Freescale 802.15.4 MAC Security Setup



Similar documents
USB to SPI Device Driver Installation Instructions

MPR121 Serial Communication

QorIQ espi Controller Register Setting Considerations and Programming Examples

Hardware Configurations for the i.mx Family USB Modules

How To Build A Project On An Eclipse Powerbook For Anarc (Powerbook) On An Ipa (Powerpoint) On A Microcontroller (Powerboard) On Microcontrollers (Powerstation) On Your Microcontroller 2 (Powerclock

Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C- Ware, the Energy Efficient Solutions logo, Kinetis,

Installing Service Pack Updater Archive for CodeWarrior Tools (Windows and Linux) Quick Start

Installation of the MMA955xL CodeWarrior Service Pack Author: Fengyi Li Application Engineer

UART Boot Loader Design on the Kinetis E Series

Production Flash Programming Best Practices for Kinetis K- and L-series MCUs

How to Run the MQX RTOS on Various RAM Memories for i.mx 6SoloX

Installing Service Pack Updater Archive for CodeWarrior Tools (Windows and Linux) Quick Start

76-77 GHz RF Transmitter Front-end for W-band Radar Applications

Initializing the TSEC Controller

How To Use A Watt Saver On A Microcontroller (Watt Saver) On A Cell Phone Or Mp3 Player

Building and Debugging a project using Keil MDK-ARM Eclipse plug-in

Connecting Kinetis MCU with CMOS Sensor Interface through GPIO QQVGA image transfer to Kinetis internal SRAM

etpu Host Interface by:

Qorivva MPC5643L Dual Processor Mode Mark Ruthenbeck Applications Engineering Microcontroller Solutions Group

CodeWarrior Development Studio Floating Licensing Quick Start

Adding SDIO Wi-Fi Solution to i.mx Windows CE 5.0/Windows CE 6.0

Safety Lifecycle illustrated with exemplified EPS

Configuring CoreNet Platform Cache (CPC) as SRAM For Use by Linux Applications

TWR-KV31F120M Sample Code Guide for IAR Board configuration, software, and development tools Rev.0

CodeWarrior Development Studio for Freescale S12(X) Microcontrollers Quick Start

PowerQUICC II Pro (MPC83xx) PCI Agent Initialization

AN11008 Flash based non-volatile storage

Software and Support Activation. Quick Start Guide

Flexible Active Shutter Control Interface using the MC1323x

Freescale Embedded GUI Converter Utility 2.0 Quick User Guide

What is VLAN Routing?

Windows 7: Using USB TAP on a Classic CodeWarrior Installation (MGT V9.2 DSC V8.3)

Generate Makefiles from Command Line Support in Eclipse-Based CodeWarrior Software

MLPPP in the Evolving Radio Access Network

Data Movement Between Big-Endian and Little-Endian Devices

ZigBee Security. Introduction. Objectives

AN AES encryption and decryption software on LPC microcontrollers. Document information

FRDM-KL25Z User's Manual Rev. 1.0

Using WinUSB in a Visual Studio Project with Freescale USB device controller

Floating License Installation Guide for Windows

Software Real Time Clock Implementation on MC9S08LG32

Field Software Updates Using TPMS LF An example using the Low Frequency radio (LFR) for wireless software updating

Audio player on KwikStik

Freescale, the Freescale logo and CodeWarrior are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. Xtrinsic is a trademark of

Quick Start Guide. USB Packet Sniffer/Dongle for Kinetis MKW22D and MKW24D Wireless MCUs USB-KW24D512

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Local Interconnect Network (LIN) Physical Interface

Freescale Variable Key Security Protocol Transmitter User s Guide by: Ioseph Martínez and Christian Michel Applications Engineering - RTAC Americas

AN10860_1. Contact information. NXP Semiconductors. LPC313x NAND flash data and bad block management

IRTC Compensation and 1 Hz Clock Generation

Freescale MQX USB Device User Guide

Getting Started Guide

UG103.5 EMBER APPLICATION DEVELOPMENT FUNDAMENTALS: SECURITY

MF1 IC S General description. Functional specification. 1.1 Contactless Energy and Data Transfer. 1.2 Anticollision. Energy

Understanding LCD Memory and Bus Bandwidth Requirements ColdFire, LCD, and Crossbar Switch

AN1305. MIFARE Classic as NFC Type MIFARE Classic Tag. Application note COMPANY PUBLIC. Rev October Document information

Programming Audio Applications in the i.mx21 MC9328MX21

Cisco Collaboration with Microsoft Interoperability

How To Improve Performance On A P4080 Processor

Getting Started with Apple Pay on the Authorize.Net Platform

Accessing BlackBerry Data Services Using Wi-Fi Networks

Quick Start Guide Software and Support Activation

SafeNet Cisco AnyConnect Client. Configuration Guide

Internet Protocol Support Profile

Designing an Induction Cooker Using the S08PT Family

MED-AFEs Design Reference Manual

MQX Lite Real-Time Operating System User Guide

PT Mbps Powerline Adapter. User Guide

Digital Multiplexer and Demultiplexer. Features. General Description. Input/Output Connections. When to Use a Multiplexer. Multiplexer 1.

