overcome.

Zigbee PRO standard includes two security modes:

  • Standard:   The standard security option is only used where security is of little importance. Normally the high security option is used.
  • High security:   This is the standard that is normally used. It offers a high level of security in view of the fact that it could have disastrous consequences if the system were hacked and taken over.

    Zigbee authentication is performed using an Elliptical Curve Menzies-Qu-Vanstone, ECMQV, key establishment mechanism. This utilises a pre-shared key, and provides a very effective form of authentication.

    Some smart energy systems require the use of an additional Matyas-Meyer-Oseas function to generate the pre-configured key.

By Ian Poole


<< Previous   |   Next >>


Want more like this? Register for our newsletter









Whitepapers
Bringing the Internet of Things to Life
Silicon Labs looks at the fact that industry experts predict that the number of connected devices for the Internet of Things (IoT) will surpass 15 billion nodes by 2015 and reach over 50 billion by 2020. Learn how to overcome the challenges of connecting intelligent nodes to the Internet of Things.

More whitepapers

Training
TCP/IP and Networking for Engineers (NET1-1014)
With TCP/IP now a key protocol, find out all you need to know in this 2 day training course.

More training courses

The Art of Electronics
The Art of Electronics

Paul Horowitz & Winfield Hill
Now in Kindle, this is the classic electronics book. The Art of Electronics has...
Read more . .

USA bookstore UK bookstore









Radio-Electronics.com is operated and owned by Adrio Communications Ltd and edited by Ian Poole. All information is © Adrio Communications Ltd and may not be copied except for individual personal use. This includes copying material in whatever form into website pages. While every effort is made to ensure the accuracy of the information on Radio-Electronics.com, no liability is accepted for any consequences of using it. This site uses cookies. By using this site, these terms including the use of cookies are accepted. More explanation can be found in our Privacy Policy