This page contains a Flash digital edition of a book.
130 TECHNOLOGY / LIGHTING CONTROL


Above A standard network topology with potential security flaws. Left Lighting network control with separation from corporate network.


There have already been many examples recently of network security being compro- mised across different applications includ- ing: Philips hue system – The system uses In- ternet and ZigBee protocols to control light bulbs and the system has shown to be easily compromised. Edward Snowden - Leaked documents which highlight that the NSA and GCHQ have been able to successfully decode key online security protocols using PRISM that renders all internet traffic to be easily captured no matter what encryption keys are used. Encryption flaws - US intelligence agency, the NSA, subverted a standards process to be able to break encryption more easily. It had written a mathematical flaw into a random-number generator that would allow the agency to predict the outcome of the algorithm, as reported in the New York Times. Barclays hacking attack gang stole £1.3 million - One of the gang posed as an IT engineer fixing the computer to gain access to a Barclays branch in order to fit a device that allowed the hackers to access its network remotely and transfer money into their own accounts. These brief security flaw examples prove that no matter what security measures are takien it probably means that network enabled lighting systems will never be 100% secure. However the key aspect to remem- ber is that as long as security is built-in from the start, your installation will most likely never be compromised. But if you don’t plan for a secure system, you leave yourself completely open and your system will be vulnerable. There are several ways in which networked lighting systems can be compromised, but the main three are: Network topology – where the intruder is able to take full control of a system and


decrypt all data across the lighting network. Application security – where smart applica- tion software has vulnerabilities contained within it and these vulnerabilities allow intruders to gain partial or full control over your network. Denial of Service (DoS) attack – where an intruder cannot control a networked lighting system but can stop the system from operating as it should. It is similar to when you see websites from global brands taken offline for a period because the DoS overloads the system. I will try and explain each of the issues without becoming too technical and I believe you will be surprised at what gets highlighted.


LIGHTING NETWORK CONTROL TOPOLOGY A typical lighting network control topology is shown above right where the network consists of a number of LED drivers with fix- tures attached to a central hub which could be a switch or WI-FI router that enables a mobile device or PC system to control the drivers. The system can be expanded with other components such as wall switches or indeed control via devices connected to the Internet. This topology may be based upon any type of control protocol but the major- ity of future systems will utilise standard ethernet technology because it is not only widely available, but low cost and a wide number of IT departments are familiar with configuration and setup because security features are directly built in. The main security issue with this topology is that the information is transferred across the network using User Datagram Protocol (UDP) packets. UDP uses a simple trans- mission model with a minimum of protocol mechanisms so it has no handshaking dia- logues, and thus exposes any unreliability of the underlying network protocol to a user’s program. Time-sensitive applications such


as lighting controls often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system. The use of unprotected UDP packets allows an attacker to compromise network traffic and hence obtain full access to any of the LED drivers. All that an attacker needs to do is to access the local network via a vari- ety of ways to gain control, such as: • Compromise the mobile device software by placing a virus or Trojan on it. • Join the Network or WI-FI router using standard packet sniffer software to gain username and passwords. • Access the network via the Internet con- nection externally. In order to improve security of this type of topology it would be better to split the lighting network control onto its own sep- arate network as shown above left. Here, the advantage is the lighting network is self-contained but obviously another router will be required so additional system costs are incurred. The local network is not connected to the internet, so any attacks from the Internet are excluded and as networks 1 and 2 are not connected to each other, any security breaches in the customer’s network or even if network 1 is public and there is no secu- rity at all a network attacker has no chance to access the lighting system from it. Thus, the only possible flaw in this topology is the physical security of the networking device itself, but it will have nothing to do with the software. In order to add further security to a net- work it is possible to encrypt the UDP data packets across the network and between devices. Fortunately, such encryption and decryption can be achieved using public and private key solutions (although this has supposedly been compromised by the US and UK intelligence community!).


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104  |  Page 105  |  Page 106  |  Page 107  |  Page 108  |  Page 109  |  Page 110  |  Page 111  |  Page 112  |  Page 113  |  Page 114  |  Page 115  |  Page 116  |  Page 117  |  Page 118  |  Page 119  |  Page 120  |  Page 121  |  Page 122  |  Page 123  |  Page 124  |  Page 125  |  Page 126  |  Page 127  |  Page 128  |  Page 129  |  Page 130  |  Page 131  |  Page 132  |  Page 133  |  Page 134  |  Page 135  |  Page 136  |  Page 137  |  Page 138  |  Page 139  |  Page 140  |  Page 141  |  Page 142  |  Page 143  |  Page 144  |  Page 145  |  Page 146  |  Page 147  |  Page 148  |  Page 149  |  Page 150