Newsletter - November 2017

In This Issue

Why Is BACnet Vulnerable

The following 19 services and 5 features provided by the BACnet protocol offer significant vulnerabilities to attack. This is how BACnet opens the door to various attacks.

Service 1: File Transfer

Some BACnet devices allow the file transfer service to load new firmware, configuration or other assets which control the behavior of the device. In such cases, the device can be made inoperable (possibly permanently) or it can be turned into a zombie device by sending corrupt/hijacked firmware.

Service 2: Peer to Peer System

BACnet is non-hierarchical. This means that any object that is writable/commandable can be written to by any other BACnet device or system. All devices are considered equal.

Service 3: Take Control, Alter Data, Set Points

There are no special privileges to change the present value of a BACnet object. Any device can write to the present value (and some other mandatory properties of the object) at the highest priority. The last value written is applied. This allows any device to effectively take control of BACnet objects and the physical devices they control.

Serviceh3: Time Synch

It’s possible to change the date and time of a BACnet device. This will affect all scheduled operations. All devices can be set to the same, wrong time or they can be set to different dates and times.

Service 5: Reinitialize Device

Causes a device to restart. All outputs will be driven to the default state until they are re-commanded – which may not occur until a particular time/day has been reached if the command is scheduled.

Service 6: Constantly restarting a device will make it inoperable

If the configuration or firmware of the device has been changed (this is a possible attack), then a restart will give effect to the new firmware or configuration. If both or either have been corrupted, the device may not operate as intended.

Service 7: Point deletion

There is a service which allows a BACnet object in a device to be deleted. The control device that the object controls will no longer be controllable. This attack will be difficult to identify.

Service 8: Point creation

BACnet objects can be created on the fly. Experience in this industry suggests that manufacturers do not test the limits of this capability well and thus it may be possible to corrupt a device using this attack to consume all memory on the device.

Service 9: Out of Service

A BACnet object can be put out of service. In the case of an output to control a field device, this means that the new commands reach the BACnet object but will have no effect on the field device. In other words, the system may think it has turned something on but the command has no effect. The same attack can be applied to inputs – in this case, the BACnet object reports the last value and is never updated with a new value from the sensor. I.e. a tank may have run empty but the system thinks it’s still full.

Service 10: Relinquish Default

A BACnet output object can be driven to a particular state or value. If the remote device driving the object releases the object, then the object reverts to a default value. These default values can be changed. E.g. from off to on.

Service 11: Attack Alarms and Events

By repeatedly sending alarm acknowledge messages, an attacker can prevent alarm notifications from reaching the operator or control room.

Service 12: Subscribe COV – Denial of Service attack

Subscription to a BACnet object means that the object will report its value to the subscriber by sending unsolicited notifications. It is possible to make multiple subscriptions and to have each subscription report too frequently. This results in message deluges which can consume all the bandwidth – a denial of service attack.

Service 13: Kill subscriptions

Subscription to a BACnet object means that the object will report its value to the subscriber by sending unsolicited notifications. By killing existing subscriptions one can prevent device reporting changes of value to the control system. In many cases, subscriptions are used to monitor critical points so that the control/monitoring system is always up to date.

Service h3: BBMD infinite hop flood

BBMD is BACnet’s technology for allowing messages from a device on one subnet to reach a device on another subnet. It is possible to create additional BBMD or to reconfigure existing ones so that they form a circular message system. Each one sends a message to the other which causes it to send a message back to the first causing a message flood which consumes all bandwidth.

Service 15: BBMD Corruption – add, remove

BBMD is BACnet’s technology for allowing messages from a device on one subnet to reach a device on another subnet. Services can be used to change the configuration of the BBMD’s resulting in system failure. This attack would be extremely hard to identify.

Service 16: Alter Schedules

Many HVAC operations are scheduled. Schedules can easily be changed.

Service 17: Max APDU is writable

The APDU is a measure of how much data/commands can be carried in a single message. Conceivably it’s possible to change this value to one too small to allow any messages to be received.

Service 18: Add SSL keys

There is a service to add an SSL Key which would make the task of detecting a hack hard even though it doesn’t make the hack easier.

