8  E1: Link Layer Encryption

Prerequisites: Encryption Architecture Overview

This enables: E2: Device-to-Gateway Encryption | IoT Devices and Network Security

8.1 Learning Objectives

By the end of this chapter, you will be able to:

• Explain E1 Link Layer Encryption: Describe how device-to-device encryption protects local wireless communications
• Implement AES-CCM for IoT: Configure AES-128-CCM authenticated encryption for constrained devices
• Identify Shared Key Vulnerabilities: Identify the blast radius of shared network key compromise
• Select Appropriate Security Levels: Choose IEEE 802.15.4 security levels based on application requirements

In 60 Seconds

E1 link-layer encryption protects data on each individual network hop between directly adjacent nodes, providing the lowest-overhead encryption layer in the IoT security architecture.

For Beginners: E1: Link Layer Encryption

Cryptography for IoT is the science of keeping sensor data and device commands secret and tamper-proof. Think of it as the digital equivalent of secret codes, locked boxes, and wax seals. Even if someone intercepts your IoT data traveling through the air, cryptography ensures they cannot read or alter it without the proper keys.

Sensor Squad: The Neighborhood Secret Handshake!

“E1 is the first layer of encryption – it protects the wireless link between devices that are right next to each other,” Sammy the Sensor explained. “Think of it like a secret handshake that everyone in our sensor neighborhood knows. If you do not know the handshake, you cannot join the group or listen to our conversations.”

Max the Microcontroller added, “All devices in the network share the same AES-128 key, and the encryption happens right in the radio hardware – super fast with almost no extra power used. It keeps outsiders from eavesdropping on our wireless signals or joining our network without permission.”

“But there is a catch,” Lila the LED warned. “Since everyone shares the SAME key, if even one device gets compromised and its key is extracted, the attacker can read ALL communications on the entire network. It is like if one person in your friend group tells the secret handshake to a stranger – now the stranger can pretend to be part of the group.”

“That is why E1 is just the FIRST level of encryption, not the only one,” Bella the Battery said. “It keeps casual outsiders away, like a fence around the neighborhood. But for real security, you add E2 for per-device keys, E3 for end-to-end encryption, and more. Each level adds another layer of protection. E1 alone is like locking your car doors – good practice, but you still want a garage and an alarm system too!”

How It Works: E1 Link Layer Encryption

E1 encryption operates at the MAC layer to protect wireless communications:

1. Network Key Distribution: All devices in the network receive a shared AES-128 key during commissioning (e.g., Zigbee network key, WPA2 password)
2. Frame Encryption: When a device transmits, the radio chipset’s hardware accelerator encrypts each MAC frame with AES-128-CCM before transmission
3. Reception Filtering: Receiving radios decrypt frames in hardware - frames encrypted with the wrong key are rejected before waking the MCU
4. Nonce Management: Each frame uses a unique nonce (frame counter + source address) to prevent replay attacks
5. Authentication Tag: CCM mode generates a 4-16 byte authentication tag that verifies both the encrypted payload and unencrypted frame headers

The entire process happens in the radio chipset hardware (e.g., CC2652, nRF52840), consuming only 15-20 microseconds per packet with minimal energy overhead.

8.2 Introduction to E1 Link Layer Encryption

Time: ~10 min | Level: Intermediate | Unit: P11.C08.U02

E1 (Link Layer) encryption protects device-to-device communications at the MAC layer, preventing external devices from joining the network and reading packet contents.

Figure 8.1: Device to device encryption (E1)

Purpose: Prevent external devices from joining the network and watching packet contents.

Characteristics:

• All nodes share a common pre-shared key
• Implemented at the link layer (MAC)
• AES-128 encryption
• Hardware-accelerated in radio chipset
• Ensures privacy and confidentiality

Shared Key Vulnerability

E1 uses a single shared key for all devices—if any one device is compromised, the attacker can decrypt all network traffic. Never rely on E1 alone for security. Always combine with E2 (device-specific keys) to provide defense-in-depth. See the blast radius analysis below for a quantified example.

Figure 8.2: E1 link layer encryption flow showing sensor node encrypting packet with AES-128 shared network key, transmitting over wireless link to router which decrypts with same shared key

8.3 Common Misconception: “E1 Link Layer Encryption is Enough”

Why E1 Alone Fails

Misconception: “If my Zigbee network uses AES-128 encryption (E1), my IoT devices are secure and I don’t need additional encryption layers.”

