FIELD OF INVENTION
[001]The embodiments herein relate to ZigBee network and, more
particularly, to secured link key transmission in ZigBee network.

BACKGROUND 5
[002]ZigBee is a protocol specification used to create personal area
networks built using low power radios. It is usually used in networks which
require low data rate support. ZigBee is used in various consumer and
industrial applications such as traffic management systems, wireless light
switches and so on. 10
[003]In any communication network, data security is a main
concern. When data is communicated between two or more nodes of a
network, chances are more that an unauthorized person may access the
data, thereby compromising data privacy. In order to avoid such issues,
proper data security means are used with all communication systems. Data 15
encryption is one prominent data security mechanism widely used.
Encryption is a process in which data is encoded such that only authorized
people can view it. Even if an unauthorized manages to access the data, the
original data cannot be viewed without a security key used for data
encryption. 20
[004]Now, if the security key itself reaches wrong hands, then data
security issues arise. Because, using the security key, the original data can 3/22

be decrypted from the transmitted data. In ZigBee networks, a Trust Centre
(TC) is manages security issues by communicating with any device joining
the network (node), a link key and a network key. Any further
communication between the TC and the node is encrypted using the link
key and the network key. In the existing ZigBee based networks, the link 5
key is generated at the trust center and is transmitted to the node. However,
this mechanism has a disadvantage that the link key may be hacked by any
unauthorized person, while transmitting it from the trust center to the node,
thereby compromising data security.
10
SUMMARY
[005]In view of the foregoing, an embodiment herein provides a
method for secured link key transmission between a joining node and a
trust center in a ZigBee network. A binary file is shared from the trust
center with the joining node. Further, a common secret key is calculated at 15
the trust center and the joining node, using the binary file. Further the link
key transmission between the trust center and the joining node is encrypted
using the common secret key. The link key transmission is then decrypted
using the common secret key, at the receiving end which is the joining
node. 20
[006]Embodiments further disclose a system for secured link key
transmission between a joining node and a trust center in a ZigBee network. 4/22

The system configured for sharing a binary file with the joining node using
the trust center. Further, a common secret key is calculated from the binary
file, using the trust center and the joining node and the link key
transmission is encrypted using the common secret key, at the trust center.
Further, at the joining node, the link key transmission is decrypted using 5
the common secret key.
[007]These and other aspects of the embodiments herein will be
better appreciated and understood when considered in conjunction with the
following description and the accompanying drawings.
10
BRIEF DESCRIPTION OF THE FIGURES
[008]The embodiments herein will be better understood from the
following detailed description with reference to the drawings, in which:
[009]FIG. 1 illustrates block diagram which depicts the ZigBee
network, as disclosed in the embodiments herein; 15
[0010]FIG. 2 illustrates a flow diagram which depicts various steps
involved in the process of encrypted link key transmission in the ZigBee
network, as disclosed in the embodiments herein; and
[0011]FIG. 3 illustrates a flow diagram which depicts various steps
involved in the process of encrypted link key transmission in the ZigBee 20
network, as disclosed in the embodiments herein.
5/22

DETAILED DESCRIPTION OF EMBODIMENTS
[0012]The embodiments herein and the various features and
advantageous details thereof are explained more fully with reference to the
non-limiting embodiments that are illustrated in the accompanying
drawings and detailed in the following description. Descriptions of well- 5
known components and processing techniques are omitted so as to not
unnecessarily obscure the embodiments herein. The examples used herein
are intended merely to facilitate an understanding of ways in which the
embodiments herein may be practiced and to further enable those of skill in
the art to practice the embodiments herein. Accordingly, the examples 10
should not be construed as limiting the scope of the embodiments herein.
[0013] The embodiments herein disclose a secured link key
transmission mechanism in a ZigBee network by providing means for
generating identical keys at a trust center and a Joining node. Referring
now to the drawings, and more particularly to FIGS. 1 through 3, where 15
similar reference characters denote corresponding features consistently
throughout the figures, there are shown embodiments.
[0014]FIG. 1 illustrates block diagram which depicts the ZigBee
network, as disclosed in the embodiments herein. As depicted in the figure,
the ZigBee network 100 comprises of a Trust Centre (TC) 101, and at least 20
one Joining node 103. Joining node 103 refers to any device which joins
the ZigBee network 100, and number of joining nodes associated with the 6/22