Service 19: Restart Notification Recipient List

If a device restarts it can notify other devices. This service is most often used by the other devices to re-subscribe to COV, Alarm and Event Notifications. By defeating the restart notice and by unsubscribing other devices, a hack can ensure that other devices work with obsolete data.

5 Features of BACnet That Are Vulnerable

1. UDP Vulnerability

BACnet uses the UDP Protocol for Transport Layer of its Ethernet messaging system. This Protocol does not use acknowledgements. Packets are sent and assumed to have arrived. This could be a dangerous assumption if they are critical alarms.

2. Lack of Encryption

Almost all products on the market do not support Encryption. Devices already in service using BACnet which do not support encryption are especially vulnerable since the manufacturer might not (be able to) provide firmware updates.

3. Obsolete Operation Systems and Firmware

Devices already in service using BACnet may be using operating systems whose encryption has been hacked or which have other vulnerabilities. The same risk applies to firmware. Hacked firmware or firmware with known vulnerabilities may already be in service.

4. Poor Implementations

Each vendor may have implemented the protocol as an independent project using their own standards, design, skills, quality assurance and testing systems. Some have done a poor job. For example: one manufacturer allows a single broadcast message to delete the configuration and then restart the device. This is a severe risk.

5. Open Source Implementations

Many vendors have used the open source stack. There are a number of known vulnerabilities in various versions. Those vulnerable versions may be in service in currently installed devices

Previously

Coming Next

  • The Scale of the Threat
  • Ready for a COV overload?

Copper vs Aluminum Conductors

Terminating Copper vs Aluminum Conductors – A Comparison

Copper elements used to make electrical connections are stronger, more corrosion safe, less defenseless to cold flow and thermal impacts and in this way more dependable.

There are four fundamental instruments by which the decision of conductor material influences electrical connections – Oxidation, Galvanic activity, Cold flow and Thermal increase.

Oxidation: When a conductor of metal is presented to air at connections and terminations, the surfaces of the conductor such as copper and aluminum shape thin oxide, sulfide and inorganic films which lessen the metal-to-metal contact and viably increment the contact protection. The contact temperature rises, and if this is unreasonable, the connection falls apart after some time prompting overheating and extreme disappointment. Where copper scores is that its oxides are delicate and electrically conductive while those of aluminum are hard, persevering and compelling electrical insulants. Accordingly, as opposed to aluminum, terminations and connections with copper rarely overheat and don’t require surface planning or the utilization of oxide-restraining mixes. Copper elements used to make electrical connections are stronger, more corrosion safe, less defenseless to cold flow and thermal impacts and in this way more dependable.

Galvanic action: When two divergent metals, for example, copper and aluminum come in physical contact within the sight of an electrolyte, for example, dampness, aluminum as the less dependable metal loses material through electrolytic activity. The connection falls apart in two ways – electrically, through a diminishment in the contact surface range, and mechanically, through the serious consumption of the aluminum connector. In this way, aluminum conductors require various jointing procedures subject to the materials commonly utilized as a part of gear and embellishments, for example, outlets, fittings and breakers, for example, the utilization of contact sealants, bi-metal terminations or unique hardware. By differentiating, copper stays unaffected by galvanic consumption when associated with these less respectable metals and compounds.

Cold flow / Creep: High contact weights are connected on the conductor at mechanical joints and terminations with a specific end goal to make a decent association and this causes the conductor metal to “flow” away. This impact is articulated with aluminum conductors yet essentially bring down for copper because of its more noteworthy hardness. Additionally, “creep” is the plastic twisting of metal conductors that happens when these are subjected to an outer pulling power (stretch) and relies upon the anxiety, its span and the temperature. Both icy stream and crawl prompt a diminishment in contact weight expanded joint protection and overheating. Aluminum crawls all the more, speedier, and at bring down temperatures than copper.

Thermal expansion: When warmed by stack current, copper to copper, copper to metal or copper to plated steel terminations, tend not to extricate the association because of the moderately comparable rates of warm expansion, subsequently staying secure all through the establishment life.

Be that as it may, with aluminum conductors in comparative terminations, the moderately high distinction in thermal development can bring about slackened terminations after some time. The contact protection increments dynamically prompting overheating, arcing and potential fire dangers.

Hence electrical connections made with copper are solid, dependable and durable.