Developing an Application for the i.mx Devices on the Linux Platform

DDR Validation Tool User Guide

Quick Start Guide. MRB-KW01 Development Platform Radio Utility Application Demo MODULAR REFERENCE BOARD

Using CryptoMemory in Full I 2 C Compliant Mode. Using CryptoMemory in Full I 2 C Compliant Mode AT88SC0104CA AT88SC0204CA AT88SC0404CA AT88SC0808CA

UG103.9 EMBER APPLICATION DEVELOPMENT FUNDAMENTALS: ZLL

CCA DSS SP 2 Release Notes. For Microsoft Dynamics GP v10.0, v2010 and v2013

Nokia E90 Communicator Using WLAN

PQ-MDS-T1 Module. HW Getting Started Guide. Contents. About This Document. Required Reading. Definitions, Acronyms, and Abbreviations

SPECIFICATIONS SUBJECT TO CHANGE WITHOUT NOTICE

MCF54418 NAND Flash Controller

APPLICATION NOTE. AVR2130: Lightweight Mesh Developer Guide. Atmel MCU Wireless. Features. Description

Simple Method of Changing the Frequency Range of a Power Amplifier Circuit

Connecting to an SMTP Server Using the Freescale NanoSSL Client

UG103.8 APPLICATION DEVELOPMENT FUNDAMENTALS: TOOLS

A Dell Technical White Paper Dell Storage Engineering

APPLICATION NOTE. AT07175: SAM-BA Bootloader for SAM D21. Atmel SAM D21. Introduction. Features

Enhanced Serial Interface Mapping

USER GUIDE EDBG. Description

IEEE /ZigBee USB Dongle

PSoC Creator Component Data Sheet. Calculation accuracy 0.01 C for -200 C to 850 C temperature range

AN1754 APPLICATION NOTE

z/os V1R11 Communications Server System management and monitoring Network management interface enhancements

Freescale Development Kits IEEE Wireless design made simple. freescale.com/802154

An Overview of ZigBee Networks

Atmel AVR4920: ASF - USB Device Stack - Compliance and Performance Figures. Atmel Microcontrollers. Application Note. Features.

Using eflexpwm Module for ADC Synchronization in MC56F82xx and MC56F84xx Family of Digital Signal Controllers

BlackBerry Web Desktop Manager. User Guide

Blood Pressure Monitor Using Flexis QE128 Gabriel Sanchez RTAC Americas

Transcription:

Freescale Semiconductor Application Note Document Number: AN4973 Rev. 0, 7/2014 Freescale 802.15.4 MAC Security Setup MAC 2006 and MAC 2011 Group Key Security Examples By: Alexandru Balmus, Embedded Connectivity Software Engineer, Bucharest, Romania The 802.15.4 MAC is a standard for Low Rate Wireless Personal Area Networks used for applications in various fields: building automation, utility metering, medical devices, etc. The 802.15.4 MAC is used as a lower layer by multiple network layer standards each targeted at specific applications (ZigBee, RF4CE, ZigBee IP, 6LoWPAN). Contents 1 Introduction................................... 1 2 802.15.4 MAC Security.......................... 2 2.1 Addressing Modes and Security............... 4 2.2 MAC MCPS-DATA.request and Security Parameters............................... 4 3 Freescale MAC Security Tables................... 5 3.1 Security Tables Configuration................. 6 4 Use scenario.................................. 7 4.1 MAC 2006 PIB Configuration................. 8 4.2 MAC 2011 PIB Configuration................ 11 5 Application Summary........................... 14 5.1 Coordinator Application..................... 14 5.2 End Application...................... 15 The purpose of this application note is to thoroughly explain how to configure MAC Security for a very common use case. 1 Introduction One of the most common scenarios of security use in 802.15.4 wireless networks is the following: An application level master device must securely communicate with multiple peripheral devices. A Freescale Semiconductor, Inc., 2014. All rights reserved.

