The topic of ZigBeesecurity was taken up early on by the ZigBee Alliance and implemented accordingly. For this purpose, the layer model of802.15.4, which only includes the Physical Layer (PHY) and the Medium Access Control Layer (MAC), was extended by two additional security layers: the Network Security Layer and the Application
Security Layer. To meet the security requirements in industrial production, ZigBee works with a multi-layer security concept. The security concept works with a trust center, a trustworthy instance where the layers and applications of an end device trust each other. Such a trust center can be implemented by the ZigBee coordinator or by another component. The layer that creates a frame is also responsible for its security. Instances above the physical layer can establish a secure connection to the corresponding instance of another ZigBee End Device (ZED). Only one key
is exchanged between sending and receiving devices, regardless of which layer generated the frame. Only the two communicating partners have access to the key code. Theframes can thus be routed across several radio cells and do not have to be decrypted and re-encrypted in each node
The different keys in ZigBeenetworks ZigBee networks know three different keys: the master key, link
keyand network key.
In ZigBee networks, the master key is a pre-installed key that is located in each ZigBee node. It ensures that the exchange of link keys between nodes is confidential. The Link Key is a distinctive key between two communicating nodes, which is created using the RSA method with a key length of 128 bits. The link key is managed by the application layer and decrypts the flow of information between two devices. However, this key is not used in practice. The third key is the Network Key. It is a 128-bit key generated in the trust center using the RSA method, which is shared among the ZigBee end devices. Every terminal device that is connected to the ZigBee network requires the Network Key. The key exchange between the nodes takes place using the Symmetric Key Establishment Protocol (SKKE).