manualshive.com logo in svg

EnOcean STM 550X Series, Руководство пользователя, Страница: 34 / 79

Поделиться
Скачать
EnOcean STM 550X Series Скачать руководство пользователя страница 34

 
USER MANUAL

 

 
 
 

STM 550X / EMSIX 

 ENOCEAN MULTI-SENSOR 

 

© 2020 EnOcean | www.enocean.com F-710-017, V1.0       

 

STM 550x / EMSIx User Manual | v1.0 | February 2020 |  Page 34/79 

 

Figure 22 below illustrates the content authorization via a CMAC signature. 
 
 
 

 

 
 
Figure 22 

 Telegram authentication

 

 

5.1.3

 

Dynamic security key modification 

 
One fundamental problem with both content protection and content authorization is that us-
ing the same input data (plain text) with the same key always yields the same encrypted 
data and the same signature.  
 
This  enables  attacks  based  on  monitoring  previous  system  behaviour.  If  an  attacker  has 
observed that a certain data telegram results in a certain light being turned on then he could 
use this information to identify - or even actively send - similar telegrams in the future. This 
type of attack is often called 

Replay Attack

 since it works by reusing (replaying) previously 

used data telegrams. 
 
In order to prevent this type of attack, either the telegram data or the security key must 
change  to  ensure  that  identical  input  data  does  not  create  identical  encrypted  radio  tele-
grams. The mechanism used by the transmitter to change the telegram data or the security 
key has to be known to the receiver in order to correctly decrypt and authenticate received 
data telegrams.  
 
The change of telegram data or security key is typically ensured by means of monotonously 
incrementing counters. The value of such counter is then used to either modify the telegram 
payload or the security key. EnOcean systems use the latter approach. 
 
 
 
 
 
 
 
 

 
 
 
Figure 23 

 Dynamic security key modification

 

Signature 

Calculation

Input Data

Secret Key

Signature

Data

Signature

Data

Signature 

Calculation

Secret Key

Compare

OK

Decryption

Dynamic Key

Unencrypted Data

(Plain Text)

Encryption

Unencrypted Data

(Plain Text)

Encrypted Data

Dynamic Key

Encrypted Data

Secret Key

Incrementing 

Counter

Secret Key

Incrementing 

Counter

Data Valid?

NO

YES

Содержание STM 550X Series

Страница 1: ...User Manual v1 0 February 2020 Page 1 79 Patent protected WO98 36395 DE 100 25 561 DE 101 50 128 WO 2004 051591 DE 103 01 678 A1 DE 10309334 WO 04 109236 WO 05 096482 WO 02 095707 US 6 747 573 US 7 0...

Страница 2: ...without notice For the latest product specifications refer to the EnOcean website http www enocean com As far as patents or other rights of third parties are concerned liability is only assumed for mo...

Страница 3: ...3 Learn mode 13 2 3 4 Function test mode 13 2 3 5 Illumination test mode 14 2 3 6 Factory reset mode 14 2 4 Reporting interval 15 2 4 1 Energy considerations 15 2 4 2 Standard reporting interval 16 2...

Страница 4: ...de and signature CMAC type 35 5 3 STM 550x security implementation 36 6 Commissioning 37 6 1 Radio based commissioning 38 6 2 QR code commissioning 38 6 3 Commissioning via NFC interface 38 7 NFC inte...

Страница 5: ...SOLAR_TX_INTERVAL 63 8 5 19 LIGHT_THRESHOLD 64 8 5 20 LIGHT_TX_INTERVAL 65 8 5 21 ACCELERATION_THRESHOLD 66 8 5 22 ACCELERATION_TX_INTERVAL 67 8 5 23 TEMPERATURE_THRESHOLD 68 8 5 24 TEMPERATURE_TX_INT...

Страница 6: ...ilding or industrial control systems communicating using the EnOcean radio standard STM 550x uses the same mechanical form factor as the industry standard PTM 21x modules from EnOcean STM 550x impleme...

