Zigbee Security

Zigbee uses a Symmetric key with 128 bit Advanced Encryption Standard (AES-128) for encryption, specifically AES-CCM. AES-CCM is NIST Special Publication 800-38C and is implemented in hardware in the module.

Zigbee Security has two main purposes:
 * 1) Encryption - make sure that no one can read our data
 * 2) Integrity Protection - make sure that our message wasn't tampered with

Authentication and encryption are applied on the Network and Application layers and work in the following method:
 * Encryption scrambles the original data (called plaintext in 'security speak') into ciphertext
 * Encryption prevents an eavesdropper from being able to interpret frame payload
 * Integrity protection adds a Message Integrity Code (MIC) to be transported along with the data to be protected
 * The MIC 'signs' the data and allows the recipient to verify that the data has not been tampered with
 * The MIC is also bound to the identity (IEEE address) of the originator and thus provides origin authenticity
 * Without integrity protection, a rogue device could modify a transmitted frame and the modification may not be detected by the recipient

Security Modes
The module implements the Standard Security Mode of Zigbee 2007 Pro. This supports either pre-configured keys or coordinator distributed keys
 * Pre-configured keys: All nodes on the network share the same key. The application on the micrcontroller must load the module with this key (using ZB WRITE CONFIGURATION). There is no way to get the key over the air. This method is very secure, and allows you to either use the same key for all your products, or a different key per site. If using security this is the recommended approach.
 * Coordinator Distribute keys: If joining is enabled, when devices join the network the Coordinator distributes keys to each node. This can be controlled by turning off joining once all devices have joined.