ManualsPro Zennio Zennio KNX Secure Securel v2 Encrypted Relay User Guide

Zennio KNX Secure Securel v2 Encrypted Relay User Guide

June 3, 2024
Zennio

Zennio KNX Secure Securel v2 Encrypted Relay

DOCUMENT UPDATES

Version Changes Page(s)
b ****

Added instructions for performing a factory reset.

|

INTRODUCTION

So far, the data transmitted in a KNX automation installation was open and could be read and manipulated by anyone with some knowledge with access to the KNX medium, so that security is guaranteed by preventing access to the KNX bus or to the devices. The new KNX Secure protocols add additional security to the communications in a KNX installation to prevent such kind of attacks.

Devices with KNX secure will be able to communicate securely with ETS and any other secure device, as they will incorporate system for authentication and encryption of the information.

There are two types of KNX security that can be implemented simultaneously in the same installation:

  • KNX Data Secure: secures the communication within a KNX installation.
  • KNX IP Secure: for KNX installations with IP communication, secures communication via IP network.

A secure KNX device refers to a device that has the basic capability to enable secure communication, although it is not always required to do so. An unsecured communication on secured KNX devices is equal to communication established between devices without KNX security.

The use of security depends on two significant settings in the ETS project:

  • Commissioning security: sets whether, during the commissioning, the communication with ETS should be secure or not and opens up the possibility of activating the runtime security.
  • Runtime security: sets whether during runtime, communication between devices should be secure or not. In other words, it determines which group addresses are to be secure. In order to activate the security during runtime, the commissioning security must be activated.

The activation of security on KNX Secure devices is optional. If it is activated, it is set individually in the group addresses, so that all or only a part of the objects can be secured, while the rest can function normally with non-secured devices. In other words, devices with and without KNX Secure can coexist in the same installation.

CONFIGURATION

From ETS version 5.7 onwards, the use of KNX security and all its functionalities to work with secure devices is enabled.
In this section a guide for the configuration of KNX secure in ETS projects is presented.

KNX DATA SECURE

Its implementation ensures communication between end devices. Secure KNX devices will transmit encrypted telegrams to other devices that also have KNX secure.

It will be possible to choose for each group address, whether the communication will be secure or not.

SECURE COMMISSIONING

When a device has a secure commissioning, the communication between ETS and the device will be carried out in safe mode.

A device should have a secure commissioning configured whenever there is runtime security, i.e. one of its objects is associated to a safe group address (see section 2.1.2).

Note: Please note that the presence of a secure device within an ETS project, implies the protection of the project itself with a password.

ETS PARAMETERISATION
The secure commissioning can be set from the “Configuration” tab in the “Properties” window of the device.

Secure Commissioning [Activated / Deactivated]: enables to choose whether ETS should communicate with the device in safe mode or not, i.e. to enable or disable KNX secure on the device.
If the “Activated” option is selected, it will be mandatory to have a password for the project.

Figure 3. Project – Set Password.

An additional way to set a password on a project is through the main window (“Overview”) of ETS. When selecting the project, a section will be displayed on the right side where, under “Details”, the desired password can be entered.

Figure 4. ETS – Device password.

Add Device Certificate: If secure commissioning is “Activated”, ETS will, in addition to the password, request a unique certificate for the device.
The certificate to be added [xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx- xxxxxx-xxxxxx] consists of 36 alphanumeric characters generated from the serial number and the FDSK (Factory Default Setup Key) of the device. It is included with the device and contains the corresponding QR code for easy scanning.

Figure 5. Project – Add Device Certificate.

Device certificate can also be added from the main ETS window (“Overview”), by accessing the “Security” section of the new window displayed on the right side when selecting the project.

Figure 6. ETS – Add device certificate.

During the first secure commissioning, ETS replaces the FDSK of the device with a new key (Tool Key) that is generated individually for each device.
If the project is lost, all tool keys will be lost with it, therefore, the devices cannot be reprogrammed. In order to be able to recover them, the FDSK must be reset.
The FDSK can be restored in two ways: after an unloading, provided that it is performed from the project in which the first commissioning was carried out, or after a manual factory reset (see section 3).

SECURE GROUP COMMUNICATION
Each object of a secure device can transmit its information in encrypted form, thus establishing security in communication or operation.

For an object to have KNX security, it has to be configured from the group address itself, i.e. the address to which the object will be associated.