trust center 101 may vary depending on load requirements and other such
factors. The trust center 101 further comprises of an encryption module
102, and the joining node 103 further comprises of a decryption module
104.
[0015]Link key transmission could be executed under various 5
circumstances. For example, when registering a new node with the ZigBee
network 100, the link key and network key need to be shared with the
joining node 103, so that the same can be used for encrypted data
transmission between the joining node 103 and the trust center 101. In
another example, when a link key which is already being used for data 10
encryption is changed/updated/modified, it has to be shared with
corresponding joining node 103.
[0016]The link key transmission between the trust center 101 and
the joining node 103 is secured by encrypting the same, using a common
secret key calculated independently at the trust center 101 and at the joining 15
node 103. A binary file is shared from the trust center 101 and the joining
node 103. Further, using data in the binary file and other selected inputs,
the common secret key is calculated using the encryption module 102.
Following same procedure, the common secret key is calculated using the
decryption module 104 at the joining node 103, such that values of the 20
common secret keys calculated at the trust center 101 and the joining node
103 are the same. Further, the encryption module 102 at the trust center 7/22

101, using the common secret key, encrypts the link key transmission
between the trust center 101 and the joining node 103. Upon receiving the
link key from the trust center 101 in the encrypted format, the decryption
module 104 at the joining node 103 decrypts the received data using the
calculated common secret key. 5
[0017]FIG. 2 illustrates a flow diagram which depicts various steps
involved in the process of encrypted link key transmission in the ZigBee
network, as disclosed in the embodiments herein. To secure the link key
transmission between the trust center 101 and the joining node 103, a
binary file is shared (202) from the trust center 101 and the joining node 10
103. Further, using data in the binary file and other selected inputs, a
common secret is calculated (204) at the trust center 101 and the joining
node 103 such that values of the common secret key is calculated at the
trust center 101 and the joining node 103 are the same. Further, using the
common secret key, link key transmission between the trust center 101 and 15
the joining node 103 is encrypted (206). After receiving the link key from
the trust center 101 in the encrypted format, the joining node 103 can
decrypt the received data using the calculated common secret key. The
various actions in method 200 may be performed in the order presented, in
a different order or simultaneously. Further, in some embodiments, some 20
actions listed in FIG. 2 may be omitted.
[0018]FIG. 3 illustrates a flow diagram which depicts various steps 8/22

involved in the process of encrypted link key transmission in the ZigBee
network, as disclosed in the embodiments herein. An authorized user may
store a unique identification number corresponding to the joining node 103
with the trust center 101. For example, the unique identification number
used may be the MAC address of the joining node 103. The trust center 101 5
may use this information to do an authentication check of the joining node
101.
[0019]After successfully verifying authenticity of the joining node
103, the trust center 101 shares a binary file with the joining node 103,
using a suitable communication medium which is used to establish 10
communication between the trust center 101 and the joining node 103. The
binary file possesses a certain amount of data; preferably in the range of
bytes, arranged in a pre-defined order. In an embodiment, the trust center
101 may possess a plurality of binary files, each possessing different set of
data. In another embodiment, the trust center 101 may randomly choose a 15
binary file from the available binary files, which is then sent to the joining
node 103.
[0020]Encryption module 102 in the trust center 101, using the data
in the binary file, generates (302) a first set of secret numbers. The
encryption module 102 reads/selects first ‘n’ number of even bytes from the 20
binary file and calculates a number (n1) by appending the selected bytes.
Similarly, next ‘n’ even numbers are selected and a number (n2) is 9/22

calculated by appending the selected bytes. This process is repeated for all
even bytes in the binary file, and ‘nn’ numbers are calculated. Further, a
first secret number (K1) in the first set of secret numbers is calculated as
sum of all numbers n1, n2…nn numbers.
I.e. Secret number (K1) = n1 + n2 + …. + nn ---- (1) 5
[0021]Now, the encryption module 102 repeats the same procedure
for odd numbers in the binary file, and generates numbers m1, m2, up to
mn. Further, the second secret number (K2) of the first set of secret
numbers is generated as:
I.e. secret number (K2) = m1 + m2 +…+mn ---- (2) 10
[0022]For example, consider the binary file shared by the trust
center 101 with the joining node 103 as:
Table 1
[0023]Now by selecting and appending even bytes in the manner 15
described above, the secret number ‘K1’ can be calculated as:
Number (n1) = 2 4 6 8 10 12 14 16
Number (n2) = 18 20 22 24 26 28 30 32 10/22