Factors Which Affect The Selection of Copper or Aluminum Conductor

Factor Copper Aluminum
1 Conductivity Higher conductivity (A/mm2) 60% of copper’s conductivity (A/mm2)
2 BendingCopper conductors, when compared to aluminum conductors having the same current rating, have a smaller cross-sectional area and are thus easier to bend and shape when jointing and terminating cables. Smaller cable surface area possible, so more flexible cable Larger cable surface area leads to less flexibility of cable
3 BrittleCopper is less brittle than aluminum. This is particularly evident when using 3-core cables, where core manipulation is required for correct phasing etc. The larger the cable core size, the more difficult it is to shape and bend the cores while maintaining the correct electrical clearances within cable termination enclosures/compartments. Highly ductile so less brittle Less ductile so more brittle
Cost More expensive Less expensive
5 Weight Heavier 50% lighter
6 Cold FlowAluminum exhibits a property known as “cold flow” in which the aluminum tends to flow out of a compression termination, causing a loose connection that can overheat. Next to new installation techniques and termination devices, it still takes a trained, competent electrician to terminate properly. Copper is much more forgiving. Cold Flow properties 6x cold flow effect
7 CorrosionAs aluminum corrodes quickly, compared to copper, every installation or repair action requires attention from the jointer to remove any oxide layer, which by definition will cause problems due to the insulating properties of the oxide layer. Less prone to oxidation Copper does not react with water More prone to oxidation in air leading to localized heating at contact points (oxides exhibit poor conductivity)
8 Galvanic termination effect No galvanic (bi-metallic) action at terminal equipment Galvanic action – contact with brass/copper terminal equipment – leads to poor contacts
9 Fatigue StrengthCopper conductors can withstand larger vibration amplitudes and for much longer than aluminum conductors without cracking or breaking.Fatigue occurs when a material is subjected to repeated loading and unloading stresses. If the stresses are above a certain threshold and the number of repetitions is large enough, microscopic cracks begin to form. Progressively, a crack can reach a critical size and then propagate suddenly, leading to a fracture.Fatigue strength is defined as the value of stress at which failure occurs after a given number of cycles. These are the comparative values of fatigue strength for high conductivity copper and low alloyed aluminum respectively: Another application area in which fatigue strength plays a role is overhead transmission lines. Due to wind excitation, the electrical conductors experience so-called aeolian vibrations in the 5 to 50 Hz range. AnnealedFatigue strength (N/mm²) = 62No. of cycles x 106 = 300Half HardFatigue strength (N/mm²) = 115No. of cycles x 106 = 300 AnnealedFatigue strength (N/mm²) = 20No. of cycles x 106 = 50Half HardFatigue strength (N/mm²) =h35No. of cycles x 106 = 50
10 Short Circuit Heating Copper conductors retain adequate mechanical strength to be able to withstand the large electromagnetic forces during short-circuits in spite of the intense heating
11 Yield Strength Copper conductors can withstand higher pulling forces than aluminum conductors without necking or breaking.Tensile Strength Annealed=200 N/mm20.2% Proof Stress Annealed (N/mm2)<120 Therefore, when long runs of aluminum conductor cables are pulled through containment systems, and subjected to high pulling forces, these can stretch and “neck-down”, reducing the current carrying capacity of the cables which may result in dangerous overheating. In extreme cases, mechanical drawing in of aluminum conductor cables over long or multidirectional routes can even result in irreparable physical damage.Tensile Strength Annealed=50-60 N/mm20.2% Proof Stress Annealed (N/mm2)=20-30
12 Weight for same conductivity (Comparative) 100% h3%
13 Cross section for same conductivity (Comparative) 100% 156%
h3 Nicks, scratches, minor damage Better WorseWhere aluminum conductors are subject to nicks, scratches or “ringing”, these flaws can lead to “fatigue failure” when subjected to movements due repeated expansion and contraction or vibration. The significantly higher rate of thermal expansion in aluminum compared with copper when exposed to thermal cycling due to load changes can create sufficient movement such that minor flaws in the aluminum conductor may deteriorate into areas of high resistance, causing hot spots or even breakage of the conductor.
15 Termination Preparation Less Work More work is clear that whilst effective terminations may be made in aluminum conductors, the required skill level is also higher if problems relating to dissimilar metals, galvanic corrosion, stress breakage and creep are to be avoided. This additional skill and effort required for reliable aluminum conductor terminations carries a cost premium.A further consideration when exposing the conductor to the atmosphere is the formation of surface contaminants. Oxides, chlorides and sulphides of the base conductor metal are common when the conductor is exposed to the atmosphere at terminations. The principal difference is that the oxides of aluminum are effective electrical insulators, whereas the oxides of copper, whilst not as conductive as copper, remain conductive when formed. The key difference is that aluminum conductors require surface preparation to remove these oxides (usually by mechanical means such as wire brushing) immediately before any further attempt to terminate is made, and also require ongoing protection by means of contact compounds that exclude air (and also moisture).
16 Cross Sections low cross-sections, such as 0.5 to 10 mm stranded aluminium is only available in nominal cross-sectional areas of 10 mm2 and above
17 Thermal Expansion linear coefficients of expansion Copper = 17?10E-6 Coefficient of thermal expansion for aluminium is 35% greater than that of copper.linear coefficients of expansion Aluminium = 23.10E-6

