ZigBee

from Wikipedia, the free encyclopedia
This article or section needs to be revised. Details should be given on the talk page. Please help to improve it , and then remove this flag.

Commercially available ZigBee module

ZigBee is a specification for wireless networks with low data traffic such as home automation , sensor networks , lighting technology . ZigBee is a communication protocol. This allows devices to communicate with each other. Devices communicate wirelessly via WLAN , Bluetooth , ZigBee and others. Zigbee is similar to WiFi, but it doesn't use that much energy. ZigBee devices communicate in a mesh network. This means that if a communication path in the ZigBee network fails, another path in the network is used instead. ZigBee focuses on short-range networks (up to 100 meters). With a meshed network , distances of several kilometers can be bridged.

The name ZigBee was derived from the honeybees' "zigzag dance" .

The specification is a development of the ZigBee Alliance, which was founded at the end of 2002. It is an association of currently more than 230 companies that are driving the global development of this technology. In 2004 the first ZigBee specification came onto the market. The version now known as ZigBee 2004 is considered obsolete and was replaced in 2006 by a completely revised version. In 2007, another branch of the ZigBee specification appeared with ZigBee Pro. It is aimed at applications that need to get by with a low data rate but also with specially minimized energy consumption. Version 1.2.1 is a further development with security improvements. It defuses a security deficiency discovered in November 2015. In December 2016, 20 certifications were issued for 8 manufacturers for the protocol version 3.0 in order to promote standardization in the area of IoT . ZigBee 3.0 is a standard that brings together HA and LL and can also be used in a network. Smart homes in particular benefit from ZigBee 3.0. By working with manufacturers around the world, consumers can, for example, control their heating via intelligent radiator thermostats, install smart lighting systems and control blinds as required.

introduction

ZigBee relies on the standard: IEEE 802.15.4

The specification describes a framework for radio networks . ZigBee is based on the IEEE 802.15.4 standard and extends its functionality in particular with the option of routing and secure key exchange . The PHY layer and the MAC layer are defined in the IEEE 802.15.4 standard . ZigBee extends this protocol stack with the layers NWK and APL. It should be noted that ZigBee is a framework and an application is embedded in the APL layer.

ZigBee can be used in a variety of ways, for example in building automation, in the medical sector, for control systems and for all types of sensor measurements.

The ZigBee specification provides the developer with three different types of devices (ZigBee Devices). A ZigBee Wireless Personal Area Network (WPAN) is set up with these devices . There are three roles that a ZigBee device can fulfill:

End device ( ZigBee End Device, ZED )
Devices such as control or sensor modules are mostly operated with batteries. These can be implemented as ZigBee end devices and only require part of the functions of the ZigBee specification. They do not take part in the routing in the network and can go into sleep mode. You log on to a router of your choice and thus join the ZigBee network. They can only communicate with the router through which they joined the network. If data is sent to such an end device and it is in sleep mode, the router saves these packets until the end device calls them up.
Router ( ZigBee router, ZR )
ZigBee routers take part in the routing of the packets through the network. You need a larger range of functions and thus a little more hardware resources. ZigBee routers join a network by logging into a router on the network. Routing in the network takes place either along a tree that is formed in this way (ZigBee stack profile) or through dynamic routing as a mesh network (ZigBee PRO stack profile). If a radio module joins the network via a router, this assigns it a 16-bit short address . In mesh networks, this happens randomly. Address conflicts that arise must be recognized and then resolved.
Coordinator ( ZigBee coordinator, ZC )
A ZigBee coordinator starts the network with defined parameters. Once started, it takes on the same tasks as a ZigBee router.

addressing

The network is identified via a 64-bit extended PAN ID. To avoid unnecessary protocol overhead, the coordinator selects a 16-bit PAN ID for a PAN when it is started. Each radio module has a unique 64-bit IEEE address. When entering a network, however, it is also assigned a 16-bit short address. Address conflicts must be resolved with stochastic address allocation. To send data to another radio module in the same network, it is sufficient to specify the 16-bit short address. However, various application objects are also addressed via end points. This procedure is similar to the TCP port in TCP / IP. Each node has 255 endpoints available. Endpoints 1 to 240 are provided for the application logic. Endpoint 255 is reserved for broadcast to all endpoints. The endpoints 241 to 254 are reserved for later special tasks. Data directed to endpoint 0 are for the (ZDO) ZigBee Device Object, which takes over the control of the network tasks.

Using a binding process, indirect addressing can also be used to send data without knowing the address. To do this, two radio modules must take part in a binding process (e.g. by pressing a button). The addresses of the radio modules for a cluster, the destination and sender endpoint, are stored in a binding table. To address packets, it is then sufficient to specify a cluster and the destination endpoint. The required address can be determined from the binding table.

It is also possible to send messages to a group of radio modules. Each radio module stores a list of 16-bit group IDs. An entry in this table means that the radio module is a member of the corresponding group. The message to a group is sent via broadcast. The range can also be limited by only forwarding a message from non-group members to a certain number of hops (see).

