Since version 1.4.0, 6LBR integrates a 802.15.4 security layer, LLSEC. It allows to encrypt and authenticate all the packets exchanged over the WSN medium using AES-32, 64 or 128. Currently, only the Noncoresec layer is supported.

It must be noted that Noncoresec has several limitations, one being that the anti-replay mechanism does not support node reboot or too many neighbors. This can be prevented by disabling the anti-replay at the cost of weakening the security layer.

By default LLSEC is deactivated, ut can be activated in the LLSEC section of the Network Configuration page or using nvm_tool

The security layer can be either None or Noncoresec.

The security level can be selected :

• NO_SECURITY
• AES_CBC_MAC_32
• AES_CBC_MAC_64
• AES_CBC_MAC_128
• AES_CTR
• AES_CCM_32
• AES_CCM_64
• AES_CCM_128

The Pre-Shared Key is a 128 bits key coded in hexadecimal

The anti-replay can be deactivated (weakening the security !) or reset when a potential reboot is detected. If activated, a similar workaround must also be implemented in the node.