May, 2007

ZigBee-043171ZBr04

Project Title

ZigBee Alliance

ZigBee Security Services protocol implementation conformance (PICS) proforma

[June 05, 2007] [Robert Cragie] [Jennic] [Furnival Street, Sheffield, S1 4QT, UK] Voice: Fax: E-mail: [+44 114 281 2655] [+44 114 281 2951] [rcc@jennic.com]

Date Submitted Source

Re: Abstract

The ZigBee Specification (053474r16ZB). As a part of formal conformance testing, developers will be asked to submit a statement of protocol conformance with respect to the ZigBee stack profile required by the Application Profile under test. This document is intended to provide the form of that statement of conformance. This document, after review by the relevant working groups, should provide a form whereby developers can proffer a statement of protocol conformance to be tested under platform and profile testing. This document has been prepared to assist the ZigBee Alliance. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor acknowledges and accepts that this contribution will be posted in the member area of the ZigBee web site.

Purpose

Notice

Release

Submission

Page 1

Robert Cragie, Jennic

May, 2007

ZigBee-043171ZBr04

Legal Notice

Copyright ZigBee Alliance, Inc. (2004, 2005, 2007). All rights Reserved. This information within this document is the property of the ZigBee Alliance and its use and disclosure are restricted. Elements of ZigBee Alliance specifications may be subject to third party intellectual property rights, including without limitation, patent, copyright or trademark rights (such a third party may or may not be a member of ZigBee). ZigBee is not responsible and shall not be held responsible in any manner for identifying or failing to identify any or all such third party intellectual property rights. This document and the information contained herein are provided on an AS IS basis and ZigBee DISCLAIMS ALL WARRANTIES EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT OR TRADEMARK RIGHTS) OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL ZIGBEE BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. All Company, brand and product names may be trademarks that are the sole property of their respective owners. The above notice and this paragraph must be included on all copies of this document that are made. ZigBee Alliance, Inc. 2694 Bishop Drive, Suite 275 San Ramon, CA 94583

Submission

Page 2

Robert Cragie, Jennic

May, 2007 References

ZigBee-043171ZBr04

The following standards contain provisions, which, through reference in this document, constitute provisions of this standard. All the standards listed are normative references. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this standard are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below.

1.1
[R1] [R2] [R3] [R4] [R5]

ZigBee Alliance documents

Document 02039r0: Security Working Group Requirements Definition, August 2003. Document 053474r16: ZigBee Specification, May 2007. Document 053275r03: ZigBee Protocol Stack Settable Values (knobs), February 2005. Document 064321r04: ZigBee Stack Profile, December 2006. Document 074855r01: ZigBee PRO Stack Profile, May 2007.

1.2
[R6]

IEEE documents
IEEE Standard for Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) specifications for Low Rate Wireless Personal Area Networks (LR-WPANs), 2003.

1.3
[R7]

ISO documents
ISO/IEC 9646-1:1991, Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Part 1: General concepts. ISO/IEC 9646-7:1995, Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Part 7. Implementation conformance statements.

[R8]

Submission

Page 3

Robert Cragie, Jennic

May, 2007 Change history

The following table shows the change history for this specification.
Revision 4 (June 05, 2007)
Table 1 Revision change history for revision 3 Revision Version Description

ZigBee-043171ZBr04

0 1

Initial draft incorporating content from v0.92 specification. Editorial changes. Split app. And TC master keys. Completed stack profile table As a result of ZigBee V1.0 Platform Conformance testing (CCB item 302), the following changes were made: SL7 is Optional. MLS1 and MLS2 were made optional. Bought up to date for 053474r13 Bought up to date for 053474r16

2 3 4

1 1 1

Submission

Page 4

Robert Cragie, Jennic

May, 2007 2 Introduction

ZigBee-043171ZBr04

To evaluate conformance of a particular implementation, it is necessary to have a statement of which capabilities and options have been implemented for a given standard. Such a statement is called a protocol implementation conformance statement (PICS). 2.1 Scope This document provides the protocol implementation conformance statement (PICS) proforma for the ZigBee security services section (053474r16, Clause 4) in compliance with the relevant requirements, and in accordance with the relevant guidance, given in ISO/IEC 9646-7. 2.2 Purpose The supplier of a protocol implementation claiming to conform to the ZigBee standard shall complete the following PICS proforma and accompany it with the information necessary to identify fully both the supplier and the implementation. The protocol implementation conformance statement (PICS) of a protocol implementation is a statement of which capabilities and options of the protocol have been implemented. The statement is in the form of answers to a set of questions in the PICS proforma. The questions in a proforma consist of a systematic list of protocol capabilities and options as well as their implementation requirements. The implementation requirement indicates whether implementation of a capability is mandatory, optional, or conditional depending on options selected. When a protocol implementer answers questions in a PICS proforma, they would indicate whether an item is implemented or not, and provide explanations if an item is not implemented.

