Table of Contents
Advertisement
Security on the XBee
Security on the XBee
If you enable security in the XBee Zigbee firmware, devices acquire the network key when they join a
network. Data transmissions are always encrypted with the network key, and can optionally be end-
to-end encrypted with the APS link key.
Enable security
To enable security on a device, the Encryption Enable (EE) parameter must be set to 1. When the
parameter value changes, the XBee module leaves the network (PAN ID and channel) it was operating
on and attempt to form or join a new network. If you set EE to 1, all data transmissions are encrypted
with the network key.
Note
The EE parameter must be set the same on all devices in a network.
Set the network security key
The coordinator selects the network security key for the network using the Network Encryption Key
(NK) parameter (write-only). If NK=0 (default), the coordinator will selects a random network key.
Otherwise, you set NK to a non-zero value, it uses this value as network security key.
NK is only supported on the coordinator. Routers and end devices with security enabled (EE=1) acquire
the network key when they join a network. They receive the network key encrypted with the link key
if they share a preconfigured link key with the coordinator.
Set the APS trust center link key
The coordinator must also select the trust center link key, using the Encryption Key (KY) parameter
(write-only). If KY=0 (default), the coordinator select a random trust center link key (not
recommended). Otherwise, if you set KY greater than 0, the module uses this value as the
preconfigured trust center link key.
If the coordinator selects a random trust center link key (KY=0, default), then it allows devices to join
the network without having a preconfigured link key. However, sends the network key unencrypted
over-the-air to joining devices and is not recommended.
If the coordinator uses a preconfigured link key (KY > 0), then the coordinator will not send the
network key unencrypted to joining devices. Only devices with the correct preconfigured link key can
able to join and communicate on the network.
Enable APS encryption
APS encryption is an optional layer of security that uses the link key to encrypt the data payload.
Unlike network encryption that is decrypted and encrypted on a hop-by-hop basis, APS encryption is
only decrypted by the destination device. The XBee must be configured with security enabled (EE set
to 1) to use APS encryption.
APS encryption can be enabled in API firmware on a per-packet basis. To enable APS encryption for a
given transmission, set the "enable APS encryption" transmit options bit in the API transmit frame.
Enabling APS encryption decreases the maximum payload size by nine bytes.
XBee® Zigbee® Mesh Kit
Enable security
130
Advertisement
Table of Contents
Need help?
Do you have a question about the XBee Zigbee Mesh Kit and is the answer not in the manual?