Bitcloud Link Key

Go To Last Post
19 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I'm exploring what the Bitcloud can do and how scalable it is. It seems I have to use Link key if I want a device to join a specific network. Increasing CS_APS_KEY_PAIR_DESCRIPTORS_AMOUNT allocates large RAM space. Is the key pair used only in joining or is it required for communicating later? I tested WSNDemo with one coordinator and one end device, and the coordinator removed the key using APS_DeleteKeyPair when the end device is joined. It was still able to communicate both direction. If I want 200 devices in the network, does this need to be 200 entries or can it be smaller?

Last Edited: Fri. Oct 16, 2015 - 12:22 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

You don't need link keys to make a device join a specific network. All you need is to specify an extended PAN ID of the network.

 

Getting to 200 devices is not easy, but doable if you careful with how often devices send data.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thanks for the information. My application will have very low data rate, so I think it might be okay. I may have two different network in one area to expand more than 200 devices. The extended PAN ID may not work because I do not want different firmware or commissioning on every device and I would like to them be more flexible where they can join. What I'm trying to do is only the coordinator may know which devices are allowed to join by communicating with the PC or the server. I guess the only way to achieve is to use link key. Do I need 200 link key pair or set it small number and replace them as devices join? Are they used in data communication later?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Link keys are used for sending the network key. But the problem is that if one of your devices disconnects, then it won't be able to rejoin.

 

But that's kind of weak security if you don't want to use different keys for different devices. Otherwise anyone can pretend to be the device with an allowed address.

 

Usually your network is just closed for joining and you open it up for the moment of joining. Any devices joining at that time will be able to join, but once you close the network, only rejoins will be possible for devices that already know the network parameters.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Why wouldn't the device rejoin if it disconnect? Can it not join the same way as the first time? Since the coordinator is notified when it is missing the link key, the coordinator can always add it again for join phase. I may have more than one network in same area and devices may join at the same time and I may not know when the device is going to join, so I should open for joining and use link key to allow only devices allowed to join. I may be able to use some kind of hash of ext address to generate unique link key for each device so each device will have different key. I don't think I cannot block if there is a device that pretend to be the device if the link key hash is known. From the bitcloud developers guide I see link key is used for authentication and encryption for APS layer. My question is if it need to encrypt the APS layer, it needs to store somewhere, but my application still works with deleting the key.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

hseokman wrote:
Since the coordinator is notified when it is missing the link key, the coordinator can always add it again for join phase.
Well, if you want to go to that length, then yes. But if your link key is static or generated according to some algorithm, then any other device would be a able to join. It is up to you to decide whether this is a problem in your case, but it is a bad security practice.

 

hseokman wrote:
From the bitcloud developers guide I see link key is used for authentication and encryption for APS layer. My question is if it need to encrypt the APS layer, it needs to store somewhere, but my application still works with deleting the key.
There are two types of link keys. Trust Center Link Key is used only once to get a network key from the TC. This is the one used only during the join process.

 

Any pair of devices can also establish an application link key between them. But that's a separate process.

 

But the entire thing seems very sketchy. It is really an abuse of the ZigBee protocol.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I guess I'm trying to play the Zigbee protocol the way I want. I will try to see if it is possible to open joining only when there are devices to join. Possibly I can close right after the expected node join. I may be able to ask a device to leave the network if it is not part of the network. I'm exploring all the possibilities. I'm still not clear about the link key. If there is a device called 'A', it needs to add TC link key. TC adds A's link key. Both devices has link key of each other. A sends join message encrypted with TC's link key. TC responds with message encrypted with A's link key and this response contains network key. After this what key does A use to encrypt APS layer message. Likewise what key TC use to send message to A. If there is a separate process to discover link key between them, where are they stored. Is it stored with neighbor table? If there are 200 devices in the network, does TC or the coordinator needs to have 200 entries in the neighbor table? Thanks for all your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

hseokman wrote:
After this what key does A use to encrypt APS layer message.
Network Key, typically. There is a mechanism, where either APS or NWK layer can encrypt the communication. In most cases only NWK is used.

 

hseokman wrote:
Likewise what key TC use to send message to A.
Depends on the type of the message. If just normal network traffic, then see above.

 

hseokman wrote:
If there is a separate process to discover link key between them,
There is no discovery. TC Link Key is preconfigured. Application link keys are established in run-time.

 

hseokman wrote:
where are they stored.
APS Key Pair set (the size is defined by CS_APS_KEY_PAIR_DESCRIPTORS_AMOUNT).

 

hseokman wrote:
Is it stored with neighbor table?
No, not at all.

