Security planning, General network communications security – Echelon Lumewave CRD 3000 Street Light Bridge User Manual

32

Planning for the Street Lighting Solution

Security Planning

Security planning for a street lighting network must address both of the

following concerns:

•

Physical security of the luminaires, CRD 3000 Street Light Bridge

modules, and the Segment Controller

•

Network communications security

This document does not describe planning for physical security. The luminaires

do not require extra security to participate in a street lighting network. Because

the CRD 3000 Street Light Bridge modules are typically installed on or near the

luminaires, they have minimal physical security requirements. The Segment

Controller should be installed in a secure location, within communications

distance of the street lighting network.
Network communications security must consider:

•

Power line communications between the Segment Controller and the

street lighting network (luminaires, CRD 3000 Street Light Bridge

modules, and possibly other Segment Controllers)

•

Power line communications between luminaires

•

Power line communications between CRD 3000 Street Light Bridge

modules

•

Radio frequency communications between CRD 3000 Street Light Bridge

modules

In addition, network communications security must address communications

between Segment Controllers and between Ethernet or Internet devices and

Segment Controllers. See the i.LON SmartServer User's Guide for more

information about network communications security for the Segment Controller.

General Network Communications Security

Devices within a street lighting network communicate over the power line

channel using an open-standard protocol, the ISO/IEC 14908-3 Control Network

Protocol. Power line communications are not encrypted; however, messages sent

within a general power line network between devices can use authentication to

prevent unauthorized access to devices and their applications. Devices within a

street lighting network generally use authentication, as defined by the ISO/IEC

14908-3 Control Network Protocol, for power line communications.
CRD 3000 Street Light Bridge modules communicate over an RF channel using a

private protocol. RF communications are not encrypted; however, the CRD 3000

Street Light Bridge modules always use authentication within the RF channel to

prevent unauthorized access to the devices and their applications. For RF-

channel authentication, the Street Light Bridge firmware uses a cryptographic

hash function, the Secure Hash Algorithm (SHA), described by the National

Institute of Standards and Technology (NIST) Federal Information Processing

Standards Publication 180-2 (FIPS PUB 180-2). This hash function ensures that

a CRD 3000 Street Light Bridge module accepts messages only from another

CRD 3000 Street Light Bridge module.