802.15.4 MAC Security peripheral device communicates only with the central and not with other peripheral devices. Only one key is used by all the devices. This use case maps well over the 802.15.4 MAC network topology, which is a star type topology. The network is composed of a Coordinator and multiple End s. The following diagram summarizes the use case. End End End End Coordinator End End End End Figure 1. Secured Network Central communicates with multiple peripherals 2 802.15.4 MAC Security The 802.15.4 MAC offers the option to encrypt and/or authenticate frames. The MAC security mechanisms also provide replay protection. Both MAC Data Frames (MCPS) and MAC Command Frames (MLME) can be secured. MAC security operations (encryption and authentication) are based on the AES (Advanced Encryption Standard) block cypher specifically AES-128, which works with a block and key size of 128 bits. The cypher is not used directly but through a variation of the Counter with CBC-MAC mode (CCM) called CCM*. CCM always operates in the same manner: it encrypts and adds a signature (MIC MAC Integrity Check) to the input data. In contrast to CCM, the CCM* mode offers the option to encrypt only or only add the signature to the input data without encryption. The mode of operation of CCM* is selected by using the SecurityLevel parameter, which is given as input to all MCPS-DATA.requests to the MAC. The summary of the MAC security levels and their effects on the frames are shown in the following table. 2 Freescale Semiconductor

802.15.4 MAC Security Table 1. MAC security levels and their effects on the frames Security Level Name Encryption MIC Length 0x00 N/A No 0 0x01 MIC-32 No 4 0x02 MIC-64 No 8 0x03 MIC-128 No 16 0x04 ENC Yes 0 0x05 ENC-MIC-32 Yes 4 0x06 ENC-MIC-64 Yes 8 0x07 ENC-MIC-128 Yes 16 Securing frames increases power consumption and increases the time needed to send frames, thus decreasing throughput. Throughput is also decreased while using MAC security because the length of the frame useful payload is decreased due to the inclusion of the MIC (as seen above) and the Auxiliary Security Header (ASH). The length of the ASH depends on the KeyIdMode (Key Identifier Mode) parameter. The following table shows the content and length of the ASH based on KeyIdMode. Table 2. Content and length of the ASH based on KeyIdMode Key Id Mode ASH Fixed Part ASH Key Identifier Field ASH Total Length 0x00 Security Control [1] + Frame Counter [4] = 5 0x01 Security Control [1] + Frame Counter [4] = 5 5 + 0 = 5 Key Index [1] = 1 5 + 1 = 6 0x02 Security Control [1] + Frame Counter [4] = 5 0x03 Security Control [1] + Frame Counter [4] = 5 Key Index [1] + Key Source [4] = 5 Key Index [1] + Key Source [8] = 9 5 + 5 = 10 5 + 9 = 14 To use security with the 802.15.4 MAC, some PIB (PAN Information Base) attributes must be properly configured. Depending on the security mode used, these include general MAC PIB attributes and MAC security PIB attributes. The most important attributes are the security-related PIB attributes, which contain the Security Tables (Key Table (Key Id Lookup List, Key List, Key usage List), and Security Level Table, Table). The main purposes of the MAC Security Tables are: Determining the key for securing an outgoing frame Determining the key for unsecuring an incoming frame Determining whether a type of frame can be secured/unsecured with a certain key Determining whether a frame meets the minimum security requirements Determining whether a peer device is allowed to send secured frames The Security Tables offer great flexibility in using the MAC but configuring them is a rather complex task. Their configuration for the described use scenario is detailed in the following sections. Freescale Semiconductor 3

802.15.4 MAC Security 2.1 Addressing Modes and Security All 802.15.4 devices have an unique 64 bit (8 byte) address called Extended Address. s can communicate using the Extended Address or a 16-bit (2-byte) address called Short Address. The Extended Address is usually hardcoded constant aextendedaddress for the 2006 version of the MAC and macextendedaddress read-only PIB attribute for the 2011 version of the MAC. The Freescale implementation offers the option to override this address using a PIB Attribute for both MAC 2006 and MAC 2011. The Short Addresses on the other hand are allocated by the Coordinator to End s during the MAC Association Procedure. The values of the short addresses are allocated and managed by the Application layer of the Coordinator. The Extended Addresses and Short Addresses of devices are used in the MAC security tables and it is the Application's job to configure and reconfigure (if needed) the correct addresses and addressing modes in the security tables. To properly use addressing modes and MAC security, an application must do the following: Configure correct addresses and addressing modes in the security tables extended or short Use addresses and addressing modes in the MAC Data requests that match the addresses and addressing modes set up in the security tables Change the address and/or addressing mode in the security tables if a device's short address is allocated/deallocated/reallocated or changed 2.2 MAC MCPS-DATA.request and Security Parameters The security parameters in MAC Data Requests must match the parameters written in the MAC security tables for the operations of securing and unsecuring frames to be successful. The following table summarizes the parameters of the MCPS-DATA.request that are relevant for security operations. Table 3. Parameters of the MCPS-DATA.request relevant for security operations MCPS-DATA.request Parameter SrcAddrMode SrcPANId SrcAddr DstAddrMode DstPANId DstAddr Description Source addressing mode extended addressing or short addressing Source PAN Identifier. Freescale proprietary parameter can override the PAN Id set in the MAC PIB attributes Source address extended or short, as specified by SrcAddrMode. Freescale proprietary parameter can override the addresses set in the MAC PIB attributes Destination addressing mode - extended addressing or short addressing Destination PAN Identifier. Destination address extended or short, as specified by DstAddrMode. 4 Freescale Semiconductor