Why This Fails: E1 often relies on a shared network key across many devices. If an attacker recovers that key from one compromised device (e.g., physical access, debug interface, or insecure commissioning), the consequences can scale to the whole network:

• Passive decryption: previously captured traffic becomes readable
• Impersonation risk: any device holding the shared key can mimic another device
• Large blast radius: one device compromise can expose many devices’ traffic

Vulnerability	Impact	Mitigation
Shared Key Extraction	Any single device compromise exposes all traffic	Add E2 (unique per-device keys)
No Device Authentication	Cannot verify which device sent data	Add E2 (device signatures)
Passive Eavesdropping	Attacker with key can silently monitor forever	Add E3 (end-to-end encryption)
Insider Threat	Gateway operator can read all device data	Add E3 (encrypt beyond gateway)

Correct Approach: Defense in Depth

Modern IoT security requires layered encryption:

• E1 (Link): Prevents casual eavesdropping and unauthorized network access
• E2 (Device-Gateway): Unique keys per device—compromise of one doesn’t expose others
• E3 (Device-Cloud): End-to-end protection even through untrusted gateways
• E5 (Key Renewal): Periodic key rotation limits damage from past compromises

Minimum Security Standard: Always combine E1 + E2, or use E1 + E3 if gateways are untrusted. Single-layer encryption is a single point of failure.

8.4 E1 Implementation Details

Algorithm: AES-128 in CCM (Counter with CBC-MAC) mode

Key Characteristics:

Aspect	Details
Key Size	128 bits (16 bytes) - shared across all network nodes
Cipher Mode	CCM (Counter with CBC-MAC) using a deterministic nonce per packet
Hardware Support	Implemented in radio chipset (802.15.4, Zigbee, BLE)
Performance	~20 us encryption time per packet on dedicated hardware
Energy Cost	Minimal - hardware acceleration reduces CPU overhead

Security Properties:

• Confidentiality: External devices cannot read packet contents
• Energy Efficient: Hardware implementation preserves battery life
• Single Point of Failure: Compromise of shared key exposes all traffic
• No Authentication: Any device with key can impersonate others

Real-World Protocol Examples:

• Zigbee: AES-128-CCM at MAC layer (IEEE 802.15.4)
• Bluetooth LE: AES-128-CCM for link encryption
• Thread: AES-128-CCM with network-wide key
• LoRaWAN: AES-128 for network session key (NwkSKey)

8.5 Deep Dive: AES-CCM Implementation for IoT

AES-CCM Technical Details

AES-CCM (Counter with CBC-MAC) is the dominant authenticated encryption mode for constrained IoT devices. Understanding its internals helps optimize implementation.

AES-CCM Structure:

+-------------------------------------------------------------+
|                     AES-CCM Packet                          |
+----------+---------------------------+----------------------+
|  Nonce   |      Encrypted Payload    |    Auth Tag (MAC)    |
| 13 bytes |       Variable length     |       4-16 bytes     |
+----------+---------------------------+----------------------+

Nonce = [Flags(1)] + [Source Address(8)] + [Frame Counter(4)]

Implementation in C (for microcontrollers):

#include <aes.h>

typedef struct {
    uint8_t nonce[13];
    uint8_t *payload;    uint16_t payload_len;
    uint8_t *aad;        uint16_t aad_len;   // headers (authenticated, not encrypted)
    uint8_t tag[8];                           // 64-bit auth tag
} ccm_packet_t;

int aes_ccm_encrypt(ccm_packet_t *pkt, const uint8_t key[16]) {
    // Step 1: CBC-MAC for authentication
    uint8_t cbc_state[16] = {0};
    cbc_state[0] = 0x59;  // Flags: Adata=1, t=8, L=2
    memcpy(&cbc_state[1], pkt->nonce, 13);
    cbc_state[14] = (pkt->payload_len >> 8) & 0xFF;
    cbc_state[15] = pkt->payload_len & 0xFF;
    aes_encrypt(cbc_state, key);

    process_aad(cbc_state, pkt->aad, pkt->aad_len, key);
    for (int i = 0; i < pkt->payload_len; i += 16) {
        xor_block(cbc_state, &pkt->payload[i], MIN(16, pkt->payload_len - i));
        aes_encrypt(cbc_state, key);
    }

