zigbee control bridge firmware and software development
TRANSCRIPT
Defence Research and Development Canada Contract Report DRDC-RDDC-2021-C122 July 2021
CAN UNCLASSIFIED
CAN UNCLASSIFIED
Zigbee Control Bridge firmware and software development
Michel Bélanger 2Keys Corporation Prepared by: 2Keys Corporation 1600 Carling Ave Ottawa, ON K1Y 1B2 PSPC Contract Number: W7714-156010 Technical Authority: Pierre-Luc Drouin Contractor's date of publication: March 2020
Terms of Release: This document is approved for public release. The body of this CAN UNCLASSIFIED document does not contain the required security banners according to DND security standards. However, it must be treated as CAN UNCLASSIFIED and protected appropriately based on the terms and conditions specified on the covering page.
Template in use: EO Publishing App for CR-EL Eng 2021-02-11.dotm
© Her Majesty the Queen in Right of Canada (Department of National Defence), 2020
© Sa Majesté la Reine en droit du Canada (Ministère de la Défense nationale), 2020
CAN UNCLASSIFIED
CAN UNCLASSIFIED
IMPORTANT INFORMATIVE STATEMENTS
This document was reviewed for Controlled Goods by Defence Research and Development Canada using the Schedule to the Defence Production Act.
Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it. Canada does not assume any liability in respect of any damages or losses arising out of or in connection with the use of, or reliance on, any information, product, process or material included in this document.
1
Abstract……….…….…….
The Internet of Things (IoT) is currently going through an exponential growth and billions of IoT
devices, mostly sensors and actuators are expected to be connected to the internet within the next
couple of years. DRDC is conducting a research on the security aspect of IoT and its related
concepts and technologies.
Support was provided to the project as follow:
Evaluate hardware development boards.
Evaluate software development tools.
Firmware development for IoT systems.
Software development for a Linux application with inline documentation compatible with
Doxygen
Experimentation with IoT devices and the Zigbee network.
Significance for Defence and Security
IoT protocols such as Zigbee have numerous potential applications in the Canadian Armed Forces
ranging from building automation to wearable technologies. The discovery of exploits or security
flaws in IoT protocols may also be of interest to stakeholders in defence and security. This report
discusses the development of a programming toolset which was first introduced in [1], and which
can be used to test network scenarios for potential security risks or vulnerabilities. It presents the
different platforms that are now supported by the toolkit, as well as the development of its
functionalities and of its user interface.
2
Résumé……….…….
L'Internet des objets (IoT) connaît actuellement une croissance exponentielle et des milliards
d'appareils IoT, principalement des capteurs et des actionneurs, devraient être connectés à l’Internet
au cours des prochaines années. RDDC mène une recherche sur l'aspect sécurité de l'IoT et des
concepts et technologies connexes.
Un soutien a été apporté au projet comme suit :
Évaluer le matériel électronique d’expérimentation.
Évaluer les outils de développement logiciel.
Développement de firmware pour les systèmes IoT.
Développement logiciel pour une application Linux et documentation compatible avec
Doxygen.
Expérimentation d'appareils IoT et du réseau Zigbee.
Importance pour la défense et la sécurité
Les protocoles de l’Internet des objets tels que Zigbee ont de nombreuses applications potentielles
dans les Forces armées canadiennes qui vont de l’automatisation des bâtiments jusqu’aux appareils
électroniques portables. La découverte d’un exploit ou d’un défaut de sécurité dans les protocoles
d’Internet des objets peut aussi être d’intérêt pour les intervenants en défense et sécurité. Ce rapport
discute des développements d’un outil de programmation qui fut introduit dans [1], et qui peut être
utilisé pour tester des scenarios de réseaux afin de détecter des risques de sécurité ou des
vulnérabilités. Il présente les différentes plateformes qui sont maintenant supportées par l’outil,
ainsi que les développements de ses fonctionnalités et de son interface.
