Andy Pye examines Zigbee product certification and the need for standards and testing to keep up with the speed of technological advancement in the field.
In July, Andy Pye attended the Testing and Global Approvals Conference 2015 hosted by Trac Global. Amongst the highlights was a session on certification of Zigbee products. At the same time, some security concerns have emerged concerning the use of the Zigbee standard. A common theme is the speed of technological advance, leaving standards and conformance testing in its wake.
ZigBee is a suite of high-level communication protocols used to create personal area networks built from small, low-power digital radios and which can cover a large area – many devices that use ZigBee are powered by battery. The technology is intended to be simpler and less expensive than other wireless personal area networks (WPANs), such as Bluetooth or Wi-Fi.The name refers to the waggle dance of honey bees after their return to the beehive.
ZigBee devices can transmit data over long distances and are typically used in low data rate applications that require long battery life and secure networking (ZigBee networks are secured by 128 bit symmetric encryption keys.) ZigBee has a defined rate of 250 kbit/s, best suited for intermittent data transmissions from a sensor or input device.
Applications are those that require short-range low-rate wireless data transfer and include wireless light switches, home entertainment and control systems, medical data collection, smoke and intruder warning, building automation, electrical meters with in-home-displays, and traffic management systems. Because ZigBee is often used in industrial automation and physical plant operation, it is often associated with machine-to-machine (M2M) communication and the Internet of Things (IoT).
ZigBee is based on the 802.15 specification of the Institute of Electrical and Electronics Engineers Standards Association. It operates in unlicensed radio frequency bands, including the industrial, scientific and medical (ISM) radio bands: 2.4 GHz in most jurisdictions worldwide. The specifications are maintained and updated by the ZigBee Alliance.
ZigBee chips are typically integrated with radios and with microcontrollers that have between 60-256 KB flash memory. Key suppliers of Zigbee chips include TI, Microchip, Silicon Labs and Freescale.
Currently the main markets for ZigBee products are Europe, North America and Japan. The regulatory requirements differ between countries, and the processes to demonstrate compliance vary as well.
Within Europe, the regulatory requirements are governed by Directives issued by the European Union. The Radio & Telecoms Terminal Equipment (R&TTE) Directive relates specifically to telecommunications or IT equipment. It covers radio, EMC and safety aspects of any product falling within its scope and references specific standards that are applicable. Note that the R&TTE Directive will soon be replaced by the Radio Equipment Directive – RED.
The R&TTE Directive also references several the EMC Directive and the Low Voltage Directive (LVD). It is also important to remember that a manufacturer must consider the primary function or purpose of a product. This will determine whether a specific directive applies. For example, the Medical Directive is applicable to products that are intended for medical applications (both invasive and non-invasive); it covers both safety and EMC aspects of a product.
However, in some cases these standards are several years old and were written at a time when there was no concept of the applications to which ZigBee is now being applied. In general, the older standards relate to safety requirements, as EMC and radio are relatively new fields of standardisation and are constantly being updated to account for advances in these technological areas. Where the applicable standard is not clear, enlisting the help of a European Notified Body is recommended.
European Notified Bodies are appointed by the European Commission and will contain individuals who are appointed as authorised signatories for a given discipline and classified as “experts” in that discipline.
Trac Global is the only recognised ZigBee Alliance test house in Europe with a testing facility. ZigBee Certification services, range from specific testing for ZigBee devices to Notified Body (NB) work which can assist in complying with legal global market regulations. The test house is fully accredited against BS EN ISO/IEC 17025:2005 to provide all the worldwide regulatory requirements applicable to ZigBee products.
One of the services that a Notified Body signatory can perform is to provide a formal “Statement of Opinion” relating to whether or not a product correctly satisfies the requirements of a given Directive. This formal document is issued following a thorough review of all documentation supplied by a product manufacturer.
The statement does not replace the manufacturer’s Declaration of Compliance (DoC) or remove the manufacturer’s liability; however, it adds weight to the declaration and supports that the manufacturer has assessed the product against applicable standards. This is particularly relevant in cases such as ZigBee devices where it is often not clear which is the most applicable standard.
In the US, regulations have two components that are governed by separate bodies. The first relates to the communications aspect of the product and is governed by the Federal Communications Commission (FCC). The second relates to a product’s safety and is governed by Nationally Recognised Testing Laboratories (NRTLs). For a ZigBee product the applicable part of the FCC regulation is FCC 47 CFR 15.247.
In order for a product to satisfy the relevant safety aspects of regulation in the US, it should be assessed against the appropriate safety specification and these results submitted to a Nationally Recognised Testing Laboratory (NRTL). If the NRTL finds that the product has satisfied all the safety requirements, the product is marked with the relevant NRTL logo. There are several NRTLs, the most familiar of these being UL, CSA, MET and Wyle.
In Japan, the radio and communications requirements are included in Japanese Ordinance 31 which is issued by the Japanese Ministry of Internal Communications (MIC). EMC is voluntary from a regulatory point of view. However, due to consumer pressures it is highly unlikely that a product will be successfully marketed without the voluntary VCCI (Voluntary Control Council for Interference) mark for EMC. Hence compliance with the VCCI requirements is a real consideration for ZigBee products.
A new concern which is emerging with Zigbee, and which is far in advance of applicable standards, relates to perceived security flaws within IoT devices. Speaking at the Black Hat USA Conference in Las Vegas recently (https://www.blackhat.com/us-15/), senior IS auditor Tobias Zillner of IOT firm Cognosec claims there are principal security risks in ZigBee implementations, and revealed which devices are affected by them.
Conducting assessments on identified vulnerabilities, Cognosec claims it is possible to compromise ZigBee networks and thereby take control of connected devices on a network. Smart home devices such as lights, motion sensors, temperature sensors and even door locks, for example, could be compromised via such vulnerabilities.
At first sight, since the ZigBee specification was developed to enable secure wireless communication for a range of IoT devices, this is surprising. “The shortcomings and limitations we have discovered in ZigBee have been created by vendors wanting to create the latest and greatest products – which these days means they are likely to be Internet-connected,” says Zillner. “Simple units such as light switches have to be compatible with a host of other devices and therefore little consideration is made to security requirements – most likely to keep costs down. Low per-unit-costs, interoperability and compatibility requirements, along with the application of legacy security concepts, has resulted in persistent known security risks.”
Vendors wanting a device to be compatible to other certified devices from other manufacturers have to implement the standard interfaces and practices of this profile. “However, the use of a default link key introduces a high risk to the secrecy of the network key,” Zillner claims. “As the security of ZigBee is reliant on the secrecy of the key material – and therefore on the secure initialisation and transport of the encryption keys – this default fallback mechanism has to be considered as a critical risk.”