Upload
zin-kyaw
View
2.023
Download
1
Embed Size (px)
DESCRIPTION
Provides an overview of the security mechanisms of the ZigBee Smart Energy profile. From Metering America/World Meter Design Congress, San Diego, CA, March 2010
Citation preview
Zin Kyaw, System Applications Engineer Texas Instruments, San Diego, CA, USA
Agenda
• Introduction
• ZigBee Smart Energy 101
• Joining a ZigBee Smart Energy Network
• Establishing an Application Link Key
• Security Maintenance Policies
• Commissioning Considerations
• Example SE HAN Network
Introduction
• Paradigm shift towards appliances in the home being able to intelligently save us money and energy
• Smart appliances must be able to communicate with the utility back haul network via a device in the home called the Energy Service Portal (ESP)
• This communications link must not only be robust, but also secure
• In-depth look at the security model for the ZigBee Smart Energy Profile
• Device commissioning and network installation procedures are examined
• Discussion of example eco-system
ZigBee Smart Energy 101
• ZigBee Smart Energy is a ZigBee Alliance public application profile that defines commands (or clusters) and attributes for the following device types:
– Energy Service Portal (ESP) – The ESP is the device that provides a gateway into the home and manages the ZigBee Smart Energy HAN
– In-Premise Display (IPD) – The IPD is a device that will present energy consumption data and price information to the end user either by text or graphical means
– Metering Device – These are typically metering devices such as gas, water, and heat meters
ZigBee Smart Energy 101 (cont.)
• Programmable Communicating Thermostat (PCT) – Device used to control the cooling and heating systems of the home
• Load Control Device – A device such as a pool pump or water heater that is capable of receiving demand response and load control events from the utility head end
• Smart Appliance – Like a load control device, a smart appliance could be a washer, dryer, oven that is capable of receiving demand response or pricing events from the utility head end
• Range Extender – A range extender has no other purpose than to be a router device for other devices in the HAN
ZigBee Smart Energy 101 (cont.)
• A cluster is a ZigBee term for a collection of commands and attributes specific to a particular behavior
• In ZigBee Smart Energy, the following clusters are supported:– Price – Provides functionality to convey price information
from the utility head end
– Demand Response and Load Control (DRLC) - Provides functionality for devices such as thermostats and other devices that perform load control
– Simple Metering - Provides functionality to retrieve usage data from electric, gas, water metering devices
ZigBee Smart Energy 101 (cont.)
• Message – Provides functionality to deliver text messages
• Time – Provides functionality to synchronize time between
the time server (ESP) and other devices. UTC is used as the
common time base
• Key Establishment – Provides functionality for establishing a
link key for secure application level communication between
pairs of devices
Joining a ZigBee Smart Energy
Network• Typically, the ESP is also the ZigBee
Coordinator and Trust Center, and acts as the gate keeper for all joining devices
• Device joins by using a Pre-configured Trust Center Link Key
• Pre-configured Trust Center Link Key is programmed at manufacturing, or via an installation code using the process outlined in section 5.4.8.1 of [1]
• The Pre-configured Trust Center Link Key is used to encrypt the APS transport command containing the network key
• Network key is NOT sent to the joining device in the clear
Trust Center/
Coordinator/ESPSE Device
Beacon Request
Association Response
Beacon Response
Association Request
APS Transport Key
(encrypted with Trust Center Link Key)
End Device Announce
Establishing an Application Link Key
• After joining the network, the device establishes a link key with the ESP in order to exchange SE application data
• The procedure is called Certificate Based Key Establishment, or CBKE for short
• Trust is established by commissioning a Certificate Authority (CA) root key (public key paired with the CA’s private key) and a digital certificate for each device
• Upon successful completion of CBKE, both devices achieve to:– Share the same link key
– Authenticate each other
– Confirm that the other device actually has computed the same key correctly
– All shared link key created per session are unique
• The trust center then updates the pre-configured trust center link key of the joining device
Establishing an Application Link Key
(cont.)
Trust Center/
Coordinator/ESPSE Device
Initiate Key Establishment Request
Ephemeral Data Request
Confirm Key Request
Confirm Key Response
Initiate Key Establishment Response
Ephemeral Data Response
APS ACK
Security Maintenance Policies
• The ZigBee SE system should have policies in place for managing network key and link key updates
• Updating the network key– Changing the network key periodically is good practice as it helps
reduce the chance of brute force attacks at the network level
– How often the network key gets updated is a network wide policy
– The core ZigBee specification provides primitives for the trust center to update the network key and instruct devices to start using the new network key
– If any device misses the network key update it will try to rejoin the network using the “unsecured rejoin” procedure specified in the core ZigBee specification
– The transport key message used to deliver the network key is encrypted with the link key previously obtained via the CBKE process
Security Maintenance Policies (cont.)
• Updating the link key
– The trust center policy for updating the link key could be more selective, as the established link key is for each pair of devices
– When it is time for the trust center to update the link key, it will mark it as stale, and can initiate the CBKE procedure to establish a new link key
– Once the new link key is established, the trust center will then clear the stale status for that key
– It must mark it as stale and not delete the link key since the link key is used to deliver the current network key per the unsecure rejoin process
– Other devices may delete the link key prior to establishing a new link key
Commissioning Considerations
• Typically the ESP (E-meter) would be the device that is installed first, followed by other metering devices such as the gas meter
• It is expected that these devices would be installed by a service professional
• However, the homeowner could be expected to install a device such as an in-premise display that has been approved for use by their utility
• The Pre-Configured Trust Center Link Key for the HAN device should be commissioned at manufacturing or configured at installation
• In a typical install scenario, the user would have to:– Enable permit joining of the ZigBee SE HAN for a period of time via an out of
band mechanism. Part of this procedure may require the user to enter the install code found on the device through a customer portal
– Press a button on the in-home display to tell it to join. The display would provide the user feedback throughout the device registration process
Example SE HAN Network
• All communication with
the ESP (e-meter) is
secured at the
application layer with
the link key established
via CBKE
In-Premise Display
(IPD)
Programmable
Communicating
Thermostat (PCT)
Simple Metering Device
(Gas, Water, Heat)
ESP (E-Meter)
In Premise Display shows
consumption, price signals and
text messages from ESP
ESP Sends PCT Load Control Event to
control HVAC
Simple Metering Device
Reports Current
Summation Delivered
Attribute Periodically
Conclusion
• Provided an overview of the ZigBee Smart Energy
application profile and described its security model
• The procedures of secure joining and establishing
application link keys were discussed
• Maintenance policies for updating the network and
application link keys were discussed
• ZigBee Smart Energy and ZigBee core specifications
provide all the services and tools for robust security
References
• ZigBee Smart Energy Profile Specification,
075356r15ZB_AMI_PTG-AMI_Profile
Specification.pdf, ZigBee Alliance
• ZigBee Specification, 053474r17ZB_TSC-
ZigBee-Specification.pdf, ZigBee Alliance
• Z-Stack Smart Energy Developer’s Guide,
SWRA216, Texas Instruments