ZigBee RF4CE

RF4CE is an acronym for radio frequency for consumer electronics . ZigBee-RF4C is another specification of the ZigBee Alliance based on the IEEE-802.15.4 standard. It was published in 2008 and is an independent specification. It specifies simple and inexpensive wireless networks for controlling devices such as home entertainment and lighting control. Routing is not supported on these networks. A device to be remotely controlled forms its own PAN (Personal Area Network). The remote control joins this network. In order to control several devices, the remote control generally participates in several PANs. A device to be remotely controlled can also be a member of a second PAN if it performs remotely controlled tasks itself. When the DVD player is started from the remote control, the DVD player should change the TV channel at the same time.

ZigBee IP

ZigBee IP is a specification published in 2012 for wireless networks with a connection to the Internet. The ZigBee Alliance is based on the development of existing protocols from standardization bodies such as IETF , IEEE , W3C , ISO and IEC . In the network layer ( OSI model network layer ), the stack uses, among other things, the 6LoWPAN and RPL protocols developed by the IETF . The 6LoWPAN protocol enables devices or sensor networks to be connected directly to the Internet via IPv6 ( Internet of Things ).

ZigBee Cluster Library

In order to ensure the interoperability of products from different manufacturers, the ZigBee Alliance has defined clusters and profiles. A cluster works on the client / server principle. The server in a cluster has various attributes that the client can generally change using certain commands. A lamp is, for example, a server of the OnOff cluster (ClusterID: 0x0006). The client can change the status of the attribute by sending defined commands (On, Off, Toggle). The data exchange takes place via ZCL frames. All clusters are combined in the ZigBee Cluster Library.

ZigBee profiles

System requirements and devices are defined in ZigBee profiles for a specific application. Each device implements a number of clusters. Example profiles are Home Automation, Building Automation and Health Care.

ZigBee Light Link

This profile is used to control all kinds of lighting technology. The control of color components, brightness and simply switching lamps on and off is provided in this profile. For the sake of simplicity, there is no coordinator and thus also a trust center for key distribution. Communication is always encrypted using a network key. The network key is transmitted in encrypted form to a radio module joining the network using the so-called master key. This is also the major weak point of Light Link. The Masterkey is identical for all Light Link certified ZigBee products and is communicated to the manufacturer by the ZigBee Alliance after certification has been passed. This means that an attempt was made to keep the masterkey secret. However, this has been publicly known for some time. A subsequent change of the master key on certified products is not intended. Another shortcoming of secrecy of the Masterkey is that private users, for example, cannot create their own products such as switches or controllers for certified Light-Link products as long as the Masterkey is not known. For lighting control, the key problem is not that dramatic in terms of safety. In general, great damage cannot be done and the range of the ZigBee Light Link transmission is also rather small, so that a potential attacker has to come very close to the hardware.

ZigBee Home Automation

This profile can also be used to control lighting technology, but is used for general control of devices in smaller buildings. The transmission is also encrypted by a network key. Here, too, the network key is encrypted and distributed by a master key when entering the network. In this case, the master key is known, but access to the network can be blocked by using a trust center and, for example, only permitted by pressing a button for a few seconds. Here, however, damage from unwanted access can also be greater. If, for example, temperature values ​​for air conditioning units, refrigerators or heating are manipulated, this can have significant effects.

application areas

Attached ZigBee module (XBee) with development board ( Arduino )
  • Industrial and automation technology (e.g. BAN Solutions)
    • Plant control
    • Goods surveillance
    • Transfer of sensor data (e.g. ZIGPOS)
  • Medical technology (e.g. telemedical devices from Brunel University London)
    • Patient data transfer
  • Home and building automation
    • Consumer electronics (e.g. 3D shutter glasses)
    • Computer peripherals
    • Radio detector
    • Washing machines (e.g. Miele)
    • Coffee machines

competitor

In the area of ​​home automation and M2M , ZigBee is in direct competition with Z-Wave . There are a number of OSGi -based framework solutions for both protocols that include home automation functions that go beyond the pure protocol, such as a device abstraction layer. In addition, in the home automation sector, ZigBee competes with Enocean , which, unlike ZigBee and Z-Wave, enables battery-free sensors by emphasizing energy harvesting.

In the field of medical technology, Bluetooth or the specification of the Continua Health Alliance is worth mentioning as a competitive standard . With the Bluetooth Mesh Protocol, the Bluetooth Low Energy Standard is expanded to include suitable functions.

safety

ZigBee / IEEE802.15.4 uses an extended version of the CCM mode method (CCM *) when encrypting data . AES-128, which is classified as cryptographically secure, is used as the block encryption algorithm. Nevertheless, the protocols used have security-critical weaknesses; all devices must know and accept the same key pair (fallback key), which is publicly known.