3
Table of contents
Abstract……….…….……. ............................................................................................................. 1
Significance for Defence and Security ............................................................................................. 1
Résumé……….……. ....................................................................................................................... 2
Importance pour la défense et la sécurité ......................................................................................... 2
Table of contents .............................................................................................................................. 3
List of figures ................................................................................................................................... 4
List of tables ..................................................................................................................................... 5
1 Introduction ............................................................................................................................... 6
1.1 Zigbee ............................................................................................................................. 6
1.1.1 Devices ................................................................................................................. 7
1.1.2 Network ................................................................................................................ 8
2 Support provided ....................................................................................................................... 9
2.1 Evaluate hardware development boards ......................................................................... 9
2.1.1 JN5169 USB DONGLE ....................................................................................... 9
2.1.2 USB-KW41Z Sniffer/Development board ......................................................... 10
2.1.3 FRDM-KW41Z Freedom Development board ................................................... 11
2.2 Evaluate software development tools ........................................................................... 11
2.2.1 Beyond Studio IDE............................................................................................. 12
2.2.2 MCUXpresso IDE .............................................................................................. 13
2.3 Firmware development for IoT systems ....................................................................... 14
2.4 Software development for a Linux application ............................................................ 14
2.4.1 Control Bridge library ........................................................................................ 14
2.4.2 Control Bridge test tool ...................................................................................... 15
2.4.2.1 Command line arguments ......................................................................... 16
2.4.2.2 Globals for the command prompt and the configuration file. ................... 17
2.4.2.3 Commands for the command prompt and the configuration file. ............. 18
2.4.2.4 Configuration file example. ...................................................................... 20
2.5 Experimentation with IoT devices and the Zigbee network ......................................... 20
3 Conclusion ............................................................................................................................... 22
References/Bibliography.... ............................................................................................................ 23
List of symbols/abbreviations/acronyms/initialisms ...................................................................... 26
4
List of figures
Figure 1: Zigbee mesh network. ...................................................................................................... 6
Figure 2: Testing environment for IoT devices. .............................................................................. 7
Figure 3: Testing environment for an IoT network. ........................................................................ 8
Figure 4: JN5169 USB DONGLE. .................................................................................................. 9
Figure 5: USB-KW41Z Sniffer/Development board. ................................................................... 10
Figure 6: FRDM-KW41Z Freedom Development board. ............................................................. 11
Figure 7: Beyond Studio IDE. ....................................................................................................... 12
Figure 8: MCUXpresso IDE. ........................................................................................................ 13
Figure 9: Firmware development for USB-KW41Z or FRDM-KW41Z boards. .......................... 14
Figure 10: Control Bridge test tool. .............................................................................................. 15
Figure 11: Commercial IoT devices. ............................................................................................. 21
Figure 12: Network Protocol Analyser (Sniffer)........................................................................... 21
5
List of tables
Table 1: Command line arguments. .............................................................................................. 16
Table 2: Configurable globals ....................................................................................................... 17
Table 3: Commands ...................................................................................................................... 18
6
1 Introduction
The Internet of Things (IoT) is currently going through an exponential growth and billions of IoT
devices, mostly sensors and actuators are expected to be connected to the Internet within the next
couple of years. DRDC is conducting a research on the security aspect of IoT and its related
concepts and technologies.
Sensors and actuators used to be connected on wired private networks called fieldbus. Over the last
decades several of those fieldbus were deployed everywhere, DeviceNet (Allen-Bradley),
ControlNet (Allen-Bradley), Profibus (Siemens), Modbus (Schneider), CANbus (Bosh) etc.
Feildbus deployment required cables to be installed to connect each sensor and actuator to the Data
Acquisition System (fieldbus gateway). With IoT devices the network communication between the
sensors, actuators and the IoT gateway is done wirelessly, making it much easier to move or add
devices to an existing network.
The Internet of Things does not currently have a clear definition and security standards are mostly
inexistent or in the initial stage, IoT devices are consumer products. Consumer are generally lacking
the education to understand the requirements for cybersecurity and privacy protection, making
vendors prioritize cost and features over security when getting IoT devices to market.
It is important to conduct researches to evaluate the current state of the security aspect of IoT and
were it seems to be going in the near future. IoT devices will soon be everywhere, homes, offices,
cities, production plants, power plants, etc.
1.1 Zigbee
DRDC has decided to explore the security aspect of IoT over a Zigbee network. Zigbee is a low-
power mesh network base on the IEEE 802.15.4 specification.
Figure 1: Zigbee mesh network.
7
1.1.1 Devices
The ability to monitor and control the behavior of the firmware at runtime was required. A serial
protocol supported by a test application on a Linux host and by the firmware of the IoT device
needed to be implemented.