    // Step 2: CTR-mode encryption
    uint8_t counter[16] = {0x01};
    memcpy(&counter[1], pkt->nonce, 13);

    uint8_t ks[16];
    memcpy(ks, counter, 16);
    aes_encrypt(ks, key);
    xor_block(pkt->tag, cbc_state, 8);  // tag = CBC-MAC XOR A0-keystream
    xor_block(pkt->tag, ks, 8);

    for (int i = 0; i < pkt->payload_len; i += 16) {
        increment_counter(counter);
        memcpy(ks, counter, 16);
        aes_encrypt(ks, key);
        xor_block(&pkt->payload[i], ks, MIN(16, pkt->payload_len - i));
    }
    return 0;
}

Performance on common IoT platforms:

Platform	Clock	AES-CCM (64B)	Energy/Packet
ESP32 (HW)	240 MHz	15 us	0.9 uJ
nRF52840 (HW)	64 MHz	21 us	0.5 uJ
STM32L4 (SW)	80 MHz	180 us	3.6 uJ
ATmega328P (SW)	16 MHz	2.5 ms	75 uJ

Nonce management (critical for security):

// WRONG: Reusing nonces breaks CCM security completely
static uint8_t nonce[13];  // Don't do this!

// RIGHT: Unique nonce per packet
typedef struct {
    uint64_t source_addr;  // 8 bytes: unique per device
    uint32_t frame_counter; // 4 bytes: increment each packet
    uint8_t security_level; // 1 byte: constant
} nonce_t;

void generate_nonce(nonce_t *n, uint64_t device_id, uint32_t *counter) {
    n->source_addr = device_id;
    n->frame_counter = (*counter)++;  // NEVER reuse!
    n->security_level = 0x05;  // ENC-MIC-32
}

Security level options (IEEE 802.15.4):

Level	Auth Tag	Encryption	Overhead	Use Case
0x00	None	None	0 B	No security
0x01	4 B	None	5 B	Integrity only
0x05	4 B	Yes	9 B	Standard IoT
0x06	8 B	Yes	13 B	Enhanced security
0x07	16 B	Yes	21 B	Maximum security

Overhead = Auxiliary Security Header (5 bytes: security control + frame counter) + MIC tag size.

Recommendation: Use security level 0x05 (4-byte tag) for constrained devices, 0x06 (8-byte tag) for gateways and critical applications.

8.6 AES-128 vs AES-256 for IoT

Common Misconception: “AES-256 is Always Better Than AES-128”

The Misconception: Longer keys are always more secure, so use AES-256 everywhere.

Why It’s Wrong for IoT:

• AES-128 provides 128-bit security (unbreakable with current technology)
• AES-256 requires 14 rounds vs AES-128’s 10 rounds (40% more computation)
• More rounds = more power consumption on constrained devices
• Brute-forcing 2^128 keys would take billions of years
• For IoT, the key exchange and physical security are the weak points, not AES key length

Real-World Energy Comparison:

Key Size	Security Level	Relative Speed	Best Use Case
AES-128	128-bit (sufficient for all current threats)	Fastest	IoT, consumer devices
AES-192	192-bit	Medium	Rarely used (limited hardware support)
AES-256	256-bit (quantum-resistant margin)	40% slower	Government, post-quantum requirements

AES-128 is secure against all known attacks. Use AES-256 only if regulations require it or for protection against future large-scale quantum computers (Grover’s algorithm reduces AES-128 effective security to 64 bits, but AES-256 retains 128-bit security against quantum attacks).

8.7 Key Exchange Tradeoffs

Once E1 establishes link-layer encryption, devices still need a mechanism to obtain or exchange their cryptographic keys. The choice of key exchange method significantly impacts the security, performance, and scalability of an IoT deployment.

Tradeoff: RSA vs ECC for IoT Key Exchange

Option A (RSA-2048/3072): Widely supported by legacy systems and cloud providers, RSA-2048 signature verification: 0.5ms on Cortex-M4 (hardware) / 50-100ms (software), key generation: 2-30 seconds on constrained MCU, key size: 256-384 bytes (public key), proven 40+ year cryptanalysis history, quantum-vulnerable (requires 4096+ bits for 2030+ security).

Option B (ECC P-256/P-384): 32-byte public key (8x smaller than RSA-2048), ECDSA signature verification: 50-100ms on Cortex-M4 without hardware acceleration, ECDH key agreement: 100-200ms software / 5-10ms with hardware, equivalent security to RSA-3072 with 256-bit ECC, newer algorithm with less cryptanalysis history, quantum-vulnerable but smaller impact on key sizes.

