Zigbee is a wireless networking protocol suitable for use in home and industrial systems.

Zigbee provides the following benefits:

• Low power consumption
• Low cost of implementation
• Use of unreserved/unlicensed radio bands
• Easily configurable network
• Intelligence of network setup and message routing
• High security
• A wireless network that can be easily expanded or additional nodes can be installed at locations where cabling is hard to apply

Protocol Stack

The Zigbee protocol stack consists of 3(three) layers represented in the following picture:

• Physical/Data Link Level: Contains the mechanism to physically transport Zigbee-related data in a wireless network. It is based on the IEEE 802.15.4.
• Zigbee Stack Level: Contains the actual Zigbee functionality, such as network management, security, routing, etc., and connects applications with the physical transport. This level consists of the following three main components:
  • Network (NWK): Responsible for networking, including data transmission, routing, reliability of communication, etc.
  • Application Support Sub-layer (APS): Simplifies the work of the applications running on a Zigbee device, filters duplicate messages, keeps binding information, etc.
  • ZDO Management Plane: Interacts with the NWK and APS layers to enable the device's Zigbee Device Objects (ZDO) application execute requests from applications to send and receive data in the network.
• Application Level: Contains a framework, based on the Zigbee Cluster Library (ZCL), in whose context applications run.

Communication

Frequency Bands and Channels

Zigbee communication can be established in one of the three possible radio frequency bands: 868MHz (Europe), 915 MHz (Asia and Australia) and 2400MHz (worldwide). Respectively, the bands have certain data rates concluding from the principle of "the higher the frequency, the higher the rate": 20, 40 and 250 Kbps. Each band is divided into channels. Together the three bands have 27 channels numbered from 0 to 26. To prevent from interfering with another type of radio communication, via energy detection Zigbee network management devices are capable of choosing the most suitable channel at initialization.

Transmission Range

The transmission range is between 10 to 100 m (32.8 feet - 328 feet) based on the environment. Routers can be used to extend the range of the network.

Power Consumption

The Zigbee communication rules are defined in a way to suite autonomous low-powered end devices. Such devices (security sensors, light switches, etc.) have batteries or solar cells and do not depend on power cabling. In this way, end devices can be easily installed or moved at a low cost. Some of the methods for saving power of autonomous devices is low duty cycle, sleep mode and modulation.

However, routers and coordinators must be on all the time due to their role in a Zigbee network.

Dependability

Zigbee provides reliable and secure communication. It is made reliable through the use of channel selection, "listen before sending", data encoding, message acknowledgements, and route discovery. It is secured through the use of Access Control Lists (ACL), 128-bit AES encryption and message freshness timers.

Network

Node Types

A Zigbee network can have the following types of nodes:

• Zigbee Coordinator (ZC): The main node of the network - only one coordinator can reside in a network. It sets the network up and allows new devices to join. The coordinator also can provide other services, e.g. security management.
• Zigbee Router (ZR): Routers are responsible for: finding and joining the "correct" network, perpetuating broadcast messages across the network, participating in routing, including discovering and maintaining routes, allowing other devices to join the network (if permit-join enabled), storing packets on behalf of sleeping children.
• Zigbee End Device (ZED): It can send and receive messages, but is not capable of forwarding data to other nodes. End device nodes cannot have children and must be connected to a coordinator or a router. Usually, end devices are autonomous and support sleep mode.

Topologies

ZigBee supports the following network topologies:

Star

Contains a central coordinator node, which passes the messages to the connected end devices. The devices are within direct range to the central node. The advantages of the star configuration are that it's simple, requires no routing, and has high performance. The disadvantages are that there is no alternative if the connection between the coordinator and an end device breaks, and that the transmission range is limited.

Tree

Represents a tree-like configuration of devices whose root is a coordinator node. A tree branch starts with a router as it can have children and is capable to transmit messages down the route to a target node. The leaves can be end devices or routers whose routing feature will not be used.