Страница 7: ...it s Communication range for guidance only 200 m free field 30 m indoor environment Temperature measurement range accuracy 20 C 60 C 0 3 K 1 Humidity measurement range accuracy 0 100 r h 3 r h 1 Illum...

Страница 8: ...aging information 1 5 1 STM 550x Packaging Unit 100 units Packaging Method 10 modules per tray 10 trays per box 1 5 2 EMSIx Packaging Unit Individual unit packaging Packaging Method TBD packages withi...

Страница 9: ...ecurity based on a device unique private key and a sequence counter in accordance to the EnOcean Alliance Security Specification This ensures integrity confidentiality and au thenticity of the transmi...

Страница 10: ...ing STM 550x response and LED feedback Type LRN Button Action STM 550x Response LED Feedback Single Short Press LRN button once 1s Exit from Sleep Mode Send Learn Telegram 1 short blink Double Short P...

Страница 11: ...ry has to be installed with the positive pole point ing upwards i e towards the side of the solar cell EnOcean recommends Renata CR1632 due to its low self discharge and high capacity Gloves should be...

Страница 12: ...er 8 5 11 2 3 1 Standard operation mode During standard operation STM 550x wakes up periodically and reports the current sensor status using data telegrams The STM 550x wake up timer is by default con...

Страница 13: ...ibed in chapter 8 5 11 2 3 3 Learn mode In learn mode STM 550x will transmit a Teach in telegram to communicate the device source address and security key to a receiver After that transmission STM 550...

Страница 14: ...s solar cell every 5 seconds for a period of one minute and compute the average illumination based on those measurements The computed average illumination is then available in the NFC register ILLUMIN...

Страница 15: ...rting interval of STM 550x will increase its power consumption since it will measure and transmit more often Likewise increasing the reporting interval of STM 550x will reduce its power consumption si...

Страница 16: ..._TX_INTERVAL NFC register as described in chapter 8 5 12 Consider the available energy before lowering the reporting interval as discussed in chapter 2 4 1 The default setting for the standard reporti...

Страница 17: ...L_TX_INTERVAL STANDARD_TX_INTERVAL SOLAR_CELL_TX_INTERVAL LIGHT_SENSOR_TX_INTERVAL LIGHT_SENSOR_TX_INTERVAL Figure 6 Illumination controlled reporting interval STM 550x can use either the light level...

Страница 18: ...e temperature measured by the temperature and humidity sensor to trigger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register as...

Страница 19: ...use the humidity measured by the temperature and humidity sensor to trigger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register...

Страница 20: ...ger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register as described in chapter 8 5 8 reports acceleration 2 Configure the acce...

Страница 21: ...ct to trigger a higher update rate To enable this feature use the following steps 1 Make sure that the EEP selected using the EEP register as described in chapter 8 5 8 reports the magnet contact stat...

Страница 22: ...he human eye s perception of ambient light This light sensor reports the light level directly underneath the sensor spot measurement Figure 11 shows the spectrum response of the STM 550x illumination...

Страница 23: ...or accuracy To determine the overall system accuracy the quantization error reporting step size de termined by the selected EnOcean Equipment Profile EEP has to be added to this value 3 4 Humidity sen...

Страница 24: ...ved or shaken The second case acceleration vector change can be used to determine the presence or absence of small vibrations acceleration vector changes Examples use cases causing such small vibratio...

Страница 25: ...be sufficient for most use cases Acceleration threshold The acceleration threshold determines the threshold of acceleration vector change required to trigger a wake on vibration event as described ab...

Страница 26: ...to Figure 2 and Figure 3 for the location of the magnet contact sensor within STM 550x and to chapter 9 5 for mounting instructions EMSIx product packaging includes a block magnet suitable for use wit...

Страница 27: ...at EnOcean radio transceivers such as TCM 310 or TCM 515 will convert both ERP1 and ERP2 into the same EnOcean Serial Protocol ESP3 format so that this difference is normally not noticeable 4 1 1 ERP1...

