With the threat of hacking ever-present, KNX Association has developed KNX Secure – a robust security solution for wired-, wireless- and IP-based installations. In this exclusive interview with KNXtoday, KNX Association CFO & CTO, Joost Demarest, talks strategy and implementation.
KNXtoday: Why is security a priority for KNX Association?
JD: In the past, there was limited awareness of security in the KNX community. For a start, many KNX installations are based on twisted pair (TP) wire, so if physical access to the installation is restricted, e.g. devices are in locked distribution boards, then the risk of someone hacking an installation is low. And as KNX Association spelled out in the KNX Security Checklist available from the KNX web site, many measures can be taken in KNX Classic installations to protect them against unwanted access and tampering. More recently, awareness of security has grown and KNX is now being used increasingly in wireless setups, so the KNX Secure extension has become essential.
KNXtoday: What typical scenarios do you see KNX Secure being applied to?
JD: KNX Association sees three areas in which we expect KNX Secure to be used. Firstly, in KNX installations that include radio frequency (RF) communication. Secondly, in buildings where it is difficult to prevent physical access to the installation (e.g. in public areas of public buildings). And last but not least, in protecting against unwanted access to an installation via IP.
KNXtoday: Developing a robust and workable solution such as this is clearly a landmark for KNX. What was required to get manufacturer Members on board?
JD: As KNX is an open protocol, it was imperative for KNX Association to thoroughly coordinate the solution amongst manufacturers and deliver the corresponding extension to ETS in a timely manner. Selecting an encryption algorithm is one thing; it is quite another to create a solution based on that algorithm that is also watertight and manageable by all involved. The specifications are now finalised, the test specifications and test tools have already been tried out on first prototypes, and ETS 5.6 supports KNX Data Secure (for TP and RF) and KNX IP Secure (for IP). Many KNX manufacturers are about to launch their first implementations of KNX Secure, and KNX Data Secure has already become an international standard as EN 50090-3-4!
KNXtoday: What has KNX Association been doing to get the KNX Secure message across?
JD: KNX has created the KNX Security Checklist, has written the KNX Security Position Paper, and is working on extensions to the KNX training documentation. The ETS Help files contain many tips and tricks on the use of KNX Secure and KNX Association has given numerous presentations at conferences and fairs.
We are also running the ‘KNX Secure Roadshow’
With all of this, the community should be well prepared for the commercial launch of the first products.
KNXtoday: We saw a number of manufacturers previewing KNX Secure products at the Light + Building fair earlier this year. How is development of KNX Secure products progressing?
JD: Many manufacturers have already updated their system stacks to support KNX Secure, and some of them have already positively passed the tests. The KNX Team is conducting all of the first certification tests, to make sure that all test specifications and testing tools are bug-free before tests of further KNX Secure implementations are delegated to the KNX-accredited test labs.
KNXtoday: Another hot topic for KNX is the IoT. How will KNX Secure fit in with this?
JD: KNX Secure is clearly a security solution for KNX Classic installations, whereby KNX IoT is a completely IP-based communication extension to KNX Classic. For KNX IoT, of course security mechanisms will also be selected, but these will be largely based on mechanisms that are defined by the Internet Engineering Task Force for IP devices.
KNXtoday: How would you summarise progress so far?
JD: KNX Association regards KNX Secure as a milestone in building automation, as KNX is the first building automation system that comes with a vendor-independent security concept for its field-level devices. This brings many opportunities for KNX and for KNX manufacturers. We are convinced that, thanks to the availability of KNX Secure, adoption of KNX by building owners will increase further still.