Decision Factors: Choose RSA when: interoperating with legacy enterprise systems (older TLS servers, PKCS#11 HSMs), hardware has dedicated RSA accelerator, certificates must be validated by existing PKI infrastructure, regulatory compliance mandates specific RSA key sizes. Choose ECC when: bandwidth-constrained networks (LoRaWAN payload limit: 51-222 bytes), battery-powered devices (ECC uses 10-20x less energy per operation), storage-constrained MCUs (<64KB flash), modern cloud IoT platforms (AWS IoT, Azure IoT Hub natively support ECC), TLS 1.3 deployments (prefers ECDHE).

Tradeoff: Pre-Shared Keys (PSK) vs Certificate-Based Authentication

Option A (Pre-Shared Keys): Symmetric 128-256 bit keys provisioned during manufacturing, DTLS-PSK handshake: 2 round trips (vs 4 for certificates), minimal flash footprint (~2KB for PSK stack), key per device: requires secure provisioning infrastructure, compromised device key doesn’t expose fleet (if unique per device), no certificate expiration management, vulnerable to key extraction via physical access.

Option B (Certificate-Based/PKI): X.509 certificates with RSA-2048 or ECC P-256 keys, device certificate: 500-1500 bytes storage, full TLS/DTLS handshake: 4-6 round trips (1-3 seconds on constrained devices), supports certificate revocation (CRL/OCSP), device identity verifiable by any party with CA trust, certificate expiration requires renewal infrastructure (5-10 year validity typical for IoT), enables mutual TLS (mTLS) for zero-trust architectures.

Decision Factors: Choose PSK when: ultra-constrained devices (<32KB RAM), minimizing handshake latency critical (industrial control <100ms), devices never communicate with third parties, closed ecosystem with controlled provisioning, battery life prioritized over security flexibility. Choose certificates when: devices must authenticate to multiple cloud backends, regulatory compliance requires audit trail of device identity, fleet spans multiple organizations or trust domains, zero-trust architecture mandates mutual authentication, devices have >64KB RAM and hardware crypto acceleration, certificate lifecycle management infrastructure exists.

8.8 Worked Example: E1 Blast Radius Analysis for a Zigbee Smart Home

Scenario: A smart home has 35 Zigbee devices sharing a single E1 network key: 12 smart bulbs, 8 window/door sensors, 6 smart plugs, 4 motion sensors, 3 smart locks, and 2 thermostats. An attacker physically steals one $8 smart bulb from the porch and extracts the network key. Calculate the blast radius and compare mitigation costs.

Step 1: Key Extraction from Smart Bulb

Attack equipment:
  Bus Pirate (SPI/JTAG debugger): $30
  Saleae logic analyzer: $10 (clone)
  Total: $40

Time to extract network key from Zigbee bulb:
  1. Identify debug pads on PCB: 15 minutes
  2. Connect SPI flash reader: 10 minutes
  3. Dump firmware (2 MB): 30 seconds
  4. Search for 16-byte AES key pattern: 5 minutes
  Total: ~30 minutes

Success rate: ~85% (some newer chips have readout protection)

Step 2: Blast Radius Quantification

With the shared E1 key, the attacker can now:

Capability	Devices Affected	Impact
Decrypt all Zigbee traffic	35/35 (100%)	Read all sensor data, occupancy patterns
Inject spoofed commands	35/35 (100%)	Unlock doors, turn off alarms, manipulate thermostats
Join network as rogue device	Unlimited	Add persistent backdoor to mesh network
Replay captured commands	35/35 (100%)	Replay “unlock door” commands captured earlier

Quantified privacy exposure:

Data accessible with compromised E1 key:
  Window/door sensors: When doors open/close (8 sensors x 20 events/day)
    -> Reveals: Daily routine, when house is empty, when residents sleep
  Motion sensors: Room-by-room movement (4 sensors)
    -> Reveals: Which rooms occupied, number of occupants, activity patterns
  Smart locks: Lock/unlock events with timestamps
    -> Reveals: Exact departure/arrival times, who has keys
  Thermostat: Temperature setpoints and schedules
    -> Reveals: Occupancy schedule, vacation periods

Privacy score before attack: 8/10 (encrypted, invisible to outsiders)
Privacy score after key extraction: 1/10 (entire home activity visible)