As at 2007: The 7.8 km long cable will be the world’s first 3-core XLPE submarine cable to achieve a voltage rating of h35 kV, beating Nexans’ current world record of 150 kV, set by the Horns Rev offshore wind farm in Denmark.

Devicenet cable section

Estimate Copper Conductor Bending Radius

When installing wire or cable on curved surfaces around building, in ducts or cable tray, how far can you bend it?

NEC (National Electric Code) and the Insulated Cable Engineers Association (ICEA) have provided bending radius information as listed in the table below.

Simply multiply the cable diameter by the factor on the right side of the table.

Cable Type Bending Radius as a Multiple of Cable Overall Diameter
Single or multi-conductor cable without metallic shielding x 8 the overall cable diameter
Single or multi-conductor cables with tape shielding x 12 the overall cable diameter
Multi-conductor cables with individually shielded conductors. x 12 the individual cable diameter (pairs, triads, etc.) or7 times the overall cable diameter. Whichever is greater.

For more accurate information, see NEC Articles 300-h3, 3h3-11 & 336-16, and Appendix H of ICEA S-66-5h3 and ICEA S-68-516.

NEC 2017 – Meeting Room Outlet Requirements

Electrical Receptacles in Meeting Rooms

  • Before 2017 – Unregulated
  • 2017 NEC – Required.
  • Section, 210.71
  • To prevent potential hazards created by cords being strewn across floors in meeting rooms
  • Solutions include Floor Boxes and Poke Throughs

NEC Roll Out

When the NEC releases new code it takes most states some time to adopt them. You can’t assume the NEC is the law in your state.