Number (n3) = 34 36 38 40 42 44 46 48
Number (n4) = 50 52 54 56 58 60 62 64
Number (n5) = 66 68 70 72 74 76 78 80
Secret number (K1) = n1 + n2 + n3 + n4 + n5
[0024]Similar way, using the odd numbers in the binary file, secret 5
number K2 is calculated. Further, from the first of secret numbers
(K1&K2), the encryption module 102 calculates (304) a set of intermediate
secret keys (p, g), as prime and primitive of the secret numbers K1 and K2.
[0025]Using the same procedure, the decryption module 104 at the
joining node 103 calculates the first set of secret numbers (K1, K2), and the 10
set of intermediate secret keys (p, g).
[0026]Further, the trust center 101, and the joining node 103
calculates (306) a first secret key (s1) from the set of intermediate secret
keys (p, g). In order to calculate s1, the trust center 101, chooses random
numbers ‘a1’, ‘a2’, ‘a3’, and calculates value of ‘A1’ as: 15
A1 = (ga1
mod p) ----- (3)
[0027]‘A1’ value is then transmitted to the joining node 103 in an
unsecured mode. The joining node 103, after receiving the ‘A1’ value,
chooses random numbers b1, b2, and b3, and calculates value of ‘B1’ as:
B1 = (gb1
mod p) ----- (4) 20
[0028]‘B1’ value is then transmitted to the trust center 101 in an
unsecured mode. Further, the trust center 101 calculates the first secret key 11/22

(s1) as:
s1 = (B1a1
mod p) ----- (5)
[0029]The joining node 103 calculates the first secret key (s1) as:
s1 = (A1b1
mod p) ----- (6)
[0030]In a preferred embodiment, the value of s1 is same in both 5
trust center 101 and the joining node 103.
[0031]Further, the trust center 101, and the joining node 103
calculates (308) a second secret key (s2) from the set of intermediate secret
keys (p, g). The trust center 101 calculates value of ‘A2’ as:
A2 = (ga2
mod p) ----- (7) 10
[0032]‘A2’ value is then transmitted to the joining node 103 in an
unsecured mode. The joining node 103, after receiving the ‘A2’ value,
calculates value of ‘B2’ as:
B2 = (gb2
mod p) ----- (8)
[0033]‘B2’ value is then transmitted to the trust center 101 in an 15
unsecured mode. Further, the trust center 101 calculates the second secret
key (s2) as:
s2 = (B2a2
mod p) ----- (9)
[0034]The joining node 103 calculates the second secret key (s2) as:
S2 = (A2b2
mod p) ----- (10) 20
[0035]In a preferred embodiment, the value of s2 is same in both
trust center 101 and the joining node 103. 12/22

[0036]Further, the trust center 101, and the joining node 103
calculates (310) a third secret key (s3) from the set of intermediate secret
keys (p, g). The trust center 101 calculates value of ‘A3’ as:
A3 = (s1a3
mod s2) ----- (11)
[0037]‘A3’ value is then transmitted to the joining node 103 in an 5
unsecured mode. The joining node 103, after receiving the ‘A3’ value,
calculates value of ‘B3’ as:
B3 = (s1b3
mod s2) ----- (12)
[0038]‘B3’ value is then transmitted to the trust center 101 in an
unsecured mode. Further, the trust center 101 calculates the third secret key 10
(s3) as:
s3 = (B3a3
mod s2) ----- (13)
[0039]The joining node 103 calculates the third secret key (s3) as:
s3 = (A3b3
mod s2) ----- (14)
[0040]At this point, both the trust center 101, and the joining node 15
103 possesses same secret keys s1, s2, and s3. Now, the trust center 101,
and the joining node 103 calculates (312) a common secret key from the
secret keys (s1, s2, and s3), and the binary file. To calculate the common
secret key, binary value of s1 is identified and number of digits (‘d’) in the
binary value is identified. Now, the encryption module 102, and the 20
decryption module 104 identifies position in the binary file represented by
the number equivalent to s1. Now, from the file present at the identified 13/22

