Network security for device installation – Echelon Lumewave CRD 3000 Street Light Bridge User Manual

Street Light Bridge Integrator’s Guide

33

In addition, CRD 3000 Street Light Bridge modules provide the following security

measures for the RF channel:

•

Each message includes the sender’s RF address.

•

Each message contains a 32-bit sequence number that allows for

duplicate detection and protection against replay attacks.

Network Security for Device Installation

When installing devices within a power line network, you have the following

options for managing authentication security:

•

No security for the devices

•

Security is configured (in a pre-deployment facility) before devices are

installed

•

Security configured (in the field) after devices are installed

For a street lighting network, having no authentication security is not

recommended because the network is generally deployed with minimal physical

security. When you configure security for the devices depends on your network,

but typically, security is configured after installation.
If you configure security after installation, your network must include two

domains: one for device discovery and one for normal communications. In this

case, both domains use the same subnet/node address. Domain index 1 would be

the discovery domain, which the Segment Controller would use to discover and

commission each device (luminaires and CRD 3000 Street Light Bridge modules).

If security is not required for your network, your network can use a single

domain for both discovery and normal communications.
In addition, because ISO/IEC 14908-3 authentication uses distributed

authentication keys, you must consider how to manage the number and

distribution of the keys:

•

Each device (luminaire and CRD 3000 Street Light Bridge module) has

its own unique key assigned before installation

•

Each Segment Controller has a unique key, but the luminaires and CRD

3000 Street Light Bridge modules have non-unique keys (different from

the Segment Controller’s key)

•

All devices within the street lighting network have the same key (a city-

wide key)

In general, assigning a unique key to each device in the street lighting network

before installation is unnecessary. Assigning one key to all devices within the

network is a valid option; be sure to document that key so that the network can

be expanded over time. For most street lighting networks, assigning a unique

key to each Segment Controller, and non-unique keys to all other devices, is the

most economical and secure method. From the Segment Controller, you can

increment the keys for the other devices so that each one has a unique key if you

require additional security.
For a secure network (one in which security is configured before devices are

installed), each device must be defined with the configured and authenticated

attributes set. That is, each device added to the street lighting network must be