Intelligent control systems are advancing by leaps and bounds, and new technologies that we only imagined in movies (how to open a door through a mobile phone or turn on a light with our voice) continually appear. Nowadays, these intelligent building control applications are becoming more and more versatile.
However, some systems are fragile and can be attacked by an unauthorized third party, leading to a breach of confidentiality and data integrity. Personal safety and that of your resources are at risk. Faced with the growing demand for secure data transmission, the KNX Data Secure standard has been developed, thus responding to present and future challenges related to cybersecurity in building automation.
Three key features of KNX Data Secure:
Data integrity
Prevent attackers from gaining control through crafted code injection. In KNX, this is ensured by adding an authentication code to each message: this attached code verifies that the message has not been changed and that it is indeed from a trusted source.
code currency
Attackers can record frames without manipulating the content, to play them at a later time. In KNX Data Secure it is ensured that the code is current through a sequence number, and in KNX IP Secure with a sequence identifier.
Confidentiality
Encrypting network traffic ensures that an attacker has as little information as possible about the data actually being transmitted. By allowing encryption of KNX network traffic, KNX devices guarantee at least encryption according to AES-XNUMX CCM algorithms as well as asymmetric keys.
KNX Data Secure includes KNX IP Secure (IP media) and KNX Data Secure (TP/RF media). KNX IP Secure will be used for the KNX installation (usually your trunk line) exposed to an external IP network, such as the Internet. And KNX Data Secure will be used for KNX installations not exposed to an external IP network.
This article focuses on KNX Data Secure. Every KNX Data Secure product ships with a unique FDSK (Factory Device Configuration Key), as shown in Figure 1. Once the device key has been added to an ETS project, it is set automatically. In other words, the user cannot delimit / alter the key manually and it is never perceptible. From then on, the device only accepts the key for a subsequent configuration with ETS. The FDSK is no longer used during the next communication unless the device is restored to factory state, after which all data on the device will be erased.
KNX Data Secure can only be used with devices that use Data Secure and have it activated. However, when secure communication is not required, KNX Data Secure devices can also be used with other KNX devices without this standard. There are 2 ways that a device with secure transmission can work with a device that does not:
The first is to disable the secure transmission of the KNX-Secure device (Figure two). In such a case, the device with disabled KNX Data Secure will behave like a device without KNX Data Secure.
The second way is to individually configure the addresses of the arrays as “Off” or “Auto” (Figure three). Then you will be able to link to device set objects safely on or off. Each and every functional object in a KNX Data Secure device can be set to different security levels according to different requirements. For example: for a touch panel control object, it can be configured as safe transmission, and for an actuator object, it can be configured as non-secure transmission.
See Figure four for an example. Configuring the KNX Data Secure buttons to switch to Plain mode while linked with a non-secure KNX device, and leaving the rest of the buttons in Data Secure mode perfect for communicating with secure devices. If an application involves personal or property security (such as door or window control), Data Secure communication is suggested. If an application is not related to personal or property security (control of TV or coffee machine), users can choose whether or not it is necessary to have secure communication. Keep in mind that once the object is configured in non-secure mode, the communication from that moment will no longer be under the protection of Data Secure.
MEAN WELL will announce more new KNX Data Secure products and update existing products with Data Secure. OLFER Electronics will be responsible for distributing these devices.
