EN 50090-3-4:2017

SLOVENSKI STANDARD
01-november-2017
Stanovanjski in stavbni elektronski sistemi (HBES) - 3-4. del: Specifikacija KNX S
AL, varna storitev, varna konfiguracija in viri za varovanje
Home and Building Electronic Systems (HBES) - Part 3-4: Specification of KNX S AL,
Secure Service, Secure configuration and security Resources
Ta slovenski standard je istoveten z: EN 50090-3-4:2017
ICS:
35.240.67 Uporabniške rešitve IT v IT applications in building
gradbeništvu and construction industry
97.120 Avtomatske krmilne naprave Automatic controls for
za dom household use
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 50090-3-4

NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2017
ICS 97.120
English Version
Home and Building Electronic Systems (HBES) - Part 3-4:
Secure Application Layer, Secure Service, Secure configuration
and security Resources
Systèmes électroniques pour les foyers domestiques et les Elektrische Systemtechnik für Heim und Gebäude (ESHG) -
bâtiments (HBES) - Partie 3-4 : Spécification des KNX S Teil 3-4: Informationssicherheit auf Anwendungsschicht,
AL, Service sécurisé, configuration sécurisée et Resources Dienste, Konfiguration und Ressourcen
en matière de sécurité
This European Standard was approved by CENELEC on 2017-06-12. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 50090-3-4:2017 E
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms, definitions and abbreviations . 5
3.1 Terms and definitions . 5
3.2 Abbreviations . 7
4 General Introduction (informative) . 7
4.1 General . 7
4.2 General Overview. 11
5 Specification . 12
5.1 Stack and communication . 12
5.2 Resource definition or used Resources. 50
Annex A (informative) Use of CCM . 52
A.1 Goal . 52
A.2 Definitions . 52
A.3 CCM operation . 52
Annex B (informative) Examples — Full encoding of a HBES Secure
APDU . 57
B.1 General . 57
B.2 S-A_Data-PDU . 57
B.3 S-A_Data-PDU . 58
B.4 S-A_Sync.req . 59
B.5 S-A_Sync.res . 60
Bibliography . 62

