Zigbee Certificate-Based Key Establishment (CBKE)

1. Introduction

The Zigbee Smart Energy (SE) profile is a framework specifically designed for energy management applications. Devices following the SE profile can interoperate in energy management systems, providing utilities and consumers with tools to monitor and optimize energy usage. Because of the type of data and control within the SE network, application security is a key requirement. The application will use link keys which are optional in the ZigBee and ZigBee Pro stack profiles but are required within a SE network.

2. Installation Code

During the manufacturing process, a random Installation Code is created for each of the SE devices. The associated Pre-configured Link Key is derived using the hashing function Matyas-Meyer Oseas (MMO) and programmed in the device.
More information about the Installation Code can be found in the Zigbee Install Code.
Link keys of the devices that need to join the network should be added to the Trust Center using the following API:

 /* On Trust Center, add a TC Link Key derived from the given install code */
 ZbSecAddDeviceLinkKeyByInstallCode( stZigbeeAppInfo.pstZigbee, dlPartnerExtendedAdress, (uint8_t *)szLinkKeyInstallCode , ZB_SEC_KEYSIZE + 2 );

3. Zigbee Key Establishment (ZKE) cluster

ZKE cluster is a cluster for managing secure communication in ZigBee. It’s used to establish a shared secret key between two devices, which can then be used to encrypt and decrypt messages exchanged between them.
The ZKE cluster uses a combination of asymmetric and symmetric key cryptography to establish and distribute keys.

General Exchange for PKKE
Connectivity:Connectivity PKKE.png

4. Certificate-Based Key Establishment (CBKE)