Figure 2: Testing environment for IoT devices.
8
1.1.2 Network
The ability to monitor and control the behaviour of the firmware at runtime needed to be
implemented in such a way that multiple devices of different device types could be monitored at the
same time. That approach would allow to monitor the full communication interaction between
devices and trigger behaviours from any node on the network.
Figure 3: Testing environment for an IoT network.
9
2 Support provided
Support was provided on different aspect of the project as required. Every week status updates on
the ongoing work were provided and the priorities for the upcoming week were established.
2.1 Evaluate hardware development boards
Three different development boards are used on the project. The JN5169 USB DONGLE, the USB-
KW41Z Sniffer/Development board and the FRDM-KW41Z Freedom Development board. Each
board was evaluated based on the hardware implementation, the documentation available and the
development tools available.
2.1.1 JN5169 USB DONGLE
Figure 4: JN5169 USB DONGLE.
The board’s micro-controller unit (MCU) is a JN5169, a 32-bit RISC processor. The MCU features
512 kB embedded Flash, 32 kB RAM and 4 kB EEPROM memory, allowing OTA upgrade
capability without external memory, a 2.4 GHz IEEE802.15.4 compliant transceiver and a mix of
analog and digital peripherals.
The development board can be used as any Zigbee device type and be used as a node in a ZigBee
wireless network. Zigbee coordinator nodes can be monitored/controlled through a Control Bridge
API from a host computer. A packet sniffer firmware is also provided by NXP.
The JN519 USB DONGLE was initially chosen as the target development board because the
hardware was already in the possession of DRDC from previous projects. Unfortunately it became
clear as it was evaluated that the products was not being maintained by NXP, the documentation
was incomplete, the Software Development Kits (SDKs) had not been updated for two years and the
Integrated Development Environment (IDE), Beyond Studio, was based on an Eclipse version more
than 2 years old and no update were available.
10
It was suggested and accepted that in order to guarantee the long term success of the project, a new
development board had to be introduced in parallel to the JN5169 USB Dongle. The USB-KW41Z
Sniffer/Development board and the FRDM-KW41Z Freedom Development board were chosen.
2.1.2 USB-KW41Z Sniffer/Development board
Figure 5: USB-KW41Z Sniffer/Development board.
The board’s MCU is a KW41Z, an ARM Cortex-M0+ processor. The MCU features 512 kB
embedded flash, 128 kB SRAM, a 2.4 GHz IEEE802.15.4 compliant transceiver and a mix of
analog and digital peripherals.
The development board features an OpenSDA v3.0-a serial and debug adapter circuit with open-
source hardware design, bootloader and debug interface software. The circuit offers easy-to-use
mass-storage-device mode flash programmer and virtual serial port available on Windows or Linux
through the USB interface.
The development board can be used as any Zigbee device type and be used as a node in a ZigBee
wireless network. Zigbee nodes can be monitored/controlled through a Control Bridge API from a
host computer. A packet sniffer firmware is also provided by NXP.
NXP provides software development support for the board through their new IDE called
MCUXpresso. The provided SDKs and firmware examples through the IDE interface. The also
provide the NXP Test Tool utility, a Windows based graphical interface that communicates via a
serial interface to NXP development boards.
11
2.1.3 FRDM-KW41Z Freedom Development board
Figure 6: FRDM-KW41Z Freedom Development board.
The board’s MCU is a KW41Z, same as on the USB-KW41Z Sniffer/Development board. The
board also features the OpenSDA v3.0-a serial and debug adapter circuit.
The board includes headers to interface with the general-purpose functions, and to assist in the
implementation of target applications. The board has alternate port functions routed to those
interface headers to leverage the off-board Freedom development platform peripherals like:
Serial flash memory intended for Over-The-Air Programming (OTAP), or for storing the
non-volatile system data or parameters.
Accelerometer and magnetometer combo sensor.
Thermistor connected to two ADC inputs.
A RGB LED and a single Red LED for user applications.
Two tactile buttons and two TSI electrodes for Human Machine Interaction (HMI).
An infrared transmitter.
Several interface connectors.
Same as for the USB-KW41Z, NXP provides software development support, SDKs and firmware
examples for the board through MCUXpresso.