European foreword
This document (EN 50090-3-4:2017) has been prepared by CLC/TC 205 "Home and Building
Electronic Systems (HBES)".
The following dates are fixed:
• latest date by which this document has to be (dop) 2018-06-12
implemented at national level by publication of an
identical national standard or by endorsement
• latest date by which the national standards conflicting (dow) 2020-06-12
with this document have to be withdrawn
EN 50090-3 is composed with the following parts:
— EN 50090-3-1, Home and Building Electronic Systems (HBES) — Part 3-1: Aspects of
application —- Introduction to the application structure;
— EN 50090-3-2, Home and Building Electronic Systems (HBES) — Part 3-2: Aspects of
application — User process for HBES Class 1;
— EN 50090-3-3, Home and Building Electronic Systems (HBES) — Part 3-3: Aspects of
application — HBES Interworking model and common HBES data types;
— EN 50090-3-4, Home and Building Electronic Systems (HBES) — Part 3-4: Secure Application
Layer, Secure Service, Secure configuration and security Resources.
Introduction
KNX Association as Cooperating Partner to CENELEC confirms that to the extent that the standard
contains patents and like rights, the KNX Association's members are willing to negotiate licenses
thereof with applicants throughout the world on fair, reasonable and non-discriminatory terms and
conditions.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights other than those identified above. CENELEC shall not be held responsible for identifying
any or all such patent rights.
CEN and CENELEC maintain online lists of patents relevant to their standards. Users are encouraged
to consult the lists for the most up to date information concerning patents
(ftp://ftp.cencenelec.eu/EN/IPR/Patents/IPRdeclaration.pdf).
1 Scope
This European Standard defines security for Home and Building HBES Open Communication System.
It is based on ISO/IEC 24767-2, Home network security / Secure Communication Protocol Middleware
(SCPM).
Having a secure HBES solution has several advantages.
— It makes the HBES RF Communication Medium more secure:
HBES RF Radio Frames in plain communication can easily be traced (by sniffer for example).
— It allows for secure applications.
Secure communication is interesting in shutter – and door control and anti-intrusion security, in
order to prevent intrusive commands (burglars…).
It is also interesting in metering to protect for example electrical consumption data.
This document does not define any type of application.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
EN 50090-1:2011, Home and Building Electronic Systems (HBES) - Part 1: Standardization structure
EN 50090-3-2, Home and Building Electronic Systems (HBES) - Part 3-2: Aspects of application -
User process for HBES Class 1
EN 50090-4-1, Home and Building Electronic Systems (HBES) - Part 4-1: Media independent layers -
Application layer for HBES Class 1
EN 50090-4-2, Home and Building Electronic Systems (HBES) - Part 4-2: Media independent layers -
Transport layer, network layer and general parts of data link layer for HBES Class 1
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 50090-1:2011 and the
following apply.
3.1.1
Access Control
definition and evaluation of which communication partner has the right to access which data or call
which services, which is solved by collecting communication partners with the same rights for all data
and services in Roles and defining for each Role and for each piece of data or service the
Permissions that this Role has
3.1.2
Security Black List
standard list of services or DPs that shall exclusively be accepted using HBES Secure communication
using confidentiality
3.1.3
cipher text
generic term that denotes the encrypted data
Note 1 to entry: Cipher text is opposed to plain data.
3.1.4
permission
definition and conditions (plain, authentication, confidentiality) of the functionality that will be accepted
from a Role, in accessing a DP in a device or in accepting services from a communication partner
3.1.5
plain data
generic term that denotes unencrypted data, the content of which depends on the service and the
user and not of confidentiality and authentication
Note 1 to entry: Plain data is opposed to cipher text.
3.1.6
secure DP
datapoint that requires either authentication and/or confidentiality
3.1.7
role
identification of a group of links to a device (multicast, unicast and other) that have the same
Permissions throughout the AIL
3.1.8
secure link
link to a secure DP
3.1.9
Security Link Resources
whole collection of the following Resources:
— the Point-to-point Keys Table;
— the Group Keys Table;
— the Security Individual Address Table;
— the Tool Key
3.1.10
Group Address Security Flags
indication in a configuration tool whether for a Group Address, no secure communication will be used,
or secure communication with authentication and/or confidentiality
3.1.11
Security White List
standard list of services or DPs that are always accepted using plain communication
3.2 Abbreviations
CFB Cipher feedback
FDSK Factory Default Setup Key
IV Initialization Vector
MaC Management Client
MaS Management Server
MAC Message Authentication Code
MiM Man-in-the-Middle
P-AL Plain Application Layer
SAI Security Algorithm Identifier
S-AL Secure Application Layer
SCF Security Control Field
SeqNr Sequence Number
SFCC Security Failure Common Counter
SFL Security Failure Links
SHD Secure Header
SKI Security Key Info
4 General Introduction (informative)
4.1 General
4.1.1 Common overview of HBES Security
This document specifies HBES Open Communication System Data Security, its Resources (of which the
format may be manufacturer specific) and Procedures.
4.1.2 Product types
HBES Open Communication System Data Security is designed to be supported on all existing HBES Open
Communication System Communication Media (HBES TP1, HBES PL110, HBES RF and HBES IP).
This document version does not introduce specific requirements on HBES data interfaces.
HBES Couplers are considered as well. The HBES Secure Frame format (see Figure 5) is designed
so that it can be handled by existing HBES Couplers and newer.
EXAMPLE HBES TP1/RF Couplers.
4.1.3 Secure and plain communication in an installation
1)
The end user wants to be sure that no unauthorized person will be able to control his receivers
(shutters, doors….).
The end user can have many receivers of a unique kind and he would like to have secure
communication only with some of them.

1) Home owner, building owner, building user, etc.
EXAMPLE He may require security for shutters in the lower part of the house, but not request security for
shutters in the upper part of the house.
As secure design requires an extension of the HBES stack, it will be useful to have products:
— that use secure communication and plain communication, and
— other products that use only secure communication.
4.1.4 Prerequisites
Prerequisite 1
Secure communication shall be supported during runtime (typically multicast communication) and
during Configuration (typically point-to-point communication).
Prerequisite 2
The need of a secure communication is a requirement from the receiver.
4.1.5 Product scheme examples
4.1.5.1 Example 1: A secure transmitter linked to a receiver that only requires
Authentication
Figure 1 below deals with bidirectional devices.
NOTE For a unidirectional device, there is no link with the Datapoint “Info Status” (IMUD).
Secured receiver R1
Secured transmitter T1
GA 3
Shutter_actuator_Basic_Wind
PB_Sunblind_Toggle IMUD
GA 1
MUDMUDMUD MUD x Authentication

GA 2
IMUD
SSUD SSUD
x Authentication

WA
x Authentication

...