XB24-BPDK Digi International/Maxstream, XB24-BPDK Datasheet - Page 30

XB24-BPDK

Manufacturer Part Number

XB24-BPDK

Description

KIT DEVELOPMENT XBEE SERIES 2

Manufacturer

Digi International/Maxstream

Series

XBee™r

Type

802.15.4/Zigbeer

Datasheet

1.XB24-BPDK.pdf (91 pages)

Specifications of XB24-BPDK

Frequency

2.4GHz

For Use With/related Products

XBee™ Series 2 Modules

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Current page: 30 of 91
Download datasheet (2Mb)

XBee ZNet 2.5/XBee‐PRO ZNet 2.5 ZigBee OEM RF Modules v1.x4x

4.1.3. Verifying Network Selection

4.1.4. Secure Networks

4.1.5. Open and Closed Networks

Security Policies

Data Encryption

The AI command can be used to determine the status of the last join attempt. For example, if

AI=0x22, it means the router or end device found PANs, but none were operating on the right PAN

ID. See the AI command entry in the AT Command table for details.

The actual operating channel and PAN ID that the device operates on can be read with the CH and

OP commands, respectively. If ID is not equal to 0xFFFF (join any PAN ID), the OP and ID

commands will return the same value. The MY command indicates the device’s 16-bit address.

If security is enabled (EE=1), the coordinator will startup using the 128-bit AES encryption key

specified by the KY command. Routers and end devices that join the PAN must either be

configured with the same security key, or they must obtain the key over the air when they join.

The security key can be configured on routers and end devices using serial commands or by

sending remote API commands when commissioning devices. As an alternate, but less secure

approach, the security key can be transmitted over-the-air during joining if the EO (encryption

options) command is set to allow sending the key over-the-air when joining.

The EO command is used to define the security policy. In XBee ZNet 2.5, the security policy

defines what types of devices can join the network, and who makes the decision regarding which

devices can join.

If EO is set to send the security over the air during joining, the network will allow devices to join

that do or do not already have the security key. When a device joins this type of network, if it

does not have the security key, it will be transmitted to that device over the air unencrypted (in

the clear) when it joins. When the device receives the security key, it will use the key to encrypt

and decrypt all future data transmissions.

If EO is set to enable a trust center, all join requests are sent to the trust center for verification. In

XBee ZNet 2.5, the trust center is always the coordinator. The coordinator will determine whether

or not to allow joins based on its EO setting, and whether or not the joining device has the security

key. If EO on the coordinator is set to send the security key over the air during joining, the

coordinator will allow devices that do or do not already have the security key to join. Otherwise,

the coordinator will only allow devices to join the network that already have the encryption key.

When encryption is enabled in the network, RF data packets are encrypted and decrypted at the

network layer according to AES-128 (FIPS 197) algorithm. The following packet components are

encrypted:

For multi-hop transmissions, each router along the route must decrypt and re-encrypt the data.

Enabling security in a network increases the latency of data transmissions. In addition, enabling

security adds several bytes of overhead into the RF packet. With security enabled, up to 65 bytes

of data (payload) can be sent in a single packet.

In addition to setting the permit-joining attribute on the coordinator and routers, the NJ command

also defines an open or closed network. An open network is a network where joining is always

enabled (NJ=0xFF on all devices). This type of network should be used to support:

A network is considered closed if NJ < 0xFF (permit-joining attribute enables joining for a finite

time). If NJ < 0xFF, joining may or may not be permitted. Closed networks should only be used if

• Network payload

• APS headers

• Data payload.

• end devices that may change parents (i.e. – end devices that move from one location to

• changing the operating channel of an entire PAN

another).

XB24-BPDK Digi International/Maxstream, XB24-BPDK Datasheet - Page 30

XB24-BPDK

Specifications of XB24-BPDK

Related parts for XB24-BPDK