Professional Documents
Culture Documents
NETxAutomation
Is security important in the home and building automation domain? Security-critical services
All protocols (LonWorks, KNX, Modbus, BACnet, proprietary solutions) are or were prone to security attacks
The good news is that new security standards are available for KNX
Yes, it uses state of the art cryptographic technologies which is used in other application domains
(TLS/SSL, e banking, …)
But:
What about existing KNX projects that use non-secure KNX devices?
Alarm
Message
No alarm
Message
Disorder
Broken window Alarm system
Unauthorized
person
Secure communication is not enough
No alarm Alarm
Regular OK
No message
message
Window Alarm system Broken window Alarm system
undamaged
Secure existing KNX projects
Building management systems that provide additional countermeasures against security attacks
Visualizations that
Device monitoring
Intrusion detection Alarm systems support TLS/SSL
and logging
connections
Defence in depth in hotel projects
Insecure integration
Unauthorized
person
KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line
Room 101 Room 102 ... Room 201 Room 202 Room 101 Room 102 ... Room 201 Room 202
Defence in depth in hotel projects
Unauthorized
person
KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line
Room 101 Room 102 ... Room 201 Room 202 Room 101 Room 102 ... Room 201 Room 202
Defence in depth in hotel projects
KNXnet/IP KNXnet/IP
interface interface
Unauthorized
person
KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line
Room 101 Room 102 ... Room 201 Room 202 Room 101 Room 102 ... Room 201 Room 202
Defence in depth in hotel projects
Isolated IP
network
KNXnet/IP
interface
Unauthorized
person
Device monitoring
IP network IP network
KNXnet/IP KNXnet/IP
interface interface
Unauthorized
person
KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line KNX TP line
Room 101 Room 102 ... Room 201 Room 202 Room 101 Room 102 ... Room 201 Room 202
Intrusion detection with BMS
KNXnet/IP tunneling
What to do if the IP connection (unicast) NETx BMS Platform
Unauthorized
Using KNX security standard: person
secure KNXnet/IP tunnelling KNX TP line KNX TP line KNX TP line KNX TP line
Secure
KNXnet/IP
interface
Unauthorized
Malicious users with access person
to IP network cannot disturb KNX TP line KNX TP line KNX TP line KNX TP line
KNXnet/IP communication Room 101 Room 102 ... Room 201 Room 202
Secure visualization with NETx BMS Platform
Username/password
authentication
Secure KNXnet/IP tunnelling driver