The Cost of Security: Performance of ZigBee Key Exchange Mechanism in an 802.15.4 Beacon Enabled Cluster Moazzam Khan, Fereshteh Amini, Jelena Miˇ si´ c, and Vojislav B. Miˇ si´ c University of Manitoba Winnipeg, Manitoba Canada R3T 2N2 Abstract— The IEEE 802.15.4 specification is a recent low data rate wireless personal area network standard. While basic security services are provided for, there is a lack of more advanced techniques which are indispensable in modern personal area network applications. In addition, performance implications of those services are not known. In this paper, we describe a secure data exchange protocol based on the ZigBee specification and built on top of 802.15.4 link layer. This protocol includes a key exchange mechanism. Then, we evaluate the overhead of this scheme under different application scenarios. Initial results show the range of network and traffic parameters wherein the proposed scheme is feasible to use. I. I NTRODUCTION The need for low-cost, low-power and short-range com- munication is the main reason of introducing IEEE 802.15.4 Low Rate Wireless Personal Area Network (LR-WPAN) stan- dard [3]. The 802.15.4 specification outlines some basic se- curity services at the data link layer that can be combined with advanced techniques at the upper layers to implement a comprehensive security solution. For example, the recent ZigBee specification [4] implements a number of protocols— including security-related ones—that can be deployed in an 802.15.4 network. Given that the 802.15.4 devices are typically severely constrained in terms of their communication and computational resources, the implementation of such solutions is likely to impose a significant performance overhead. In this paper we investigate those performance implications of some security solutions, namely, the Symmetric-Key Key Establishment (SKKE) as specified in [4], in the context of a single 802.15.4 sensor cluster operating in beacon-enabled, slotted CSMA-CA mode. To the best of our knowledge, this is the first study specifically devoted to the analysis of the SKKE security suite and its performance. The paper is organized as follows. Section II gives a brief overview of the operation of 802.15.4-compliant networks with star topology in the beacon-enabled, slotted CSMA-CA mode, followed by a review of basic security mechanisms provided for by the standard. As the 802.15.4 specification does not prescribe any particular key management approach, we will make use of the SKKE mechanism presented in Section III. Section IV presents the results of our analysis, while Section V concludes the paper and discusses our future work. II. AN OVERVIEW OF 802.15.4 SPECIFICATION In an IEEE 802.15.4-compliant WPAN, a central controller device (commonly referred to as the PAN coordinator) builds a WPAN with other devices within a small physical space known as the personal operating space. The standard allows two topologies: the peer-to-peer topology in which nodes can directly communicate with one another, and star topology in which all communications, even those between the devices themselves, must go through the PAN coordinator. While the former topology may appear better suited to sensing tasks, it was recently shown that such networks with identical devices are not optimal in terms of power consumption. Namely, nodes close to the network sink die much earlier than those farther away, since their batteries will be exhausted due to excessive packet relaying [7]. As a result, the network will cease to function, even though many nodes still have sufficient power. The concept of power heterogeneity, enhanced with link heterogeneity, was further considered in [12], where it was shown that the inclusion of a modest number of nodes with higher power can provide a substantial increase of the network lifetime. On account of this, we consider only clusters using the latter, star topology in this work. The 802.15.4 networks with star topology operate in beacon enabled mode where channel time is divided into superframes bounded by beacon transmissions from the PAN coordinator [5]. All communications in the cluster take place during the active portion of the superframe; the (optional) inactive portion may be used to switch to conserve power by switching devices to a low power mode. The active portion of each superframe is divided into equally sized slots which are further subdivided into backoff periods. Channel access is regulated through the CSMA-CA mecha- nism similar to 802.11 [5]. Since both packet transmissions and clear channel access (CCA) checks must be synchronized to the slot boundaries of backoff periods, this mechanism is designated as slotted CSMA-CA. Data transfers in the downlink direction, from the coordina- tor to a node, must first be announced by the coordinator. In this case, the beacon frame will contain the list of nodes that have pending downlink packets, as shown in Fig. 1(b). When the node learns there is a data packet to be received, it trans-