Hirose: Connecting the future
Industrial Ethernet Book Issue 105 / 6
Request Further Info   Print this Page   Send to a Friend  

Secure infrastructure for smart lighting automation

Intelligent network technology can provide an access- and outage-protected, segmented infrastructure that supplies smart lighting systems with energy using PoE. Established Internet Protocol security standards can assure securely encrypted information exchange between sensors, actuators and users.

THE INTERNET OF THINGS (IoT) is facing a massive security problem due to the insufficiently protected information exchange between end devices, control units, and users. Be it Zigbee, Bluetooth or WLAN, mobile communications standards in particular have shown serious security gaps in the recent past. But bus-based solutions, such as KNX/DALI, are also unprotected and can easily be attacked which raises the question for a completely secure lighting infrastructure.


The Smart Engine takes care of the energy supply to the lamps over Power-aver-Ethernet Plus. It uses suitable, standard data lines that are also used for the IT infrastructure.

Who hacks light switches?

Now, what motivates an attacker to manipulate lamps or to read-out the illumination times and power consumption? The lighting in hospitals or industrial buildings belongs to the most critical infrastructures. Production, safety, and even human lives depend on good lighting. But for this reason, it is a target for harmful attacks and blackmailing attempts.

In addition, it has to be noted that lighting infrastructure is usually connected with other networks, such as the building automation or the data network. If someone gains access to an unprotected weak spot, for instance a light switch, they will be able to read out, manipulate, or sabotage the data of all networked devices.

To accomplish this task, the attacker only needs the appropriate hardware and software as well as a basic technical know-how about bus systems. The problem actually is an insufficient segmentation of the networks. The attacker can now access data-sensitive network computers, as well as production-critical actuators or security-relevant sensors.

Unsegmented and unencrypted

The manufacturers of bus-based lighting solutions use open communication protocols for the information transfer between lamps, sensors, and control units. In a completely isolated communication structure, this is not a problem at all. The different infrastructures of automated buildings, however, are typically networked. DALI is a communications standard to control automated lighting by means of sensors. KNX takes over the integration into control technology.

On the management level, for instance the computer-based control of different lighting scenarios for conferences and event rooms, the communication takes place over the information network. Thus, each connected device becomes a potential weak point. If an attacker succeeds in gaining access, they can manipulate all connected devices and read out their data. For this reason, unnoticed and uncontrolled access has to be prevented by all means. Open protocols cannot accomplish that, since they are designed for the information transfer between the most diverse devices. These standards were not designed to have network access. As a result, they are not protected against the associated risks.

In combination with the open communication standards, unsegmented networks constitute the decisive security risk. If the networks are not separated from each other physically and by means of internal firewalls (ports), attackers will be able to move between the infrastructures without being noticed. Network switches with protected ports segment specific infrastructures, thus keeping the damage potential as low as possible. The physical separation between the infrastructures has to be applied across all layers: management, automation, and field layer. The management and automation layers already communicate over Ethernet. So why not implement this secure standard between the automation and field layer as well?

IT security standards

The IT world has been facing attacks for a period of time. For this reason, its main emphasis is on secure and protected technology. The Internet-Protocol (IP) is a popular communication standard. It is primarily used for the information exchange within internal networks and on the Internet. The networking is implemented by means of Ethernet or fiber optic cables.

The IT world offers standardised functions to ensure network security. Protected network switches include a significant security technology: Network Access Control (NAC). The aim is to identify sensitive end devices in the network and to categorise them according to security levels. Insecure devices are sorted out. Access is blocked for network activities or they are only granted limited access.

The Internet Protocol (IP) is a proven and secure protocol. It exclusively permits communication between authorised and authenticated devices. In this way, the unpermitted and undesired control of devices or the read-out of information can be prevented efficiently.

IP offers a high degree of security. Its application in building automation is therefore a necessary step in the modernisation of outdated automation structures. In terms of lighting, an IP-based automation solution with Power-over-Ethernet (PoE) in combination with economical LEOs makes sense. With Smart Lighting, MICROSENS fully integrates lighting automation into the IT infrastructure of modern buildings, and makes information technical security standards available on the lighting level.


Software solutions feature a web-based interface for use with a wide variety of devices including tablets and smartphones.

Intelligent switches and PoE

Having intelligent lighting communicate over IP does not only make sense, it is also absolutely future-proof. Smart Lighting, completely integrates intelligent lighting into the IT infrastructure of the building and has a number of advantages: security, flexibility, software control as part of a decentralised smart building solution.

Complete building control, including the lighting, is controlled via micro switches, which are intelligent network distributors on the room level. PCs, printers, and IP phones can be connected over these switches to the network. Moreover, a modern control software for building automation, the Smart Director, is running on the switches.

It is an additional security barrier, as the communication is never performed directly between the sensor or user and the actuator, but always over the software. User permissions ensure that only authenticated users or end devices can access the lighting system. Unauthorised devices and access attempts are detected by the Smart Director and are automatically blocked.

In addition to performing the information transfer, the Ethernet connection specified by the IP Standard is able to supply the LED lighting via Power-over-Ethernet in the low-voltage range. A Smart Engine, which is installed in the wall or a suspended ceiling and works as a network distributor for the PoE lighting solutions, feeds power into the Ethernet cables.

Information and power flow through this high-capacity infrastructure. The LED, sensor, and Smart Lighting Controller make up one lamp unit. The Smart Lighting Controller controls the light intensity depending on user entries or sensor data.

With its own IP address, it is possible to read out every single lighting unit via the MICROSENS building management software, the Smart Building Manager. Consumption, activity, and sensor data help both the staff and automation software maximise the energy efficiency of the building.

Conclusion

Intelligent network technology provides an access-and outage-protected, segmented infrastructure and supplies the lamps with energy over PoE. The established security standards of the Internet Protocol ensure a securely encrypted information exchange between sensors, actuators, and users.

Technology report by MICROSENS.


Source: Industrial Ethernet Book Issue 105 / 6
Request Further Info    Print this Page    Send to a Friend  

Back

Sponsors:
Analog Devices: Time Sensitive Networking
DINSpace fiber optic and Cat 6 patch panels
ICP DAS at SecuTech Thailand
Japan IT Week Autumn

Get Social with us:



© 2010-2018 Published by IEB Media GbR · Last Update: 12.12.2018 · 32 User online · Privacy Policy · Contact Us