Страница 28: ...0 100 r h 8 Bit A5 04 03 4BS Temperature 20 C 60 C 10 Bit Humidity 0 100 r h 8 Bit A5 06 02 4BS Light Sensor 0 lx 1020 lx 8 Bit A5 06 03 4BS Light Sensor 0 lx 1000 lx 10 Bit A5 14 05 4BS Vibration De...

Страница 29: ...on group to which this telegram belongs e g the function group of temperature sensors within the four byte sensor telegram type VARIANT or TYPE VARIANT which is confusingly also called TYPE identifies...

Страница 30: ...BS telegrams encodes either the sensor status 4BS Data Telegram dur ing normal operation or identifies EEP and manufacturer of the device during teach in 4BS Teach in Telegram The distinction between...

Страница 31: ...ogether with their reported data MID Content Data 0x06 Energy status remaining energy 1 byte integer value expressing Valid values 0 100 0x0D Energy delivery of the harvester 1 byte Enumeration Valid...

Страница 32: ...y has to be preventing an unauthorized person often referred to as an Attacker both from learning about the current state of a system and from actively changing it These goals can be achieved via tech...

Страница 33: ...ture is inversely proportional to the signature size so for instance for 24 Bit signatures the likelihood would be one in 16 million Conceptually the correspondence between message and signature is li...

Страница 34: ...ng replaying previously used data telegrams In order to prevent this type of attack either the telegram data or the security key must change to ensure that identical input data does not create identic...

Страница 35: ...y is a random 128 Bit 16 byte value that is known only to the sender and the receiver s It is used to encrypt decrypt and authenticate telegrams 5 2 3 Rolling code and signature CMAC type The rolling...

Страница 36: ...lected both via the LRN button and via the NFC interface For high security mode the default security level format SLF is set to use a 4 byte sequence counter to generate a 4 byte signature For backwar...

Страница 37: ...d by exchanging a 128 Bit random security key used by STM 550x to authenticate its radio telegrams STM 550x provides the following options for these tasks Radio based commissioning STM 550x can commun...

Страница 38: ...n the product label described in chapter 2 2 4 The parameters are encoded according to the ANSI MH10 8 2 2013 industry standard The QR code on the product label in chapter 2 2 4 encodes the following...

Страница 39: ...n parameters within permitted boundaries before accepting updated NFC parame ters Should an updated parameter be out of bounds then all updated parameters will be re jected and the previous configurat...

Страница 40: ...ith read write PIN lock PIN unlock and PIN change functionality For PC applications EnOcean recommends the TWN4 Multitech 2 HF NFC Reader order code T4BT FB2BEL2 SIMPL from Elatec RFID Systems sales r...

Страница 41: ...standard For specific implementation aspects related to the NXP implementation in NT3H2111 please refer to the NXP documentation which at the time of writing was available under this link http cache n...

Страница 42: ...using the ANTICOLLISION or SELECT commands for cascade level 1 READY 1 state is exited after the SELECT command from cascade level 1 with the matching complete first part of the UID has been executed...

Страница 43: ...byte in size For example if the specified address is 03h then pages 03h 04h 05h 06h are returned Spe cial conditions apply if the READ command address is near the end of the accessible memory area Fig...

Страница 44: ...a can be accessed only after successful password verification via the PWD_AUTH command The PWD_AUTH command takes the password as parameter and if successful returns the password authentication acknow...

Страница 45: ...ntains information about the NFC revision INTERNAL DATA Non accessible This area contains calibration values and internal parameters and cannot be used CONFIGURATION Read and Write access PIN required...

Страница 46: ...Length of data excl identifier Value 6P 3 characters Standard ENO 30S 12 characters EURID 6 byte variable 1P 12 characters EnOcean Alliance Product ID STM 550 000B0000004C STM 550U 000B0000004D STM 55...

