Enhanced data encryption added to comprehensive battery-less wireless portfolio
05-03-2015 |
EnOcean
|
New Technologies
EnOcean has added encrypted data communication to its complete range of
energy-harvesting wireless sensor modules. The enhanced security mechanisms
can optionally be activated and prevent different types of attacks,
including replay and eaves-dropping attacks or forging messages. End
products, such as window contacts, can easily be switched from standard to
secure mode for an enhanced security level to meet specific requirements of
new application fields, such as monitoring, metering or alert sensor
systems.
The security mode was added to the following sensor modules in 868 MHz for
Europe: STM 330 and STM 331 temperature sensor modules, STM 320 and STM 329
magnet contact transmitter modules as well as the STM 250 OEM window
contact. They complete the already available TCM 310 transceiver module
running EnOcean Link as security middleware for gateways and the encrypted
PTM 215/PTM 335 switch modules.
From April 2015, the EnOcean standard 868 MHz sensor modules will include
the optional functionality of enhanced security mechanisms. Shipped in
standard mode, the encrypted data transmission can be activated by simply
pressing the learn button for ten seconds. Without any change in product
design, OEMs can now offer devices that give customers the choice whether
they want to use enhanced security features from the very beginning or at a
later stage. If needed, the security mode can be deactivated by pressing and
holding the learn button again. Also a receiver that decodes encrypted
telegrams can still process standard telegrams enabling OEMs to effortlessly
include enhanced data security in their existing EnOcean-based portfolio.
The enhanced security features add to the 'unique' 32-bit identification
number (ID) of the standard modules which cannot be changed or copied and
therefore protect against duplication. This authentication method already
offers field-proven secure and reliable communication in building
automation. For applications requesting additional data security, the
security mode protects battery-less wireless communication with enhanced
security measures to prevent replay or eaves-dropping attacks and forging of
messages.
One feature is a maximum 24-bit rolling code (RC) incremented with each
telegram which is used to calculate a maximum 32-bit cypher-based message
authentication code (CMAC). The CMAC uses the AES 128 encryption algorithm.
Another mechanism is the encryption of data packets by the transmitter. The
data is encrypted using the AES algorithm with a 128-bit key.
"The reliability of our standard modules is ideal for secure wireless data
transfer in building automation systems. For applications that require
additional validation, EnOcean has expanded its security mechanisms with the
standardised AES algorithm. This is a solid state-of-the-art approach for
enhanced data encryption," said Andreas Schneider, chief marketing officer,
EnOcean. "With the optional security mode, our OEMs can open up new markets
with battery-less solutions, for example metering of conditions, comfort
functionalities and energy-saving applications. This is a decisive
competitive advantage."
ISH 2015, Frankfurt / Main, March 10-14, Stand B69, Hall 10.3.