What is the S2 DSK and what is it used for?
The S2 DSK (Device Specific Key) is used to authenticate the included device before exchanging the network keys.
The DSK is a part of the public key. The DSK is printed physically on the device – or it can be shown on a display if that is available. The DSK is a truncated version of the public key. The public key is 32 bytes long. The DSK is the first 16 bytes of the public key. The PIN code is the first 2 bytes of the public key.
Authentication ensures that the device being included in the network is actually the intended device, and not a malicious device under the control of an attacked.
For the highest S2 security classes, S2-AccessControl and S2-Authenticated, the DSK must be exchanged out of band, e.g. by manually entering it on the controller, or through a QR code. This out of band authentication prevents the nodes participating in the key exchange from establishing a shared secret, if an incorrect DSK was entered, effectively eliminating the possibility of doing a key exchange with a malicious device.
For the lowest S2 security class, S2-Unauthenticated, the DSK is transferred in-band, and is only there for verification purposes, while the key exchange may continue if the users falsely verifies a device with a non-matching DSK.