The adoption of networked lighting control technology in Building Automation Systems (BAS) is fast expanding not only to save lighting energy and costs, but also to integrate with other automated networks to improve overall building efficiency. The benefits of combining lighting control systems with occupancy and daylight sensing and HVAC controls, for example, are well documented (Figure 1). Increasingly, however, networked lighting can provide a gateway to security and access control systems.
Figure 1: Energy harvesting wireless solutions technology provider EnOcean promotes the benefits of integrating lighting and HVAC systems to increase efficiency in smart buildings.
Meanwhile, the huge amount of information now available from BAS has led to enterprise-wide analytical services, exploiting this data to manage every aspect of a facility’s energy consumption and to reduce operational costs. Data management and control of larger installations are, by necessity, moving to the cloud, with web-based platforms and remote control via mobile devices. Such data and the information derived therefrom, is now regarded as business critical, contributing to corporate mission objectives.
Data security is becoming a major concern. With disparate, though largely interoperable, data networks connected via multiple wireless protocols, and accessible via mobile devices, the potential for hacking, whether for industrial espionage, vandalism or worse, is worryingly high. Access to the lighting network, for example, could provide an entry point through the BAS, to enterprise systems and servers, bypassing existing network defenses and creating a threat to safety, productivity or company IP.
This article will consider how networked lighting control systems can be protected against hacking, tampering and vandalism. Protection can (and should) take many forms, starting at device or node level. Solutions range from the simple choice of secure microcontroller, through dedicated authentication and encryption technologies to sophisticated software and hardware mechanisms.
At the device level, examples from Atmel’s portfolio include MCUs with basic security features, such as the AT32UC3 range, dedicated authentication devices such as the CryptoAuthentication and CryptoMemory ranges, and the turnkey, CryptoController secure MCU based on the industry standard Trusted Platform Module.
According to a recent report from Navigant Research, Commercial Building Automation Systems (BAS)1, the global market for commercial BAS is expected to grow from $59.3 billion in 2013 to $86.7 billion in 2023. Crucially, the report highlights that the evolution of energy efficient lighting is a key driver in this sector. Increased adoption of LED lighting has opened the opportunities for advanced networked lighting controls.
In a separate report, Energy Efficient Lighting for Commercial Markets2, LED technology is expected to dominate the retrofit lamp/luminaire market, increasing from just a 15% share in 2014 to 74% by 2023. To counter the market effects resulting from the lengthening lifespans of LED lamps, the report indicates that lighting companies are shifting towards providing lighting controls and lighting services.
Meanwhile, wireless controls are expanding in smart buildings, to link devices within and between disparate systems, such as HVAC, lighting, safety and security. The ability to install sensors and devices, and connect them without wiring is attractive, as building managers increasingly want to improve system integration, and thus energy efficiency, without the cost of a major refit. The trend in commercial BAS towards retrofitting solid state luminaires, and the ease by which these can be wirelessly networked and controlled, makes this an obvious market for both lighting control vendors as well as wireless solution providers. There is a view that, for these reasons, LED lighting networks could become the catalyst for better-integrated building automation systems.
Open wireless networking and interface standards, interoperable, wireless networks, high-speed connectivity and cloud computing, controllable from a mobile device, make fully integrated building automation systems a viable and attractive proposition. Yet, at the same time, they can be vulnerable, creating the potential for security breaches, unauthorized access and possible attacks.
So-called ‘cyber threats’ are becoming more frequently reported and increasingly sophisticated. While ‘Mission Impossible’ or ‘A-Team’ style hacking into a BAS to take control of elevators, alarm systems, and security personnel ID may be a little far-fetched, the principle by which this can be done is sound. The ability to capture radio signals or sensitive data transmitted to or within a network, or via a mobile device, is one obvious weakness.
Hacking into a BAS can result in any number of threats, ranging from nuisance (turning lights off/on), to business damaging (turning off air conditioning in server rooms, or refrigeration units in food storage facilities), to life-threatening (turning off fire alarms, emergency lighting), to theft of IP – both products and processes. More sinister, is the possibility of attacks injecting viruses into the systems, or through a poorly secured communication port, accessing client data, or even accessing a client’s network to obtain sensitive data. There is a clearly identified need for IT security authentication and encryption technology, both hardware and software, to be incorporated throughout building automation networks.