2.2 Evaluate software development tools
NXP provides support for software development through two Eclipse based IDE:
Beyond Studio IDE for the JN5169 USB DONGLE.
MCUXpresso IDE for the USB-KW41Z Sniffer/Development board and the FRDM-
KW41Z Freedom Development board.
12
2.2.1 Beyond Studio IDE
Figure 7: Beyond Studio IDE.
BeyondStudio IDE is based on the Elipse open source software platform. The IDE provides a
platform for the development of wireless network applications to be run on NXP’s JN516x family
of wireless microcontrollers. NXP supplies a Software Development Kit (SDK) package, JN-SW-
4141, that contains the toolchain required for JN516x application development.
The JN5169 MCU was still a NXP product, but unofficially it has not been supported by NXP for
almost two years. The BeyoundStudio IDE, the JN516x SDK and the documentation had not been
updated by NXP for almost two years.
It was evaluated that BeyondStudio is not a bad software, but it is also not a good one. The NXP
plugins into the Eclipse platform, allowing support for the NXP hardware product, could be better
integrated and could use a redesign in order to be more intuitive.
The documentation provided by NXP for the BeyondStudio IDE and the SDK for the JN516x
microcontrollers is incomplete. This made the learning curve of setting up the tools, understanding
the SDK’s Application Programming Interfaces (API) and implementing DRDC specific firmware,
a long and laborious process.
It was suggested and accepted to find another platform to do development in parallel to assure the
longevity of the project. The two KW41Z development boards were selected.
13
2.2.2 MCUXpresso IDE
Figure 8: MCUXpresso IDE.
MCUXpresso IDE is based on the Eclipse open source software platform. The IDE provides a
platform for the development of wireless network applications to be run on NXP’s ARM based
MCUs. NXP supplies several Software Development Kit (SDK) packages that contain the toolchain
required to develop software application for the NXP’s ARM based MCUs.
Compared to the BeyongStudio IDE, with the MCUXpresso IDE:
The product is easier to install and configure.
The documentation is more mature.
The tools (NXP’s Eclipse Plugins) are better designed, better integrated and more user
friendly.
The SDKs are richer and were update twice over 2020.
Imported firmware examples into the IDE workspace is a charm, but they still lack proper
documentation.
Overall the MCUXpresso IDE is a much better product than the BeyondStudio IDE.
14
2.3 Firmware development for IoT systems
Figure 9: Firmware development for USB-KW41Z or FRDM-KW41Z boards.
The FRDM-KW41Z Freedom Development Board and the USB-KW41Z Sniffer/Development
board come with the OpenSDA v3.0-a software preloaded with an open-source mass storage device
(MSD) bootloader and the Segger J-Link Interface firmware, which provides a MSD flash
programming interface, a virtual serial port interface, and a J-Link debug protocol interface under
both Linux and Windows version of the MCUExpresso IDEs.
Using the firmware examples provided by NXP through their SDKs, it is easy and fast to have a
basic ZigBee device firmware built, flashed and running on a KW41Z MCU. To enhance the
functionally of those example firmwares, the task is more complicated because of a lack of well
written documentation about how they were implemented.
Projects for a Zigbee coordinator, a Zigbee router and a Zigbee end-device were created from the
NXP examples and then modified to add functionalities to accommodate the project.
On the JN5169 USB DONGLE only a Zigbee coordinator project was created from the NXP
example. The procedure on the BeyondStudio IDE to import the example source code, get it to
build and flash it binary to the JN5169 MCU is a lot less user friendly and very poorly documented.
The documentation on how the examples were implemented is none existent.
2.4 Software development for a Linux application
NXP provides a host application interface (Host API) to implement a test tool to perform control
and monitor of the Zigbee protocol stack running on a target firmware connected to the host through
USB.
2.4.1 Control Bridge library
The API was used for implementing a communication library and a test tool application, but as the
project evolved the library had to also evolve and support new enhanced its functionalities.
The Library was debugged.
15
The library command IDs were change to reflect the command ID on the firmware side
define in the Zigbee 3.0 library.
The Network State command was added to the Control Bridge Library.
The debug printout were reformatted to allow monitoring/debugging Control Bridge API
message processing.
2.4.2 Control Bridge test tool
Figure 10: Control Bridge test tool.