Submission

Page 5

Robert Cragie, Jennic

May, 2007 3 Abbreviations and special symbols

Notations for requirement status: M O O.n N/A X

ZigBee-043171ZBr04

Mandatory Optional Optional, but support of at least one of the group of options labeled O.n is required. Not applicable Prohibited

item: Conditional, status dependent upon the support marked for the item. For example, FD1: O.1 indicates that the status is optional but at least one of the features described in FD1 and FD2 is required to be implemented, if this implementation is to follow the standard of which this PICS Proforma is a part.

Submission

Page 6

Robert Cragie, Jennic

May, 2007 4 Instructions for completing the PICS proforma

ZigBee-043171ZBr04

If a given implementation is claimed to conform to this standard, the actual PICS proforma to be filled in by a supplier shall be technically equivalent to the text of the PICS proforma in this annex, and shall preserve the numbering and naming and the ordering of the PICS proforma. A PICS which conforms to this document shall be a conforming PICS proforma completed in accordance with the instructions for completion given in this annex. The main part of the PICS is a fixed-format questionnaire, divided into five tables. Answers to the questionnaire are to be provided in the rightmost column, either by simply marking an answer to indicate a restricted choice (such as Yes or No), or by entering a value or a set or range of values. The ZigBee Specification [R2] contains the notion of a stack profile (see also [R4]and [R5]). A stack profile is a collection of settings for the operational parameters of the network layer (see [R3]). Stack profiles exist primarily to address concerns about interoperability of devices implementing a specification with many optional features and tunable parameters in a multivendor, multi-application environment. The operative restriction is that devices implementing the same stack profile are required to interoperate. It is expected that a large number of application profiles will each select a single stack profile and that the universe of stack profiles advanced and supported by the ZigBee Alliance will be kept as small as possible. In light of this and of the fact that embedded stack implementers can ill afford to implement more than the minimum set of features required to support their application, protocol conformance will generally be tested with respect to a specific stack profile or at most a small set of stack profiles. This document is organized such that the general PICS outlined in clause 8 may be further constrained using the tables in clause 9 to reflect a particular stack profile. Items not included in the constrained set need not be answered. Items that have optional status in the general PICS may be made mandatory or disallowed under a given stack profile.

Submission

Page 7

Robert Cragie, Jennic

May, 2007 5 Identification of the implementation

Implementation under test (IUT) identification

ZigBee-043171ZBr04

IUT name: _____________________________________________________________________ IUT version: ____________________________________________________________________ ______________________________________________________________________________ System under test (SUT) identification SUT name: _____________________________________________________________________ Hardware configuration: ___________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Operating system: ________________________________________________________________ Product supplier Name: ________________________________________________________________________ Address: ______________________________________________________________________ _____________________________________________________________________________ Telephone number: _____________________________________________________________ Facsimile number: ______________________________________________________________ Email address: _________________________________________________________________

Submission

Page 8

Robert Cragie, Jennic

May, 2007

ZigBee-043171ZBr04

Additional information: __________________________________________________________ Client Name: ________________________________________________________________________ Address: ______________________________________________________________________ _____________________________________________________________________________ Telephone number: _____________________________________________________________ Facsimile number: ______________________________________________________________ Email address: ________________________________________________________________ Additional information: __________________________________________________________ PICS contact person Name: ________________________________________________________________________ Address: ______________________________________________________________________ _____________________________________________________________________________ Telephone number: ______________________________________________________________ Facsimile number: _______________________________________________________________ Email address: _________________________________________________________________ Additional information: ___________________________________________________________ PICS/System conformance statement Provide the relationship of the PICS with the system conformance statement for the system: ______________________________________________________________________________ Submission Page 9 Robert Cragie, Jennic

May, 2007

ZigBee-043171ZBr04

______________________________________________________________________________ ______________________________________________________________________________

Submission

Page 10

Robert Cragie, Jennic

May, 2007 6 Identification of the protocol

ZigBee-043171ZBr04

This PICS proforma applies to ZigBee Specification r16, as cited in [R2].