Step 3: Mitigation Cost Comparison

Mitigation	Cost	Blast Radius After	Residual Risk
Do nothing	$0	35 devices (100%)	Full compromise from $8 bulb
Add E2 per-device keys	$0 (firmware update)	1 device (3%)	Only stolen bulb’s data exposed
Secure element per device	$0.65 x 35 = $22.75	0 devices (0%)	Key extraction infeasible
E2 + rotate E1 key monthly	$0 (automated)	1 device + 30 days history	Past traffic limited to one month
Replace Zigbee with Thread	$12/device = $420	1 device (3%)	Thread uses per-session keys

Decision: Add E2 per-device keys ($0 firmware update) as immediate fix. This reduces blast radius from 100% to 3% at zero cost. For the 3 smart locks (highest-value targets), add secure elements ($1.95 total) to prevent key extraction entirely.

Key lesson: E1’s shared key architecture means the cheapest device in your network determines the security of the most expensive device. An $8 porch bulb with extractable firmware compromises $150 smart locks. The fix (E2 per-device keys) costs nothing in hardware – it is purely a firmware architecture decision that should be made at design time.

Try It Yourself: Calculating E1 Blast Radius

Exercise: Calculate the security impact of shared E1 keys for your own IoT deployment.

Scenario: You’re deploying a smart building with: - 100 occupancy sensors ($15 each) - 50 smart lights ($20 each) - 20 HVAC controllers ($200 each) - 10 security cameras ($150 each)

All devices share one Zigbee network key (E1 only, no E2).

Tasks:

1. Calculate blast radius: If one $15 sensor is stolen and its E1 key extracted, how many devices are compromised?
2. Calculate financial exposure: What’s the total value of compromised devices + data?
3. Estimate attack cost: Research the cost of tools needed to extract the Zigbee key (JTAG debugger, logic analyzer, flash reader)
4. Calculate mitigation cost: If you add E2 per-device keys, the blast radius becomes 1 device. What’s the cost difference vs the risk?

What to observe: The cheapest device in your network determines the security of the most expensive device with shared keys. A $15 sensor with extractable firmware compromises $200 HVAC controllers.

Extension: Research how adding an ATECC608 secure element ($0.50/device) changes the blast radius calculation.

Putting Numbers to It: AES-CCM Authenticated Encryption Overhead

AES-CCM (Counter with CBC-MAC) adds security overhead to each IEEE 802.15.4 packet through an auxiliary security header and a Message Integrity Code (MIC).

\[\text{Encrypted Packet} = \text{MAC Header} \| \text{Aux Security Header} \| \text{Ciphertext} \| \text{MIC}\]

Overhead Calculation:

Given: 20-byte sensor payload, AES-128-CCM with 8-byte MIC (security level 0x06)

Step 1: Auxiliary Security Header = 5 bytes (1-byte security control + 4-byte frame counter)

Step 2: Ciphertext = plaintext length = 20 bytes (CTR mode produces same-length ciphertext)

Step 3: MIC (Message Integrity Code) = 8 bytes for integrity verification

\[\text{Security Overhead} = 5 + 8 = 13 \text{ bytes}\]

\[\text{Total Payload with Security} = 20 + 13 = 33 \text{ bytes}\]

\[\text{Overhead Percentage} = \frac{13}{20} \times 100 = 65\%\]

Note: The 13-byte nonce used internally by AES-CCM is not transmitted—it is reconstructed by the receiver from the source address (in the MAC header) and the frame counter (in the auxiliary security header).

Result: E1 link-layer encryption adds 65% overhead for a 20-byte payload with an 8-byte MIC. For a 4-byte MIC (security level 0x05), overhead drops to 9 bytes (45%).

viewof securityLevel = Inputs.select(
  new Map([
    ["0x05 - Standard IoT (4B MIC)", {micSize: 4, label: "0x05"}],
    ["0x06 - Enhanced (8B MIC)", {micSize: 8, label: "0x06"}],
    ["0x07 - Maximum (16B MIC)", {micSize: 16, label: "0x07"}]
  ]),
  {label: "Security Level", value: {micSize: 4, label: "0x05"}}
)

viewof payloadSize = Inputs.range([1, 100], {
  label: "Payload size (bytes)",
  step: 1,
  value: 20
})

overheadCalc = {
  const auxHeader = 5;
  const mic = securityLevel.micSize;
  const overhead = auxHeader + mic;
  const total = payloadSize + overhead;
  const pct = ((overhead / payloadSize) * 100).toFixed(1);

