 English |
|
|
|
|
|
|
|
| CC2420 Datasheet, PDF (45/92 Pages) List of Unclassifed Manufacturers – 2.4 GHz IEEE 802.15.4 / ZigBee-ready RF Transceiver | |||
| |||
| ◁ |
CC2420
21 MAC Security Operations (Encryption and Authentication)
CC2420 features hardware IEEE 802.15.4
MAC security operations. This includes
counter mode (CTR) encryption /
decryption, CBC-MAC authentication and
CCM encryption + authentication. All
security operations are based on AES
encryption [2] using 128 bit keys. Security
operations are performed within the
transmit and receive FIFOs on a frame
basis.
As can be seen from Table 6 on page 31,
KEY0 is located from address 0x100 and
KEY1 from address 0x130.
A way of establishing the keys used for
encryption and authentication must be
decided for each particular application.
IEEE 802.15.4 does not define how this is
done, it is left to the higher layer of the
protocol.
CC2420 also includes stand-alone AES
encryption, in which one 128 bit plaintext
is encrypted to a 128 bit ciphertext.
The SAES, STXENC and SRXDEC
command strobes are used to start
security operations in CC2420 as will be
described in the following sections. The
ENC_BUSY status bit (see Table 5) may be
used to monitor when a security operation
has been completed. Security command
strobes issued while the security engine is
busy will be ignored, and the ongoing
operation will be completed.
Table 6 on page 31 shows the CC2420
RAM memory map, including the security
related data located from addresses
0x100 through 0x15F. RAM access (see
the RAM access section on page 29) is
used to write or read the keys, nonces and
stand-alone buffer. All security related
data is stored little-endian, i.e. the least
significant byte is transferred first over the
SPI interface during RAM read or write
operations.
For a complete description of IEEE
802.15.4 MAC security operations, please
refer to [1].
21.1 Keys
All security operations are based on 128
bit keys. The CC2420 RAM space has
storage space for two individual keys
(KEY0 and KEY1). Transmit, receive and
stand-alone encryption may select one of
these two keys individually in the
SEC_TXKEYSEL, SEC_RXKEYSEL and
SEC_SAKEYSEL control bits (SECCTRL0).
ZigBee uses an Elliptic Curve
Cryptography (ECC) based approach to
establish keys. For PC based solutions,
more processor intensive solutions such
as Diffie-Hellman may be chosen. Some
applications may also use pre-
programmed keys, e.g. for remote keyless
entry where the key and lock are delivered
in pairs. A push-button approach for
loading keys may also be selected.
21.2 Nonce / counter
The receive and transmit nonces used for
encryption / decryption are located in RAM
from addresses 0x110 and 0x140
respectively. They are both 16 bytes.
The nonce must be correctly initialized
before receive or transmit CTR or CCM
operations are started. The format of the
nonce is shown in Table 7. The block
counter must be set to 1 for compliance
with [1]. The key sequence counter is
controlled by a layer above the MAC layer.
The frame counter must be increased for
each new frame by the MAC layer. The
source address is the 64 bit IEEE address.
1 byte 8 bytes 4 bytes 1 byte
2 bytes
Flags
Source
Address
Frame
Counter
Key
Sequence
Counter
Block
Counter
Table 7. IEEE 802.15.4 Nonce [1]
The block counter bytes are not updated
in RAM, only in a local copy that is
reloaded for each new in-line security
operation. I.e. the block counter part of the
nonce does not need to be rewritten. The
CC2420 block counter should be set to
0x0001 for compliance with [1].
CC2420 gives the user full flexibility in
selecting the flags for both nonces. The
SWRS041B
Page 45 of 89
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese