131
This key based security solution requires every controller to have a private key. The bigger the key size the better in terms of security so 2048-bits provides an optimum balance between performance and security. The RSA 1024-bit keys are not considered reliable and the 4096-bit keys are very long so it requires a great deal of CPU resources to decrypt each message. Every lighting fixture control request will need to be authenticated and in order to create a secure connection the control- ler needs to encrypt the message using its private key and the LED drivers which store the public key pair allows the driver to decrypt the messages successfully. All this together makes it almost impossible to break into the system even if an attacker is listening to the UDP packets across the network as they are encrypted using the public/private keys. If messages are not val- id then the driver simply ignores or destroys the packets.
APPLICATION SECURITY This is a very common way security systems can get compromised and it is no different from when a virus or Trojan malware installs itself on your PC and captures all your important data such as passwords and ID codes without you knowing. For example, if you can control your lighting network using a PC across the Internet then if you need to login to your control portal this information can be transmitted to an attacker which could then gain access to your lighting network using your own username and password. This vulnerability isn’t limited to PCs and can also occur in mobile phone and tablet applications. For example, the biggest smart phone operating system by far is Android which is an open source system. Android being open source means that it can pose significant security risks to users and one little known fact is that any Android application can be completely reversed engineered without ex- ception, so it’s important that the Android application does not contain any informa- tion used to maintain security eg; keeping public/private keys hardcoded in software. This is not the same for Apples’ iOS which has more security features.
DENIAL OF SERVICE The DoS attack doesn’t actually need to encrypt or decrypt data across a network as its aim is not to control the network. How- ever, an attacker’s main aim is to overrun the lighting network with so many packets that the system cannot cope and will shut down rendering the system inoperable. Such an attack still causes a significant amount of inconvenience to the user who, for example, may want to switch on or off a fixture but as the system is shut down
cannot control the fixture at all. In reality DoS attacks using standard net- work topologies are exceptionally hard to achieve because significant amounts of UDP traffic has to be generated and directed to the network and this usually requires thou- sands of devices to be controlled concur- rently. However, certain wireless network protocols that are not high speed could easily suffer DoS attacks so it does depend on the infrastructure and technology used to build the lighting network.
WIRELESS PROTOCOLS ARE SUSCEPTIBLE TO VULNERABILITIES An interesting trend that is being seen in the controls market is to use wireless as a control solution which has the added ad- vantage of not having to wire control busses to each driver saving installation time and material costs. The utilisation of wireless technologies for building refits is compel- ling. However it is important to ensure the right protocol is implemented as certain solutions are inherently insecure. Penetration testers have been focusing on wireless technologies for over a decade, and various families of wireless protocols are evolving through a roller coaster ride of security issues, half-baked encryption schemes, and mitigation tactics. While the standard 802.11 wireless protocol used in most wireless hubs is by far the most popular, other wireless protocols have become the focus of security researchers and hackers alike. One protocol that can arguably be placed at the top of the list, and is an area of growing concern, is the 802.15.4 protocol that ZigBee wireless rides on. The ZigBee protocol is becoming popular and is used more and more within lighting controls including within the Philips hue system. The ZigBee protocol differs from tradi- tional 802.11 wireless in many ways, most notably the simplicity, low cost, and elegant function. ZigBee was designed to provide short–distance wireless solutions in which running wires to transfer data is infeasible or cost prohibitive. ZigBee does not provide the bandwidth and advance error checking provided by protocols such as 802.11. This stripped-down approach to networking has many advantages including ease of setup, low power consumption, and simple integra- tion into other devices. ZigBee devices can be used in lots of dif- ferent ways, but they have built-in proto- col support for both mesh and star-based network topologies. Given some very basic configuration settings, a ZigBee device (node) can be joined to an existing mesh network or be assigned as the controlling device to manage the interaction of other ZigBee nodes. As you can imagine, there are lots of security attack potentials here.
ZigBee and the 802.15.4 framework were designed with security in mind, but secu- rity is only effective if it’s implemented properly. While there are numerous types of attacks that have been successfully lever- aged against ZigBee devices, they generally fall into three categories: physical attacks, key attacks, and replay and injection DoS attacks. A recent white paper by the leading tele- communications company, Cisco, highlights the security flaws found within ZigBee based solutions so its important to under- stand which solutions and protocols should be utilised in networked lighting control systems moving forward.
CONCLUSIONS Networked lighting system benefits signifi- cantly outweigh the potential disadvantage of network security. However it is clear that a new class of lighting system engineers will be required to allow the lighting com- munity to design highly flexible, safe and easy-to-use lighting solutions in the future. It isn’t just going to be “Well, I will stick with the good old methods of using control systems”, because even these systems will have security flaws if not setup correctly and as the Barclays bank heist recently showed, someone could quite easily enter a lighting installation posing as a maintenance engineer who could then re-programme traditional controllers. The key aspect is to work with technol- ogy companies that understand the new networked controlled environment as well as specific network IT security principles to provide a degree of assurance that two years down the line your high profile light- ing installation doesn’t get hijacked because of poor security design. It is also important not to be fobbed off with technical jargon which makes you feel secure. For example, if someone states that their system is secure because it uses 1024 or 2048-bit network keys that doesn’t mean the system is secure as we have seen in relation to the Zigbee protocol whereby to provide a denial of service (DOS) attack on the Zigbee lighting system doesn’t actually need packets to be encrypted or decrypted but just injected at high frequency into the network! It looks like the future of lighting is going to require mathematicians, IT support and Network Engineers. “Oh no!”, I hear you cry... Dr. Geoff Archenhold is an active investor in LED driver and ficture manufacturers and a lighting energy consultant.
g.archengold@
mondiale.co.uk
The views expressed in this article are those of the author and do not necessarily repre- sent the views of mondo*arc.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86 |
Page 87 |
Page 88 |
Page 89 |
Page 90 |
Page 91 |
Page 92 |
Page 93 |
Page 94 |
Page 95 |
Page 96 |
Page 97 |
Page 98 |
Page 99 |
Page 100 |
Page 101 |
Page 102 |
Page 103 |
Page 104 |
Page 105 |
Page 106 |
Page 107 |
Page 108 |
Page 109 |
Page 110 |
Page 111 |
Page 112 |
Page 113 |
Page 114 |
Page 115 |
Page 116 |
Page 117 |
Page 118 |
Page 119 |
Page 120 |
Page 121 |
Page 122 |
Page 123 |
Page 124 |
Page 125 |
Page 126 |
Page 127 |
Page 128 |
Page 129 |
Page 130 |
Page 131 |
Page 132 |
Page 133 |
Page 134 |
Page 135 |
Page 136 |
Page 137 |
Page 138 |
Page 139 |
Page 140 |
Page 141 |
Page 142 |
Page 143 |
Page 144 |
Page 145 |
Page 146 |
Page 147 |
Page 148 |
Page 149 |
Page 150