The tool was redesigned with an extendable architecture allowing to add new functionalities
without a complete rewrite. Some of the new functionalities include:
User friendly debug printouts.
Command line arguments.
Support communication to all Zigbee device types (coordinator, router and end-device).
Configurable parameters like: baud rate, channel mask, short addresses extended addresses,
security key.
Configurable addressing mode (short or extended).
Several pre-configured test sequences.
Ability to load a testing sequence from a configuration file.
16
Command prompt to monitor and control the target Zigbee firmware.
2.4.2.1 Command line arguments
Usage: cbTerminal -v -p -d 3 -t 1 -b 115200 tty_name
Table 1: Command line arguments.
Options Descriptions
-b xxx Baud rate. Default is 115200
9600, 19200, 38400, 57600, 115200, 500000 or 1000000
-c xxx Channel mask (11-26). Default is 11
-d xxx Device type. Default is 1 (coordinator)
1 (coordinator), 2 (router), 3 (end device)
-e xxx Erase permanent data before any test. (true or false) Default is true
-f name Configuration filename to be loaded
-h xxx Security Key high bits. Default is 0x5A6967426565416C
-k xxx Set security state and key before any test. (true or false) Default is
false
-l xxx Security Key low bits. Default is 0x6C69616E63653039
-m xxx Addressing Mode (2 [short] or 3 [extended]). Default is 2
-p Enable command prompt. Default is disable
-t xxx Run the specified test number. Default is none
-v Increase verbosity
-V Increase verbosity & enable debug printing
-w xxx Number of seconds to wait before exiting at the end of testing
17
Default is 300 seconds
-x xxx Device short address (16 bits). Default is 0x5454
-y xxx Destination device short address (16 bits). Default is 0x5454
-z xxx Target device short address (16 bits). Default is 0x5454
-X xxx Device extended address (64 bits). Default is 0x123454541234
-Y xxx Destination device extended address (64 bits). Default is
0x1234567890ABC
-Z xxx Target device extended address (64 bits). Default is
0x1234567890ABC
tty_name tty full path. Example : /dev/ttyACM0
2.4.2.2 Globals for the command prompt and the configuration file.
Table 2: Configurable globals
Globals Value Description
cluster_id VALUE_16b Cluster ID
command_id VALUE_8b Command ID
short_addr VALUE_16b Device Short Address
epid VALUE_64b Device Extended PAN Id
ext_addr VALUE_64b Device Extended Address
panid VALUE_16b Device PAN Id
on_off_state VALUE_8b On/Off State
on_off_time VALUE_16b On/Off Time
18
on_off_effect_id VALUE_8b On/Off Effect ID
on_off_effect_gradient VALUE_8b On/Off Effect Gradient
ssk_high VALUE_64b Security key high bits
ssk_low VALUE_64b Security key low bits
addr_mode VALUE_8b Addressing Mode (2 - Short) (3 - Extended)
dest_short_addr VALUE_16b Destination Device Short Address
dest_ext_addr VALUE_64b Destination Device Extended Address
target_short_addr VALUE_16b Target Device Short Address
target_ext_addr VALUE_64b Target Device Extended Address
source_endpoint VALUE_8b Source EndPoint
dest_endpoint VALUE_8b Destination EndPoint
target_endpoint VALUE_8b Target EndPoint
2.4.2.3 Commands for the command prompt and the configuration file.
Table 3: Commands
Commands Value Description
reboot Erase persistent Data and MCU Reset
reset Factory reset the device, erasing persistent
data
version Get version
find Triggers Find and Bind as an Initiator
19
steer Triggers Network Steering for a device on the
network
start Start the network
join Join a device on the network
bind Bind to a device on the network
unbind Unbind from a device on the network
set_channel VALUE_32b Set network channel
set_ssk Set the Secure State and Key
set_epid VALUE_64b Set Device Extended PAN Id
network_state Retrieve the device network info (Short
address, extended address, pan ID, extended
pan ID and channel )
mgmt_lqi Requests a remote node to provide a list of
neighboring nodes
on_off_no_effetcs Sends the On Off With No Effects command
on_off_timed_send Sends the On Off Timed-Send command
on_off_with_effects Sends the On Off With Effects command
read_attribute Sends the Read Attribute Request command
write_attribute Sends the Write Attribute Request command
test VALUE_16b Run the specified test
config FILENAME Configuration filename to open
print Print the values of the application global
variables
20
help Print list of supported globals and commands
Optional value [globals] or [commands]
quit Exit the application
2.4.2.4 Configuration file example.
Example of setting up the security key and channel before starting the network than allowing
devices to join.
