Highlights from Light + Building 2018 – Part 5: KNX Secure

YHApril2018By Yasmin Hashmi, KNXtoday

In Parts 1, 2, 3 and 4 of this five-part series on highlights from the recent Light + Building show in Frankfurt, we presented a selection of KNX products and technologies ranging from new user interfaces, to HVAC, lighting and shading; system programming, servers, gateways, sensors and the IoT.

The common thread behind these systems in smart buildings, including homes, offices, hotels and private/public buildings, is the trend towards their integration into IP networks. This offers the possibility of greater performance and control, but also introduces a potential vulnerability in terms of attack from unauthorised access over the IP network, whether it be an intranet or the Internet.

According to Franz Kammerl, President of the KNX Association, “Terminals, interfaces, radio standards and communication protocols: vulnerabilities can potentially be found everywhere. Therefore, smart homes and buildings should be secured with the most comprehensive and recognised safety standard, which is also unique in the world in this area: KNX Secure.”

Crowds gather in the KNX IoT City at Light + Building 2018 to hear about KNX Secure.

Crowds gather in the KNX IoT City at Light + Building 2018 to hear about KNX Secure.

There are two mechanisms of KNX Secure, namely KNX IP Secure which protects the IP communication between KNX installations; and KNX Data Secure which protects user data, including data exchanged with various terminals. Both can be combined and used in parallel to achieve maximum safety.

In the last part of this series, we look at some of the newly-emerging KNX Secure products in this exciting area of development, that were on show at Light + Building 2018.

KNX IP Secure and KNX Data Secure

Among the growing number of companies throwing their weight behind KNX Secure was Theben with a preview of KNX IP Secure line couplers and routers, and ABB with its ABB i-bus KNX IP Router Secure. This encrypts all communication across a building’s IP backbone and also secures commissioning, thereby reducing the risk of an attack over the IP network. By adopting KNX IP Secure, it uses the highest possible security on the market based on the encryption standard ISO/IEC 18033-3 AES 128. It offers a range of features including: KNXnet/IP Secure Routing for a secure communication on the IP backbone, KNXnet/IP Secure Tunnelling for up to five clients such as ETS or visualisations; an option for Unicast communication, and easy commissioning with ETS.

The ABB KNX i-bus KNX IP Router Secure.

The ABB KNX i-bus KNX IP Router Secure.

Australian company Red Fish has implemented KNX IP Secure and will soon be implementing KNX Data Secure with its KNX Edge secure IP interface. This multiprotocol gateway supports ModBus, Web Services, Google Home and more, and up to 25 concurrent tunnelling actions. Used in conjunction with the Red Fish KNX Anywhere cloud service, it also supports secure end-to-end remote programming, including with ETS, automatic security updates, and integration with the Red Fish KNX Insight visualisation and app control editor. Production is due to start in June.

Redfish Managing Director, Justin Clacherty, previewing the KNX Edge KNX IP Secure interface and KNX Insight software.

Redfish Managing Director, Justin Clacherty, previewing the KNX Edge KNX IP Secure interface and KNX Insight software.

OEM developer, Tapko, showed a range of KNX Secure products that will be available imminently. These include a KNX IP interface that supports KNX IP Secure; a KNX IP router that supports KNX IP Secure and KNX Data Secure; and a number of KNX Data Secure-supporting products such as a KNX RF USB stick, a KNX TP USB interface, a KNX TP line coupler, a KNX RF media coupler, a KNX TP pushbutton interface and a KNX TP 640mA power supply.

Tapko CEO Klaus Adler proudly presenting Tapko's range of KNX Secure products.

Tapko CEO Klaus Adler proudly presenting Tapko’s range of KNX Secure products.

Weinzierl was demonstrating the KNX IO 511 secure switching actuator. This compact unit supports KNX Data Secure, includes one bi-stable output and two binary inputs and can also be manually operated. It provides functions for universal outputs including scene switching, on/off delay, staircase light switching and control of heating valves (PWM for thermal actuators). Telegrams are encrypted, with the encrypted data being shown in blue in ETS. When you first connect the device to the KNX bus, ETS generates an encryption key according to the serial number of the device, which can be found on the side of the device as a QR code.

Weinzierl's Head of Test Laboratory, Elena Eckbauer, pointing out the KNX IO 511 secure switching actuator alongside the Weinzierl KNX Multi IO 570 universal input and output module that supports 48 digital channels.

Weinzierl’s Head of Test Laboratory, Elena Eckbauer, pointing out the KNX IO 511 secure switching actuator alongside the Weinzierl KNX Multi IO 570 universal input and output module that supports 48 digital channels.

NETx Automation was promoting a new KNX IP Secure driver for the NETx BMS Server. This implements tunnelling to protect the connection between the NETx BMS Server and secure KNXnet/IP routers and interfaces against malicious users. The server has access to all KNX lines via these connections, so central commands can be implemented directly in the server and then triggered by the customer via visualisation.

Schematic of the NETx Automation NETX BMS server using the new KNX IP Secure driver.

Schematic of the NETx Automation NETX BMS server using the new KNX IP Secure driver.

Other secure KNX systems

Gira was promoting the Gira S1 remote access module. This is designed to work with the Gira X1 server and Gira HomeServer to provide secure remote communications between a smart phone and a KNX smart home. The company says that as the device portal is located in Germany, it is subject to German data protection laws, ensuring that strict German standards are maintained. Indeed Gira is using the S1 to connect Amazon Alexa to the Gira X1 for voice control of intelligent building functions. The hardware will also support KNX Secure through a future firmware update.

The Gira S1

The Gira S1

And finally, MDT was offering a new product database for its MDT SCN-LK001.01 line coupler. This is designed to protect the KNX system from remote access, particularly where KNX devices are used in outdoor buildings, for example, motion detectors, twilight sensors and weather stations. The new parameter ‘Configuration from subline – enable/disable’ has been implemented into the product database and can be used to block the programming of the line coupler and main line devices from the subline.

A new product database feature for the MDT SCN-LK001.01 line coupler prevents a KNX system from being manipulated from the outside.

A new product database feature for the MDT SCN-LK001.01 line coupler prevents a KNX system from being manipulated from the outside.

That concludes the last in this series of highlights from Light + Building 2018. I hope this series has given you a good flavour of how truly impressive and inspiring the KNX presence was at the show, and perhaps encouraged you to attend next time in 2020. If you attended this time and have any of your own show picks, that are not covered here, you are welcome to comment below any of the following articles:

Part 1: IoT, Home Automation, HVAC, Water Management, Lighting and Shading.
Part 2: Simpler Design, Installation and Control.
Part 3: KNX Servers, Gateways and AV.
Part 4: KNX User Interfaces and Sensors.
Part 5: KNX Secure.

Share via:

Leave a reply (comments are moderated)