What is KNX Data Secure technology and how it handles secure communication
Published : 04/19/2022 09:00:00
In parallel with the development and spread of technologies to manage smart building and home automation applications, attacks on networks using unprotected or vulnerable systems have unfortunately developed, leading to data and privacy breaches.
With the aim of setting new security standards and transmitting data securely, KNX Secure was therefore developed. Thanks to the joint efforts of KNX members and the KNX Association, KNX Secure-certified products were developed and certified in accordance with the AES128 authentication and encryption mechanisms.
What are the features of KNX Data Secure?
Data integrity
It prevents attackers from gaining control. In KNX this is ensured by adding an authentication code to each message, which verifies that the message has not been modified and that it actually comes from a trusted communication partner.
Security
It prevents attackers from recording frames and playing them back later without manipulating the content. In KNX Data Secure this is guaranteed with a sequence number and in KNX IP Secure with a sequence identifier.
Privacy
Encryption of network traffic to ensure that a malicious user has as little information as possible about the transmitted data. When enabling encryption of KNX network traffic, KNX devices provide encryption according to AES-128 CCM algorithms together with asymmetric keys.
KNX Secure includes KNX IP Secure (IP media) and KNX Data Secure (TP/RF media). KNX IP Secure must be used for KNX installation exposed to an external IP network (e.g. Internet) and KNX Data Secure must be used for KNX installation not exposed to an external IP network.
GET IN TOUCH WITH DIGIMAX FOR MORE INFO ABOUT KNX
Each KNX Data Secure product is shipped with a unique FDSK (Factory Device Setup Key). After the FDSK of the KNX secure device has been added to an ETS project, it automatically sets its Tool Key in the project. From then on, the device only accepts the Tool Key for further configuration with ETS. The FDSK is no longer used during the next communication unless the device is reset to its factory state, after which all protected data in the device will be deleted.
How to connect a KNX Data Secure device with an unsecured device?
To ensure privacy and security standards, KNX Data Secure devices may only be used together with other Data Secure devices. However, when secure communication is not required, KNX Data Secure devices may also be used together with 'non-secure' devices. There are two ways to make a secured device work with an unsecured device:
- Disable safe commissioning of the protected device. In this case, the behaviour of the protected device is the same as that of an unprotected device;
- Set the individual group addresses to 'Off' or 'Automatic', thus being able to be connected to a group of devices with safe commissioning enabled or disabled.
The ability to set the functionality in a KNX Data Secure device to different security levels according to different requirements is a big advantage.
If an application concerns personal or property security, such as doors or windows, Data Secure communication is suggested. If an application is not related to personal or property security, e.g. TV or coffee machine, users can choose whether or not secure communication is required.
-
Mean Well DIN rail power supplies dedicated to KNX applications
Leggi tutto
Published : 05/11/2020 09:34:56 -
PWM-60/120KN: Mean Well LED driver for KNX applications
Leggi tutto
Published : 02/12/2020 14:48:17 -
Digital lighting control. Which to choose: DALI or KNX?
Leggi tutto
Published : 07/15/2020 17:43:29