Zigbee enhances security in Pro 2023 release

  • April 24, 2023
  • Steve Rogerson

Zigbee Pro 2023 brings several enhancements and features to the technology, allowing mesh networks to have a universal language that enables smart objects to work together.

Announced this month by the Connectivity Standards Alliance, Zigbee Pro 2023 expands on secure-by-design architecture by adding security enhancements to address changing market needs while simplifying the user experience and extending supported bands beyond 2.4GHz.

The revision also enables Zigbee Direct, simplifying device onboarding and control using Bluetooth Low Energy, a technology found in many voice assistant products and mobile devices.

The Zigbee Pro 2023 version also progresses standardisation of hub-centric operations with the first phase of ‘Works with All Hubs’, a feature that improves network resiliency on a hub-centric network by helping devices identify the most suitable parent for securely joining and rejoining the network.

Finally, the added support for sub-gigahertz frequencies for Europe (800Mhz) and North America (900MHZ) delivers increased signal strength and range to support more use cases.

“After two decades, Zigbee continues to empower consumer and industrial use cases, enabling richer and more reliable connectivity for utilities, homes, industry and buildings,” said Tobin Richardson, CEO of the Connectivity Standards Alliance. “With Pro 2023’s new features and security enhancements, our hundreds of members continue to evolve and increase Zigbee’s relevance and value to manufacturers, their customers and consumers.”

One of the critical components of the Zigbee Pro 2023 release is a set of enhancements and security mechanisms for protecting the network during the onboarding and operation of devices to address modern-day security threats. The key new security features include dynamic link key, device interview and trust centre swap out.

Dynamic link key is an improvement based on public-private key pairing and security curves, further protecting the network from attacks. Device interview technology allows users to query and filter out the devices before allowing them onto a network based on ecosystem requirements. The trust centre swap-out feature allows changing out the trust centre, which can be a gateway, hub, smart speaker and even commercial electric meters for a network without requiring all devices to be recommissioned.

“Security always needs to evolve as new exploits and attacks are introduced,” said Asad Haque, chair of the security advisory group at the Connectivity Standards Alliance. “With the Pro 2023 release, Zigbee now includes several critical security features to address modern-day threats. These enhancements utilise industry-standard cryptographic algorithms and mutual authentication to protect network security during commissioning and subsequent operation. It is great to see well-established standards like Zigbee continue to adopt the latest security technology available to deliver peace of mind to consumers.”

In addition to the security improvements, Zigbee devices built to Pro 2023 specifications with a sufficient level of security are now able to be on the same network as smart energy devices, providing the exchange of important information to improve control and use of the energy and devices.

Zigbee certified products can connect and communicate using the same IoT language with each other, and hundreds of millions of Zigbee products are already deployed in smart homes and buildings worldwide. Over 3900 Zigbee products have been certified, and over a billion chipsets have been sold globally.