Submission

Page 11

Robert Cragie, Jennic

May, 2007 7 Global statement of conformance

ZigBee-043171ZBr04

The implementation described in this PICS proforma meets all of the mandatory requirements of the referenced standard with the restrictions specified in clause 9 for the following stack profiles: Stack profile(s):______________________________________________________________
Yes
No

Note -- Answering No indicates non-conformance to the specified protocol standard. Nonsupported mandatory capabilities are to be identified in the following tables, with an explanation by the implementer explaining why the implementation is non-conforming. The supplier will have fully complied with the requirements for a statement of conformance by completing the statement contained in this sub-clause. That means, by clicking the above, the statement of conformance is complete. However, the supplier may find it incumbent on their claim to continue to complete the detailed tabulations in the sub-clauses that follow. Not specifying a stack profile here means that the entire PICS proforma is being addressed without restriction.

Submission

Page 12

Robert Cragie, Jennic

May, 2007 8 PICS proforma tables

ZigBee-043171ZBr04

The following tables are composed of the detailed questions to be answered, which make up the PICS proforma. There are three major sub-clauses. The first sub-clause contains the top-level security capabilities and the subsequent sub-clauses cover the security services for the NWK, APS, and application layers. Further sub-clauses within these sub-clauses may exist. 8.1 Top-level security capabilities Tables in the following sub-clauses detail the top-level security capabilities of ZigBee devices. 8.1.1 ZigBee device types
Table 2 - Functional device types Item number Item description Reference Status Support

FDT1 FDT2 FDT3

Is this device capable of acting as a ZigBee coordinator? Is this device capable of acting as a ZigBee router? Is this a ZigBee end device?

[R2]/1.4 [R2]/1.4 [R2]/1.4

O.1 O.1 O.1

8.1.2 ZigBee security roles

Table 3 - Security roles Item number Item description Reference Status Support

SR1

Is this device capable of acting in the role of a trust center?

[R2]/1.4, 4.6.2

FDT1:M, FDT2:O, FDT3:X

8.1.3 ZigBee trust center capabilities

Table 4 Trust center capabilities Item number Item description Reference Status Support

TCC1 TCC2

Is this device capable of acting as a ZigBee trust center in high security mode? Is this device capable of acting as a ZigBee trust center in standard mode?

[R2]/1.4.1.2, 4.6.2.1 [R2]/1.4.1.2, 4.6.2.2

SR1:O.2 SR1:O.2

Submission

Page 13

Robert Cragie, Jennic

May, 2007
8.1.4 Modes of operation
Table 5 Modes of operation Item number Item description

ZigBee-043171ZBr04

Reference

Status

Support

MOO1

Is this device capable of operating in a network secured with a trust center running in high security mode? Is this device capable of operating in a network secured with a trust center running in standard mode?

[R2]/1.4.1.2, 4.6.2.1

O.3

MOO2

[R2]/1.4.1.2, 4.6.2.2

O.3

8.1.5 Security levels

Table 6 Security level Item number Item description Reference Status Support

SL1 SL2 SL3 SL4 SL5 SL6 SL7

Is this device capable of supporting security level 0x01? Is this device capable of supporting security level 0x02? Is this device capable of supporting security level 0x03? Is this device capable of supporting security level 0x04? Is this device capable of supporting security level 0x05? Is this device capable of supporting security level 0x06? Is this device capable of supporting security level 0x07?

[R2]/4.5.1.1.1 [R2]/4.5.1.1.1 [R2]/4.5.1.1.1 [R2]/4.5.1.1.1 [R2]/4.5.1.1.1 [R2]/4.5.1.1.1 [R2]/4.5.1.1.1

O.4 O.4 O.4 O.4 O.4 O.4 O.4

8.2

NWK layer security

Table 7 NWK layer security

Item number

Item description

Reference

Status

Support

NLS1

Does the device support the security processing of NWK layer outgoing frames? Does the device support the security processing of NWK layer incoming frames?