ETS PARAMETERISATION
The communication security settings are defined from the “Configuration” sub- tab in the “Properties” window of the group address.

Figure 7. KNX Data Secure – Group Address Security.

Security [Automatic / On / Off]: in “Automatic” setting, ETS decides whether encryption is activated if the two linked objects can communicate securely.

Notes:

  • All object linked to a secure group address shall be secure objects.
  • Same device can have both secure and non-secure group address.

Secure Objects can be identified with a “blue shield”.

Figure 8. Secure Object.

KNX IP SECURE

KNX IP security is designed for KNX installations with IP communication. Its implementation ensures the secure exchange of KNX data between systems via secure KNX devices with IP connection.

This type of security is applied on bus interfaces and only in the IP medium, i.e. secure telegrams are transmitted between secure KNX IP couplers, devices and interfaces.

In order for the transmission of telegrams on a main line or sub-line to also be secure, security must be activated on the KNX bus (see section 2.1).

Figure 9. KNX IP Secure scheme

SECURE COMMISSIONING
In this type of security, in addition to secure commissioning in section 1.1.1, “Secure Tunneling” can also be activated. This parameter can be found in the “Settings” tab of the device properties window on the right-hand side of the ETS screen.

ETS PARAMETERISATION
The commissioning and tunneling security settings are defined from the “Configuration” tab in the “Properties” window of the device.

Figure 10. KNX IP Secure – Secure Commissioning and Tunneling.
In addition to Secure Commissioning and the button Add Device Certificate, previously explained on section 2.1.1, will also appear:

  • Secure Tunneling [Enabled / Disabled]: parameter only available if secure commissioning is enabled. If this property is “Enabled”, the data transmitted through the tunnel connections will be secure, i.e. the information will be encrypted through the IP medium. Each tunnel address will have its own password.

Zennio-KNX-Secure-Securel-v2-Encrypted-Relay-10Figure 11. Tunneling Address Password.

The IP tab of the product also contains the Commissioning Password and the Authentication Code, which are required to make any secure connection to the device.

Figure 12. Commissioning Password and Authentication Code.

Note: It is recommended that the authentication code for each device be individual (and preferably the default set in ETS).
The commissioning password will be requested when the IP Interface is selected in ETS to connect to it (the authentication code is optional):

Figure 13. Request for Commissioning Password when selecting a secure IP Interface.

FACTORY RESET

To prevent a device from becoming unusable in the event of losing the project and/or the Tool Key with which it is programmed, it is possible to return it to the factory state restoring the FDSK by following the steps below:

  1. Put the device in safe mode. This is achieved by powering it up with the programming button pressed until the programming LED flashes.
  2. Release the programming button. It keeps flashing.
  3. Press the programming button for 10 seconds. While pressing the button, it lights in red. The reset occurs when the LED turns off momentarily.

This process, apart from the Tool Key, also deletes the BCU password and resets the individual address to the value 15.15.255.

An unload of the application program also deletes the Tool Key and the BCU password, although in this case the ETS project with which it was programmed is required.

OBSERVATIONS

Some considerations for the use of KNX security:

  • Individual address change: in a project with several already programmed secure devices that share group addresses between them, changing the individual address in one of them makes it necessary to program the rest of the devices that share group addresses with it.
  • Programming a reset device: when trying to program a factory reset device, ETS detects that the FDSK is being used and asks for confirmation to generate a new Tool Key in order to reprogram the device.
  • Device programmed in another project: if you try to download a device (safely or not) that has already been safely programmed in another project, you will not be able to download it. You will have to recover the original project or perform a factory reset.
  • BCU key: this password is lost either by manual factory reset or by unloading.

Join and send us your inquiries about Zennio devices: https://support.zennio.com

Zennio Avance y Tecnología S.L.
C/ Río Jarama, 132. Nave P-8.11 45007 Toledo. Spain

Tel. +34 925 232 002

www.zennio.com
[email protected]

