Most of our readers are familiar with the complete lack of even weak (i.e. telnet-style) authentication in most SCADA protocols. So I was pleasantly surprised to find that LonTalk (also known as ANSI/EIA 709.1) had a simple challenge-response authentication protocol for its session layer. Given that LonWorks targets low-end microcontrollers, this would certainly contradict the frequently held belief that it is impossible to implement any security in low-powered devices with limited processing power.
Unfortunatly, the key is only 48 bits long and shared among all members of the LonTalk domain.

However, when I was browsing the source for the reference implementation available on the Echelon Developer Site I stumbled across the following comments in the source code:

/* *** START INFORMATIVE - Parameter Validation *** */ /* It is not required that the processing of network management commands include * parameter validation.  In general, it is the responsibility of the configuration * tool to ensure that requests are well formed. */

Data validation is “Secure Coding 101″ especially for emebedded devices that control or monitor physical processes. Furthermoe, assumptions about well-behaved client applications are a leading source of vulnerabilities. Let’s hope this is just a case of a sloppy reference implementation, but my experience with other embedded protocol implementations would lead to a different conclusion. However, on the plus side this developer actually (and accurately) documented the assumptions and implementation decision, which is not always the case.