Realising KNX Encryption
The possibility to remotely control KNX
installations via the internet and/or via the wireless network WLAN requires
additional protective measures. Due to the access to devices and media exists
the risk of manipulation of the data traffic. Thus it is necessary to protect
the transmitted information on each medium (KNX TP, PL, RF, IP) against
modification or logging telegrams and repeating them in a manipulating way from
The remote access to a KNX bus system via the internet should be secured in such a way, that the operation and the configuration of bus devices can only be done by verifiable authorized persons. It is an effective protective mechanism against manipulation if bus devices can only communicate with each other when they recognize themselves a part of the bus system. According to these and other requirements KNX has developed new security concepts: KNX Data Secure and KNX IP Secure.
KNX IP Secure
Encrypted Telegrams If data have to be sent via the internet the connection between the sending and receiving network can be protected by a virtual private network (VPN). Yet, this does not ensure, that the sender is authorized to configure the bus system or to exchange data with it. Here KNX IP Secure offers additional security by extending the KNX IP protocol in such a way that the transmitted data are completely encrypted. This can be realized even in existing installations with little effort.
KNX Data Secure
If data have to be transmitted via KNX only locally, it is sufficient to protect the data by an extension of the bus protocol. The specified protection mechanism KNX Data Secure authentifies and/or encrypts selected KNX telegrams independent of the medium. The keys are allocated to the devices resp. to the objects via ETS. As in one KNX system secured and unsecured applications are possible, it is not necessary to secure all devices. Also existing system components have not to be replaced. Such the effort is kept low and the investment in the KNX bus technology is ensured.
Security Protocol worldwide established
In future the newly specified protection mechanisms KNX Data Secure and KNX IP Secure will allow the creation of secured communication channels between KNX participants. Thus the infiltration of manipulated messages in order get control of the system can be inhibited. For this purpose, each message is equipped with an authentication code. The automatic allocation of sequence numbers resp. the sequence identification prevents from the attempt to log data and to re-transmit it later on for sabotage purposes. Finally, the encryption of the data traffic makes the KNX installation almost invulnerable. The procedure is based on worldwide established security protocols.
More information about KNX Secure can be found in the Tabs ‘KNX Secure Checklist’ and ‘KNX Secure Position Paper’. Also, do not miss the download section for more!
KNX News Flyer
Available in 13 Languages
KNX Secure Checklist
Available in 6 Languages
KNX Secure Position Paper
Available in 2 Languages
KNX News Presentation
Available in 2 Languages