----------------------
reboot
sleep 2
ssk_high 0x5A6967426565416C
ssk_low 0x6C69616E63653039
set_ssk
set_channel 14
start
join
----------------------
2.5 Experimentation with IoT devices and the Zigbee network
In order to validate/confirm/broaden the experimentation, commercial IoT devices were tested
alongside Zigbee devices with custom firmware. Several different types of Zigbee enabled IOT
devices have been purchased to experiment with like temperature sensor, light bulb, motion sensor,
outlet and multi-purpose sensor.
21
Figure 11: Commercial IoT devices.
The K22F on the USB-KW41Z Sniffer/Development Board can be loaded with a sniffer firmware
that can be used in conjunction with another sniffer firmware loaded on the KW41Z transforming
the board into a network protocol analyzer adapter.
The network protocol analyzer was used in conjunction with other debugging tools to monitor the
Zigbee network connectivity and security. The network protocol analyzer is used to display a
captured view with all the valid IEEE 802.15.4 frames sent over the air on the monitored channel.
Figure 12: Network Protocol Analyser (Sniffer).
22
3 Conclusion
So far support has been provided for the project on different aspect like:
Evaluate hardware development boards.
Evaluate software development tools.
Firmware development for IoT systems.
Software development for a Linux application with inline documentation compatible with
Doxygen.
Experimentation with IoT devices and the Zigbee network.
So far it is fair to conclude:
Based on protocol features implemented in IEEE 802.15.4, ZigBee has a potential future.
Zigbee enabled IOT devices can be remarkably affordable and accessible. They can provide
a good solution in harsh, dangerous, and difficult environments or where wired networking
is a very costly solution. Wireless IoT devices open up the potential that in a few years any
consumer could go down to the local store and pick up sensors and controlled devices and
quickly install and configure them.
If IoT devices become as common as traditional computers and smart phones, it is very
important for large organizations to explore and fully understand the security risks that this
new reality will introduce.
23
References/Bibliography....
[1] Sevinc, D., Drouin, P.-L., Development of a programming interface for a Zigbee coordinator
device, DRDC – Ottawa Research Centre.
[2] IEEE, IEEE Standard for Low-Rate Wireless Networks,
https://ieeexplore.ieee.org/document/7460875, Accessed: 29/03.2020.
[3] Nurse, J. R.C. Nurse, Creese, S., and De Roure, D., Security Risk Assessment in Internet Of
Things, https://www.cs.ox.ac.uk/files/9680/2017-itpro-ncd_author-final.pdf, University of
Oxford, Oct. 2017, Accessed: 29/03.2020.
[4] Industrial Internet Consortium , Industrial Internet Of Things / Security Framework,
https://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB.pdf, Oct. 2016, Accessed:
29/03.2020.
[5] IEEE Symposium on Security and Privacy, IoT Goes Nuclear: Creating a ZigBee Chain
Reaction, https://eprint.iacr.org/2016/1047.pdf, 2017 , Accessed: 29/03.2020.
[6] National Institute of Standards and Technology (NIST), NISTIR 7628 - Guidelines for Smart
Grid Cybersecurity, https://www.nist.gov/publications/guidelines-smart-grid-cybersecurity
Sept. 2014, Accessed: 29/03.2020.
[7] National Institute of Standards and Technology (NIST), NISTIR 8200 - Interagency Report on
the Status of International Cybersecurity Standardization for the Internet of Things (IoT),
https://csrc.nist.gov/publications/detail/nistir/8200/final, Nov. 2018, Accessed: 29/03.2020.
[8] National Institute of Standards and Technology (NIST), NIST.SP.800-183 - Networks of
‘Things’, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-183.pdf , Jul.
2016, Accessed: 29/03.2020.
[9] Sicaria, S., Rizzardia, A., Griecob, L.A., Coen-Porisinia, A., Security, Privacy & Trust in
Internet of Things: the road ahead,
https://pdfs.semanticscholar.org/a788/3e5848fde68041dc150d0d36641d921b8ee9.pdf,
Oct. 2018, Accessed: 29/03.2020.
