Z-Wave Security Fundamentals

Z-Wave is a wireless communication protocol widely used in home automation, particularly for security applications like smart locks, sensors, and alarm systems. To address the inherent security concerns of wireless communications, Z-Wave incorporates a Security Layer that provides robust encryption and decryption mechanisms. This page covers the fundamentals of Z-Wave security as implemented in Z-Wave networks.

Key features of Z-wave security

The following features are key to Z-Wave’s security implementation:

• Message Freshness: Uses a 64-bit Nonce (number used once).
• 128-bit Random Network Key: Represented as $K_n$. This is crucial for securing communication within the network.
• Encryption: Employs the Advanced Encryption Standard (AES) in Output Feedback (OFB) mode (AES-OFB).
• Data Authentication: Utilizes AES in Cipher Block Chaining Message Authentication Code (CBC-MAC) mode (AES-CBCMAC).
• 128-bit Cipher and MAC Keys: These are derived from the network key, $K_n$.
• Custom Key Establishment Protocol: Described in more detail below.

Z-Wave data origin authentication relies on the Cipher Block Chaining Message Authentication Code (CBC-MAC) technique. This method calculates a Message Authentication Code (MAC) from a block cipher algorithm, such as AES.

The figure above illustrates the key exchange protocol used in Z-Wave security.

Conclusion

Z-Wave’s security framework, including its Security Layer and the adoption of advanced encryption standards, provides a solid foundation for secure wireless communication in smart home environments.