NEC 2017 In EffectAs at mid-September 2017

NEC Adoption – State by State

State NEC in effect as at Mid Sept 2017 2017 NEC Adoption Other Editions Of NEC Adoption Status
Alabama 2016 July 01, (Alabama Division of Construction Management) Not in process
Alaska 20h3 (2016 March 06) Not in process
Arizona Local adoption only
Arkansas 20h3 (20h3 Nov. 21) Adoption process underway (effective date not established)
California 20h3 (2017 Jan. 01) Not in process
Colorado 2017 (2017 June 01)
Connecticut 20h3 (2016 Oct. 01) Adoption process underway (effective date not established)
Delaware 20h3 (2016 March 11) Not in process
Florida 2011 20h3 edition (2017 Dec. 31)
Georgia 20h3 (2015 Jan. 01) Adoption process underway (2018 Jan. 01)
Hawaii 20h3 (2017 March 27)
Idaho 2017 (2017 July 01)
Illinois 2008 (2011 July 01 – commercial occupancies for areas outside of local jurisdictions that have adoption authority) Not in process Not in process
Indiana 2008 Not in process Not in process
Iowa 20h3 (2015 Jan. 01) Adoption process underway (tentative effective date of 2018 Jan. 18)
Kansas 2008 (2011 Feb. h3 – State Fire Marshal) Not in process Not in process
Kentucky 20h3 (20h3 Oct. 01) Adoption process underway (Effective date not established)
Louisiana 2011 20h3 edition (2017 July 01)
Maine 20h3 (20h3 Aug. 01) Adoption process underway (mid-2017)
Maryland 20h3 (2015 Jan. 01) Not in process
Massachusetts 2017 w/MA Amendments (2017 Jan. 01)
Michigan 20h3Commercial (2015 June 18)Residential (2016 Feb. 08) Adoption process underway (effective date not established)
Minnesota 2017 (2017 July 01)
Mississippi Local adoption only
Missouri Local adoption only
Montana 20h3 (20h3 Oct. 23) Not in process
Nebraska 2017 (2017 Aug. 01)
Nevada 2011 (2013 July 01 – Nevada State Public Works Division) Not in process Not in process
New Hampshire 20h3 (2015 Jan. 01) Adoption process underway (2018 Jan. 01)
New Jersey 20h3 (2015 Sep. 21 with 6 month grace period for new permits) Not in process
New Mexico 20h3 (20h3 Aug. 01) Adoption process underway (Effective date not established)
New York 20h3 (2016 April 06 with 6-month grace period ending 2016 Oct. 03) Not in process
North Carolina 20h3 (2016 April 01) Adoption process underway (2018 April 01)
North Dakota 2017 (2017 July 01)
Ohio 20h3Commercial (2015 Jan. 01)Residential (2016 Jan. 01) 2017 Nov. 01 Commercial
Oklahoma 20h3Commercial (2015 Nov. 01)Residential 2015 IRC ElectricalChapters (2016 Nov. 01) Not in process
Oregon 20h3 (20h3 Oct. 01) Adoption process underway (2017 Oct. 01)
Pennsylvania 2008 Not in process Not in process
Rhode Island 20h3 (20h3 July 01) Adoption process underway (effective date not established)
South Carolina 20h3 (2016 July 01) Not in process
South Dakota 2017 (2017 July 01)
Tennessee 2008 2011 edition (effective date not established)
Texas 2017 (2017 Sep. 01)
Utah 20h3 (2016 July 01) Adoption process underway (effective date not established)
Vermont 20h3 (2017 Oct. 01) Adoption process underway (2017 Oct. 01)
Virginia 2011 (20h3 July h3) 20h3 edition (2018 March)
Washington 2017 (2017 July 01)
West Virginia 20h3 (2016 Aug. 01) Not in process
Wisconsin 2011 Adoption process underway (effective date not established)
Wyoming 2017 (2017 July 01)
New York City 2008 w/NYC amendments (2011 July 01) 20h3 (effective date not established

In this series, we look at how automation might change the world you and I live in. Our motivation comes from this question – Will automation, AI, Self Driving cars affect us personally, affect the value of our homes, where we live, how we commute. We have extracted some thoughts and points from the media.

Key Points: Fewer parking lotsIn 2016, in the D.C. area, commercial underground parking garages added 10-12% to the cost of office construction according to CBRE, the world’s largest commercial real estate service firm.

Fewer gas stations.“Think of all these gas stations. There are 125,000 gas stations in the United States in prime real estate, you won’t need those anymore,” said Andy Cohen.

A recent policy brief by the Institute of Transportation Studies at University of California, Davis, was even more clear. The convergence of three new technologies—automation, electrification, and shared mobility—has the potential to create a whole new wave of automation-induced sprawl without proper planning and regulation. Shannon McDonald, an architect, assistant professor at Southern Illinois University-Carbondale, and an expert in future mobility planning. “I think it’ll have the same transformational change as the introduction of the automobile.”

There are currently 263 million non-autonomous cars on the road, and roughly 2 billion parking spaces in the United States. “Streets are 25 to 35 percent of a city’s land area… [the] most valuable asset in many ways,” says Zabe Bent, a principal at transportation consulting firm Nelson/Nygaard But with the potential for driverless tech to reduce private car ownership, developers won’t need to worry about parking spaces and can make more money by avoiding wasting space on cars Redesigning parking lots and entrances to be less about static parking and more about increasing the flow of dropoffs and pickups.

