ZigBee 3.0 Z-Stack 2.8 Security for joining devices
2018-03-18 16:36
363 查看
(配套源码、软件、开发板等资源,可移步博客同名QQ群:拿破仑940911)
1、Decryption
Commonly, the joining device cannot know which kind of network is being joined until it processes the content of the Transport Key command.
1.1 Decrypt with all the preconfigured keys
A joining device without user interface to configure its joining mechanism can be configured to attempt all the preconfigured keys it can try upon joining (Install Code, Global Default Centralized Key and Global Default Distributed Key), by setting gZDSECMGR_TC_ATTEMPT_DEFAULT_KEY to TRUE.
So, when a joining device isfactory new and receives the APS Transport Key command, there can be 3 cases:
a. If Install Code has been loaded through BDB API,install code derived key will be attempted for a centralized network.
b. If no Install Code is set, Global Default Centralized Key will be attempted.
c. If the decryption fails, Z-Stack automatically will attempt withthe Global Default Distributed Key.
1.2 Decrypt with specific keyIf the device is intended only to join networks which only the Install Codes must be used, thengZDSECMGR_TC_ATTEMPT_DEFAULT_KEY must be set to FALSE. Default value is FALSE.
The secure procedures to join Centralized or Distributed networks are already implemented by the BDB layer.
2. Jitter for multiple devices
Joining devices must consider that the APS TCLK exchange will involve the reading/writing to Nv of the APS security material by the TC, so if multiple devices are meant to be commissioned at the same time as Factory New,a jitter must be implemented to allow the TC to process the joining procedures of all the devices.
3. Large network without TCLK
Joining devices may skip the TCLK exchange procedure by settingrequestNewTrustCenterLinkKey to FALSE to allow Z3.0 devices deploy a custom large network without requiring big tables of TCLK in Coordinator devices.
However, this should not be used if interoperability with certified Z3.0 devices is intended.
(配套源码、软件、开发板等资源,可移步博客同名QQ群:拿破仑940911)
1、Decryption
Commonly, the joining device cannot know which kind of network is being joined until it processes the content of the Transport Key command.
1.1 Decrypt with all the preconfigured keys
A joining device without user interface to configure its joining mechanism can be configured to attempt all the preconfigured keys it can try upon joining (Install Code, Global Default Centralized Key and Global Default Distributed Key), by setting gZDSECMGR_TC_ATTEMPT_DEFAULT_KEY to TRUE.
So, when a joining device isfactory new and receives the APS Transport Key command, there can be 3 cases:
a. If Install Code has been loaded through BDB API,install code derived key will be attempted for a centralized network.
b. If no Install Code is set, Global Default Centralized Key will be attempted.
c. If the decryption fails, Z-Stack automatically will attempt withthe Global Default Distributed Key.
1.2 Decrypt with specific keyIf the device is intended only to join networks which only the Install Codes must be used, thengZDSECMGR_TC_ATTEMPT_DEFAULT_KEY must be set to FALSE. Default value is FALSE.
The secure procedures to join Centralized or Distributed networks are already implemented by the BDB layer.
2. Jitter for multiple devices
Joining devices must consider that the APS TCLK exchange will involve the reading/writing to Nv of the APS security material by the TC, so if multiple devices are meant to be commissioned at the same time as Factory New,a jitter must be implemented to allow the TC to process the joining procedures of all the devices.
3. Large network without TCLK
Joining devices may skip the TCLK exchange procedure by settingrequestNewTrustCenterLinkKey to FALSE to allow Z3.0 devices deploy a custom large network without requiring big tables of TCLK in Coordinator devices.
However, this should not be used if interoperability with certified Z3.0 devices is intended.
(配套源码、软件、开发板等资源,可移步博客同名QQ群:拿破仑940911)
相关文章推荐
- ZigBee 3.0 Z-Stack 2.1 Centralized security network
- Security arrangements for extended USB protocol stack of a USB host system
- 「2014-5-31」Z-Stack - Modification of Zigbee Device Object for better network access management
- ZigBee 3.0 Z-Stack 2.6 Unsecure join to a distributed network
- [置顶] ZigBee 3.0 Z-Stack 1.1 总体框架
- ZigBee 3.0 Z-Stack 5.1 抓包工具:Packet Sniffer/Ubiqua
- ZigBee 3.0 Z-Stack 2.3 Link Key types
- ZigBee 3.0 Z-Stack 2.10 Backwards Interoperability
- Virtualized In-Cloud Security Services for Mobile Devices
- ZigBee 3.0 Z-Stack 2.4 Unsecure join to a network
- 2.8 ZigBee四种绑定方式在Z-Stack中的应用
- ZigBee 3.0 Z-Stack 2.5 Unsecure join to a centralized network
- Embedded Java Security: Security for Mobile Devices
- the name or security ID(SID) of the domain specified is inconsistent with the trust information for that domain
- ZigBee TI ZStack CC2530 4.15 组播通信
- Microsoft Visual Studio Tools for the Microsoft Office system(3.0 版)
- Configuring Windows Mobile devices for NuevaSync
- wordpress编辑主题时报错Warning: scandir() has been disabled for security reasons in
- for(int i=0;i<stack.size();i++)出栈不完全问题
- Configuring raw devices (multipath) for Oracle Clusterware 10g Release 2 (10.2.0) on RHEL5-OEL5