[R2]/4.3.1.1

NLS2

[R2]/4.3.1.2

Submission

Page 14

Robert Cragie, Jennic

May, 2007
Item number Item description Reference

ZigBee-043171ZBr04
Status Support

NLS3

Does the device support the ZigBee secured NWK layer frame format? Does the device support the ability to manage at least one network key and corresponding outgoing frame counter? Does the device support the ability to manage two network keys and corresponding outgoing frame counter? Does the device support at least one frame counter for incoming NWK layer frames for each potential source of incoming frames (e.g., a coordinator or router should support the same number of counters per network key as the maximum number of neighbor table entries and an end device should support one counter per network key)? Does the device support a setting to indicate that all incoming NWK frames must be checked for freshness (i.e., nwkAllFresh). Does the device support the ability to secure all incoming and outgoing NWK frames (i.e., the nwkSecureAllFrames attribute of the NIB)? Does the device support the ability to reject frames from neighbors which have not been properly authenticated?

[R2]/4.3.1

NLS4

[R2]/4.2.1.3, 4.3.3

NLS5

[R2]/4.2.1.3, 4.3.1, 4.3.3

NLS7

[R2]/4.2.1.3, 4.3.1, 4.3.3

NLS8

[R2]/4.4.1.2, 4.6.2.1, 4.6.2.2 [R2]/4.2.3, 4.6

MOO1:M MOO2:O

NLS9

[R2]/4.2.3, 4.6 O

NLS10

8.3

APS layer security

Table 8 Application support layer security

Item number

Item description

Reference

Status

Support

ASLS1 ASLS2

Does the device support the security processing of APS layer outgoing frames? Does the device support the security processing of APS layer incoming frames?

[R2]/4.4.1.1 [R2]/4.4.1.2

M M

Submission

Page 15

Robert Cragie, Jennic

May, 2007
Item number Item description Reference

ZigBee-043171ZBr04
Status Support

ASLS3

Does the device support the ZigBee secured APS layer frame format? Does the device support the ability to manage trust center master keys? Does the device support the ability to manage application master keys?

[R2]/4.4.7.3 [R2]/4.4.3, 4.4.10, 4.6.3 [R2]/4.2.3.5, 4.4.3, 4.4.6, 4.4.10, 4.6.3.5

ASLS4

ASLS5

ASLS6

Does the device support the ability to manage application data keys and corresponding security material (e.g., the incoming and outgoing frame counters)? Does the device support network key incoming frame counters for incoming APS layer frames secured with the network key? Does the device support establish-key service using the Symmetric-Key Key Establishment (SKKE) protocol? Does the device support the origination of transport-key commands? Does the device support the receipt of transportkey commands? Does the device support the origination of update-device commands? Does the device support the receipt of updatedevice commands? Does the device support the origination of remove-device commands? Does the device support the receipt of removedevice commands? Does the device support the origination of request-key commands? Does the device support the receipt of requestkey commands?

[R2]/4.2.1.3, 4.4.1, 4.4.10

ASLS7

[R2]/4.4.1.2, 4.3.3

ASLS8

[R2]/4.2.3.1, 4.4.2, 4.4.9.1 [R2]/4.2.3.2, 4.4.3, 4.4.9.2 [R2]/4.2.3.2, 4.4.3, 4.4.9.2 [R2]/4.2.3.3, 4.4.4, 4.4.9.3 [R2]/4.2.3.3, 4.4.4, 4.4.9.3 [R2]/4.2.3.4, 4.4.5, 4.4.9.4 [R2]/4.2.3.4, 4.4.5, 4.4.9.4 [R2]/4.2.3.5, 4.4.6, 4.4.9.5 [R2]/4.2.3.5, 4.4.6, 4.4.9.5

ASLS9 ASLS10

SR1:M O FDT1:O, FDT2:O, FDT3:X SR1:M SR1:M FDT1:O, FDT2:O, FDT3:X O SR1:M

ASLS11

ASLS12 ASLS13

ASLS14

ASLS15 ASLS16

Submission

Page 16

Robert Cragie, Jennic

May, 2007
Item number Item description Reference

ZigBee-043171ZBr04
Status Support

ASLS17 ASLS18 ASLS19 ASLS20 ASLS21

Does the device support origination of switchkey commands? Does the device support receipt of switch-key commands? Does the device support origination of tunnel commands? Does the device support receipt of tunnel commands? Does the device support the authentication service using the entity authentication protocol?