  // IEEE 802.15.4 max payload is 127 bytes minus MAC header (~23 bytes) = ~104 bytes
  const maxPayload = 104;
  const fitsInFrame = total <= maxPayload;

  // LoRaWAN consideration
  const lorawanMax = 51;
  const fitsLorawan = total <= lorawanMax;

  return html`
    <div style="background: #f8f9fa; border: 1px solid #dee2e6; border-radius: 8px; padding: 16px; margin: 8px 0; font-family: system-ui, sans-serif;">
      <h4 style="margin-top: 0; color: #2C3E50;">AES-CCM Overhead Calculator</h4>
      <table style="width: 100%; border-collapse: collapse;">
        <tr><td style="padding: 4px 8px; border-bottom: 1px solid #eee;">Payload</td><td style="padding: 4px 8px; border-bottom: 1px solid #eee; font-weight: bold;">${payloadSize} bytes</td></tr>
        <tr><td style="padding: 4px 8px; border-bottom: 1px solid #eee;">Aux Security Header</td><td style="padding: 4px 8px; border-bottom: 1px solid #eee;">${auxHeader} bytes</td></tr>
        <tr><td style="padding: 4px 8px; border-bottom: 1px solid #eee;">MIC (${securityLevel.label})</td><td style="padding: 4px 8px; border-bottom: 1px solid #eee;">${mic} bytes</td></tr>
        <tr style="background: #e8f4e8;"><td style="padding: 4px 8px; font-weight: bold;">Total with security</td><td style="padding: 4px 8px; font-weight: bold;">${total} bytes (${pct}% overhead)</td></tr>
      </table>
      <div style="margin-top: 8px; font-size: 0.9em;">
        <span style="color: ${fitsInFrame ? '#16A085' : '#E74C3C'};">${fitsInFrame ? '✓' : '✗'} IEEE 802.15.4 (max ~104B payload): ${fitsInFrame ? 'fits' : 'EXCEEDS - needs fragmentation'}</span><br/>
        <span style="color: ${fitsLorawan ? '#16A085' : '#E74C3C'};">${fitsLorawan ? '✓' : '✗'} LoRaWAN SF12 (max 51B): ${fitsLorawan ? 'fits' : 'EXCEEDS - reduce payload or use higher SF'}</span>
      </div>
    </div>
  `;
}

Concept Relationships

Concept	Builds On	Enables	Related To
E1 Link Layer Encryption	AES-128-CCM, shared keys	Basic wireless security	Zigbee, BLE, Thread, LoRaWAN
Shared Network Key	Symmetric encryption	Network access control	WPA2, Zigbee network key
Hardware Acceleration	AES instruction sets	Energy-efficient encryption	ESP32 AES, nRF52 CryptoCell
Blast Radius	Single point of failure	Threat modeling	E2 per-device keys mitigation
AES-CCM Mode	CTR + CBC-MAC	Authenticated encryption	IEEE 802.15.4 security

Key Dependencies: E1 provides the foundational layer of IoT security but must be combined with E2 (per-device keys) to limit blast radius. AES-CCM is specifically designed for constrained IoT devices with hardware acceleration support.

Common Pitfalls

1. Assuming Link-Layer Encryption Is Sufficient

E1 only protects individual hops — intermediate routing nodes can read the payload. Do not rely solely on E1 for sensitive data; combine with E2 or E4 application-layer encryption.

2. Sharing One Network Key Across the Entire Deployment

A single shared network key means any compromised node can decrypt all traffic in the network. Use per-group or per-pair keys where the protocol supports it, and rotate the network key after suspected compromise.

3. Disabling Link-Layer Security to Simplify Development

Turning off E1 security during development and forgetting to re-enable it in production is a common oversight. Include link-layer security in all test configurations from day one.

Label the Diagram

💻 Code Challenge

Order the Steps

:

8.9 What’s Next

If you want to…	Read this
Learn device-to-gateway (E2) encryption	E2 Device-to-Gateway Encryption
Explore gateway and cloud transport (E3/E4)	E3/E4 Transport Encryption
Understand the complete architecture	Encryption Architecture & Levels
Study TLS/DTLS for upper layers	TLS and DTLS for IoT

Continue to E2: Device-to-Gateway Encryption to learn how unique per-device keys provide authentication and prevent intermediate nodes from reading data, addressing the shared key vulnerability of E1.

Related Chapters

🔗 Match the Concepts