KNX on smart home data security and integrity

In our age of ubiquitous digital interactions, the question of data security and integrity is a serious issue that is bothering many people. A recent YouGov survey revealed that a staggering 66% of global consumers believe that companies have excessive control over their personal data. This sentiment is not unfounded. Most of us are uncomfortable accepting the lengthy and often obscure terms and conditions that tech platforms and other companies ask us to accept in order to be able to operate online.

Yet, many companies’ business models are centred around the collection and use of our personal data. Another independent analysis shows that big tech companies and many lesser known operators collect and use a great quantity of data about us. 

We reveal a considerable amount of personal information online that we would never share with people we do not know. We share sensitive information on various platforms and apps or allow apps to share data with other vendors and providers, adding to the risks of improper uses of our personal data. This challenge is further amplified by the surge in adoption of digital home assistants like Alexa or Google Assistant, which introduce new vulnerabilities due to their cloud connectivity and services. Governments pass laws to protect our privacy and security; nevertheless data breaches and improper use of our sensitive personal information are not uncommon. 

As a consequence, users lose confidence in all digital supports, including apps, digital platforms and also IoT devices that require the use of personal data. A recent investigation by the World Economic Forum* (WEF) found that homeowners and building managers show a low level of confidence in the security of IoT devices against cyberattacks.

To a great extent, the concerns of users of IoT devices are well placed. The surge in the adoption of diverse connected devices with different hardware and systems in homes and buildings creates vulnerabilities. Breaches and other harmful activities become possible, especially in the nodes where data is interchanged with external servers or the cloud. While users bear a portion of the responsibility for IoT security, manufacturers also play a pivotal role. It’s a shared duty.

In its study mentioned above, the WEF notes that ”security considerations tend to be included late in the design and prototyping phase, leading to unsecured devices and allowing malicious actors to breach systems and connected devices.”

How to build secure IoT systems
KNX Association had already addressed these concerns some years ago, even before the report of the WEF, taking strong measures to guarantee security and data protection and to prevent unauthorised access to its systems in smart homes or buildings. These measures include both the design of more secure products and the development of its protocol, enhancing the integrity of the KNX ecosystem.

For instance, one very effective strategy to maximise the security of personal and sensitive data is to keep the information within the secure domain of one’s home or smart building. Users of KNX installations can choose to keep their data in-house rather than sharing it with cloud services outside their private network. 

KNX IoT: the reference for secure interoperability in the IoT smart home already available today
KNX IoT, the new expansion of KNX technology, offers an interoperable and secure landscape. Security features are built into all new products and solutions to guarantee that all devices are well protected from unauthorised access. For example:
•    While KNX has been the reference standard for interoperability and interworking for a long time (any two certified devices from any member-manufacturer will simply work together at the application level in a secure way), KNX IoT has been designed to add the highest level of security. KNX IoT devices come with security embedded by design. 
•    A new communication/message protocol using CoAP and CBOR has been optimised for resource-constrained communications. 
•    KNX IoT also uses Object Security for Constrained RESTful Environments (OSCORE) to encrypt all types of messages end-to-end between endpoints, even in the presence of intermediaries such as proxies.

KNX Secure for maximum protection
The core of KNX technology has also been extended to protect both data (via KNX Data Secure) and communication (via KNX IP Secure).
•    KNX Secure technology complies with the most advanced security regulations and with EN 50090-3-4, the European Standard that defines security for home and building electronic systems (HBES) communication. This means that KNX can successfully block hacker attacks and minimise the risk of digital break-ins.
•    KNX Secure also meets the highest encryption standards, so the digital infrastructure of buildings is protected effectively and data is highly shielded. KNX Secure offers double protection: KNX IP Secure uses the ISO 18033-3 encryption standard to encrypt all transferred telegrams and data, while KNX Data Secure uses the AES 128 CCM encryption standard to protect user data, such as passwords and home automation settings, against unauthorised access and manipulation. 
•    In 2022, KNX Secure obtained the 'Information security tested Smart Home and Building' VDE certification. This, combined with rigorous KNX certification for each product, highlights our Association's and members' commitment to bolstering IoT system protection against potential cyber-attacks.

Through substantial efforts from KNX Association and KNX Members, a great number of tangible KNX Secure products have been released in recent years. With a portfolio of over 400 secure KNX certified devices, KNX claims to be the world's leading smart home and building ecosystem of secure products. 

All products were put through the exhaustive KNX certification process, which tests their compliance with the authentication and encryption mechanisms. This, along with ETS Professional (a completely new generation of smart automation software), empowers installers and integrators to assess scenarios and embed optimal security in their projects. 

To enhance the capability of our professionals, KNX also provides a comprehensive checklist for installers and security managers to make informed choices. A position paper aids installers and manufacturers in boosting KNX installation security. And a free online training course enables members and installers to maximise the cyber-security of the KNX installations (links below). 

KNX is committed to improving the trust of homeowners and building managers in the security of IoT devices, traditional devices and the smart home and building ecosystems. In so doing, we will not only improve security in the smart home and building industry but also the integrity of end-users.

*Source: World Economic Forum. State of the Connected World 2023 Edition. Insight Report, January 2023