Simple planning and configuration of KNX Secure products
Sunday, 01 September, 2019
ETS monitors parameters, generates security keys and safeguards projects.
Whether it is an office building, industrial facility or a smart home, ETS is always a guarantee of an expert KNX installation implemented using compatible products from different manufacturers. Planners, installers and system integrators all over the world rely on this tool for professional automation of building technology.
In light of an increase in cyber criminality and a growing need for data security, you can always count on ETS. With continual further development, the software is now also fit for the new security architecture, KNX Secure. As a result, ETS users can in future also ensure their customers have maximum protection against hackers.
The current ETS version 5.6 fully supports KNX Secure. Its main tasks include the project design, parameterisation and commissioning of the devices as well as the project security. Intelligent functions make the configuration of KNX Secure products easy. Once an ETS project has been opened and the topology has been configured, the corresponding KNX Secure products can be imported as usual. They are easily recognised by a blue ‘protective shield’.
Monitoring of the status
ETS makes parameters available to carry out device security settings for KNX IP Secure: ‘on’, ‘off’ or ‘automatic’. ETS processes the Group Address security for KNX Data Secure in the same way.
An automatic procedure ensures that devices or Group Addresses which are related to each other always have the same status. If a conventional IP router was inserted, for example, in a KNX IP Secure medium, it would be rejected by ETS. It behaves in the same way with Group Addresses for KNX Data Secure. ETS indicates if secured and unsecured data points should be linked to a Group Address and suggests solutions for this scenario. A mixed operation is possible if secure and unsecure functions are kept separate. For example, with multiple channel actuators, the Group Addresses of the channel functions can be set as ‘secure’ and ‘unsecure’ but then the device itself is ‘secure’.
Certification of devices
When the device security and Group Address security is activated, a password must of course be set for the project. This protects the program against unauthorised access. It must also be possible to authenticate each device in the telegram traffic. ETS thus requires an individual device certificate for each KNX Secure product as well as KNX IP Secure and KNX Data Secure. This consists of a device-specific factory key and a serial number. The factory key is located either on the device or is available for example as a code. It can be entered during the project design or, at the latest, at the commissioning stage if ETS requests it automatically.
The factory key is not sent via the bus but entered externally in ETS or scanned for security reasons. After the initial registration, the ETS automatically generates a new device key which is valid immediately. The original factory key is archived. It can only be activated by resetting the device. A safety principle is thus applied which corresponds to the handling of a home router or the written registration of online banking access.
Management of the security keys
The management of the security key is an integral part of the ETS functionality. During the parameterisation of the project, ETS generates as many runtime keys as required for the group communication that is being protected. The runtime key is stored and can be exported for other applications, for example, for visualisation. Finally, all the security keys are stored in the ETS project. They are required for the commissioning phase. These are the last resort if a project is lost as a KNX project cannot be reconstructed without a security key. This process therefore requires reliable archiving of the project software. The list of security keys should be printed out just in case and kept somewhere safe.
For more information about KNX Secure, visit knxsecure.knx.org.
To receive 50% off your ETS Inside licence, visit knx.org.au.
Originally published here.