Echelon Corporation 76510R ユーザーズマニュアル
Street Light Bridge Integrator’s Guide
35
• Each message includes the sender’s RF address to detect simple
intrusion.
• Each message contains a 32-bit sequence number that allows for
duplicate detection and protection against replay attacks.
Network Security for Device Installation
When installing devices within a power line network, you have the following
options for managing authentication security:
• No security for the devices
• Security is configured (in a pre-deployment facility) before devices are
• Security is configured (in a pre-deployment facility) before devices are
installed
• Security configured (in the field) after devices are installed
For a street lighting network, having no authentication security is not
recommended because the network is generally deployed with minimal physical
recommended because the network is generally deployed with minimal physical
security. When you configure security for the devices depends on your network,
but typically, security is configured after installation.
If you configure security after installation, your network must include two
domains: one for device discovery and one for normal communications. In this
case, both domains use the same subnet/node address. Domain index 1 would be
case, both domains use the same subnet/node address. Domain index 1 would be
the discovery domain, which the Segment Controller would use to discover and
commission each device (luminaires and Street Light Bridge modules). If
security is not required for your network, your network can use a single domain
security is not required for your network, your network can use a single domain
for both discovery and normal communications.
In addition, because ISO/IEC 14908-1 authentication uses distributed
authentication keys, you must consider how to manage the number and
In addition, because ISO/IEC 14908-1 authentication uses distributed
authentication keys, you must consider how to manage the number and
distribution of the keys:
• Each device (luminaire and Street Light Bridge module) has its own
unique key assigned before installation
• Each Segment Controller has a unique key, but the luminaires and Street
Light Bridge modules have non-unique keys (different from the Segment
Controller’s key)
• All devices within the street lighting network have the same key (a city-
wide key)
In general, assigning a unique key to each device in the street lighting network
before installation is unnecessary. Assigning one key to all devices within the
before installation is unnecessary. Assigning one key to all devices within the
network is a valid option; be sure to document that key so that the network can
be expanded over time. For most street lighting networks, assigning a unique
be expanded over time. For most street lighting networks, assigning a unique
key to each Segment Controller, and non-unique keys to all other devices, is the
most economical and secure method. From the Segment Controller, you can
increment the keys for the other devices so that each one has a unique key if you
increment the keys for the other devices so that each one has a unique key if you
require additional security.
For a secure network (one in which security is configured before devices are
installed), each device must be defined with the configured and authenticated
For a secure network (one in which security is configured before devices are
installed), each device must be defined with the configured and authenticated
attributes set. That is, each device added to the street lighting network must be
a L
ON
W
ORKS
configured device and must use authentication. If security is less