Zigbee Security
What is Zigbee Security?
Zigbee SecurityThe set of cryptographic and network controls that protect Zigbee mesh networks of low-power IoT devices, based on IEEE 802.15.4 and AES-CCM* keys.
Zigbee is a low-power, low-data-rate wireless protocol built on IEEE 802.15.4 and widely used in smart-home lighting, sensors, locks, and industrial monitoring. Zigbee security relies on AES-128 in CCM* mode and a hierarchy of keys: a Network Key shared by all nodes, optional Link Keys for pairwise communication, and a Trust Center (typically the coordinator) that authenticates and rekeys devices. Major weaknesses come from join procedures: pre-Zigbee-3.0 devices often used well-known default Trust Center Link Keys, making sniffed Network Key transports recoverable, and Touchlink commissioning has known protocol flaws. Hardening practices include Zigbee 3.0 with install codes, periodic Network Key rotation, physical proximity for commissioning, and segmentation of Zigbee gateways from sensitive networks.
● Examples
- 01
A Zigbee 3.0 smart-bulb pairing with the hub using a per-device install code to derive a Link Key.
- 02
An attacker sniffing a Network Key transported during the join of an older Zigbee Home Automation device.
● Frequently asked questions
What is Zigbee Security?
The set of cryptographic and network controls that protect Zigbee mesh networks of low-power IoT devices, based on IEEE 802.15.4 and AES-CCM* keys. It belongs to the OT / ICS / IoT category of cybersecurity.
What does Zigbee Security mean?
The set of cryptographic and network controls that protect Zigbee mesh networks of low-power IoT devices, based on IEEE 802.15.4 and AES-CCM* keys.
How does Zigbee Security work?
Zigbee is a low-power, low-data-rate wireless protocol built on IEEE 802.15.4 and widely used in smart-home lighting, sensors, locks, and industrial monitoring. Zigbee security relies on AES-128 in CCM* mode and a hierarchy of keys: a Network Key shared by all nodes, optional Link Keys for pairwise communication, and a Trust Center (typically the coordinator) that authenticates and rekeys devices. Major weaknesses come from join procedures: pre-Zigbee-3.0 devices often used well-known default Trust Center Link Keys, making sniffed Network Key transports recoverable, and Touchlink commissioning has known protocol flaws. Hardening practices include Zigbee 3.0 with install codes, periodic Network Key rotation, physical proximity for commissioning, and segmentation of Zigbee gateways from sensitive networks.
How do you defend against Zigbee Security?
Defences for Zigbee Security typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Zigbee Security?
Common alternative names include: Zigbee security, IEEE 802.15.4 security.
● Related terms
- ot-iot№ 552
IoT Security
The discipline of protecting Internet-of-Things devices, gateways, networks, and cloud services from compromise, given their scale, constrained resources, and long lifetimes.
- ot-iot№ 115
Bluetooth LE Security
The pairing, encryption, and privacy mechanisms defined by the Bluetooth Core Specification for Bluetooth Low Energy devices.
- ot-iot№ 634
LoRaWAN Security
The end-to-end key, join, and message-protection model defined by the LoRaWAN specification for low-power wide-area IoT networks.
- ot-iot№ 551
IoT Botnet
A network of compromised Internet-of-Things devices remotely controlled to launch attacks such as DDoS, credential stuffing, click fraud, or cryptomining.
- ot-iot№ 762
Operational Technology (OT)
Hardware and software that monitor and control physical processes, devices, and infrastructure such as factories, power plants, and utilities.
- ot-iot№ 422
Firmware Over-the-Air (OTA)
A mechanism for delivering and installing firmware updates to remote devices through wireless or networked channels, without physical access.