Страница 47: ...0xE0 LENGTH This field identifies the length of the NFC header For STM 550x this field is set to 0x0A since the header structure is 10 bytes long VERSION This field identifies the major revision and i...

Страница 48: ...r is non valid then all changes made will be rejected and the previous configuration will be restored 8 5 2 CONFIGURATION area structure The structure of the CONFIGURATION area is shown in Figure 30 b...

Страница 49: ...ID consists of a 2 byte manufacturer identification code as signed by EnOcean Alliance and a 4 byte product identification code assigned by the man ufacturer EnOcean has been assigned the manufacturer...

Страница 50: ...that it is not possible to read back a user defined security key 8 5 6 SECURITY_KEY_MODE The register SECURITY_KEY_MODE allows selecting if FACTORY_KEY or USER_KEY should be used to encrypt and authen...

Страница 51: ...gister SECURITY_MODE Default 0x00 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU SECURITY FORMAT SECURITY MODE Figure 33 SECURITY_MODE register The encoding for the SECURITY MODE bit field is sho...

Страница 52: ...legrams Figure 34 below shows the structure of the EEP regis ter EEP Default 0x00 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU EEP Figure 34 EEP register The encoding used by the SIZE bit field...

Страница 53: ...ed configuration bit in the SIGNAL register to 0b1 and disabled by setting the associated con figuration bit to 0b0 By default the reporting of the energy status MID 0x06 is enabled while the reportin...

Страница 54: ...ines the brightness of the LED Figure 36 below shows the structure of the LED_MODE register LED_MODE Default 0x01 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU LED Figure 36 LED_MODE register Th...

Страница 55: ...ODE Default 0x00 OOB 0x01 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU MODE Figure 37 FUNCTIONAL_MODE register The encoding used by the MODE bit field is shown in Table 17 below MODE Functional...

Страница 56: ...ng interval is set by the register STANDARD_TX_INTERVAL shown in Figure 38 below STANDARD_TX_INTERVAL Default 0x003C Bit 15 Bit 14 Bit 1 Bit 0 STANDARD INTERVAL Figure 38 STANDARD_TX_INTERVAL register...

Страница 57: ...OR LIGHT SENSOR SOLAR CELL Figure 39 THRESHOLD_CFG1 register The encoding used by the SOLAR CELL bit field is shown in Table 19 below SOLAR CELL Reporting interval reduction based on solar cell illumi...

Страница 58: ...on if temperature below threshold 0b10 Enabled Reporting interval reduction if temperature above threshold 0b11 Reserved Do not use Table 21 TEMP SENSOR bit field encoding The encoding used by the HUM...

Страница 59: ...G2 register The encoding used by the ACC SENSOR bit field is shown in Table 23 below ACC SENSOR Reporting interval reduction based on acceleration 0b00 Default Disabled No reporting interval reduction...

Страница 60: ...the ambient light sensor and to chapter 3 2 for a description of the solar cell functionality The selection between these two option is made using the LIGHT_SENSOR_CFG register shown in Figure 41 belo...

Страница 61: ...FULL SCALE Figure 42 ACC_SENSOR_CFG register The encoding used by the FULL SCALE bit field is shown in Table 23 below FULL SCALE Full scale value of the acceleration sensor 0b00 Default 2 g 0b01 4 g 0...

Страница 62: ...r as shown in Figure 43 below SOLAR_THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 SOLAR CELL THRESHOLD Figure 43 SOLAR_THRESHOLD register The encoding used by the SOLAR CELL THRESHOLD bit field is shown in Tabl...

Страница 63: ...5 Bit 14 Bit 1 Bit 0 SOLAR CELL INTERVAL Figure 44 SOLAR_TX_INTERVAL register The encoding used by the SOLAR CELL INTERVAL bit field is shown in Table 30 below SOLAR CELL INTERVAL Solar cell illuminat...

