This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2538EM-RD: Security

Part Number: CC2538EM-RD
Other Parts Discussed in Thread: CC2538


I'm using ZStack 3.02 on cc2538. I managed to build it with Code Composer Studio, it wasn't exactly easy but I could do it.

I'm using zstack monitor and test api to communicate with the cc2538 over serial. Everything works ok so far, but I have some things that are not clear to me or are totally unknown, regarding security.

My understanding is that if using ZigBee 3.x, the communication with the devices go securely, packets are encrypted and so on...

Is that true?

The problem I'm facing is that many devices do not support ZigBee 3, so they are kicked out of the network after joining. For those I will allow a config option that will set with APP_CNF_BDB_SET_TC_REQUIRE_KEY_EXCHANGE, the BDB_DEFAULT_TC_REQUIRE_KEY_EXCHANGE to false. This works, the devices are not leaving the network anymore, but now I'm left with a question:

How to detect if a device is working securely or not? There appear to be some info available about security, but from my attempts in each case the flag is set to false. For example ZDO_MSG_CB_INCOMING has a SecurityUse flag which seems always false. MAC capabilities flags also are supposed to contain 'security capable' flag which I always find it false. Trust Center received notifications seem unreliable for distinguishing between secure and unsecure devices.

Is there any way to figure out which one works securely and which one doesn't?

Thank you!