958 IEEE 802.15.4 Quiz: Security and Interference Management
958.1 Learning Objectives
After completing this quiz section, you will be able to:
- Calculate security overhead for AES-128 CCM encryption with various MIC sizes
- Explain why link-layer security is critical for IoT applications
- Describe adaptive channel hopping mechanisms in Thread networks
- Understand PER-based channel blacklisting for interference mitigation
Overview: Quiz Bank Overview - Learning objectives and study strategy
Part 2 Quiz Sections: - Deployment and Power - 2 questions on battery life and variant selection - Superframe and Device Types - 4 questions on timing and FFD/RFD - Security and Interference (Current) - 2 questions on encryption and channel hopping
Study Materials: - 802.15.4 Fundamentals - Core concepts - 802.15.4 Topic Review - Quick reference
958.2 Quiz 1: AES-128 CCM Security Overhead
Question 16 (Single-Answer MCQ): An IEEE 802.15.4 network uses AES-128 CCM encryption with security level 5 (Enc-MIC-64, encryption + 64-bit MIC). For a 50-byte payload frame, how much additional overhead does security add, and why is this acceptable despite the 127-byte frame size limit?
Explanation: 802.15.4 Security overhead for CCM mode with MIC-64:
(1) Auxiliary Security Header (5-14 bytes): - Security Control (1 byte) - Frame Counter (4 bytes) - Key Identifier (0-9 bytes, typically 1-byte Key Index) - Typical: 5-6 bytes for network-key mode
(2) MIC (Message Integrity Code): 8 bytes for 64-bit MIC (security level 5)
Total overhead: ~13-14 bytes for common configurations
Frame breakdown (50-byte payload): - PHY Header (6 bytes) - MAC Header (11 bytes) - Security (14 bytes) - Payload (50 bytes) - FCS (2 bytes) - Total: 83 bytes (well within 127-byte limit)
Why acceptable?
(1) Prevents replay attacks via monotonically increasing Frame Counter (attacker can’t reuse old packets)
(2) Detects tampering via MIC (8-byte MIC provides 2^64 authentication space, computationally infeasible to forge)
(3) Encrypts payload using AES-128 (128-bit keys provide 2^128 security margin)
Alternative: No security saves 14 bytes but enables: - Eavesdropping (sensors leak private data) - Packet injection (attacker controls devices) - Replay attacks (unlock doors repeatedly)
Security overhead is 11% of frame capacity but critical for home automation, industrial control, and medical IoT where unauthorized access causes physical harm.
Security Level Summary:
| Level | Mode | MIC Size | Description |
|---|---|---|---|
| 0 | None | 0 | No security |
| 1 | MIC-32 | 4 | Auth only, 32-bit |
| 2 | MIC-64 | 8 | Auth only, 64-bit |
| 3 | MIC-128 | 16 | Auth only, 128-bit |
| 4 | ENC | 0 | Encryption only |
| 5 | ENC-MIC-32 | 4 | Encrypt + auth |
| 6 | ENC-MIC-64 | 8 | Encrypt + auth |
| 7 | ENC-MIC-128 | 16 | Encrypt + auth |
958.3 Quiz 2: Adaptive Channel Hopping in Thread Networks
Question 17 (Single-Answer MCQ): A Thread network (based on 802.15.4) uses channel hopping to avoid interference. The network operates on 4 channels (15, 20, 25, 26) with 30-second hop interval. If a microwave oven suddenly activates, causing persistent interference on channel 20, how does the network detect and adapt, and what is the impact on devices that happened to be transmitting when the channel blacklisting occurs?
Explanation: Adaptive channel hopping in Thread (802.15.4-based):
(1) Monitoring: Each router tracks per-channel PER (Packet Error Rate = failed_packets / total_packets) over a sliding window (typically 100-500 packets or 5-10 hop cycles).
(2) Detection: If Ch20 PER exceeds threshold (50-70% depending on implementation) for multiple consecutive observations (avoiding false positives from transient interference), Ch20 is marked “bad”.
(3) Blacklisting: Thread Network Manager distributes blacklist update via multicast to all routers, removing Ch20 from hopping sequence (now 3 channels: 15, 25, 26).
(4) In-flight transactions: Devices currently transmitting on Ch20 when blacklist activates experience immediate impact: - Ongoing frame completes if started (ACK might fail) - Next frame switches to new channel - Impact: 1-2 lost packets during transition (<100 ms with retransmission)
Benefits: Network recovers from persistent interference within 30-60 seconds (1-2 hop cycles) automatically.
Comparison to non-adaptive: Without blacklisting, microwave causes 25% throughput loss indefinitely (every 4th hop fails).
Thread insight: This adaptive behavior is why Thread claims “self-healing mesh” - network-layer intelligence (channel monitoring, blacklist distribution) built on 802.15.4 link-layer (channel hopping primitive).
Standard 802.15.4 provides the PHY/MAC primitives (multi-channel operation, RSSI/LQI metrics); Thread’s network layer adds intelligence.
Channel Quality Metrics:
| Metric | Description | Threshold |
|---|---|---|
| PER | Packet Error Rate | > 50% = bad |
| RSSI | Signal strength | < -85 dBm = weak |
| LQI | Link Quality Indicator | < 100 = marginal |
| CCA | Clear Channel Assessment | > 50% busy = congested |
Why other options are incorrect:
Option B: Fixed channel hopping (WRONG) - Thread implements adaptive channel management - 25% throughput loss is unacceptable for home automation - Automatic recovery is a key Thread feature
Option C: No built-in monitoring (WRONG) - 802.15.4 provides RSSI and LQI metrics - Thread adds PER tracking at network layer - Spectrum sensing is built into protocol
Option D: Switch to 5 GHz (WRONG) - IEEE 802.15.4 operates only at sub-GHz and 2.4 GHz - No 5 GHz band defined in standard - Thread is specifically 2.4 GHz only
958.4 Summary
This quiz section tested your understanding of:
- Security Overhead: How AES-128 CCM encryption adds ~14 bytes overhead for authentication and confidentiality
- Channel Hopping: How Thread networks adaptively blacklist interfered channels based on PER monitoring
Key Takeaways: - Security overhead (14 bytes) is a small price for preventing injection, replay, and eavesdropping attacks - 64-bit MIC provides 2^64 authentication space, computationally infeasible to forge - Thread’s adaptive channel hopping recovers from interference within 30-60 seconds - PER-based blacklisting prevents persistent throughput loss from 2.4 GHz interference sources
958.5 What’s Next
- Deployment and Power Quiz - Battery life and variant selection
- Superframe and Device Types Quiz - GTS allocation and FFD/RFD capabilities
- 802.15.4 Comprehensive Review - Complete specification coverage