Freescale MAC Security Tables Table 3. Parameters of the MCPS-DATA.request relevant for security operations (continued) MCPS-DATA.request Parameter SecurityLevel KeyIdMode KeySource KeyIndex Description Security level. Specifies how the frame is secured using AES-CCM* Key Identifier Mode. One byte attribute determining the format of the Auxiliary Security Header and how the proper key for securing/unsecuring frames is searched for in the security tables Key Source. 4- or 8-byte attribute determining the originator of a group key. Will contain a PANId concatenated with a ShortAddress if it is 4 bytes in length and an ExtendedAddress if it is 8 bytes in length. If the KeyIdMode parameter equals 0 or 1 this parameter is not used. Key Index. One byte attribute used to differentiate between multiple keys sharing KeySource information. Can have any value. 3 Freescale MAC Security Tables The 802.15.4 MAC standard allows additional implementation specific constraints on read-write operations of the security-related PIB attributes. To save memory the sizes of the Freescale 802.15.4 MAC security tables are set at compile time and cannot be changed dynamically at runtime. Thus, the PIB attributes for the actual security tables and the PIB attributes for the security tables sizes are read only. Example: you cannot write the gmpibkeytable_c = 0x71 and the gmpibkeytableentries_c = 0x72 MAC PIB attributes for neither the bare metal nor the RTOS based Freescale 802.15.4 MAC stacks. To write the contents of the security tables the Freescale 802.15.4 MAC implementation offers two types of implementation specific attributes: table entry index attributes for tables and subtables (e.g. gmpibkeytablecrtentry_c = 0x96, gmpibkeyusagelistcrtentry_c = 0x9A, gmpibtablecrtentry_c = 0x97, etc.) and attributes for writing elements of tables and subtables (e.g. gmpibkey_c = 0x85 - the Key element of a KeyDescriptor from the KeyTable, gmpibkeyidlookupdata_c = 0x94 - the KeyIdLookupData element of the KeyIdLookupDescriptor from the KeyIdLookupList). To write an element of a security table or subtable the index attributes for that table and subtable must be set up properly. For example to write the FrameType element of a KeyUsageDescriptor from the KeyUsageList included into a KeyDescriptor from the KeyTable three MLME Set PIB Attribute operations must be done: Write the gmpibkeytablecrtentry_c = 0x96 attribute with the index of the KeyDescriptor in the KeyTable Write the gmpibkeyusagelistcrtentry_c = 0x9A attribute with the index of the KeyUsageDescriptor in the KeyUsageList Write the gmpibkeyusageframetype_c = 0x86 attribute with the value desired for the FrameType element The actual written element after the above Set PIB operations will be: KeyTable[gMPibKeyTableCrtEntry_c].KeyUsageList[gMPibKeyUsageListCrtEntry_c].FrameType Freescale Semiconductor 5

Freescale MAC Security Tables This implementation choice was made to minimize the MLME Set PIB operations memory usage when the security tables are very large. Multiple keys require multiple KeyDescriptors in the KeyTable, multiple devices which use a key require multiple KeyDescriptors in the KeyList of a particular KeyDescriptor. NOTE The names of the table index and table elements PIB attributes preprocessor definitions may be slightly different for various versions of the MAC but the PIB numbers will be the same. 3.1 Security Tables Configuration The following table contains the locations and the names of the files where the C Preprocessor definitions for the MAC security tables' sizes can be found and configured. Table 4. Locations and names of files where C Preprocessor definitions for MAC security tables' sizes MAC Ver. Bare metal MAC MQXLite RTOS based MAC File AppToMacPhyConfig.h MacGlobals.h Location (may vary) Note <ProjectFolder>\Application\Configure\ Default location in BeeKit generated projects <StackRootFolder>\ieee_802_15_4\Source\App\ The actual sizes of the MAC security tables must be assigned to the macro definitions in the tables below, for the bare metal and RTOS based MAC versions. The default values for all tables' sizes is 2. Table 5. Macro definitions File Bare metal MAC AppToMacPhyConfig.h Code #define gnumkeytableentries_c 2 #define gnumkeyidlookupentries_c 2 #define gnumkeylistentries_c 2 #define gnumkeyusagelistentries_c 2 #define gnumtableentries_c 2 #define gnumsecurityleveltableentries_c 2 6 Freescale Semiconductor

