Zin Kyaw, System Applications Engineer Texas Instruments, San Diego, CA, USA

Agenda

• Introduction

• ZigBee Smart Energy 101

• Joining a ZigBee Smart Energy Network

• Establishing an Application Link Key

• Security Maintenance Policies

• Commissioning Considerations

• Example SE HAN Network

Introduction

• Paradigm shift towards appliances in the home being able to intelligently save us money and energy

• Smart appliances must be able to communicate with the utility back haul network via a device in the home called the Energy Service Portal (ESP)

• This communications link must not only be robust, but also secure

• In-depth look at the security model for the ZigBee Smart Energy Profile

• Device commissioning and network installation procedures are examined

• Discussion of example eco-system

ZigBee Smart Energy 101

• ZigBee Smart Energy is a ZigBee Alliance public application profile that defines commands (or clusters) and attributes for the following device types:

– Energy Service Portal (ESP) – The ESP is the device that provides a gateway into the home and manages the ZigBee Smart Energy HAN

– In-Premise Display (IPD) – The IPD is a device that will present energy consumption data and price information to the end user either by text or graphical means

– Metering Device – These are typically metering devices such as gas, water, and heat meters

ZigBee Smart Energy 101 (cont.)

• Programmable Communicating Thermostat (PCT) – Device used to control the cooling and heating systems of the home

• Load Control Device – A device such as a pool pump or water heater that is capable of receiving demand response and load control events from the utility head end

• Smart Appliance – Like a load control device, a smart appliance could be a washer, dryer, oven that is capable of receiving demand response or pricing events from the utility head end

• Range Extender – A range extender has no other purpose than to be a router device for other devices in the HAN

ZigBee Smart Energy 101 (cont.)

• A cluster is a ZigBee term for a collection of commands and attributes specific to a particular behavior

• In ZigBee Smart Energy, the following clusters are supported:– Price – Provides functionality to convey price information

from the utility head end

– Demand Response and Load Control (DRLC) - Provides functionality for devices such as thermostats and other devices that perform load control

– Simple Metering - Provides functionality to retrieve usage data from electric, gas, water metering devices

ZigBee Smart Energy 101 (cont.)

• Message – Provides functionality to deliver text messages

• Time – Provides functionality to synchronize time between

the time server (ESP) and other devices. UTC is used as the

common time base

• Key Establishment – Provides functionality for establishing a

link key for secure application level communication between

pairs of devices

Joining a ZigBee Smart Energy

Network• Typically, the ESP is also the ZigBee

Coordinator and Trust Center, and acts as the gate keeper for all joining devices

• Device joins by using a Pre-configured Trust Center Link Key

• Pre-configured Trust Center Link Key is programmed at manufacturing, or via an installation code using the process outlined in section 5.4.8.1 of [1]

• The Pre-configured Trust Center Link Key is used to encrypt the APS transport command containing the network key

• Network key is NOT sent to the joining device in the clear

Trust Center/

Coordinator/ESPSE Device

Beacon Request

Association Response

Beacon Response

Association Request

APS Transport Key

(encrypted with Trust Center Link Key)

End Device Announce

Establishing an Application Link Key

• After joining the network, the device establishes a link key with the ESP in order to exchange SE application data

• The procedure is called Certificate Based Key Establishment, or CBKE for short

• Trust is established by commissioning a Certificate Authority (CA) root key (public key paired with the CA’s private key) and a digital certificate for each device

• Upon successful completion of CBKE, both devices achieve to:– Share the same link key

– Authenticate each other

– Confirm that the other device actually has computed the same key correctly

– All shared link key created per session are unique

• The trust center then updates the pre-configured trust center link key of the joining device

Establishing an Application Link Key

(cont.)

Trust Center/

Coordinator/ESPSE Device

Initiate Key Establishment Request

Ephemeral Data Request

Confirm Key Request

Confirm Key Response

Initiate Key Establishment Response

Ephemeral Data Response

APS ACK

Security Maintenance Policies

• The ZigBee SE system should have policies in place for managing network key and link key updates

• Updating the network key– Changing the network key periodically is good practice as it helps

reduce the chance of brute force attacks at the network level

– How often the network key gets updated is a network wide policy

– The core ZigBee specification provides primitives for the trust center to update the network key and instruct devices to start using the new network key

– If any device misses the network key update it will try to rejoin the network using the “unsecured rejoin” procedure specified in the core ZigBee specification

– The transport key message used to deliver the network key is encrypted with the link key previously obtained via the CBKE process

Security Maintenance Policies (cont.)

• Updating the link key

– The trust center policy for updating the link key could be more selective, as the established link key is for each pair of devices

– When it is time for the trust center to update the link key, it will mark it as stale, and can initiate the CBKE procedure to establish a new link key

– Once the new link key is established, the trust center will then clear the stale status for that key

– It must mark it as stale and not delete the link key since the link key is used to deliver the current network key per the unsecure rejoin process

– Other devices may delete the link key prior to establishing a new link key

Commissioning Considerations

• Typically the ESP (E-meter) would be the device that is installed first, followed by other metering devices such as the gas meter

• It is expected that these devices would be installed by a service professional

• However, the homeowner could be expected to install a device such as an in-premise display that has been approved for use by their utility

• The Pre-Configured Trust Center Link Key for the HAN device should be commissioned at manufacturing or configured at installation

• In a typical install scenario, the user would have to:– Enable permit joining of the ZigBee SE HAN for a period of time via an out of

band mechanism. Part of this procedure may require the user to enter the install code found on the device through a customer portal

– Press a button on the in-home display to tell it to join. The display would provide the user feedback throughout the device registration process

Example SE HAN Network

• All communication with

the ESP (e-meter) is

secured at the

application layer with

the link key established

via CBKE

In-Premise Display

(IPD)

Programmable

Communicating

Thermostat (PCT)

Simple Metering Device

(Gas, Water, Heat)

ESP (E-Meter)

In Premise Display shows

consumption, price signals and

text messages from ESP

ESP Sends PCT Load Control Event to

control HVAC

Simple Metering Device

Reports Current

Summation Delivered

Attribute Periodically

Conclusion

• Provided an overview of the ZigBee Smart Energy

application profile and described its security model

• The procedures of secure joining and establishing

application link keys were discussed

• Maintenance policies for updating the network and

application link keys were discussed

• ZigBee Smart Energy and ZigBee core specifications

provide all the services and tools for robust security

References

• ZigBee Smart Energy Profile Specification,

075356r15ZB_AMI_PTG-AMI_Profile

Specification.pdf, ZigBee Alliance

• ZigBee Specification, 053474r17ZB_TSC-

ZigBee-Specification.pdf, ZigBee Alliance

• Z-Stack Smart Energy Developer’s Guide,

SWRA216, Texas Instruments