KNX Secure Header

Realising KNX Encryption

The possibility to remotely control KNX installations via the internet and/or via the wireless network WLAN requires additional protective measures. Due to the access to devices and media exists the risk of manipulation of the data traffic. Thus it is necessary to protect the transmitted information on each medium (KNX TP, PL, RF, IP) against modification or logging telegrams and repeating them in a manipulating way from outside.

AES

The remote access to a KNX bus system via the internet should be secured in such a way, that the operation and the configuration of bus devices can only be done by verifiable authorized persons. It is an effective protective mechanism against manipulation if bus devices can only communicate with each other when they recognize themselves a part of the bus system. According to these and other requirements KNX has developed new security concepts: KNX Data Secure and KNX IP Secure.

 

KNX IP Secure

Encrypted Telegrams If data have to be sent via the internet the connection between the sending and receiving network can be protected by a virtual private network (VPN). Yet, this does not ensure, that the sender is authorized to configure the bus system or to exchange data with it. Here KNX IP Secure offers additional security by extending the KNX IP protocol in such a way that the transmitted data are completely encrypted. This can be realized even in existing installations with little effort.

KNX IP Securezoom
 

KNX Data Secure

KNX Data Securezoom

If data have to be transmitted via KNX only locally, it is sufficient to protect the data by an extension of the bus protocol. The specified protection mechanism KNX Data Secure authentifies and/or encrypts selected KNX telegrams independent of the medium. The keys are allocated to the devices resp. to the objects via ETS. As in one KNX system secured and unsecured applications are possible, it is not necessary to secure all devices. Also existing system components have not to be replaced. Such the effort is kept low and the investment in the KNX bus technology is ensured.

 

Security Protocol worldwide established

In future the newly specified protection mechanisms KNX Data Secure and KNX IP Secure will allow the creation of secured communication channels between KNX participants. Thus the infiltration of manipulated messages in order get control of the system can be inhibited. For this purpose, each message is equipped with an authentication code. The automatic allocation of sequence numbers resp. the sequence identification prevents from the attempt to log data and to re-transmit it later on for sabotage purposes. Finally, the encryption of the data traffic makes the KNX installation almost invulnerable. The procedure is based on worldwide established security protocols.

Further Information

More information about KNX Secure can be found in the Tabs ‘KNX Secure Checklist’ and ‘KNX Secure Position Paper’. Also, do not miss the download section for more!