Data packets can be encrypted at the network layer level or at the application level. In the case of encryption at the network level, however, all radio modules must know a specific network key. In the case of encryption at the application level, a connection between two radio modules can be explicitly encrypted with a separate key known only to the two radio modules. The great difficulty here is the distribution of the keys to the radio modules. There are various options here, which are only partially or not certain:

  • The keys can be pre-installed on the radio modules. Other radio modules with the same pre-installed key can join the network if necessary. In addition, there is also a fixed, firmly agreed and generally known key to register new ZigBee modules in a network - this point represents the weak point in the security concept, as an attacker can eavesdrop on this process and thus the secret and individual network key in the frame the data transfer can determine.
  • The keys are sent unencrypted to a radio module when they enter the PAN. The risk of eavesdropping is relatively high here. However, the range of ZigBee modules is usually small, so that a potential attacker has to be nearby. By lowering the transceiver power, the range can also be reduced to a minimum. Additional protection is provided by the possibility of limiting the time span of the unencrypted data transmission of the key, for example by pressing a button on each radio module at the same time, as is common with powerline adapters.
  • The safest option is to use a selected trust center. Each radio module has only one master link key, with which a link key is initially generated for the connection with the trust center and the corresponding radio module. If two radio modules need a link key to connect to each other, the key is generated using the so-called SKKE protocol via the trust center. The trust center itself is only used for mediation and cannot determine the key itself.

With the CCM * procedure, the data integrity of data packets can be protected by an authentication code (Message Integrity Code). The data is encrypted using the CTR process. By using a counter, there is also no possibility of intercepting packets and feeding them into the network later (replay attack).

Vulnerabilities

There is a known cross-vendor security problem with the implementation. If the network key is retransmitted, the network key can also be read in an unencrypted transmission. ZigBee-based door locks in particular attracted negative attention here, as devices could be forced to request the key exchange again.

In all ZigBee home automation implementations there is a security gap when teaching new devices. The network key is transmitted in encrypted form during the learning process. In the ZigBee home automation networks, the key with which the network key is encrypted is known to the developers, and this creates a security gap.

There are security gaps in pairing with ZigBee Light Link . The key exchange is carried out with a low transmission power / range (Touchlink commissioning). This can be successfully circumvented with better antennas and more transmission power. The lighting system can be accessed remotely via drones.

See also

Web links

Commons : Category: ZigBee  - Album with pictures, videos and audio files

Individual evidence

  1. https://www.telkonet.com/what-is-zigbee/
  2. ^ ZigBee Alliance: ZigBee Specification. In: ZigBee Document 053474r20 (Sep. 2012)
  3. a b c Sokolov, Daniel AJ: Deepsec: ZigBee turns smart home into an open house. In: heise.de . Verlag Heinz Heise , November 21, 2015, p. 1 , accessed on November 21, 2015 .
  4. Smart Home: Report on the Internet news portal GOLEM demonstrates security gaps in the Zigbee protocol in December 2015, accessed on August 13, 2017
  5. ^ Statement by the German ZigBee manufacturer ubisys on this , accessed on December 15, 2017
  6. [1] ZigBee Alliance: ZigBee Specification. Zigbee Alliance Accelerates IoT Unification with 20 Zigbee 3.0 Platform Certifications, accessed December 15, 2017
  7. a b Markus Krauße, Rainer Konrad: Wireless ZigBee networks. ISBN 978-3-658-05821-0 .
  8. Zigbee Alliance. Understanding ZigBee RF4CE [online], October 2014. Available at: ZigBee RF4CE Whitepaper , p. 3 (accessed on May 25, 2020)
  9. ZigBee Alliance: ZigBee RF4CE Specification. In: ZigBee Document 094945r00ZB (Jan. 2010) ( Memento from April 3, 2014 in the Internet Archive )
  10. a b ZigBee Alliance. "ZigBee IP Specification". In: ZigBee Public Document 13-002r00 (Feb. 2013) ( Memento from June 26, 2013 in the Internet Archive )
  11. ^ ZigBee Alliance: ZigBee Cluster Library. In: ZigBee Document 075123r04ZB (May 2012)
  12. heise online: Deepsec: ZigBee turns smart home into an open house. Retrieved on November 23, 2018 (German).
  13. AN Solutions. Retrieved October 24, 2014.
  14. Standards under one roof. ( Memento from October 23, 2014 in the Internet Archive ) Funkschau.de. Retrieved October 24, 2014.
  15. Zigbee Alliance. ( Memento of November 13, 2014 in the Internet Archive ) Retrieved October 24, 2014.
  16. Products: sensor and actuator networks. zigpos.de. Retrieved January 22, 2015.
  17. Drozdowski, Dominik: Fridge and Co. in the smart home - intelligent white goods. In: pc-magazin.de . WEKA Holding , January 29, 2014, p. 1 , accessed October 24, 2014 .
  18. ZigBee. Retrieved July 8, 2020 .