5: ZigBee Reliability and Security > Security Measures
Security Measures
ZigBee networks are highly secure. They incorporate measures to prevent intrusion from potentially hostile parties and from neighbouring ZigBee networks. To this end, a “Security Toolbox” is included with ZigBee, offering the following features:
AES-based Encryption
A very high-security, key-based encryption system is used to prevent external agents from interpreting ZigBee network data. Data is encrypted at the source and decrypted at the destination using the same key - only devices with the correct key can decrypt the encrypted data.
A 128-bit encyption system is employed based on the AES (Advanced Encryption Standard) algorithm.
Message Timeout
This feature allows timed-out messages to be rejected, preventing message replay attacks on the network.
A frame counter is added to a message, which helps a device determine how old a received message is - the appended value is compared with a value stored in the device (which is the frame counter value of the last message received). This value only indicates the order of messages and does not contain time/date information. This allows protection against replay attacks in which old messages are later re-sent to a device.
An example of a replay attack would be a malicious individual recording the open command for a garage door opener, and then later replaying it to gain entry to the property.
Access Control Lists
A provision of the underlying IEEE 802.15.4 standard is that a node is able to select the other network nodes with which it is prepared to communicate. This is achieved using an Access Control List (ACL), maintained in the device, which contains the MAC addresses of nodes with which communication is allowed.
The source node of an incoming message is compared against this list, and the result is passed to the higher layers which decide whether to accept or reject the message. However, note that if messages are not encrypted, the alleged source of a message could be falsified.
Click "Next Page" to continue.