Fortunately, one of the simplest ways of networking solid-state lamps and luminaires is through an integrated driver circuit and microcontroller (MCU). There are a number of easily implemented approaches to providing robust security on any MCU-based system, whether at the node (luminaire) or network control level, ensuring that the lighting network, at least, does not provide easy entry for hackers.
The choice of an MCU with some level of embedded security is an obvious first step. Many vendors offer such devices. The choice will depend on what levels of security are required and how much sensitive data may be accessible from that device. Obviously, such MCUs also need to meet the application’s power, format, interface and especially, cost constraints.
MCUs such as Atmel’s 32-bit AVR UC3 family are designed to be high performance and low power. To protect sensitive data, these MCUs feature proprietary FlashVault code protection, enabling on-chip flash to be partially programmed and locked. It is used for securing on-chip storage of secret software and valuable IP. Code stored in FlashVault will execute as normal, but reading, copying or debugging the code is not possible.
The AVR UC3 C series is designed for high performance industrial control applications, including communications hubs. A typical part is the AT32UC3C264C-Z2UR, containing 64k flash memory. An evaluation board, the AT32UC3C-EK is readily available.
Atmel points out that for an added level of security against hackers, designs using the AVR UC3 C series can be combined with its CryptoAuthentication devices. These are dedicated security devices, small in size and low power, and work with any processor or MCU with a single GPIO. A key benefit is that they offload key storage and the execution algorithms from the MCU, thereby reducing both system cost and complexity. They are ideal too for embedded systems where space is at a premium. These tiny 3-pin SOT23 devices are available to support SHA-2, AES and ECC cryptographic algorithms.
Figure 2: Atmel’s CryptoAuthentication devices are tiny and easily integrated into embedded systems.
The SHA parts are particularly useful when installed in the radio nodes of a wireless network, so that a transmitting device (the host) can verify that it is communicating with a valid network node. Additional security is achieved by installing a device in the host or network controller, especially where developers, subcontractors or clients may have access. Furthermore, CryptoAuthentication devices can be configured to encrypt data and/or simply verify data integrity, and checking that data has not been tampered with.
The ATSHA204A-MAHDA-T, for example, is described as a full turnkey security device. It features 4.5 kb EEPROM, a standard I2C interface at speeds up to 1 Mb/s and operates from 2 to 5.5 V. A number of useful design guides and application notes are available3. A development platform, CryptoAuthXplained is designed for fast system prototyping, allowing engineers to understand easily how the device can be used for security applications. A comprehensive starter kit, the AT88CK101STK8, includes an AVR microcontroller baseboard with USB interface, allowing designers to learn and experiment on a PC platform.
Cost efficient, high security EEPROMs in the CryptoMemory series range from 1 kb to 256 kb, and user memory can be divided into up to sixteen sections for different levels of read/write access. Operating from 2.7 to 5.5 V, most are equipped with a 64-bit embedded hardware encryption engine, four sets of non-readable, 64-bit authentication keys and four sets of non-readable 64-bit session encryption keys. Code can remain safe, even under attack. Devices connect to virtually any microcontroller, to provide added security in a range of embedded applications for data protection, host/node authentication and a secure means of preventing counterfeiting and piracy. A popular part in the range is the AT88SC0808CA, featuring 8-kbit user memory divided into eight 128-byte zones, each of which may be individually set or combined to provide space for one to eight data files.
Last, but by no means least, Atmel’s CryptoController is the company’s strongest security solution, based on the industry standard Trusted Platform Module (v1.2). Designed predominantly for use at the network level, it provides IP protection, system integrity, authentication and secure communication. Based on the AVR 8-bit microcontroller, the CryptoController features secure boot, integrated, protected non-volatile storage for cryptographic keys and other secret data, hardware random number generator, active shielding, and a variety of tamper-evident circuits. Interfaces include SPI, LPC and I2C, for both PC and embedded computing systems.
The AT97SC3204T is a typical device in the range, with two-wire serial and I2C interfaces, and operating in the industrial temperature range from -40 to 85oC, and requiring a 3 to 3.6 V supply.
Clearly, security authentication and encryption technology has to be built right through the network architecture of any building automation system, and is beyond the scope of this article. However, designers of luminaires, lighting modules and lighting control systems targeted at networked system applications, particularly in commercial buildings, will increasingly have to consider security aspects.
Incorporating components, such as secure MCUs and dedicated security devices, even at the lowest level, could provide a competitive advantage.