Control Network Newsletter
Secure HTTPS Provides Enhanced Security in a Building Management System
Network Security is more critical than ever in today's building management system (BMS) and smart building infrastructures to ensure authentication, integrity, and confidentiality of data transferred over the Internet.
BACnet remains the most popular protocol utilized in HVACR control systems, and BACnet-complaint devices that incorporate HTTPS (Secure HTTP) deliver encrypted communication and protect the integrity of client data. Resident HTTPS webservers allow commissioning, status reporting, and troubleshooting in a secure manner using any standard web browser, thereby improving access control to the devices.
HTTPS encrypts the transport of data to ensure data integrity and prevents information from being viewed by unauthorized devices, or modified, corrupted, or stolen during transmission. HTTPS traffic is encrypted using Transport Layer Security (TLS), formerly Secure Sockets Layer (SSL). The protocol is still referred to as HTTP over SSL, commonly shown as https:// in the browser address bar.
SSL/TLS relies on the use of keys and digital certificates for data encryption, device authentication, and data integrity. Keys occur in pairs (public/private) and are used for encryption (public key) and decryption (private key).
Digital certificates are used for authentication and encryption, verifying ownership and authenticity to ensure that only authorized devices communicate with each other. The public key is part of the certificate, while the private key is secret to the device.
A Certificate Authority (CA) is a trusted third-party company that issues and manages certificates for external networks. For internal networks, self-signed certificates can be used to establish secure communication channels and enable web browsers to trust internal devices when you control the environment. They are well-suited for testing, local development, and internal applications.
Refer to our whitepaper, Secure HTTPS Provides Enhanced Security in a Building Management System, for detailed information on HTTPS authentication and encryption, a comparison of CA-generated certificates vs. self-signed certificates, and a resource to create your own self-signed certificate.