24
JN5169 Microcontroller
[10] NXP Semiconductors, JN5169 - Product data sheet,
https://www.nxp.com/documents/data_sheet/JN5169.pdf, Sept. 2017, Accessed: 29/03.2020.
[11] NXP Semiconductors, JN5169-001-M0x-2 - Product data sheet,
https://www.nxp.com/documents/data_sheet/JN5169-001-M0X-2.pdf, Sept. 2016, Accessed:
29/03.2020.
[12] NXP Semiconductors, JN-UG-3064 - Software Developer’s Kit Installation and User
Guide, https://www.nxp.com/documents/user_manual/JN-UG-3064.pdf, Feb. 2015, Accessed:
29/03.2020.
[13] NXP Semiconductors, JN-UG-3087 - JN516x Integrated Peripherals API User Guide,
https://www.nxp.com/docs/en/user-guide/JN-UG-3087.pdf, Apr. 2017, Accessed: 29/03.2020.
[14] NXP Semiconductors, JN-UG-3098 - BeyondStudio Guide,
https://www.nxp.com/docs/en/user-guide/JN-UG-3098.pdf, Mar. 2015, Accessed: 29/03.2020.
[15] NXP Semiconductors, JN-UG-3113 - ZigBee 3.0 Stack User Guide,
https://www.nxp.com/docs/en/user-guide/JN-UG-3113.pdf, Sept. 2018, Accessed: 29/03.2020.
[16] NXP Semiconductors, JN-UG-3115 - ZigBee Cluster Library User Guide,
https://www.nxp.com/docs/en/user-guide/JN-UG-3115.pdf, Sept. 2018, Accessed: 29/03.2020.
25
KW41Z Microcontroller
[17] NXP Semiconductors, MKW41Z - Data Sheet, https://www.nxp.com/docs/en/data-
sheet/MKW41Z512.pdf, Mar. 2018, Accessed: 29/03.2020.
[18] NXP Semiconductors, MKW41Z - Reference Manual, https://www.nxp.com/files-
static/32bit/doc/ref_manual/MKW41Z512RM.pdf, Oct. 2016, Accessed: 29/03.2020.
[19] NXP Semiconductors, FRDM-KW41Z – Schematics,
https://cache.nxp.com/secured/assets/downloads/en/schematics/FRDM-KW41Z-SCH.pdf, Nov.
2017, Accessed: 29/03.2020.
[20] NXP Semiconductors, FRDM-KW41Z - User Guide,
https://www.mouser.com/pdfdocs/FRDMKW41ZUG.pdf, Nov. 2018, Accessed: 29/03.2020.
[21] NXP Semiconductors, USB-KW41Z – Schematics,
https://cache.nxp.com/secured/assets/downloads/en/schematics/USB-KW41Z-SCH.pdf, Aug.
2016, Accessed: 29/03.2020.
[22] NXP Semiconductors, ZigBee 3.0 Base Device Template, Apr. 2019
[23] NXP Semiconductors, ZigBee 3.0 IoT Control Bridge, Apr. 2019
[24] NXP Semiconductors, Kinetis Protocol Analyzer Adapter - User’s Guide, Dec. 2017
[25] NXP Semiconductors, ZigBee 3.0 Software for the Kinetis MKW41Z Dual Mode Wireless
Microcontroller, Apr. 2019
[26] NXP Semiconductors, MCUXpresso SDK API Reference Manual, Mar. 2017
[27] NXP Semiconductors, NXP Test Tool - User’s Guide, Jun. 2018
[28] NXP Semiconductors, ZigBee 3.0 Devices - User Guide, Oct. 2018
[29] NXP Semiconductors, Kinetis MKW41Z Zigbee 3.0 Software - Quick Start Guide, Nov.
2018
[30] NXP Semiconductors, ZigBee 3.0 Stack - User Guide, Jul. 2018
[31] NXP Semiconductors, ZigBee Cluster Library - User Guide, Feb. 2018
Note: Most of the documentation is provided through the MCUXpresso IDE.