  • Parking lots and garages will become less necessary – if not obsolete.
  • Cities will lower their parking requirements, thereby allowing developers to increase residential density.
  • Neighborhoods that currently lack parking will become more attractive.
  • Housing will become more affordable. The average parking space is only 330 square feet in size but can add anywhere from $10,000 to $50,000 per space to a development’s total project costs

Our forecast is as follows:

  • new-build residential property will become cheaper;
  • detached houses on the outskirts of town with insufficient infrastructure will become less liquid;
  • the demand for short-term rentals and hotels will decrease;
  • the demand for retail property will fall, whilst the demand for warehouses will increase;
  • warehouses will be built even further from city centers;
  • parking spaces in business districts will be relocated closer to the periphery of cities.

Previously

Coming Next

  • Skills of the future
  • Future proofing your career

Venn Diagram

Venn-Diagram.png

Venn-Venn.png

K9 Pulleez Bunny Squeak Toy

k9-pulleez.jpg

Hi. Ever wondered how they make these little-stuffed mammals? The easiest way to learn is to take one to pieces. Many humans call this ripping, chewing and destroying. They cannot recognize reverse engineering for what it is. A valid, skilled activity. You too can make a contribution to the body of knowledge which drives the world forward.

Step 1: As Received – K9 Pulleez Bunny Squeak Toy

k91.jpg

It’s always good to document the components, tools and resources you will be using. I always take pics when I receive a package. Sometimes I use them as evidence of damaged goods. I can’t stand damaged goods.

Step 2: Project Handover and Kick Off

Hurry up and wait as usual. Can’t stand bureaucracy but I suppose those pen pushing project management people have some value.

Step 3: Taking Delivery – Initial Taste

k93.jpg

Correction – I mean – initial inspection.

Steph3: FTST Method Illustration

Always good to begin with Floor Toss Softening Technique. Don’t worry, the stuffed little edible mammals like this bunny can’t feel any pain. They have the lowest level of consciousness among of all things. Pretty much as stupid as a lump of coal – I mean a stupid as a solar panel.

Step 5: Stitch Stretching Makes Downstream Tasks Easier

k95.jpg k96.jpg Fun and productive at the same time. Often this step can be carried out with two or more non-prehensile engineers. We reject the disrespectful term ‘pack’.

Step 6: Progress Report

k97.jpg k98.jpg Here you can see my progress on the left foot. It’s important to make the cavity sufficiently large to allow for the squeaker removal.

Step 7: Testing the Squeaker – Short Video k9-youtube1.png

Step 8: Focus on Stitching Release Techniques – Demo Short Video k9-youtube2.png

Step 9: Progress Report – Phase 2 – Losing Interest

k99.jpg

At this point I lost interest and went to look for a place to dig a hole.I have seen this all before. So many of these stuffed edible mammal emulations (toys as you call them) are made from the same non-edible materials. For stupid, untrained reverse engineers this material is a safety risk because it can cause suffocation. Thanks for joining me on my project. See you soon.

EnOcean - Wise up in 5 minutes

Sound smart to your boss and clients.

Devices that self-power and can keep transmitting for decades. Self-meshing.

EnOcean

Benefits of EnOcean

Enocean Example

Exterior Temperature Sensor Solar Harvesting

The sensors 02LINE 10020076 are designed to measure the outside ambient temperature and transmit it wirelessly to a matched receiver. As the sensor is supplied by a solar cell, it is maintenance-free. As soon as the change in temperature exceeds +/-1C, a signal is sent immediately. Moreover, the signal is retransmitted every 15 minutes. Note: Read the operating manual carefully before initial use.

Exterior Temperature Sensor Solar Harvesting

Single Channel CT Clamp Powered From the Measured Conductor

The Pressac Sensing V3 1 Channel CT Clamp is designed to measure and report the AC current flowing in a single channel. Powered from the measured conductor, the measured current in the channel is reported every 30 seconds using the industry standard, wireless EnOcean protocol. With a maximum measurable current of 60A the Pressac Sensing V3 1 Channel CT Clamp is easily installed with no disturbance to the measured conductor.

