In ZigBee mesh networks, paths are chosen based on the quality of the individual RF links. Unfortunately, the link quality between any two nodes is often not symmetric (i.e. the link quality in one direction is the same as the other direction). This can cause suboptimal routes to be chosen through the mesh, resulting in lower network stability. ZigBee PRO provides an Asymmetric Link Handling capability that uses regular information exchanges between neighbors to enable the selection of the best symmetric links.

One of the advantages of 2.4GHz-based ZigBee networks is the choice of 16 different operating channels, compared with a single channel for some competing lower-frequency proprietary systems.

ZigBee PRO's Frequency Agility function (also optional with the ZigBee Feature Set) makes utilization of these channels easier. When a ZigBee network is initiated, the node forming the network scans for an available channel with the least existing traffic or noise.

Over time, if the busyness of the chosen channel increases or a new interference source emerges, the Frequency Agility function may be used by the application to scan for a better channel and seamlessly "move" the entire network to the new channel. This allows the network to adapt to changing environments over months or years.

ZigBee networks use the IEEE 802.15.4 PAN ID as their basic identifier, allowing different logical ZigBee networks even on the same channel. However, if two networks overlap with the same PAN ID (such as devices using the same defaults), confusion may result. ZigBee PRO provides automatic detection and resolution of conflicting PAN IDs, including application notification.

Improved security: New options for more secure communications
Since the beginning, ZigBee has included integrated security functions leveraging AES128 encryption for protecting network communications. ZigBee PRO now provides significant enhancements to the security choices available for secure wireless networks.

ZigBee PRO offers two different security modes: "Standard" security and "High" Security. Standard security extends and is functionally compatible with the "Residential" security mode offered by the ZigBee Feature Set and the 2006 ZigBee specification.

In this mode, all network communications can be encrypted using the AES128 algorithm using a single network-wide "network key". Devices in the network may have the network key pre-configured, individually commissioned, or distributed by a centralized trust center.

The ZigBee PRO Standard Security mode further provides for the additional encryption of application-level communications between node pairs through the use of individual "link keys". While this is also optional in the ZigBee Feature Set as well the earlier 2006 ZigBee specification, it is expected to be more widely deployed going forward.

This allows specific node-to-node application level data to be protected from other nodes in the network. This is important for the collection of potentially sensitive private data or the validation of potentially disruptive commands.

The security enhancements in ZigBee PRO are also important to providing secure basic network operation. For example, certain types of ZigBee nodes can "sleep" (power down for a period of time to conserve power use), and hence miss a "change network key" message from the security Trust Center.

When a sleeping device wakes up, it will try to communicate with the network using its old network key, and will be unable to participate in the network. ZigBee PRO provides the ability for the newly awoken node to use a specific link key to encrypt a message that validates itself with the Trust Center and gets the new network key in a similarly encrypted message.

Otherwise, the validation message and network key would need to be sent "in the clear", potentially compromising the security of the overall network. These same mechanisms can be used to wirelessly commission (i.e. configure for use) individual devices securely, never requiring important data to be transmitted without some level of encrypted protection.

The High Security mode provided in ZigBee PRO adds some further protections for device authentication and key management and distribution, including the use of the SKKE. This mode also provides some additional protections against security replay attacks.

The additional security capabilities inherent in ZigBee PRO are critical as ZigBee is used in increasingly important applications. The control of critical systems infrastructure, whether in a commercial building, utility grid, industrial plant, or a home security system must not be compromised.