• State
  • Locked Locked
  • Replies 3 replies
  • Subscribers 55 subscribers
  • Views 319 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Smart Energy, Security & Interoperability?

Leo47836
Intellectual 520 points
Other Parts Discussed in Thread: Z-STACK

Hi,

Looking at the Smart Energy Joining process, I saw that "The SE Profile requires that all devices have a pre-configured Trust Center Link Key".

I wonder how interoperability could exist if each device of a same network must have a same pre-implemented Trust Center Link key?

Thank you.

Leo

 

  • 0
    TI__Expert 4155 points

    Hi Leo,

    The pre-configured trust center link key just allows each device to join the network in a very secure fashion, which are employed in SE networks. The APS transport key message will be encrypted with this pre-configured trust center link key that is only known to both the trust center and the joining device (typically pre-programmed at manufacturing). Otherwise, the network key will be sent in the clear and this is not secure.

    As long as the joining device implements this type of "secure joining", there is no issue with interoperability as this only controls how the device joins the network.

    Feel free to discuss this if something is unclear.

    Cheers,

    -- "Double O"

     

  • 0 in reply to "Double 0"
    Intellectual 520 points

    Thank you for your answer! Indeed, There are still things unclear... :)

    How a secured Smart Energy compliant sensor could be interoperable with pre-configured trust center link key installed?

    When we buy a new Smart Energy compliant sensor, must we tell the seller what is our trust center link key or are we obliged to buy the coordinator adapted to this device?

    Finally, how to activate the Smart Energy Security requirement and remains interoperable?

    As far as I understand, if we don't choose this type of "secure joining" you described :

      - should it be possible first to transmit the network key in the clear and then make the "Key Establishment" process?

     - in this case, does that respect the Smart Energy Security Requirement/Compliancy/Certification?

    Thank you!

    Leo


  • 0 in reply to Leo47836
    TI__Expert 4155 points

    Hi Leo,

    In Smart Energy networks, the trust center is the coordinator of the network and also typically the ESI (Energy Service Interface). The SE specification discusses the "out of band" commissioning method and this is typically what the installer of the SE device must follow. Essentially this out of band mechanism discusses a process for injecting the pre-configured link key down to the ESI and at this point the coordinator is "open for joining".

    You have to choose this secure type of joining or else this will compromise the security policy of the network.

    The SE developer's guide and SE Sample Application user's guide in the Z-Stack distribution are good reference documents.