Use scenario File MacGlobals.h NOTE The table sizes for the KeyIdLookupList, KeyList and KeyUsageList, which are subtables of the KeyTable, apply for each element (KeyDescriptor) of the KeyTable 4 Use scenario Table 5. Macro definitions (continued) MQXLite RTOS based MAC Code #define gnumkeytableentries_c 2 #define gnumkeyidlookuplistentries_c 2 #ifndef gmac2011_d #define gnumkeylistentries_c 2 #else /* gmac2011_d */ #define gnumdescriptorhandlelistentries_c 2 #endif /* gmac2011_d */ #define gnumkeyusagelistentries_c 2 #define gnumtableentries_c 2 #define gnumsecurityleveltableentries_c 2 As described in the Introduction of this document, the use case involves a central device communicating with multiple peripheral devices using a single key. Use case summary: n + 1 devices 1 central, n peripherals Peripheral device: 1 entry in the KeyList of the KeyDescriptor and 1 entry in the Table for the central device Central device: n entries in the KeyList of the KeyDescriptor and n entries in the Table for each peripheral device 1 key 1 entry in the KeyTable of each device - a single KeyDescriptor KeyIdMode = 1 1 entry in the KeyIdLookupList - a single KeyIdLookupDescriptor This KeyIdMode must be used in every MCPS Data Request The KeyIdIndex must be set up correctly in the LookupData element of the KeyIdLookupDescriptor For this KeyIdMode the AuxiliarySecurityHeader sent over the air will have the following format: ASH = SecurityControl[1] + FrameCounter[4] + KeyIdentifier[1]( KeyIndex[1]) = 6 octets SecurityLevel = 6 Freescale Semiconductor 7

Use scenario The data is encrypted and a MIC64 is added to the frame This SecurityLevel must be used in every MCPS Data Request Only data frames are secured 1 entry in the SecurityLevelTable for data frames a single SecurityLevelDescriptor 1 entry in the KeyUsageList of the KeyDescriptor a single KeyUsageDescriptor NOTE For this security use scenario where KeyIDMode = 1 the KeySource parameter from the MCPS Data Request is not used and can have any value. For this security use scenario the SecurityLevel, KeyIdMode and KeyIndex parameters must be properly set in each MCPS Data Request 4.1 MAC 2006 PIB Configuration The following table shows how to set up the key table sizes for the described scenario for the central (C) and peripheral (P) devices for the 2006 version of the 802.15.4 MAC. These settings are valid for both the bare metal and RTOS based MAC versions. Table 6. MAC 2006 How to set up the key table sizes Security Table Size Macro Definition C P Notes gnumkeytableentries_c 1 1 Equal to the number of keys used by a device. In this scenario only one key is used by all devices. gnumkeyidlookuplistentries_c 1 1 One entry for each KeyIdMode used for a specific key. gnumkeylistentries_c n 1 One entry for every device from which secured frames must be received. gnumkeyusagelistentries_c 1 1 One entry for every secured frame type. In this scenario only data frames are secured gnumtableentries_c n 1 One entry for every device from which secured frames must be received. gnumsecurityleveltableentries_c 1 1 One entry for every secured frame type. In this scenario only data frames are secured The table below shows how to set up all the necessary the MAC PIB attributes and in what order for the given scenario and some additional information. Table 7. MAC 2006 How to set up all the necessary the MAC PIB attributes (Sheet 1 of 4) General MAC PIB Attributes PIB attributes that are not necessarily security related gmpibsecurityenabled_c 0x01 Global MAC Security Enable switch gmacpibextendedaddress_c 0xFFEEDDCCBBAA9988 long address gmpibshortaddress_c 0xCAFE short address gmpibpanid_c 0x1AAA PAN Id used in the network 8 Freescale Semiconductor

Table 7. MAC 2006 How to set up all the necessary the MAC PIB attributes (Sheet 2 of 4) Use scenario Security MAC PIB Attributes PIB attributes which are not necessarily security related gmpibdefaultkeysource_c 0x0011223344556677 Common default key source for all devices gmpibframecounter_c 0x00000000 Or any value needed/recovered from NVM. Number depends on the number of secured frames sent by a device. Security MAC PIB Attributes Key Table One entry (KeyDescriptor) for each key used by a device gmpibikeytablecrtentry_c 0 Index 0 - Index of the KeyDescriptor in the KeyTable gmpibkey_c 0x8899AABBCCDDEEFF The key used by all devices Security MAC PIB Attributes Key Table Key ID Lookup List One entry (KeyIdLookupDescriptor) for every KeyIdMode used for a specific key gmpibikeyidlookuplistcrtentry_c 0 Index 0 - Index of the KeyIdLookupDescriptor in the KeyIdLookupList gmpibkeyidlookupdata_c macpibdefaultkeysour ce [8] keyindex [1] For KeyIdMode = 1 used in the data request The LookupData element has a different format for each KeyIdMode. Different PIB attributes may need to be set up for each KeyIdMode. gmpibkeyidlookupdatasize_c 1 For KeyIdMode = 1 - used in the data request - size is 9 octets The LookupDataSize element has a different value for each KeyIdMode Security MAC PIB Attributes Security Level Table One entry (SecurityLevelDescriptor) for every secured frame type gmpibisecurityleveltablecrtentry_c 0 Index 0 - Index of the SecurityLevelDescriptor in the SecurityLevelTable gmpibseclevframetype_c 0x01 data frame gmpibseclevcommnadframeidentifier_c 0x00 Irrelevant for this frame type gmpibseclevsecurityminimum_c 0x06 Or whatever security level is used in the MCPS Data Request gmpibseclevoverridesecurityminim um_c TRUE Or FALSE Depending on what application needs Repeat the Above 5 Set PIBS to Add More Frame Types With a Different Index Each Freescale Semiconductor 9

Use scenario Table 7. MAC 2006 How to set up all the necessary the MAC PIB attributes (Sheet 3 of 4) Security MAC PIB Attributes Key Table Key List One entry (KeyDescriptor) for each device from which the current device must receive secured frames. If multiple entries are present in the KeyList, the Unique element must be set to FALSE for all entries gmpibikeylistcrtentry_c i Index i Index of the KeyDescriptor in the KeyList gmpibkeydescriptorhandle_c i Index in the Table for the current KeyList entry. The DescriptorHandle element must point to the appropriate index in the Table. gmpibunique_c FALSE Multiple devices defined in the List use this key gmpibblacklisted_c FALSE Automatically set to TRUE by the MAC when the FrameCounter reaches 0xFFFFFFFF Repeat the Above 4 Set PIBS to Add More Key List Entries for Each that Uses the Current Key. Each Entry Should Have a Different Descriptor Handle Security MAC PIB Attributes Key Table - Key Usage List One entry for every secured frame type gmpibikeyusagelistcrtentry_c 0 Index 0 - Index of the KeyUsageDescriptor in the KeyUsageList gmpibkeyusageframetype_c 0x01 Data frame type gmpibkeyusagecommnadframeidentifier_c 0x00 Irrelevant for this frame type Repeat the Above 3 Set PIBS to Add More Frame Types with a Different Index Each Security MAC PIB Attributes Table One entry for each device from which the current device must to receive secured frames gmpibitablecrtentry_c i Index i gmpibdescriptorpanid_c 0x1AAA PAN Id used in the network gmpibdescriptorshortaddress_c 0x0000 Short address of the device from which the frame is received (if short addressing is used in the data requests) 10 Freescale Semiconductor

