Home / Blog / Security in ZigBee communications

Security in ZigBee communications

Posted on 04/26/2016, by INCIBE
Security in ZigBee communications

ZigBee is a wireless protocol developed by the ZigBee Alliance which adopts the IEEE 802.15.4 standard for the lower layers of the OSI model, in other words the physical and data link layers (MAC sublayer). It operates directly above these levels.

 

 

 

 

Capas ZigBee/802.15.4

- Capas ZigBee/802.15.4 -

Sectors where ZigBee has a presence, such as health or transport , are increasingly incorporating this protocol as they evolve. Smart cities are also benefiting from this kind of wireless communication.

Among the main characteristics of this protocol, it is worth highlighting its low energy consumption and the possibility of using a mesh network topology, which brings great robustness to communications. This characteristic means that ZigBee is also suitable as a protocol for use in industrial settings.

In addition to what has already been discussed, from a scalability point of view, ZigBee has greater possibilities in comparison to other wireless protocols such as Bluetooth as it allows the use of up to 65535 nodes, distributed in subnetworks of 255 nodes, compared to a maximum of 8 nodes in a Piconet (Bluetooth) subnetwork. However, given its low transfer speed (250 kbps, vs. 1 Mbps for Bluetooth), its use in industry is decided depending on needs for coverage, energy and economic costs, and reliability.

As regards security, this article will show that ZigBee has some features which in addition to its capabilities in terms of security make ZigBee an important asset for wireless communication in industrial settings.

 

ZigBee roles and networks

Depending on the arrangement of nodes, ZigBee networks allow for three types of network topology: mesh, tree or star. The latter is the most interesting, due to the possibility of reorganising it in the event of the failure of one of the nodes. Nodes, in turn, can assume three different roles.

  • Coordinator:carries out start-up, control and routing functions, meaning it requires memory and a high communication capacity. Each network has a single coordinator, located at the centre of a star network or at the root of a tree network. It plays a key part in communication security management functions, acting as a Trust Centre. The Trust Centre represents the origin of the trust granted to the other devices, and is responsible for distributing the security keys used for encrypting communications.
  • Router: Their function is to manage communication routes between devices. Situations that can arise include congestion or other problems in the network during node linking. A ZigBee network can include more than one router.
  • End Device: These are the devices that communicate only with one parent node, which may be a router or the coordinator, and do not have the ability to manage other end nodes.

Any node can carry out any of these three functions, depending on network layout and configuration. Although there are nodes which are only configured for a single function, in general, all commercial devices may be configured to act in any of the roles.

Red ZigBee

- Example of a ZigBee network (mesh topology) -

Security is a strength

Communication security is one of ZigBee’s strengths. Implementing a security model that follows the one defined in IEEE 802.15.4, the protocol’s design provides mechanisms controlling access to network devices (authentication), encryption (symmetric-key cryptography) and integrity, using message integrity checks (MIC) to ensure that the frames transmitted are not manipulated.

Issues related to cryptographic keys in ZigBee are a fundamental part of its security, worth addressing in more detail.

Cryptography: keys and management

ZigBee’s security architecture is founded on the use of symmetric-key cryptography, and has an elaborate key management protocol. ZigBee uses 3 different types of keys for association to a network, a group of devices or a link between two elements.

  • Master key: The key from which link keys are established. Given its importance, the initial master key must be obtained by secure means (preinstallation or key transport, both of which are discussed further on in the article).
  • Link key: The link key encrypts point-to-point communication at the application level, and is only known by elements taking part in that link. This key is only shared between two network elements, and is different for each pair of elements. The link key is used to minimise security risks related to distributing the master key.
  • Network key: The key that is used at the network level and known by all elements that belong to it. The network key is used in groups of more than two elements within a network.

