User's Manual
Table Of Contents
- Welcome
- Audience
- Related Documentation
- FCC Compliance
- RF Statements
- Introduction
- Installation for the Street Lighting Solution
- Setting Up the Segment Controller
- Planning for the Street Lighting Solution
- Managing a Street Lighting Network
- Controlling a Street Lighting Network
- Interoperable Interface for the Street Light Bridge
- Cryptography License
- Glossary
34 Planning for the Street Lighting Solution
Security Planning
Security planning for a street lighting network must address both of the
following concerns:
• Physical security of the luminaires, Street Light Bridge modules, and the
Segment Controller
• Network communications security
This document does not describe planning for physical security. The luminaires
do not require extra security to participate in a street lighting network. Because
the Street Light Bridge modules are typically installed on or near the luminaires,
they have minimal physical security requirements. The Segment Controller
should be installed in a secure location, within communications distance of the
street lighting network.
Network communications security must consider:
• Power line communications between the Segment Controller and the
street lighting network (luminaires, Street Light Bridge modules, and
possibly other Segment Controllers)
• Power line communications between luminaires
• Power line communications between Street Light Bridge modules
• Radio frequency communications between Street Light Bridge modules
In addition, network communications security must address communications
between Segment Controllers and between Ethernet or Internet devices and
Segment Controllers. See the
i.LON SmartServer 2.0 User's Guide
for more
information about network communications security for the Segment Controller.
General Network Communications Security
Devices within a street lighting network communicate over the power line
channel using an open-standard protocol, the ISO/IEC 14908-1 Control Network
Protocol. Power line communications are not encrypted; however, messages sent
within a general power line network between devices can use authentication to
prevent unauthorized access to devices and their applications. Devices within a
street lighting network generally do use authentication, as defined by the
ISO/IEC 14908-1 Control Network Protocol, for power line communications.
Street Light Bridge modules communicate over an RF channel using a private
protocol. RF communications are not encrypted; however, the Street Light
Bridge modules always use authentication within the RF channel to prevent
unauthorized access to the devices and their applications. For RF-channel
authentication, the Street Light Bridge firmware uses a cryptographic hash
function, the Secure Hash Algorithm (SHA), described by the National Institute
of Standards and Technology (NIST) Federal Information Processing Standards
Publication 180-2 (FIPS PUB 180-2). This hash function ensures that a Street
Light Bridge module accepts messages only from another Street Light Bridge
module.
In addition, Street Light Bridge modules provide the following security measures
for the RF channel: