Z-Wave Security Fundamentals
Advertisement
This page covers the fundamentals of Z-Wave security as implemented in Z-Wave networks. The following features are key to Z-Wave’s security implementation:
- Message Freshness: Uses a 64-bit Nonce (number used once).
- 128-bit Random Network Key: Represented as . This is crucial for securing communication within the network.
- Encryption: Employs the Advanced Encryption Standard (AES) in Output Feedback (OFB) mode (AES-OFB).
- Data Authentication: Utilizes AES in Cipher Block Chaining Message Authentication Code (CBC-MAC) mode (AES-CBCMAC).
- 128-bit Cipher and MAC Keys: These are derived from the network key, .
- Custom Key Establishment Protocol: Described in more detail below.
Z-Wave data origin authentication relies on the Cipher Block Chaining Message Authentication Code (CBC-MAC) technique. This method calculates a Message Authentication Code (MAC) from a block cipher algorithm, such as AES.
The figure above illustrates the key exchange protocol used in Z-Wave security.