References

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

Zennio User Manuals

Zennio Analog Inputs Module User Manual
Zennio
Zennio Tecla X KNX Multifunction Capacitive Touch Switch User Manual
Zennio
Zennio ZS55 Series Decorative Frames Instruction Manual
Zennio
Zennio Zxx Image Downloader User Guide
Zennio
Zennio Z70 v2 Icon List ZVIZ70V2 User Guide
Zennio
Zennio KNX Secure Securel v2 Encrypted Relay User Guide
Zennio
Zennio ZPDEZTPVT Motion Detector with Luminosity Sensor for Ceiling Mounting User Manual
Zennio
Zennio ZPDEZRF868 KNX RF Motion Detector User Manual
Zennio
Zennio ZVIZ70V2 Color Capacitive Touch Panel User Manual
Zennio
Zennio ZSYKIPISC KIPI SC Secure KNX-IP Interface User Manual
Zennio
Zennio ZVITXLX4 PC-ABS Capacitive Push Button User Manual
Zennio
Zennio Tecla 55 PC-ABS Capacitive Push Button of 55×55 User Manual
Zennio
Zennio AudioInRoom KNX Audio Amplifier or Controller User Manual
Zennio
Zennio NTP Clock Master Clock Module User Manual
Zennio
Zennio Tecla 55 X Sign PC-ABS Capacitive DND/MUR Buttons 55×55 User Manual
Zennio
Zennio ZVIT55X1 PC-ABS Capacitive Push Button User Manual
Zennio
Zennio KLIC-MITTE KNX – IT Terminal Gateway for Mitsubishi Electric Ecodan Units User Manual
Zennio
Zennio ZRFMC868 KNX TP/RF Media Coupler User Manual
Zennio
Zennio Proximity and Luminosity Sensor User Manual
Zennio
Zennio KLIC-DA LT KNX/DAIKIN Altherma LT Gateway User Manual
Zennio

Related Manuals

HORIZON HOBBY P-51D 1.2m Mustang BNF Basic Instruction Manual
HORIZON HOBBY
FordEcat 7842528 Video Camera User Manual
FordEcat
MERCATOR ikuu Application for Android Instructions
MERCATOR
Vixic D210S Handheld Label Printer Instruction Manual
Vixic
Tefal OptiGrill XL Health Grill Instruction Manual
Tefal
EATON DIULM7 Reversing Contactor Instructions
EATON
AUTOMATE MT02-0101 Push ONE Instructions
AUTOMATE
Shenzhen Sawco Electronic Technology WSC880FCC Wireless Security Camera User Manual
Shenzhen Sawco Electronic Technology
TaoTronics ET-BH032 Sport Wireless Earbuds User Manual
TaoTronics
Pyle PDWM91 Wireless Microphone System Instruction Guide
Pyle
Genius SP-HF500B Speaker User Manual
GENIUS
Euromaid 60cm Ceramic Cooktop ECCK64 User Manual
Euromaid
Lollipop K7 Sound Machine User Manual
Lollipop
ELMAG DM 315 ROHM Four Jaw Lathe Chuck Owner’s Manual
ELMAG
THE HOME DEPOT MC508B Aluminum Medicine Cabinet Instruction Manual
THE HOME DEPOT
Degrees of Comfort DC54-0064 Electric Blanket King Size User Manual
Degrees of Comfort
ANATEL 100 BR Automotive Head Unit User Guide
ANATEL
lighting styles ICH1130A05 Chandelier Lamp Instruction Manual
Lighting Styles
multiLane AT93000-64150 High-Speed ATE solution Installation Guide
multiLane
EVERBILT 1006960757 Single Handle with Set Screw Instruction Manual
Everbilt
CENSGO ‎BTDM-BK Wireless Headphones Beanie Hat User Manual
CENSGO
Designers Fountain FS-CSN52RGB-XX Cassini Smart Fan Instruction Manual
DESIGNERS FOUNTAIN
VOLLRATH FC-4CS-03120-R Refrigerated and Non-Refrigerated Cold Pan and Frost Top Drop Ins Instruction Manual
VOLLRATH
beko BHCB 93640 BH Cooker Hood User Manual
Beko
IDea EXO15 2 Way Passive 15 Inch Multipurpose Monitor User Guide
iDea
hansgrohe 27372000 Raindance E Jet Shower Instruction Manual
hansgrohe
BRAUN 5712770050 Steam Iron User Guide
Braun
AIRFLOW PCS – 72573603 12volt DC Pull Cord Module Instructions
AIRFLOW
MONNIT MNS2-4-W2-TS-ST-L03 Temperature Sensor User Guide
MONNIT
Contec Pulse Oximeter CMS50D1 User Manual
Contec
Contact Us   Privacy Policy   5.251ms