What type of security exists in Vive? | Springfield Electric Supply Company

The official Vive security statement from Lutron is located here: https://www.lutron.com/TechnicalDocumentLibrary/Vive_Security_Statement.pdf

Lutron takes the security of the Vive Lighting Control System very seriously.
Vive has been designed and engineered with attention to security. Lutron has engaged security experts and independent testing firms through the entire Vive development process. Lutron is committed to security and continuous improvement throughout the Vive product lifecycle.
Vive uses a multi-tiered approach to security and National Institute of Standards and Technology (NIST) recommended techniques for security.
They include:
- An architecture that isolates the wired Ethernet network from the wireless, which strictly limits the possibility of the Vive Wi-Fi being used to access the corporate network and gain confidential information
- A distributed security architecture with each hub having its own unique keys that limit any potential breach to only a small area of the system
- Multiple levels of password protection (Wi-Fi network and the hubs themselves), with built-in rules that force the user to enter a strong password
- NIST-recommended best practices including salting and SCrypt for securely storing usernames and passwords
- AES 128-Bit encryption for network communications
- HTTPS (TLS 1.2) protocol for securing connections to the hub over the wired network
- WPA2 technology for securing connections to the hub over the Wi-Fi network
The Vive wireless hub can be deployed in one of two ways:
- Dedicated Lutron Network
- Connected to the corporate IT network via Ethernet. Vive must be connected via Ethernet to access certain features such as BACnet for BMS integration. Lutron advises following best practices in this instance, including separating the business information network and the building infrastructure network. Use of a VLAN or physically separated networks is recommended for secure deployment.
Dedicated Lutron Network Deployment
- The Vive wireless hub is not connected to the building network. Wi-Fi is used to connect to a smart device such as a phone, tablet, or PC for commissioning and configuration only. The Vive wireless hub serves web pages for setup and maintenance via a password-protected connection. The Wi-Fi SSID can be set to not broadcast.
Corporate IT Network Deployment
- The Vive wireless hub may be deployed with a fixed IP address or served over DHCP. Once the IT network is operational, the Vive wireless hub will serve password-protected web pages for access and maintenance. The Vive wireless hub Wi-Fi may be disabled if desired.
- The Vive wireless hub acts as a Wi-Fi access point purely for the configuration and commissioning of Vive. It is not a substitute for your building’s normal Wi-Fi access point. The Vive wireless hub does not act as a bridge between Wi-Fi and wired networks.
- It is strongly recommended that local IT security professionals be involved with the network configuration and set-up to ensure the installation meets their security needs.

Share This Story, Choose Your Platform!