- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
-
- Home
- :
- Product Forums
- :
- Wireless Connectivity
- :
- 802.15.4 MAC Security Overview
802.15.4 MAC Security Overview
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
802.15.4 MAC Security Overview
alxbalmus
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The 802.15.4 MAC is a standard for Low Rate Wireless Personal Area Networks and it is a cornerstone of the IoT technology of today. The 802.15.4 MAC is used as a Data Link Layer for various Network Protocols used in a variety of applications: industrial automation, medical, utility metering, building automation, etc. Many of these applications need to use security and a large potion use the security offered by the 802.15.4 MAC which is described below. This post is mostly about the 2006 and 2011 versions of the 802.15.4 MAC.
For securing frames the 802.15.4 MAC uses the AES CCM* block cypher mode of operation. AES is a block cypher for encrypting data. In 802.15.4 the 128 bit version of AES is used - both the key and the plaintext block have 128 bits. CCM* is a variation of the Counter With CBC-MAC mode which uses AES-128 and allows the authentication and/or encryption of a data stream or parts of it.
The CCM* mode is applied to 802.15.4 frames as described below.
An unencrypted frame is divided into 2 parts. I will call these A and M. The A part contains the Frame Header (Frame Control, Sequence Number, Addressing Fields - Destination and Source ) and for 802.15.4 Command Frames the first byte of the payload which is the Command Frame Identifier - I will call this Ap. The M part contains the Data Frame Payload or the Payload of the Command Frame except the first byte.
A | M | |||
Frame Header | Ap | |||
Frame Control | Sequence Number | Addressing Fields | Authenticated only part of payload | Payload |
Applying CCM* (with authentication and encryption) to the frame is done in 2 steps.
The first step is adding the Auxiliary Security Header to the frame between the Addressing Fields and the Frame Payload. The size of the Auxiliary Security Header is determined by the parameters of the MAC Data Request. The frame with ASH is shown below.
A | M | ||||
Frame Header | ASH | Ap | |||
Frame Control | Sequence Number | Addressing Fields | Auxiliary Security Header | Authenticated only part of payload | Payload |
Remember that Ap is only present for Command Frames and is only 1 byte in length.
The A part is the Authenticate Only Data for the CCM* procedure. This part of the message is authenticated and not encrypted.
The second step is the actual applying of CCM* to the frame. A Message Integrity Code (MIC) is computed for the entire frame (including the M part) and it is added to the end of the frame. The MIC is 4, 8 or 16 bytes in length based on the parameters of the the MAC Data Request which generated the frame.
A | M | MIC | ||||
Frame Header | ASH | Ap | ||||
Frame Control | Sequence Number | Addressing Fields | Auxiliary Security Header | Authenticated only part of payload | Payload | Message Integrity Code |
Then the M part of the message and the MIC is encrypted. The authentication and encryption are done using the same 128 bit key. The resulting frame is shown below.
A | encM | encMIC | ||||
Frame Header | ASH | Ap | ||||
Frame Control | Sequence Number | Addressing Fields | Auxiliary Security Header | Authenticated only part of payload | Payload | Message Integrity Code |
The Physical layer CRC is computed over the encrypted frame which is sent over the air.
To decrypt a received 802.15.4 frame the following steps of the CCM* decryption procedure are performed:
- The encM and the encMIC are decrypted using the key and they are replaced by M and MIC in the frame.
- The authentication procedure is performed on the A and M and the result is compared to the decrypted MIC.
- If the calculated MIC matched the decrypted MIC the frame has been decrypted and authenticated successfully. The ASH and MIC are removed and the frame is forwarded to the upper layers.
To encrypt or decrypt a frame the 802.1.4 MAC only needs an AES-128 key. The MAC offers the application the possibility of setting up multiple keys. In order for the MAC to correctly encrypt and decrypt frames and use the proper key for communication with a certain device the application must correctly set up a group of security parameters. These parameters are called PIB (PAN Information Base) Attributes and the MAC exposes a set of API functions through which these attributes can be read or written. The most important Security-related Attributes which must be configured in the MAC are the security tables and subtables:
- Key Table
- Key ID Lookup List
- Key Device List
- Key Usage List
- Key
- Security Level Table
- Device Table
For the proper identification of the key for encrypting or decrypting a frame some other PIB attributes must have appropriate values (Coordinator Short Address, Frame Counter, Short Address, etc).
Setting up these attributes serves multiple purposes:
- Determining the key for encrypting/decrypting an outgoing/incoming frame based on the destination/source device
- Determining if a certain key can be used for encryption/decrypting a frame
- Determining if a frame meets the minimum security requirements
- Determining if a peer device is allowed to send secured frames or secured frames with a certain security level
The configuration of the security related attributes is a complex task but allows great flexibility in the use of the MAC security for various application needs.
For a detailed example of MAC Security Attributes setup on a device running a Freescale 802.15.4 Stack in a very common scenario please see AN4973 - "Freescale 802.15.4 MAC Security Setup - MAC 2006 and MAC 2011 Group Key Security Examples".