[R2]/4.2.3.6, 4.4.7, 4.4.9.6 [R2]/4.2.3.6, 4.4.7, 4.4.9.6 [R2]/4.4.3.1, 4.4.9.8 [R2]/4.4.3.1, 4.4.9.8 [R2]/4.2.3.7, 4.4.8, 4.4.9.7

SR1:M O SR1:M O O

8.4

Application layer security

Table 9 Application layer security

Item number

Item description

Reference

Status

Support

ALS1

Is this device capable of learning and maintaining knowledge of its trust center using the apsTrustCenterAddress attribute in the AIB? Is this device capable of following the joining a secure network procedure in the role of a router?

[R2]/4.4.10, 4.6.1

ALS2

[R2]/4.6.3.1

FDT1:O, FDT2:O, FDT3:X

ALS3

Is this device capable of following the joining a secure network procedure in the role of a joining device? Is this device capable of following the authentication procedure in the role of a trust center? Is this device capable of following the authentication procedure in the role of a router?

[R2]/4.6.3.1

ALS4

[R2]/4.6.3.2, 4.6.3.2.2.1

TCC1:O TCC2:O FDT1:O, FDT2:O, FDT3:X

ALS5

[R2]/4.6.3.2, 4.6.3.2.1

ALS6

Is this device capable of following the authentication procedure in the role of a joining device with a preconfigured network key?

[R2]/4.6.3.2, 4.6.3.2.3.1

Submission

Page 17

Robert Cragie, Jennic

May, 2007
Item number Item description Reference

ZigBee-043171ZBr04
Status Support

ALS7

Is this device capable of following the authentication procedure in the role of a joining device with a preconfigured trust center key? Is this device capable of following the authentication procedure in the role of a joining device without preconfigured network or trust center keys? Is this device capable of following the network key update procedure in the role of a trust center? Is this device capable of following the network key update procedure in the role of a network device? Is this device capable of following the end-toend application key establishment procedure in the role of a trust center? Is this device capable of following the end-toend application key establishment procedure in the role of a device receiving and using a master key with the SKKE protocol? Is this device capable of following the end-toend application key establishment procedure in the role of a device directly receiving a link key? Is this device capable of following the network leave procedure in the role of a trust center? Is this device capable of following the network leave procedure in the role of a router? Is this device capable of following the network leave procedure in the role of a leaving device? Is this device capable of following the intraPAN portability procedure in the role of a router? Is this device capable of following the intraPAN portability procedure in the role of an end device?

[R2]/4.6.3.2, 4.6.3.2.3.2

ALS8

[R2]/4.6.3.2, 4.6.3.2.3.3

ALS9

[R2]/4.6.3.4, 4.6.3.4.1 [R2]/4.6.3.4, 4.6.3.4.2 [R2]/4.6.3.5, 4.6.3.5.2 [R2]/4.6.3.5, 4.6.3.5.1, 4.6.3.5.1.2 [R2]/4.6.3.5, 4.6.3.5.1, 4.6.3.5.1.1 [R2]/4.6.3.6, 4.6.3.6.1 [R2]/4.6.3.6, 4.6.3.6.2 [R2]/4.6.3.6, 4.6.3.6.3 [R2]/4.6.3.3, 4.6.3.3.1 [R2]/4.6.3.3, 4.6.3.3.2

TCC1:O TCC2:O

ALS10

ALS13

TCC1:O TCC2:O

ALS14

ALS15

O TCC1:O TCC2:O FDT1:O, FDT2:O, FDT3:X O FDT1:O, FDT2:O, FDT3:X O

ALS16

ALS17

ALS18

ALS19

ALS20

Submission

Page 18

Robert Cragie, Jennic

May, 2007
Item number Item description Reference

ZigBee-043171ZBr04
Status Support

ALS21

Is this device capable of following the command tunnelling procedure in the role of a trust center device? Is this device capable of following the command tunnelling procedure in the role of a router?

[R2]/4.6.3.8, 4.6.3.8.1 [R2]/4.6.3.8, 4.6.3.8.2 [R2]/4.2.3.8, 4.6.3.8

TCC1:O TCC2:O FDT1:O, FDT2:O, FDT3:X O

ALS22

ALS23

Does the device support the permissions configuration table?

Submission

Page 19

Robert Cragie, Jennic

May, 2007 9 ZigBee Stack Profiles

ZigBee-043171ZBr04

Additional restrictions and constraints are imposed by the supported ZigBee stack profiles. For details of these additional restrictions and constraints, see [R4] and [R5].

Submission

Page 20

Robert Cragie, Jennic