position, the encryption module 102, and the decryption module 104
reads‘d’ bytes, and appends these bytes to calculate a first intermediate
final secret key (sk1).
[0041]Further, the encryption module 102, and the decryption
module 104 identifies binary value of s2 and number of digits (‘e’) in the 5
binary value is identified. Now, the encryption module 102, and the
decryption module 104 identifies position in the binary file represented by
the number equivalent to s2. Now, from the file present at the identified
position, the encryption module 102, and the decryption module 104 reads
‘e’ bytes, and appends these bytes to calculate a second intermediate final 10
secret key (sk2).
[0042]Further, the encryption module 102, and the decryption
module 104 identifies binary value of s3 and number of digits (‘f’) in the
binary value is identified. Now, the encryption module 102, and the
decryption module 104 identifies position in the binary file represented by 15
the number equivalent to s3. Now, from the file present at the identified
position, the encryption module 102, and the decryption module 104 reads
‘f’ bytes, and appends these bytes to calculate a third intermediate final
secret key (sk3).
[0043]Further, the final secret key is calculated as sum of the first 20
intermediate final secret key (sk1), second intermediate final secret key
(sk2), and the third intermediate final secret key (sk3). 14/22

Final secret key (Sk) = sk1 + sk2 + sk3 ---- (15)
[0044]The final secret key thus calculated, along with other
required protocols, is used by the encryption module 102 to encrypt the link
key transmission from the trust center 101 to the joining node 103. The
decryption module 104 at the joining node 103 decrypts the data received 5
from the trust center, using the common secret key. The common secret key
may be further used for encrypting any associated message transmission
between the trust center 101 and the joining node 103. For example,
acknowledgement messages transmitted between the trust center 101 and
the joining node 103 may be encrypted using the common secret key. 10
[0045]The various actions in method 300 may be performed in the
order presented, in a different order or simultaneously. Further, in some
embodiments, some actions listed in FIG. 3 may be omitted.
[0046]The embodiments disclosed herein can be implemented
through at least one software program running on at least one hardware 15
device and performing network management functions to control the
network elements. The network elements shown in Fig. 1 include blocks
which can be at least one of a hardware device, or a combination of
hardware device and software module.
[0047]The embodiments disclosed herein specify a system for 20
secured link key transmission between a trust center and joining node in a
ZigBee network. The mechanism allows secured mode of secret key 15/22

generation and use of the same for secured link key transmission, providing
a system thereof. Therefore, it is understood that the scope of protection is
extended to such a system and by extension, to a computer readable means
having a message therein, said computer readable means containing a
program code for implementation of one or more steps of the method, when 5
the program runs on a server or mobile device or any suitable
programmable device. The method is implemented in a preferred
embodiment using the system together with a software program written in,
for ex. Very high speed integrated circuit Hardware Description Language
(VHDL), another programming language, or implemented by one or more 10
VHDL or several software modules being executed on at least one
hardware device. The hardware device can be any kind of device which can
be programmed including, for ex. any kind of a computer like a Micro
Controllers or System On Chips (SoC) or a server or a personal computer,
or the like, or any combination thereof, for ex. one processor and two 15
FPGAs. The device may also include means which could be for ex.
hardware means like an ASIC or a combination of hardware and software
means, an ASIC and an FPGA, or at least one microprocessor and at least
one memory with software modules located therein. Thus, the means are at
least one hardware means or at least one hardware-cum-software means. 20
The method embodiments described herein could be implemented in pure
hardware or partly in hardware and partly in software. Alternatively, the 16/22

embodiment may be implemented on different hardware devices, for ex.
using a plurality of CPUs.
[0048]The foregoing description of the specific embodiments will
so fully reveal the general nature of the embodiments herein that others can,
by applying current knowledge, readily modify and/or adapt for various 5
applications such specific embodiments without departing from the generic
concept, and, therefore, such adaptations and modifications should and are
intended to be comprehended within the meaning and range of equivalents
of the disclosed embodiments. It is to be understood that the phraseology or
terminology employed herein is for the purpose of description and not of 10
limitation. Therefore, while the embodiments herein have been described in
terms of preferred embodiments, those skilled in the art will recognize that
the embodiments herein can be practiced with modification within the spirit
and scope of the claims as described herein.