Страница 64: ...is defined by LIGHT_THREHOLD register as shown in Figure 45 below LIGHT_THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 LIGHT SENSOR THRESHOLD Figure 45 LIGHT_SENSOR_THRESHOLD register The encoding used by the LI...

Страница 65: ...t 0 LIGHT SENSOR INTERVAL Figure 46 LIGHT_TX_INTERVAL register The encoding used by the LIGHT SENSOR INTERVAL bit field is shown in Table 32 below LIGHT SENSOR INTERVAL Light sensor illumination based...

Страница 66: ...n Figure 51 below Note that this threshold is also used for the wake on acceleration function as described in chapter 3 5 ACCELERATION _THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 ACCELERATION THRESHOLD Figur...

Страница 67: ...TERVAL Bit 15 Bit 14 Bit 1 Bit 0 ACCELERATION INTERVAL Figure 48 ACCELERATION_TX_INTERVAL register The encoding used by the ACCELERATION INTERVAL bit field is shown in Table 38 below ACCELERATION INTE...

Страница 68: ...d then the temperature threshold is defined by TEMPERATURE_THREHOLD register as shown in Figure 49 below TEMPERATURE_THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 TEMPERATURE THRESHOLD Figure 49 TEMPERATURE_THR...

Страница 69: ...RVAL Bit 15 Bit 14 Bit 1 Bit 0 TEMPERATURE INTERVAL Figure 50 TEMPERATURE_TX_INTERVAL register The encoding used by the TEMPERATURE INTERVAL bit field is shown in Table 36 below TEMPERATURE INTERVAL T...

Страница 70: ...d then the hu midity threshold is defined by HUMIDITY_THREHOLD register as shown in Figure 51 below HUMIDITY _THRESHOLD Bit 15 Bit 14 Bit 1 Bit 0 HUMIDITY THRESHOLD Figure 51 HUMIDITY _THRESHOLD regis...

Страница 71: ...NTERVAL Bit 15 Bit 14 Bit 1 Bit 0 HUMIDITY INTERVAL Figure 52 HUMDITY_TX_INTERVAL register The encoding used by the HUMIDITY INTERVAL bit field is shown in Table 38 below HUMIDITY INTERVAL Humidity ba...

Страница 72: ...CONTACT_TX_INTERVAL Bit 15 Bit 14 Bit 1 Bit 0 MAGNET CONTACT INTERVAL Figure 53 MAGNET_CONTACT_TX_INTERVAL register The encoding used by the MAGNET CONTACT INTERVAL bit field is shown in Table 38 be l...

Страница 73: ...d in the ILLUMINA TION_TEST_RESULT register shown in Figure 54 below ILLUMINATION_TEST_RESULT Default Setting 0x0000 Bit 15 Bit 14 Bit 1 Bit 0 ILLUMINATION TEST RESULT Figure 54 ILLUMINATION_TEST_RESU...

Страница 74: ...update interval by default once every 60 seconds The LED will blink every time a telegram is transmitted unless this has been disabled via NFC 4 Use a suitable receiver to capture the STM 550x data te...

Страница 75: ...tate can therefore only be detected if the orientation of STM 550x relative to the gravity vector changes Figure 55 below illustrates two cases The position of the window in the left case window tilt...

Страница 76: ...nsor integrated into STM 550x accurately measures and reports temperature and humidity present at its surface To achieve the best possible accuracy it is important to consider the following points Ins...

Страница 77: ...lly different result compared to a white desk surface even when the same luminous flow is directed towards it Obstruction Any obstruction between the sensor and the intended measurement area desk sur...

Страница 78: ...riented as much as possible towards that STM 550x is designed to operate self supplied with its standard parameters based on 200 lux of illumination at its solar cell for at least 6 hours per day The...

Страница 79: ...enocean com F 710 017 V1 0 STM 550x EMSIx User Manual v1 0 February 2020 Page 79 79 10 Product history Table 40 below lists the product history of STM 550x Revision Release Key changes versus previous...

Отзывы:

Нет отзывов