Waggle Dance Yourself to Automation
March 16, 2020
Network
ZigBee, named for the waggle dance bees use to communicate, is one of the oldest, and most often used protocols, but how much do you know about it? ZigBee operates across various frequencies, but only the 2.4GHz band is available for use worldwide. For simplicity and manufacturing scale, most ZigBee solutions use that band. Since ZigBee uses one of the same bands as Wi-Fi, it would be easy to assume it’s capable of similar coverage. However, ZigBee has much greater distance limitations.
First, Wi-Fi has a minimum 20MHz channel width. Alternatively, ZigBee uses a 2Mhz channel, each spaced 5Mhz apart. The narrower channel width decreases the noise received from cosmic microwave background radiation (CMBR). By reducing our channel width from 20MHz to 2MHz, we reduce the minimum noise floor from -102dBm to -112dBm. Additionally, by transmitting on a 2MHz channel versus a 20MHz, we also increase our power spectral density at a given output power by an additional 10dBm. In short, by reducing the channel width, ZigBee gains 20dBm of SNR over Wi-Fi. Further, ZigBee is encoded with offset quadrature phase-shift keying (OQPSK). OQPSK is as robust as binary phase-shift keying, the most robust encoding scheme used in Wi-Fi. In-fact, OQPSK bit error rates (BER) stay below 0.1% until the SNR falls below 4dBm.
So, what does this mean? Let’s start our coverage with a standard Wi-Fi 2.4Ghz AP. At the cell edge in a quiet RF environment, where we have a 20dBm SNR and a signal of -82dBm. The Wi-Fi is usable here, but it will begin to fall apart quickly as we move further. For ZigBee, our narrower channel width gives us a 20dBm advantage. Plus, we only need a 4dBm SNR. This gives us 36dBm before we get to the cell edge of our ZigBee coverage. That practically means we can double our distance from the transmitter six more times before we reach the cell edge of our ZigBee coverage. That’s a lot of coverage!
Of course, as with all things in life, distance and robustness come with a disadvantage: throughput. ZigBee on 2.4GHz has a PHY rate of 250Kbps. This rate includes the management overhead, which further limits the effective throughput. Low speed brings us back to the point of ZigBee and those honeybees. ZigBee carries small amounts of serialized data from sensors and commands to actuators, but the net effect can be enormous.
The data moves between a Zigbee Coordinator (ZC) and a ZigBee End Device (ZED). Some ZEDs may also function as ZigBee Routers (ZR). Always-on ZEDs are most likely to function as both ZEDs and ZRs, as their always-powered nature makes them ideal for participating as a router in a mesh network. Lightbulbs are an excellent example of ZRs. The LED within the bulb is the ZED; it might be off or on. However, the ZigBee chipset is never de-energized and is thus capable of acting as a ZR mesh node. This mesh network is the last secret to ZigBee coverage. Every ZR functions as a mesh node, ensuring traffic can cover further distances between ZEDs and the ZC.
The last part of the puzzle is an important one. If ZigBee is robust over long distances, it can also be attacked and decoded more easily from outside of your organization. If you’ve been paying attention, there have been a few less-than-flattering articles about ZigBee security. ZigBee uses symmetric key encryption. By using symmetric keys, the workload of key management is significantly reduced, ensuring CPU cycles and battery power is conserved. But symmetric key encryption creates a chicken and egg problem. How do you exchange the symmetric keys used to secure communication?
Anytime a new device is added to a ZigBee network, the key exchange can be exploited. For this reason, it’s crucial to secure the ZC to ensure devices can only be added by authorized personnel. Further, a firewall must exist between the LAN and the ZC with strict destination IP/port rules.
ZigBee is a series of trade-offs. For distance and robustness, we trade throughput. For low power and simplicity, we trade certain aspects of security. But, for the right application where low cost, long-distance, low throughput links are required, there’s no better ecosystem to investigate.