Table 7. MAC 2006 How to set up all the necessary the MAC PIB attributes (Sheet 4 of 4) Use scenario gmpibdescriptorextaddress_c 0x1122334455667788 Extended address of the device from which the frame is received (if extended addressing is used in the data requests) gmpibdescriptorframecounter_c 0x00000000 Expected FrameCounter of this device. Automatically updated by the Mac as it receives secured frames from a device. gmpibdescriptorexempt TRUE May be FALSE depending on application needs Repeat the Above 6 Set PIBS to Add More s with a Different Index and Different Extended Address, Short Address and Frame Counter 4.2 MAC 2011 PIB Configuration The following table shows how to set up the key table sizes for the described scenario for the central (C) and peripheral (P) devices for the 2011 version of the 802.15.4 MAC. There is only a RTOS based MAC 2011 version. Table 8. MAC 2011 How to set up the key table sizes Security Table Size Macro Definition C P Notes gnumkeytableentries_c 1 1 Equal to the number of keys used by a device. In this scenario only one key is used by all devices. gnumkeyidlookuplistentries_c 1 1 One entry for each KeyIdMode used for a specific key. gnumdescriptorhandlelistentries_c n 1 One entry for every device from which secured frames must be received. gnumkeyusagelistentries_c 1 1 One entry for every secured frame type. In this scenario only data frames are secured gnumtableentries_c n 1 One entry for every device from which secured frames must be received. gnumsecurityleveltableentries_c 1 1 One entry for every secured frame type. In this scenario only data frames are secured The MAC PIB attributes which contain the sizes of the security tables and subtables (gmpibkeytableentries_c = 0x72, gmpibtableentries_c = 0x74, MPibSecurityLevelTableEntries_c = 0x76, gmpibkeyidlookuplistentries_c = 0x80, gmpibkeyusagelistentries_c = 0x84, gmpibdescriptorhandlelistentries_c = 0x92) were removed from the 2011 version of the 802.15.4 MAC standard. For backwards compatibility and for the memory saving related reasons mentioned in the previous paragraphs these attributes were kept in the Frescale implementation. As mentioned before additional constraints are allowed by the standard for security-related PIB attributes. Freescale Semiconductor 11

Use scenario For each security table and subtable, the Freescale MAC 2011implementation offers indexing PIB attributes which must be properly set before writing an element of a table or subtable. How to use these index PIB attributes was described in the previous sections. The table below shows how to set up all the necessary the MAC PIB attributes and in what order for the given scenario and some additional information. Table 9. MAC 2011 How to set up all the necessary the MAC PIB attributes (Sheet 1 of 3) General MAC PIB Attributes PIB attributes that are not necessarily security related gmpibsecurityenabled_c 0x01 Global MAC Security Enable switch gmacpibextendedaddress_c 0xFFEEDDCCBBAA9988 long address gmpibshortaddress_c 0xCAFE short address gmpibpanid_c 0x1AAA PAN Id used in the network Security MAC PIB Attributes PIB attributes that are not necessarily security related gmpibdefaultkeysource_c 0x0011223344556677 Common default key source for all devices gmpibframecounter_c 0x00000000 Or any value needed/recovered from Non Volatile Memory. Number depends on the number of secured frames sent by a device. Security MAC PIB Attributes Key Table One entry (KeyDescriptor) for each key used by a device gmpibikeytablecrtentry_c 0 Index 0 - Index of the KeyDescriptor in the KeyTable gmpibkey_c 0x8899AABBCCDDEEFF The key used by all devices Security MAC PIB Attributes Key Table Key ID Lookup List One entry (KeyIdLookupDescriptor) for every KeyIdMode used for a specific key gmpibikeyidlookuplistcrtentry_c 0 Index 0 - Index of the KeyIdLookupDescriptor in the KeyIdLookupList gmpibkeyidlookupkeyidmode_c 1 The KeyIdMode used in the MCPS Data Request gmpibkeyidlookupkeyindex_c ki The KeyIndex used in the MCPS Data Request gmpibkeyidlookupkeysource_c 0x0011223344556677 For KeyIdMode = 1 this value must be equal to the gmpibdefaultkeysource_c PIB attribute The Rest of the Elements of the Key ID Lookup Descriptor Are Not Used for Key ID Mode 1 12 Freescale Semiconductor

Table 9. MAC 2011 How to set up all the necessary the MAC PIB attributes (Sheet 2 of 3) Use scenario Security MAC PIB Attributes Security Level Table One entry (SecurityLevelDescriptor) for every secured frame type gmpibisecurityleveltablecrtentry_c 0 Index 0 - Index of the SecurityLevelDescriptor in the SecurityLevelTable gmpibseclevframetype_c 0x01 data frame gmpibseclevcommnadframeidentifier_c 0x00 Irrelevant for this frame type gmpibseclevsecurityminimum_c 0x06 Or whatever security level is used in the MCPS Data Request gmpibseclevoverridesecurityminimum_c TRUE Or FALSE Depending on what application needs gmpibseclevallowedsecuritylevels_c 0xFF,, 0xFF List of maximum 8 security levels allowed for this frame type. Set all to 0xFF for this use case (all values 0xFF = empty list). Repeat the Above 6 Set PIBS to Add More Frame Types with a Different Index Each Security MAC PIB Attributes Key Table Descriptor Handle List One entry (DescriptorHandle) for each device from which the current device must receive secured frames. gmpibidescriptorhandlelistcrtentry_c i Index i Index of the DescriptorHandle in the DesciptorHandleList gmpibdescriptorhandle_c i Index in the Table for the current DesciptorHandleList entry. Repeat the Above 2 Set PIBS to Add More Descriptor Handle List Entries for Each that Uses the Current Key. SECURITY MAC PIB ATTRIBUTES KEY TABLE - KEY USAGE LIST One entry for every secured frame type gmpibikeyusagelistcrtentry_c 0 Index 0 - Index of the KeyUsageDescriptor in the KeyUsageList gmpibkeyusageframetype_c 0x01 Data frame type gmpibkeyusagecommnadframeidentifier_c 0x00 Irrelevant for this frame type Repeat the Above 3 Set PIBS to Add More Frame Types with a Different Index Each Security MAC PIB Attributes Table One entry for each device from which the current device must to receive secured frames gmpibitablecrtentry_c i Index i Freescale Semiconductor 13

