5 minute read
KNX: Open and secure
Open and secure
KNX Secure offers a double protection — encrypting all transferred data and protecting user data against unauthorised access and manipulation
KNX returns as ISE’s Presenting Show Partner for the fourth year, delivering the worldwide standard for home and building control automation. We spoke to Casto Cañavate, Marketing Manager at KNX Association, about KNX’s open technology and why this does not conflict with the highest levels of system security
What do we mean by ‘open’ and ‘proprietary’ technologies? Depending on the technology chosen, a smart home or building system can be described as open or proprietary. It is true that proprietary technologies, normally linked to a specific brand, are generally cheaper, offer the necessary portfolio (not vast, but big enough), can adapt to changes, and so on. However, there is a big disadvantage: users are tied to the system. If there is a problem, the user will need to replace the full system with another one.
A good example of this is what happened when Insteon (a brand of SmartLabs) shut off its servers in April 2022. Users could not work with their servers any more and thus their Insteon systems became obsolete and impossible to change.
By contrast, KNX is an ‘open and secure’ technology. To guarantee this principle, we must ensure that we apply the appropriate criteria and the tools that KNX Association and the ETS tool make available to us. What are some of the main advantages that KNX brings to integrators and their customers by being open? The main advantage is interoperability, which brings limitless possibilities for users.
Let’s take an example in smart homes. When a user considers starting a smart home, they might buy a smart device — most likely a smart speaker. Then their interest grows and maybe they get a smart plug, and then maybe a smart thermostat… Please keep in mind, each of these products needs to be set up, which is easy to do one at a time. But where is the limit? At some point, the user will be overwhelmed by the amount of different devices and apps installed and will not want to add any more devices.
Here is where the integrator comes into play. KNX System Integrators can create a system that will really work in one ecosystem. All products and solutions can be integrated into the same open system. In KNX, we go one step further than interoperability: interworking. We guarantee
that not only do products not conflict with each other in an installation, they also work together.
Isn’t system security handled more easily under proprietary systems? Over time, companies offering proprietary systems tend to forget to invest in features such as security. They do it once, but it becomes hard for them to find the resources to update their protocol; so aspects such as security in their products might get compromised. However, this is not the case for organisations that develop open systems and make their latest version available to the members. At KNX we have specific Working Groups that are tasked with meeting all the necessary security requirements — guaranteeing that KNX offers maximum protection by offering the double protection of KNX IP Secure and KNX Data Secure.
What are the key cybersecurity features of KNX? Our technology follows all necessary security regulations. KNX Secure technology is standardised according to EN 50090-3-4. This means that KNX successfully blocks hacker attacks on the digital infrastructure of networked buildings, thus minimising the risk of digital break-ins.
Moreover, KNX Secure meets the highest encryption standards (according to ISO 180333, such as AES 128 CCM encryption) in order to achieve the highest level of data protection.
KNX Secure guarantees maximum security by offering a double protection: • KNX IP Secure extends the IP protocol in such a way that all transferred telegrams and data are completely encrypted • KNX Data Secure protects user data against unauthorised access and manipulation by means of encryption and authentication.
What are some precautions that KNX system designers should take to minimise the impact of cyberattacks? In addition to the methods offered with KNX Secure technology, there are several other possibilities for creating safe access to a KNX installation: • Configure a VPN connection on the installation router. This is the best option but can sometimes be complex for regular integrators • Use KNX IP gateways that allow the configuration of VPN secure services such as OpenVPN, ZeroTier etc • Use KNX IP access devices with encrypted communication • Use KNX TP devices with IP (non-
KNX standard) cloud connection • For medium to large installations, use a
BMS platform with a KNX native driver that enables the secure integration and monitoring of massive KNX installations. These methods, in combination with the use of KNX IP Secure and KNX Data Secure devices in the facilities, will prevent any additional threat scenario that may arise.
What are some day-to-day precautions that end-users should take? It is not only important to make sure you use a KNX Secure system. Regardless of the size of the system, the user also needs to follow these steps to make sure the installation and the devices are properly secured: • Fix all devices so that they cannot be removed, to avoid unauthorised tampering • Install devices in cabinets with limited access • When mounting devices outside, place them at sufficient height so that others cannot reach them • Use special anti-theft screws to make it more difficult to unmount products • Use binary inputs to control switches, to prevent one person from having direct access to the network • Try to use a dedicated network. If it is wired, do not leave cable loosely hanging or easily accessible — make sure it is hidden. With so many ways to secure a KNX System and an installation, there really isn’t an excuse for leaving KNX projects, whether past, present or future, open to attacks.
To learn more about KNX Secure, visit: https://secure.knx.org
Each component of an open system can be upgraded or replaced independently of the others
KNX at ISE 2023
KNX will be on Stand 2L400 in the Residential & Smart Building Zone. As well as representatives of the KNX Association, there will be more than 10 KNX Member companies exhibiting their products and solutions. Special areas of focus for this year include the latest innovations on KNX IoT, and the new products and solutions already available on the market. Additionally to this, KNX will also be offering professional support thanks to industry experts clarifying all the steps to become a better KNXpert. Get a free entry ticket at https://knxatISE.knx.org
