Security and data encryption

Security and Data encryption Overview

The encryption algorithm used in XBee 868LP is AES (Advanced Encryption Standard) with a 128-bit key length (16 Bytes). The AES algorithm is not only used to encrypt the information but to validate the data which is sent. This concept is called Data Integrity and it is achieved using a Message Integrity Code (MIC) also named as Message Authentication Code which is appended to the message. This code ensures integrity of the MAC header and payload data attached.

Security in API libraries

As explained previously, XBee 868LP provides secure communications inside a network using 128-bit AES encryption. The API functions enable using security and data encryption.

Encryption Enable

The setEncryptionMode() function permits to configure the encryption mode (enabled = 1; disabled = 0).
Example of use:
xbee868LP.setEncryptionMode(0); // Disable encryption mode
xbee868LP.setEncryptionMode(1); // Enable encryption mode
xbee868LP.getEncryptionMode(); // Get encryption mode
Related Variables
encryptMode → stores if security is enabled or not
• XBee configuration example:

Encryption Key

128-bit AES encryption key used to encrypt/decrypt data.
The entire payload of the packet is encrypted using the key and the CRC is computed across the ciphertext. When encryption is enabled, each packet carries an additional 16 Bytes to convey the random CBC Initialization Vector (IV) to the receivers.
A module with the wrong key (or no key) will receive encrypted data, but the data driven out the serial port will be meaningless.
A module with a key and encryption enabled will receive data sent from a module without a key and the correct unencrypted data output will be sent out the serial port.
Example of use
char key[] = ”WaspmoteLinkKey!;
Related Variables
linkKey → stores the key that has been set in the network
• XBee configuration example:

Security in a network

When creating or joining a network, using security is highly recommended to prevent the network from attacks or intruder nodes.
It is necessary to enable security and set the same encryption key in all nodes in order to set security in a network. If not, it won’t be possible to communicate between different XBee modules.