ZigBee Smart Energy Security Securing The HAN Network

3,216 views
2,984 views

Published on

Provides an overview of the security mechanisms of the ZigBee Smart Energy profile. From Metering America/World Meter Design Congress, San Diego, CA, March 2010

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,216
On SlideShare
0
From Embeds
0
Number of Embeds
49
Actions
Shares
0
Downloads
65
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

ZigBee Smart Energy Security Securing The HAN Network

  1. 1. Zin Kyaw, System Applications EngineerTexas Instruments, San Diego, CA, USA
  2. 2. Agenda• Introduction• ZigBee Smart Energy 101• Joining a ZigBee Smart Energy Network• Establishing an Application Link Key• Security Maintenance Policies• Commissioning Considerations• Example SE HAN Network
  3. 3. Introduction• Paradigm shift towards appliances in the home being able to intelligently save us money and energy• Smart appliances must be able to communicate with the utility back haul network via a device in the home called the Energy Service Portal (ESP)• This communications link must not only be robust, but also secure• In-depth look at the security model for the ZigBee Smart Energy Profile• Device commissioning and network installation procedures are examined• Discussion of example eco-system
  4. 4. ZigBee Smart Energy 101• ZigBee Smart Energy is a ZigBee Alliance public application profile that defines commands (or clusters) and attributes for the following device types: – Energy Service Portal (ESP) – The ESP is the device that provides a gateway into the home and manages the ZigBee Smart Energy HAN – In-Premise Display (IPD) – The IPD is a device that will present energy consumption data and price information to the end user either by text or graphical means – Metering Device – These are typically metering devices such as gas, water, and heat meters
  5. 5. ZigBee Smart Energy 101 (cont.)• Programmable Communicating Thermostat (PCT) – Device used to control the cooling and heating systems of the home• Load Control Device – A device such as a pool pump or water heater that is capable of receiving demand response and load control events from the utility head end• Smart Appliance – Like a load control device, a smart appliance could be a washer, dryer, oven that is capable of receiving demand response or pricing events from the utility head end• Range Extender – A range extender has no other purpose than to be a router device for other devices in the HAN
  6. 6. ZigBee Smart Energy 101 (cont.)• A cluster is a ZigBee term for a collection of commands and attributes specific to a particular behavior• In ZigBee Smart Energy, the following clusters are supported: – Price – Provides functionality to convey price information from the utility head end – Demand Response and Load Control (DRLC) - Provides functionality for devices such as thermostats and other devices that perform load control – Simple Metering - Provides functionality to retrieve usage data from electric, gas, water metering devices
  7. 7. ZigBee Smart Energy 101 (cont.)• Message – Provides functionality to deliver text messages• Time – Provides functionality to synchronize time between the time server (ESP) and other devices. UTC is used as the common time base• Key Establishment – Provides functionality for establishing a link key for secure application level communication between pairs of devices
  8. 8. Joining a ZigBee Smart Energy Network • Typically, the ESP is also the ZigBee Coordinator and Trust Center, and TrustCenter/ acts as the gate keeper for all joiningCoordinator/ESP SE Device devices • Device joins by using a Pre- BeaconRequest configured Trust Center Link Key • Pre-configured Trust Center Link Key BeaconResponse is programmed at manufacturing, or AssociationRequest via an installation code using the process outlined in section 5.4.8.1 of AssociationResponse [1] • The Pre-configured Trust Center Link APS TransportKey (encrypted with Trust Center Link Key) Key is used to encrypt the APS transport command containing the EndDeviceAnnounce network key • Network key is NOT sent to the joining device in the clear
  9. 9. Establishing an Application Link Key• After joining the network, the device establishes a link key with the ESP in order to exchange SE application data• The procedure is called Certificate Based Key Establishment, or CBKE for short• Trust is established by commissioning a Certificate Authority (CA) root key (public key paired with the CA’s private key) and a digital certificate for each device• Upon successful completion of CBKE, both devices achieve to: – Share the same link key – Authenticate each other – Confirm that the other device actually has computed the same key correctly – All shared link key created per session are unique• The trust center then updates the pre-configured trust center link key of the joining device
  10. 10. Establishing an Application Link Key (cont.) TrustCenter/ SE Device Coordinator/ESP Initiate Key EstablishmentRequest Initiate Key EstablishmentResponse EphemeralDataRequest EphemeralDataResponse Confirm KeyRequest ConfirmKeyResponse APS ACK
  11. 11. Security Maintenance Policies• The ZigBee SE system should have policies in place for managing network key and link key updates• Updating the network key – Changing the network key periodically is good practice as it helps reduce the chance of brute force attacks at the network level – How often the network key gets updated is a network wide policy – The core ZigBee specification provides primitives for the trust center to update the network key and instruct devices to start using the new network key – If any device misses the network key update it will try to rejoin the network using the “unsecured rejoin” procedure specified in the core ZigBee specification – The transport key message used to deliver the network key is encrypted with the link key previously obtained via the CBKE process
  12. 12. Security Maintenance Policies (cont.)• Updating the link key – The trust center policy for updating the link key could be more selective, as the established link key is for each pair of devices – When it is time for the trust center to update the link key, it will mark it as stale, and can initiate the CBKE procedure to establish a new link key – Once the new link key is established, the trust center will then clear the stale status for that key – It must mark it as stale and not delete the link key since the link key is used to deliver the current network key per the unsecure rejoin process – Other devices may delete the link key prior to establishing a new link key
  13. 13. Commissioning Considerations• Typically the ESP (E-meter) would be the device that is installed first, followed by other metering devices such as the gas meter• It is expected that these devices would be installed by a service professional• However, the homeowner could be expected to install a device such as an in-premise display that has been approved for use by their utility• The Pre-Configured Trust Center Link Key for the HAN device should be commissioned at manufacturing or configured at installation• In a typical install scenario, the user would have to: – Enable permit joining of the ZigBee SE HAN for a period of time via an out of band mechanism. Part of this procedure may require the user to enter the install code found on the device through a customer portal – Press a button on the in-home display to tell it to join. The display would provide the user feedback throughout the device registration process
  14. 14. Example SE HAN Network In Premise Display shows • All communication with consumption, price signals and text messages from ESP In-Premise Display the ESP (e-meter) is ESP Sends PCT Load Control Event to control HVAC (IPD) secured at the application layer with Programmable Communicating Thermostat (PCT) the link key established via CBKEESP (E-Meter) Simple Metering Device Reports Current Summation Delivered Attribute Periodically Simple Metering Device (Gas, Water, Heat)
  15. 15. Conclusion• Provided an overview of the ZigBee Smart Energy application profile and described its security model• The procedures of secure joining and establishing application link keys were discussed• Maintenance policies for updating the network and application link keys were discussed• ZigBee Smart Energy and ZigBee core specifications provide all the services and tools for robust security
  16. 16. References• ZigBee Smart Energy Profile Specification, 075356r15ZB_AMI_PTG-AMI_Profile Specification.pdf, ZigBee Alliance• ZigBee Specification, 053474r17ZB_TSC- ZigBee-Specification.pdf, ZigBee Alliance• Z-Stack Smart Energy Developer’s Guide, SWRA216, Texas Instruments

×