Security Working Group Overview Open House June 3, 2003 Ed Callaway 03214r0ZB
Copyright 2003 The ZigBee Alliance, Inc. Organization Chair: Larry Puhl Secretary: Tom Kevenaar Technical Editor: Rene Struik Security Group Member Companies: Honeywell Invensys Mitsubishi Motorola NTRU NTS Philips Zensys Atmel Bosch Certicom Danfoss Ember Figure 8 Wireless France Telecom Helicomm
Copyright 2003 The ZigBee Alliance, Inc. Scope and Charter To build a security architecture and Security Toolbox document which provides cryptographic tools and interfaces from which profiles may select security services to enable an adequately secure communications link To provide a Test Plan to allow for conformance testing of the tools and interfaces To assist profile developers in selecting the most appropriate tools and interfaces for their applications
Copyright 2003 The ZigBee Alliance, Inc. ZigBee and Security ZigBee is working to develop standard solutions for a range of products with diverse security needs Cost, performance, complexity, flexibility, and ease- of-use are all factors to consider when choosing a security solution The security working group is developing a “Security Toolbox” that includes services to meet the needs of top-priority profiles Long-term goal: ZigBee Security Toolbox, complete with interoperability specifications and test plan to allow an application to get what it needs
Copyright 2003 The ZigBee Alliance, Inc. What’s in ? IEEE contains a good crypto algorithm It’s called AES and it’s a “symmetric cipher” –Sender and receiver encrypt and decrypt with the same key IEEE supplies three services: –Protects privacy of data to be transmitted (encryption) –Prevents impersonation of legitimate devices (sender authentication) –Prevents modification of transmitted messages (message integrity)
Copyright 2003 The ZigBee Alliance, Inc. What’s in ZigBee? The ZigBee Security Toolbox builds basic services onto the IEEE standard: key establishment key transport data protection authentication These basic services can be used to build secure network and application (i.e., end-to-end) communication links The application profile determines which basic services are needed for each application
Copyright 2003 The ZigBee Alliance, Inc. Goals for this Meeting Joint discussions with other groups Discuss the basic services to be included in the Security Toolbox document Review the public-key proposal and discuss any improvements Vote to confirm the public-key proposal, select a new chair, and confirm the content of the Security Toolbox document Other topics: orphaning, backup, mobility, testing, potential attacks