This paper addresses design principles and best practices regarding the secure implementation and operation of ZigBee wireless networks. ZigBee is a protocol specification and industry standard for a type of wireless communications technology generically known as Low-Rate Wireless Personal Area Networks (LR-WPAN). LR-WPAN technology is characterized by low-cost, low-power wireless devices that self-organize into a short-range wireless communication network to support relatively low throughput applications such as distributed sensing and monitoring. Networks can range from simple single-hop star topologies to more complex multi-hop mesh networks. The emergence of LR-WPAN technology and ZigBee standardization is appealing because of its potential for relatively fast, low cost, and simplified implementations compared to more traditional wired network installations used for industrial and process automation applications. The ZigBee specification provides a standardized set of protocols, services, and interfaces for vendors to create LR-WPAN hardware platforms and software applications that will enable customers to deploy complete, interoperable low-power mesh networking systems for monitoring and control.
The focus of this paper is on the secure deployment of ZigBee networks in industrial environments, such as manufacturing and process automation facilities. ZigBee is the name given to a specific protocol standard being developed by the ZigBee Alliance, the industry group overseeing its development and the process for certifying and branding compliant products. The term LR-WPAN, on the other hand, is a generic reference to the type of technology that is being standardized by groups such as the ZigBee Alliance. LR-WPAN is the term used by the IEEE, which has standardized the lowest layers of the technology but stopped short of developing the higher layers of the protocol stack needed to achieve fully functional and interoperable networks and applications. It should be noted that other industry groups are also engaged in the development of LR-WPAN standards, such as the ISASP100 and Wireless HART efforts.
This document will begin with a conceptual overview of LR-WPAN technology and the role that the ZigBee protocol plays in the development and standardization process. A section on the IEEE 802.15.4 specification upon which ZigBee is based is then presented, followed by a description of the ZigBee standard and its various components. A following section will describe ZigBee the security architecture, services, and features. Next, a section on secure LR-WPAN network design principles is presented, followed by a list of specific recommended security best practices that can be used as a guideline for organizations considering the deployment of ZigBee networks. Finally, a section on technical issues and special considerations for installations of LR-WPAN networks in industrial environments is presented. A concluding section summarizes key points and is followed by a list of technical references related to the topics presented in this document.