17/22

STATEMENT OF CLAIMS
We claim,
1. A method for secured link key transmission between a joining
node and a trust center in a ZigBee network, said method
comprises of:
sharing a binary file from said trust center with said joining
node;
calculating a common secret key at said trust center and said
joining node, using said binary file;
encrypting said link key transmission between said trust center
and said joining node using said common secret key; and
decrypting said link key transmission using said common secret
key.
2. The method as claimed in claim 1, wherein calculating said
common secret key further comprises of:
generating a first set of secret numbers;
generating a set of intermediate secret numbers using said first
set of secret numbers;
calculating a first intermediate secret key from said set of
intermediate secret numbers;
calculating a second intermediate secret key from said set of 18/22

intermediate secret numbers;
calculating a third intermediate secret key from said set of
intermediate secret numbers;
generating a first secret key from said first intermediate secret
key;
generating a second secret key from said second intermediate
secret key;
generating a third secret key from said third intermediate secret
key; and
calculating said common secret key from said first secret key,
said second secret key, and said third secret key.
3. The method as claimed in claim 2, wherein said first set of
secret numbers is generated from said binary file.
4. The method as claimed in claim 2, wherein calculating said
common secret key further comprises of adding said first secret
key, said second secret key, and said third secret key.
5. A system for secured link key transmission between a joining
node and a trust center in a ZigBee network, said system
configured for:
sharing a binary file with said joining node using said trust
center;
calculating a common secret key from said binary file, using 19/22

said trust center and said joining node; and
encrypting said link key transmission using said common
secret key, using said trust center; and
decrypting said link key transmission using said common
secret key, using said joining node.
6. The system as claimed in claim 5, wherein said trust center is
further configured to calculate said common secret key by:
generating a first set of secret numbers, using an encryption
module;
generating a set of intermediate secret numbers using said first
set of secret numbers, using said encryption module;
calculating a first intermediate secret key from said set of
intermediate secret numbers, using said encryption module;
calculating a second intermediate secret key from said set of
intermediate secret numbers, using said encryption module;
calculating a third intermediate secret key from said set of
intermediate secret numbers, using said encryption module;
generating a first secret key from said first intermediate secret
key, using said encryption module;
generating a second secret key from said second intermediate
secret key, using said encryption module;
generating a third secret key from said third intermediate secret 20/22

key, using said encryption module; and
calculating said common secret key from said first secret key,
said second secret key, and said third secret key, using said
encryption module.
7. The system as claimed in claim 6, wherein said encryption
module is further configured to generate said first set of secret
numbers from said binary file.
8. The system as claimed in claim 6, wherein said encryption
module is further configured to calculate said common secret key
by adding said first secret key, said second secret key, and said third
secret key.
9. The system as claimed in claim 5, wherein said joining node is
further configured to calculate said common secret key by:
generating a first set of secret numbers, using a decryption module;
generating a set of intermediate secret numbers using said first set
of secret numbers, using said decryption module;
calculating a first intermediate secret key from said set of
intermediate secret numbers, using said decryption module;
calculating a second intermediate secret key from said set of
intermediate secret numbers, using said decryption module;
calculating a third intermediate secret key from said set of
intermediate secret numbers, using said decryption module; 21/22

generating a first secret key from said first intermediate secret key,
using said decryption module;
generating a second secret key from said second intermediate secret
key, using said decryption module;
generating a third secret key from said third intermediate secret key,
using said decryption module; and
calculating said common secret key from said first secret key, said
second secret key, and said third secret key, using said decryption
module.

10. The system as claimed in claim 9, wherein said decryption
module is further configured to generate said first set of secret
numbers from said binary file.
11. The system as claimed in claim 9, wherein said decryption
module is further configured to calculate said common secret
key by adding said first secret key, said second secret key, and
said third secret key.