With XBee Thread soon arriving, we’re fielding a lot of questions regarding the protocol’s touted security benefits. Not only does Thread provide a robust network with no single point of failure, but it also offers businesses and developers extremely secure wireless communication. Let’s look at a couple reasons why.
IP-based Security Protocols
Yes, it’s a low-powered network, not unlike Zigbee and other 802.15.4 radios, but it’s also IP-based. This is important because with an IP-based networking protocol, developers can tap into security protocols used when you’re browsing the internet. Some of the common ones are DTLS, TLS and SSL. These IP-based security protocols provide the network with secure end-to-end communication.
Another benefit of the Thread protocol is the commissioning process. Commissioning is the process of joining a new node to the Thread network. Previously, this could lead to network vulnerabilities and be overly complex. But, the creators of Thread have made it a straightforward and user-friendly experience by leveraging mobile technology and passphrases. This ensures no rogue nodes are able to join the network without being overly complex.
There are three ways to add a node to a Thread network, out-of-band commissioning, discovery, and through a commissioning application on a mobile device.
Out-of-band commissioning mode configures a node with the network credentials of the desired network. This makes the node behave like a partition of the network. When it comes in range of the network, it will be like two partitions joining into a larger network creating a secure handoff.
When commissioning via discovery mode, the node searches for a network with matching credentials. For this, the security is simple, the network must be in range of the the node, the network must allow joining, and the node must be told to expect a node to be joining, identified by its EUI 64, or unique IPv6 MAC address.
Lastly, Thread introduces a third method, and arguably the easiest new way to commission a device, through a commissioning application installed on a device such as a smartphone, tablet, or laptop. Thread describes this process as petitioning and joining.
Petitioning is the process of authenticating and authorizing the commissioning device (like your phone or laptop), which will run the Thread commissioning app. The device can then communicate with the Thread network either locally or via the internet through the network’s Border Router. This forms a secure TLS connection between the network’s Border Router and the user’s commissioning device.
So now that we’ve got our commissioning device authorized, how do we add a new node to the network? It’s pretty easy.
When a node wants to join the network it will send a request to the commissioning device where the user will be prompted to enter a key to authorize the node(s) to join the network. Once the key is entered, there is a secure DTLS handshake between the joining node and the Commissioner. The new node receives the network parameters and is all ready to function with the necessary rights and privileges.
This is just a brief look at why many IoT experts consider Thread a more secure wireless protocol based on its security features and commissioning process. Check out these resources to learn more about the Thread wireless protocol:
And, if you have any Thread-related questions send us a tweet at @digidotcom or @XBeeWireless. You can also visit the official Thread website for more information.