Application Summary Table 9. MAC 2011 How to set up all the necessary the MAC PIB attributes (Sheet 3 of 3) gmpibdescriptorpanid_c 0x1AAA PAN Id used in the network gmpibdescriptorshortaddress_c 0x0000 Short address of the device from which the frame is received (if short addressing is used in the data requests) gmpibdescriptorextaddress_c 0x1122334455667788 Extended address of the device from which the frame is received (if extended addressing is used in the data requests) gmpibdescriptorframecounter_c 0x00000000 Expected FrameCounter of this device. Automatically updated by the MAC as it receives secured frames from a device. gmpibdescriptorexempt TRUE May be FALSE depending on application needs Repeat the Above 6 Set PIBS to Add More s with a Different Index and Different Extended Address, Short Address and Frame Counter 5 Application Summary This section summarizes how an application using the Association procedure should work with MAC security. An application draft is shown for both a Coordinator and End. For full examples with code, please see the MyStarNetwork and MyWirelessApp demo applications that are provided with the MAC Software Stack. 5.1 Coordinator Application 1. Platform initialization 2. Stack initialization 3. Application initialization 4. Start the PAN as Coordinator 5. Security initialization a.) Set up General MAC PIB attributes related to security b.) Set up the entry in the Key Table i.)set up the key ii.)set up the Key Id lookup List iii.)set up the Key Usage List c.) Set up the Security Level Table 6. If an association request is received from an Ends a.) If the association procedure is successful (with short or extended address) 14 Freescale Semiconductor

Application Summary i.)set up an entry with correct addressing settings in the Table for the associated End ii.)set up an entry for the associated End in the Key List of the KeyDescriptor in the Key Table - with a Descriptor Handle pointing to the corresponding index in the entry created in the Table 7. Send and receive secured frames to and from the associated Ends 5.2 End Application 1. Platform initialization 2. Stack initialization 3. Application initialization 4. Scan for a PAN Coordinator 5. If a proper Coordinator is found start the association procedure 6. If the association procedure is successful perform security setup a.) Set up General MAC PIB attributes related to security b.) Set up the entry in the Key Table i.)set up the key ii.)set up the Key Id lookup List iii.)set up the Key Usage List c.) Set up the Security Level Table d.) Set up an entry with correct addressing settings in the Table for the Coordinator e.) Set up an entry for the Coordinator in the Key List of the KeyDescriptor in the Key Table - with a Descriptor Handle pointing to the corresponding index in the entry created in the Table 7. Send and receive secured frames to and from the Coordinator Freescale Semiconductor 15

How to Reach Us: Home Page: freescale.com Web Support: freescale.com/support Information in this document is provided solely to enable system and software implementers to use Freescale products. There are no express or implied copyright licenses granted hereunder to design or fabricate any integrated circuits based on the information in this document. Freescale reserves the right to make changes without further notice to any products herein. Freescale makes no warranty, representation, or guarantee regarding the suitability of its products for any particular purpose, nor does Freescale assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation consequential or incidental damages. Typical parameters that may be provided in Freescale data sheets and/or specifications can and do vary in different applications, and actual performance may vary over time. All operating parameters, including typicals, must be validated for each customer application by customer s technical experts. Freescale does not convey any license under its patent rights nor the rights of others. Freescale sells products pursuant to standard terms and conditions of sale, which can be found at the following address: freescale.com/salestermsandconditions. Freescale, the Freescale logo, AltiVec, CodeWarrior, ColdFire, ColdFire+,Energy Efficient Solutions logo, PowerQUICC, QorIQ, StarCore, Symphony, and VortiQa are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. CoreNet, Layerscape, QorIQ Qonverge, QUICC Engine, Tower, and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2014 Freescale Semiconductor, Inc. Document Number: AN4973 Rev. 0 7/2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information