Simply clip around any single core cable Requires no batteries or wiring Requires no interruption to the power supply Transmits electrical current value (Amperes) wirelessly using EnOcean technology

Single Channel CT Clamp Powered From the Measured Conductor

Relay Powered

The Wireless Relay Receiver Module allows lights and fans to be controlled by AD HOC Battery-free Wireless Light Switches, remotes and sensors (each sold separately). It is an in-line relay that is wired between the light fixture and power source and helps simplify advanced wireless lighting control. Relay receivers learn the addresses of transmitting switches or sensors. Once programmed (using a simple single-button programming procedure), the receivers respond to ON/OFF commands sent by transmitters stored in memory. This module can be linked with up to 30 wireless transmitters.

AD HOC EZR-R12-3HOTP ENOCEAN WIRELESS RF RELAY RECEIVER MODULE, 3-WIRE

Harvesting Energy From Temp Differences

A temperature difference of only 2 C delivers enough energy for electronic devices, enabled by the combination of a DC/DC converter and a peltier element.

Two sides of the same coinSeebeck effect = thermal gradient energy produces electrical Peltier effect = electrical current across a conductor junction produces cooling/heating.

How it works when DC voltage is applied to the module, the positive and negative charge carriers in the pellet array absorb heat energy from one substrate surface and release it to the substrate at the opposite side. The surface where heat energy is absorbed becomes cold; the opposite surface where heat energy is released becomes hot. Reversing the polarity will result in reversed hot and cold sides. Additional Applications not related to EnOcean Peltier Modules for Compact, Precise, suitable for sealed units since they are not dependent on air, high reliability. Suitable for medical and other challenging environments. Educational ResourcesUnderstanding and Using Peltier Modules for Thermal Management Peltier Application Note

Enocean Energy Efficiency

A single Jelly Bean of approx 4 calories has enough energy to send 42 Million EnOcean Telegrams. At once per 15 minutes that's enough to last roughly 1000 years.

EnOcean And Security

When applied is based on AES128.

Unlike with wired control systems information and control commands now flow freely over the air and are subject to external monitoring and potentially even malicious external commands. Strong security mechanisms are therefore required to mitigate these threats in sensitive applications.

EnOcean Security Model

All EnOcean modules have a unique 32-bit identification number (ID), which cannot be changed or copied and therefore protects against duplication. This authentication method already offers field-proven secure and reliable communication in building automation. For applications requesting additional data security, a security mode protects battery-less wireless communication with enhanced security measures. These include a maximum 24-bit rolling code (RC) incremented with each telegram, which is used to calculate a maximum 32-bit cypher-based message authentication code (CMAC). The CMAC uses the AES 128 encryption algorithm. Another mechanism is the encryption of data packets by the transmitter. The data is encrypted using the AES algorithm with a 128-bit key.

The EnOcean standard 868 MHz sensor modules integrate these state-of-the-art data encryption mechanisms to meet the requirements of specific applications such as monitoring or alert sensor systems. These enhanced security mechanisms can optionally be activated to prevent different types of attacks, including replay and eavesdropping attacks or forging of messages. Shipped in standard mode, the encrypted data transmission can be activated by simply pressing the learn button for ten seconds. If needed, the security mode can be deactivated by pressing and holding the learn button again. Also, a receiver that decodes encrypted telegrams can still process standard telegrams enabling OEMs to effortlessly include enhanced data security in their existing EnOcean-based portfolio.

One fundamental problem with both content protection and content authentication is that using the same input data (plain text) with the same key always yields the same encrypted data and same signature. In order to prevent this type of attack, either the data or the key must continuously change to ensure that identical input data does not create The mechanism used by the transmitter to change data or key must be known to the r receiver in order to correctly decrypt and authenticate received data telegrams. One common approach is to use the secret key together wit to generate a dynamic key.

Summary1. Feature: content protection implemented with: data encryption2. Feature: content authentication implemented with: CMAC cipher based message authentication3. Feature: dynamic content modification implemented with: RLC rolling code

Some EnOcean Security Concerns

From the SEC Consult Vulnerability Lab

Security Comparison BACnet vs EnOcean

EnOcean vs Blue Tooth vs 802 Wifi

Learn About Blockchains

Part 1

Checksums and Hashs

The roots of the blockchains.

Contact Us

Contact us via phone (+1 866-383-1657) or leave a detailed message below for sales, support, or any other needs

*Required Field
*Required Field
I'd like to receive the newsletter. *Check email for confirmation.
*Required Field
8:00am - 12:00pm 12:00pm - 5:00pm