Mesh

Extends the tree topology by introducing multiple routes to a certain node. Its main benefits are: "self-healing" and "self-configuring" capabilities; connections are dynamically updated and optimised; a device can be connected to several others which ensures reliability; greater network range; and easy extension and re-configuration.

Node Addressing

In a ZigBee network, nodes can be identified by one of the following address types:

• IEEE or MAC Address: A 64 bit address assigned by IEEE, which identifies a device worldwide.
• Network or Short Address: A 16 bit address unique in the scope of the parent network. It is assigned by the coordinator or the parent router when the node joins the network. The network address of the network's coordinator is always 0x0000.

Node Addressing Modes:

• Unicast: In Zigbee communications most messages are sent from one node to another. This can either be done using the destination node's Short Address or MAC Address.
• Broadcast: Zigbee supports broadcasting messages, meaning that one node in the network can send a message to many other nodes in the same network. This can be done for time synchronization for example, or other type of events. Broadcast messages should be used seldom as they consume quite a lot of network bandwidth. It is also difficult to know whether all devices have received the message. To broadcast a message, send it using one of the broadcast short addresses:
  • 0xFFFC - All Routers and Coordinator
  • 0xFFFD - All devices with receiver turned on
  • 0xFFFE - Reserved for binding
  • 0xFFFF - All devices in the network

There may be a significant latency in propagating a message to all network nodes. This is determined by the size of the network and the number of hops the message needs to go through. If you wish to time synchronize devices you should have the node that needs synchronization periodically requesting the time from the coordinator. The coordinator then replies with a unicast message to the requesting node. In this way you minimize network traffic and can be sure that all devices are synchronized.

• Group Addressing: For Group Addressing instead of sending to one of the broadcast addresses above you will use a short address associated with a group you previously created on your network. This group is a set of nodes which can then be addressed with a single frame, thereby reducing network traffic for packets destined for groups.

Software Architecture

Endpoints

A node can run several applications, and each application is represented by a node-specific endpoint. Every endpoint has an address from 1 to 240. To call an application in the network, you have to locate the device by specifying its network address or IEEE address and then the application's endpoint address. The endpoint address 255 stands for the broadcast endpoint address - by directing a message to this endpoint address the same data can be delivered to all node's applications.

ZigBee Device Objects

A special application called ZDO (ZigBee Device Objects) is accessible at endpoint address 0. It indicates the type of the node (coordinator, router or end device), initialises the node, provides join and discovery request-response capabilities, and optionally supports binding, security management, node management and group management. The ZDO Management Plane connects ZDO with the underlying APS and NWK through the rules defined in a special application profile ZigBee Device Profile (ZDP) (refer to the section below). Refer to the "Protocol Stack" section above to see the place of ZDO in the ZigBee architecture.

Device Descriptors

ZigBee nodes describe their capabilities to other entities by means of descriptors, accessible through ZDO.

The ZigBee standard defines the following types of descriptors:

• Of the node itself:
  • Node Descriptor: Mandatory. Contains the node type, supported frequency band, MAC capabilities, manufacturer ID, availability of optional descriptors, etc.
  • Power Descriptor: Mandatory. Provides information about the power settings of the node.
  • Complex Descriptor: Optional. Extends the information about the device with manufacturer name, model name, serial number, etc.
  • User Descriptor: Optional. Contains a user-friendly description of the device.
• Of a node's endpoint:
  • Simple: Mandatory. Contains the endpoint address, supported application profile, device application description, and lists of supported input and output clusters.

Application Profiles

Application profiles represent a space of functionally related applications and devices. Usually an application profile reflects the specifics of a certain market. There are two kinds of application profiles - public and manufacturer-specific.

• Public profiles are introduced by the ZigBee Alliance (such as Home Automation) and ensure interoperability between devices from different vendors if they support the same profile(s).
• An application profile contains device descriptions for the device types matching the profile domain. The profile also defines the information in the form of clusters that a device can produce as output and can read as input. Profile definitions utilize the cluster definitions from the ZCL Specification.