Key management

One characteristic aspect of Zigbee is that, as mentioned above, it has a variety of key establishment mechanisms:

  • Preinstallation: This method only applies to master keys. The manufacturer incorporates a master key into the device itself. The user can select one of the installed keys by using a series of jumpers in the device (in devices where more than one key is preinstalled).
  • Key transport: The device makes a request to a Trust Centre for a key to be sent. This method is valid for requesting any of the three types of key. The Trust Centre can work in 2 ways:
    • Commercial Mode: The Trust Centre itself keeps a list of devices, master keys, link keys and network keys. In this mode, the memory required by the Trust Centre rises as a function of the number of devices associated to the network.
    • Residential mode: The Trust Centre holds only the network key and controls network access; the other information is stored in each node. The memory required by the Trust Centre does not depend on the size of the network. In this case, there is no monitoring to verify whether sequence numbers have been modified by intruders.
  • Key establishment without communication: This is a local method of generating link keys, based on the master key, for two devices, without them needing to communicate. This ZigBee service is based on the SKKE (Symmetric-Key Key Establishment) protocol. The devices involved in communication must be in possession of the master key, which may have been obtained through preinstallation or key transport.

Weaknesses in ZigBee

The main weakness in Zigbee’s implementation of security mechanisms is directly derived from limited node resources: as the majority of these are battery-powered, they have little computing power and memory.

The keys used in ZigBee devices are saved in the memory, meaning an intruder can simply read the key directly from the memory, if he/she has physical access to it (with specialised software) and there are no security mechanisms in place, or if he/she has access to the security software. To avoid this type of problem, it is advisable to use a microcontroller for secure authentication, thereby eliminating the risk of physical manipulation.

Laboratory analysis: checking communication security

To show the traffic exchanged between ZigBee devices in a practical way, below is an analysis of some network traffic captures which correspond to parameter reading and writing operations in a node of a ZigBee network. The test was first carried out without applying security measures (encryption) and subsequently repeated for a configuration using encryption.

The following image shows the set-up used in the laboratory, with one coordinator (C), two routers (R) and two end devices (E). These make up the network which was subject to the tests described in this section.

ZigBee network environment set up in the test laboratory

- ZigBee network environment set up in the test laboratory -

Unencrypted communication

The following frame shows the traffic captured by the wireshark tool when a coordinator (C) issues a request to read parameters of an end device (E) without applying encryption.

Request for “ID” parameter with unencrypted data

- Request for “ID” parameter with unencrypted data -

As can be observed in the image above, the frame shows fields whose values show whether security is enabled, both at the network and the application levels. In this case, both values are set at 0, meaning security is disabled. This means that the data frame is sent unencrypted, therefore allowing us to identify the operation requested (request for the variable "ID") of the end device.


- The end device’s response to the request for the “ID” parameter, unencrypted -

In the response to the initial request, we can observe that the security values for the communication are still set at 0, and that the value corresponding to the variable “ID” is the value “00 00 00 00 00 00 00 00 00 A3” in hexadecimal.

Encrypted communication

Having analysed both the request and the unencrypted response, the same requests were analysed with encryption applied.

Request for “ID” parameter, with encryption

- Request for “ID” parameter, with encryption -

As can be seen in the capture of this request, when the field for network layer security shows it is activated, the data sent are now encrypted. This makes it impossible to know the details of the request being sent by the coordinator to the end device.


- The end device’s reply to the request for the “ID” parameter, with encryption -

Now the data captured in the frame is not accessible, thanks to the network key sharing information which provides security to higher layers.

In order to carry out a deeper analysis of this protocol, attached are the two traffic captures used in the example above, in .pcapng format.

Conclusion

As this article has shown, regardless of how robust a communications protocol may be, security is directly dependent upon the proper configuration of devices. ZigBee incorporates energy, network and security efficiency, allowing wireless communication to be carried out in high-demand environments such as industrial settings. However, is essential to pay close attention to the integration and configuration of devices, in accordance with system needs, in order to achieve secure communication.