Criminals are finding more and more ways to commit cyber attacks for extortion and data vandalism. In recent years, attacks on home and building automation have therefore also become more frequent. In particular, these are not attacks from the inside, through direct access of the attacker to the KNX network, but cyber attacks from the outside via the Internet. The target of such attacks can be the pure manipulation of KNX systems, i.e. pure vandalism, or blackmail by manipulating or blocking KNX systems. For this reason, a lot of progress has been made under the topic of "KNX Secure" to make KNX installations more secure.
Here, too, carelessness is the gateway to possible attacks. Hackers usually gain illegal access to the building via internet routers or their open ports. In this way, criminals can gain access and unload the KNX devices or render them inoperable, overwrite them or provide them with a password. In any case, considerable damage is caused to building owners and operators.
Protecting a KNX installation or project can be relatively simple. First of all, open ports should be closed. Ideally, for remote maintenance and external visualisation of a project, one uses a hardware firewall or an Internet router that contains a firewall functionality. This firewall functionality provides a VPN connection.
Access to the installation must be established via a secure cloud application or a directly encrypted tunnel connection. Even more security is provided to the operator by using KNX Secure functionality. The result of years of development is a comprehensive KNX security architecture that builds on internationally ISO 18033-3 standardised security algorithms such as AES 128 CCM encryption to effectively prevent attacks on digital infrastructure of buildings.
KNX IP Secure protects the IP communication between KNX installations. For this purpose, KNX IP Secure extends the IP protocol in such a way that all transmitted telegrams and data are fully encrypted. In addition, KNX Data Secure effectively protects user data, including data exchanged with the various end devices, from unauthorised access through encryption and authentication. These two mechanisms can be used in combination to achieve greater security.
For existing KNX projects, the security level can be effectively increased. Only the existing KNX IP routers have to be replaced by KNX Secure variants and the KNX Secure function has to be activated. This way, all KNX telegrams on the IP network/Ethernet are encrypted. The content of the encrypted communication in bits and bytes can no longer be interpreted by criminal intruders. This requires the Secure Key, which these foreign persons do not own. If you want to further expand the security level of the KNX installation and also prevent unauthorised access at the sensor and actuator level, it is possible to use KNX sensors and actuators with KNX Secure. If this security mechanism is activated on the basis of telegram transmission, it is referred to as "KNX Data Secure".
Regardless of whether it is a private or commercial project, one should be aware of the risks of unauthorised access to data traffic at an early stage and take appropriate measures. In order to minimise the risk of unauthorised access, there are already proven products and corresponding mechanisms that can be used depending on the security requirements and offer the necessary protection. VPN solutions in combination with e.g. Apricum KNX Secure devices offer optimal protection.