XBee®/XBee‐PRO® ZB SMT RF Modules
Message integrity Code
If APS security is enabled, the APS header and data payload are authenticated with 128-bit AES. A hash is
performed on these fields and appended as a 4-byte message integrity code (MIC) to the end of the packet.
This MIC is different than the MIC appended by the network layer. The MIC allows the destination device to
ensure the message has not been changed. If the destination device receives a packet and the MIC does not
match the destination device’s own hash of the data, the packet is dropped.
APS Link Keys
There are two kinds of APS link keys – trust center link keys and application link keys. A trust center link key is
established between a device and the trust center, where an application link key is established between a device
and another device in the network where neither device is the trust center.
APS Layer Encryption and Decryption
Packets with APS layer encryption are encrypted at the source and only decrypted by the destination. Since APS
encryption requires a 5-byte header and a 4-byte MIC, the maximum data payload is reduced by 9 bytes when
APS encryption is used.
Network and APS Layer Encryption
Network and APS layer encryption can both be applied to data. The following figure demonstrates the
authentication and encryption performed on the final ZigBee packet when both are applied.
© 2010 Digi International, Inc.
69
DCD [ DIGITAL CORE DESIGN ]
