Page 16

Industrial Ethernet Book 105

Applications Secure infrastructure for smart lighting automation Intelligent network technology can provide an access- and outage-protected, segmented infrastructure that supplies smart lighting systems with energy using PoE. Established Internet Protocol security standards can assure securely encrypted information exchange between sensors, actuators and users. THE INTERNET OF THINGS (IoT) is facing a massive security problem due to the insufficiently protected information exchange between end devices, control units, and users. Be it Zigbee, Bluetooth or WLAN, mobile communications standards in particular have shown serious security gaps in the recent past. But bus-based solutions, such as KNX/ DALI, are also unprotected and can easily be attacked which raises the question for a completely secure lighting infrastructure. Who hacks light switches? Now, what motivates an attacker to manipulate lamps or to read-out the illumination times and power consumption? The lighting in hospitals or industrial buildings belongs to the most critical infrastructures. Production, safety, and even human lives depend on good lighting. But for this reason, it is a target for harmful attacks and blackmailing attempts. In addition, it has to be noted that lighting infrastructure is usually connected with other networks, such as the building automation or the data network. If someone gains access to an unprotected weak spot, for instance a light switch, they will be able to read out, manipulate, or sabotage the data of all networked devices. To accomplish this task, the attacker only needs the appropriate hardware and software as well as a basic technical know-how about bus systems. The problem actually is an insufficient segmentation of the networks. The attacker can now access data-sensitive network computers, as well as productioncritical actuators or security-relevant sensors. Unsegmented and unencrypted The manufacturers of bus-based lighting solutions use open communication protocols for the information transfer between lamps, sensors, and control units. In a completely isolated communication structure, this is not a problem at all. The different infrastructures of automated buildings, however, are typically networked. DALI is a communications standard to control automated lighting by means of sensors. KNX takes over the integration into control technology. On the management level, for instance the computer-based control of different lighting scenarios for conferences and event rooms, the communication takes place over the information network. Thus, each connected device becomes a potential weak point. If an attacker succeeds in gaining access, they can manipulate all connected devices and read out their data. For this reason, unnoticed and uncontrolled access has to be prevented by all means. Open protocols cannot accomplish that, since they are designed for the information transfer between the most diverse devices. These standards were not designed to have network access. As a result, they are not protected against the associated risks. In combinat ion wi th the open communication standards, unsegmented networks constitute the decisive security risk. If the networks are not separated from each other physically and by means of internal firewalls (ports), attackers will be able to move between the infrastructures without being noticed. Network switches with protected ports segment specific infrastructures, thus keeping the damage potential as low as possible. The physical separation between the infrastructures has to be applied across all layers: management, automation, and field layer. The management and automation layers already communicate over Ethernet. So why not implement this secure standard between the automation and field layer as well? IT security standards The IT world has been facing attacks for a period of time. For this reason, its main emphasis is on secure and protected technology. The Internet-Protocol (IP) is a popular communication standard. It is primarily used for the information exchange within internal networks and on the Internet. The networking is implemented by means of Ethernet or fiber optic cables. The IT world offers standardised functions to ensure network security. Protected network switches include a significant security technology: Network Access Control (NAC). The aim is to identify sensitive end devices in the network and to categorise them according to security levels. Insecure devices are sorted out. Access is blocked for network activities or they are only granted limited access. The Internet Protocol (IP) is a proven and secure protocol. It exclusively permits communication between authorised and authenticated devices. In this way, the unpermitted and undesired control of devices or the read-out of information can be prevented efficiently. IP offers a high degree of security. Its application in building automation is therefore a necessary step in the modernisation of outdated automation structures. In terms of 16 industrial ethernet book 4.2018 SOURCE: MICROSENS The Smart Engine takes care of the energy supply to the lamps over Power-over-Ethernet Plus. It uses suitable, standard data lines that are also used for the IT infrastructure.


Industrial Ethernet Book 105
To see the actual publication please follow the link above