Zigbee USES AES encryption, I've got a frame air control command, again sent to the destination, the destination MAC layer ACK, shows that the target device received the package, but without the corresponding action, shows that the target device has the function of prevent replay attack

But the principle of AES to prevent replay attack is what? I only see the inside of the SDK encryption/decryption of AES CCM interface is like this:
AESCCM_Encrypt (uint8_t * key, uint8_t * input, uint16_t inputLen, uint8_t * outPut, uint8_t * nonce, uint8_t nonceLen, uint8_t * MIC, uint8_t MIC_len);

AESCCM_Decrypt (uint8_t * key, uint8_t * input, uint16_t inputLen, uint8_t * outPut, uint8_t * nonce, uint8_t nonceLen, uint8_t * MIC, uint8_t MIC_len);

To emulate the protocol stack, I saw every time protocol stack to encrypt all fill in the 13 byte nonce, nonce by Zigbee 8 bytes IEEE address, 4 byte counter, 1 byte of constant composition, in addition to the encrypted cryptograph, also can produce 4 bytes of MIC, the encrypted wireless data frame, air packets in addition to the ciphertext, also can bring the nonce and MIC,

Could you tell me the MIC can be used to prevent replay attacks? Every frame of the counter Nonce is will accumulate, and Zigbee devices each time useing the counter must be smaller than the next time the electric counter, every time that is Zigbee equipment on electricity, the value of the counter to initialize a larger than last time useing value, can appear otherwise sent a message to the other party does not recognize, but also reset once,

But if Zigbee devices are recorded counter replay to judge, so a Zigbee equipment to open up much space to store the counter have failed, and each counter also correspond to an IEEE address,

CodePudding user response:

The insides of the MIC is AES encryption by AES - 32,64,128 corresponding to different length of the MIC, you don't need to study it.
Replay attack protection is judged by the Counter, after open NV_restore and encryption, each electricity on the basis of the last increase a little on the Counter;
Storage space should be in neighborTable equipment, including the length of the peripheral device address and linkInfo, linkInfo contains key serial number and the last time Counter; Each device, in fact, you just need to confirm to your data is in the network legal data is enough, do not need to save all the nodes in the network information,

CodePudding user response:

reference month bird, 1/f, response:

MIC is the insides of the AES encryption by AES - 32,64,128 corresponding to different length of the MIC, you don't need to study it.
Replay attack protection is judged by the Counter, after open NV_restore and encryption, each electricity on the basis of the last increase a little on the Counter;
Storage space should be in neighborTable equipment, including the length of the peripheral device address and linkInfo, linkInfo contains key serial number and the last time Counter; Each device, in fact, you just need to confirm to your data is in the network legal data is enough, do not need to save all the nodes in the network information,

NeighborTable, the router table not communication equipment for a long time, should be clear, and may be recorded, MAC address + counter before I doubted nonce composed of counter + MAC address will produce special calibration values in the hardware registers, nonce is reused calibration values will be wrong,

CodePudding user response:

Only in the long run is not communication, and can replace table already occupied before, and later can also be set up by nwkLink connection;
Why don't you try in the process of running directly modify neighborTable linkInfo Counter inside, see also can communicate?

CodePudding user response:

reference month bird, 3/f response:

only when no communication for a long time, and can replace table already occupied before, and later can also be set up by nwkLink connection;
Why don't you try in the process of running directly modify neighborTable linkInfo Counter inside, see also can communicate?

Several tables have linkInfo_t inside, inside a uin32 inFrmCntr, looks like it is for this counter

CodePudding user response:

reference month bird, 3/f response:

only when no communication for a long time, and can replace table already occupied before, and later can also be set up by nwkLink connection;
Why don't you try in the process of running directly modify neighborTable linkInfo Counter inside, see also can communicate?

Want to see, a device only needs to record the associate list and neighbor is enough, the MAC address table and counter NWK the decryption Key is just to decrypt can direct communication equipment,

CodePudding user response:

reference month bird, 3/f response:

only when no communication for a long time, and can replace table already occupied before, and later can also be set up by nwkLink connection;
Why don't you try in the process of running directly modify neighborTable linkInfo Counter inside, see also can communicate?

If this is the lock and lock feel feel controlor such relationships, and should add asymmetric encryption at the application layer, Zigbee 3.0 security mechanism may be inadequate, the idea is to feel the lock will be randomly generated at a different time different nonce, feel the lock controlor need to acquire the lock feel nonce, before every lock and AES - only the Key lock and lock feel feel controlor know, gateway all don't know, with the method of physical contact to the lock and lock feel feel controlor have the same Key

CodePudding user response:

refer to 6th floor iot of reply:

Quote: refer to the third floor yueyue bird, response:

Only in the long run is not communication, and can replace table already occupied before, and later can also be set up by nwkLink connection;
Why don't you try in the process of running directly modify neighborTable linkInfo Counter inside, see also can communicate?

If this is the lock and lock feel feel controlor such relationships, and should add asymmetric encryption at the application layer, Zigbee 3.0 security mechanism may be inadequate, the idea is to feel the lock will be randomly generated at a different time different nonce, feel the lock controlor need to acquire the lock feel nonce, before every lock and AES - only the Key lock and lock feel feel controlor know, gateway all don't know, with the method of physical contact to the lock and lock feel feel controlor have the same Key

In the application layer to generate a random number, and then comparing that can be achieved, isn't it,

CodePudding user response:

refer to 7th floor yueyue bird, response:

Quote: refer to the sixth floor iot of reply:

Quote: refer to the third floor yueyue bird, response:

Only in the long run is not communication, and can replace table already occupied before, and later can also be set up by nwkLink connection;
Why don't you try in the process of running directly modify neighborTable linkInfo Counter inside, see also can communicate?

If this is the lock and lock feel feel controlor such relationships, and should add asymmetric encryption at the application layer, Zigbee 3.0 security mechanism may be inadequate, the idea is to feel the lock will be randomly generated at a different time different nonce, feel the lock controlor need to acquire the lock feel nonce, before every lock and AES - only the Key lock and lock feel feel controlor know, gateway all don't know, with the method of physical contact to the lock and lock feel feel controlor have the same Key

In the application layer to generate a random number, and then comparing that can be achieved, isn't it,

This is certainly needed, but still have to the serial number is encrypted,
Too much and zigbee automatic container, grid, an Endpoint don't show each grid, each grid can be an Attribute (the manufacturer code for independence in the cluster can make type), the Attribute of grid can be a random serial number, every time replenishment update random serial number, the application layer encryption protocol to know random serial number corresponding unlock key, there's another advantage of this design is to prevent repeated deduction, midway through the message packet loss leads to can't open grid, so the original random serial number has been around,