Several application profiles can co-exist in a ZigBee network. Moreover, a single node can support more than one profile based on the configuration of its endpoints.

Device and Service Discovery

Discovery stands for the procedure for a device to identify other devices and services in the network. Two types of discovery exist in ZigBee - device and service. A device discovery request asks for additional information about a node and is not associated with an application profile. The request can be sent to all nodes in the network by setting broadcast address 0xffff, or only to a specific node by using its network or IEEE address. A service discovery request queries for information about the services of a node - its purpose can be to determine all active endpoints of a node, get the endpoints matching specific application criteria, or get a descriptor.

Binding

Binding is a mechanism to associate a node's endpoint which produces information (source) with another node's endpoint(s) which consume(s) this information (destination). The information is communicated as clusters. For example, a switch can be bound to one or more lights. Note that to bind two endpoints successfully, they need to have compatible clusters.

Binding is decided upon by matching input and output cluster identifiers, unique within the context of a given profile and associated to an incoming or outgoing data flow in a device. Binding information is stored in binding tables, which contain source and destination pairs.

Security

Security is based on a 128-bit AES algorithm and is additional to the security model provided by IEEE 802.15.4. ZigBee security services include methods for key establishment and transport, device management, and frame protection.

The specification defines security for the MAC, NWK and APS layers. Security for applications is provided through Application Profiles.

ZigBee provides security based on three features.

• Every layer originating a frame is responsible for securing it.
• Keys are exchanged directly between each source and destination device.
• Data proceeds without having to be decrypted and re-encrypted at each hop.

Trust center

ZigBee protocol defines the role of a Trust Center - it allows or disallows new devices into its network. The Trust Center is usually the network coordinator (ZC), but it can also be a dedicated device. In a secure network the Trust Center should be only one for the rest of the devices to recognize it implicitly.

The mechanism that provides the Trust Center with its role in the Zigbee security is that it periodically updates the Network Key and switches to the new one (refer to the section below). This is done by first broadcasting the new key encrypted with the old Network Key and then messaging all devices to switch to the new key.

The Trust Center is responsible for the following security roles:

• Trust Manager:meaning that it should authenticate devices that request to join the network
• Network Manager: it should maintain and distribute network keys
• Configuration Manager: role is to enable end-to-end security between devices

Security keys

ZigBee uses three types of keys to manage security. Security in the ZigBee network depends on the secure initialization and installation of these keys.

Master keys

Master keys are not used to encrypt frames, but are used as an initial shared secret between two devices when they perform the Key Establishment Procedure (SKKE) to generate Link Keys. They may be pre-installed during manufacturing, may be installed by a Trust Center, or may be based on userentered data. Keys that originate from the Trust Center are called Trust Center Master Keys, while all other keys are called Application Layer Master Keys.

Network keys

Network Keys perform security at the Network Layer. All devices on a ZigBee network share the same network key acquired via key-transport or pre-installation.

High Security Network Keys must always be sent encrypted over the air, while Standard Security Network Keys can be sent either encrypted or unencrypted. High Security is supported only for ZigBee PRO. Read bellow for more information on Security modes.

Although the cost of storing of Network Key is small, it reduces the system's security, because it does not prevent internal attacks (as it is shared between all network devices).

Link keys

Link Keys' role is to secure unicast messaging between two devices at the Application Layer. A device acquires link keys via key-transport, key-establishment, or pre-installation.

Keys that originate from the Trust Center are called Trust Center Link Keys, while all other keys are called Application Layer Link Keys.

Security modes

Standard

In Standard Security mode, the list of devices, master keys, link keys & network keys can be maintained by either the Trust Center or by the devices themselves. The Trust Center is still responsible for maintaining a standard network key and it maintains policies for network admittance. In this mode, the memory requirements for the Trust Center are far less than they are for High Security mode.

High

In High Security mode, the Trust Center maintains a list of devices, master keys, link keys and network keys that it needs to control and enforce the policies of network key updates and network admittance. As the number of devices in the network grows, so does the memory the Trust Center needs.