Design and implementation analysis of a public key infrastructure‐enabled security framework for ZigBee sensor networks

ZigBee is a wireless network technology suitable for applications requiring lower bandwidth, low energy consumption and small packet size. Security has been one of the challenges in ZigBee networks. Public Key Infrastructure (PKI) provides a binding of entities with public keys through a Certifying Authority (CA). Public key cryptography using public–private key pairs can be used for ensuring secure transmission in a network. But large size of public and private keys and memory limitations in ZigBee devices pose a problem for using PKI to secure communication in ZigBee networks. In this paper, we propose a PKI enabled secure communication schema for ZigBee networks. Limited memory and power constraints of end devices restrict them from storing public keys of all other devices in the network. Large keys cannot be communicated due to limited power of the nodes and small transmission packet size. The proposed schema addresses these limitations. We propose two algorithms for sending and receiving the messages. The protocols for intercommunication between the network entities are also presented. Minor changes have been introduced in the capabilities of devices used in the ZigBee networks to suit our proposed scheme. Network adaptations depending on different scenarios are discussed. The approach adopted in this paper is to alter the communication flow so as to necessitate minimum memory and computational requirements at the resource starved end points. In the proposed PKI implementation, end devices store the public keys of only the coordinator which in turn holds public keys of all devices in the network. All communication in our scheme is through the coordinator, which in the event of failure is re‐elected through an election mechanism. The performance of the proposed scheme was evaluated using a protocol analyzer in home automation and messenger applications. Results indicate that depending on the type of application, only a marginal increase in latency of 2 to 5 ms is introduced for the added security. Layer wise traffic and packets captured between devices were analyzed. Channel utilization, message length distribution and message types were also evaluated. The proposed protocol's performance was found to be satisfactory on the two tested applications. Copyright © 2014 John Wiley & Sons, Ltd.