26
List of symbols/abbreviations/acronyms/initialisms
ADC
API
ARM
Analog-to-Digital Converter
Application Programming Interface
Advanced RISC Machine
DRDC
EEPROM
HMI
IDE
IEEE
IoT
LED
MCU
MSD
OTA
OTAP
RAM
RGB
SDK
TSI
USB
Defence Research and Development Canada
Electrically Erasable Programmable Read-Only Memory
Human Machine Interface
Integrated Development Environment
Institute of Electrical and Electronics Engineers
Internet of Things
Light-Emitting Diode
Micro-Controller Unit
Mass Storage Device
Over-The-Air
Over-The-Air Programming
Random-access memory
Red, Green, Blue
Software Development Kit
Touch Sensing Input
Universal Serial Bus
DOCUMENT CONTROL DATA
*Security markings for the title, authors, abstract and keywords must be entered when the document is sensitive
1. ORIGINATOR (Name and address of the organization preparing the document. A DRDC Centre sponsoring a contractor's report, or tasking agency, is entered in Section 8.)
2Keys Corporation 1600 Carling Ave Ottawa, ON K1Y 1B2
2a. SECURITY MARKING (Overall security marking of the document including special supplemental markings if applicable.)
CAN UNCLASSIFIED
2b. CONTROLLED GOODS
NON-CONTROLLED GOODS DMC A
3. TITLE (The document title and sub-title as indicated on the title page.)
Zigbee Control Bridge firmware and software development
4. AUTHORS (Last name, followed by initials – ranks, titles, etc., not to be used)
Bélanger, M.
5. DATE OF PUBLICATION (Month and year of publication of document.)
March 2020
6a. NO. OF PAGES
(Total pages, including Annexes, excluding DCD, covering and verso pages.)
26
6b. NO. OF REFS
(Total references cited.)
31
7. DOCUMENT CATEGORY (e.g., Scientific Report, Contract Report, Scientific Letter.)
Contract Report
8. SPONSORING CENTRE (The name and address of the department project office or laboratory sponsoring the research and development.)
DRDC – Ottawa Research Centre Defence Research and Development Canada 3701 Carling Avenue Ottawa, Ontario K1A 0Z4 Canada
9a. PROJECT OR GRANT NO. (If appropriate, the applicable research and development project or grant number under which the document was written. Please specify whether project or grant.)
05ab - Tactical Network Operations (TNO)
9b. CONTRACT NO. (If appropriate, the applicable number under which the document was written.)
W7714-156010
10a. DRDC PUBLICATION NUMBER (The official document number by which the document is identified by the originating activity. This number must be unique to this document.)
DRDC-RDDC-2021-C122
10b. OTHER DOCUMENT NO(s). (Any other numbers which may be assigned this document either by the originator or by the sponsor.)
11a. FUTURE DISTRIBUTION WITHIN CANADA (Approval for further dissemination of the document. Security classification must also be considered.)
Public release
11b. FUTURE DISTRIBUTION OUTSIDE CANADA (Approval for further dissemination of the document. Security classification must also be considered.)
12. KEYWORDS, DESCRIPTORS or IDENTIFIERS (Use semi-colon as a delimiter.)
internet of things; ZigBee; control bridge
13. ABSTRACT/RÉSUMÉ (When available in the document, the French version of the abstract must be included here.)
The Internet of Things (IoT) is currently going through an exponential growth and billions of IoT devices, mostly sensors and actuators, are expected to be connected to the internet within the next couple of years. DRDC is conducting a research on the security aspect of IoT and its related concepts and technologies.
Support was provided to the project as follow:
- Evaluate hardware development boards.
- Evaluate software development tools.
- Firmware development for IoT systems.
- Software development for a Linux application with inline documentation compatible with Doxygen
- Experimentation with IoT devices and the Zigbee network.
L'Internet des objets (IoT) connaît actuellement une croissance exponentielle et des milliards d'appareils IoT, principalement des capteurs et des actionneurs, devraient être connectés à l’Internet au cours des prochaines années. RDDC mène une recherche sur l'aspect sécurité de l'IoT et des concepts et technologies connexes.
Un soutien a été apporté au projet comme suit :
- Évaluer le matériel électronique d’expérimentation.
- Évaluer les outils de développement logiciel.
- Développement de firmware pour les systèmes IoT.
- Développement logiciel pour une application Linux et documentation compatible avec Doxygen.
- Expérimentation d'appareils IoT et du réseau Zigbee.