Security functions of interface

Owned by Wolfgang Granzer
Jun 03, 2020
1 min read

The KNX standard was extended by KNX Security to protect KNX installations from unauthorized access. KNX Security reliably prevents the monitoring of communication as well as the manipulation of the system.

The specification for KNX Security distinguishes between KNX IP Security and KNX Data Security. KNX IP Security protects the communication over IP while on KNX TP the communication remains unencrypted. Thus KNX IP Security can also be used in existing KNX systems and with non-secure KNX TP devices.

KNX Data Security describes the encryption at telegram level. This means that the telegrams on the twisted pair bus are also encrypted.

KNX IP Security for the interface function

When using a KNX IP router as an interface to the bus, access to the installation is possible without security for all devices that have access to the IP network. With KNX Security a password is required. A secure connection is already established for the transmission of the password. All communication via IP is encrypted and secured.

In both modes, the interface forwards both encrypted and unencrypted KNX telegrams. The security properties are checked by the respective receiver or tool.

KNX Data Security for the device

The NETx KNX Secure Router also supports KNX Data Security to protect the device from unauthorized access from the KNX bus. If the KNX IP router is programmed via the KNX bus, this is done with encrypted telegrams.

Encrypted telegrams are longer than the previously used unencrypted ones. For secure programming via the bus, it is therefore necessary that the interface used (e.g. USB) and any intermediate line couplers support the so called KNX long frames.