 

hseokman wrote:
If there are 200 devices in the network, does TC or the coordinator needs to have 200 entries in the neighbor table?
No. 200 entry neighbour table will be huge and mostly useless.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

But since your application would be highly proprietary anyway, why not use something like LwMesh and implement whatever security/permission scheme you like?

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I may be misunderstanding the encryption part. I see figure 6.1 and 6.2 shows encrypted NWK payload and encrypted APS payload. I thought NWK is encrypted with NWK key and APS is encrypted link key, so the packet is actually encrypted twice. or is it either encrypted NWK payload or encrypted APS payload depending on the security mode? Does standard security encrypt NWK payload and standard security with link key encrypt APS payload. thus no double encryption. Therefore APS encryption can use NWK key. to encrypt APS payload.

In APS_TxOptions_t there is field for 'securityEnabledTransmission' and 'useNwkKey'. To encrypt transmission packet I would assume I need set securityEnabledTransmission to 1 which WSNDemo does only for security with link key. If useNwkKey is not set, does it use link key? I don't see WSNDemo setting it. Is it using link key which I do not think because I deleted the key and it still works.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

It can be any combination, but for practical reasons no one encrypts twice. It is super slow and eats away a lot of useful payload size.

 

No, WSNDemo never establishes Application Link Keys, so it never uses them. TC Link Key and Application Link key are completely different and used for different purposes.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

What does Bitcloud do inWSNDemo? Does it encrypt NWK payload with NWK key when I use security with link key (CS_ZDO_SECURITY_STATUS = 1)? I guess device's link key is only used for authentication of the device and not used after that, thus is it okay to delete the key pair after join if I readd it later when it tries to join again? What are 'securityEnabledTransmission' and 'useNwkKey' used for? useNwkKey seems not necessary if it is going to use NWK key anyway.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

hseokman wrote:
Does it encrypt NWK payload with NWK key when I use security with link key (CS_ZDO_SECURITY_STATUS = 1)?
Yes.

 

hseokman wrote:
I guess device's link key is only used for authentication of the device and not used after that, thus is it okay to delete the key pair after join if I readd it later when it tries to join again?
TC Link Key is used only for transmitting the network key during the initial join process.

 

hseokman wrote:
What are 'securityEnabledTransmission'
Enables encryption.

 

hseokman wrote:
and 'useNwkKey' used for?
Instructs to use NWK key, even if Application Link Key is available.

 

hseokman wrote:
if it is going to use NWK key anyway.
Only if there is no Application Link Key.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thanks so much for clarifying security mode. This really helped to understand more for designing my application.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I was testing the Bitcloud Link Key again, and got another question. From the developer guide, the trust center has to know the extended address and corresponding link key for the device. WSNDemo has following code

 

void ZDO_MgmtNwkUpdateNotf(ZDO_MgmtNwkUpdateNotf_t *nwkParams)
{
  //No link key is set for the joining device in the APS key-pair set
  if (ZDO_NO_KEY_PAIR_DESCRIPTOR_STATUS == nwkParams->status)
  {
#ifdef _LINK_SECURITY_
    ExtAddr_t addr        = nwkParams->childInfo.extAddr;
    uint8_t   linkKey[16] = LINK_KEY;
    APS_SetLinkKey(&addr, linkKey);
#endif
  }
  else
    appZdoNwkUpdateHandler(nwkParams);
}

 

I suppose this code is for adding linkkey for the device if it cannot find the key pair. Is this code ever executed? I put a breakpoint on APS_SetLinkKey, it never stopped at there. Also I tried commenting APS_SetLinkKey, but an end device could still join and communicate.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

The code should be executed when key for the joining devices is not found. This won't help on the current join attempt, but the next time this device tries to join, the key will be there.

 

Beware of the universal TC address. When it is enabled, universal key will be used instead. I don't remember exact settings for this, but if you search for "universal", you will find it.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I see universal is added to link key pair. I found universal address is 0xFFFFFFFFFFFFFFFF which is also part of global link key address. How do you set device's own link key? Is it also done same way as APS_SetLinkKey with its own ID?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Yes, they are the same in operation logic.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I added linkkey for the device and did not add the link key on the coordinator, but it still joins and reports. This is in the appInitSecurity function.

uint8_t linkKey[16] = LINK_KEY;
ExtAddr_t extAddr = APS_UNIVERSAL_EXTENDED_ADDRESS;
APS_SetLinkKey(&extAddr, linkKey);
CS_ReadParameter(CS_UID_ID, &extAddr);
int i;
for (i = 0; i < 16; i++) {
    linkkey[i] = i;
}
APS_SetLinkKey(&extAddr, linkkey);

I even tried commenting APS_SetLinkKey for the universal extended address, and it still worked. How does the device join? How do I make authentication work?