ENTERTAINMENT NETWORK SECURITY

The Importance of a Secure System

Why is Networking Security So Important?

It's difficult to go a day without hearing about some catastrophic data breach on one network or another. Banking institutions, government agencies and building management systems are constantly under threat. As the Internet of Things connects us and our devices together, work must be done to prevent "bad actors" or "bots" from permeating to the heart of our networks.

As directors and producers worry about the actors on the stage, manufacturers like Pathway strive to mitigate threats from bad actors entering the theatre uninvited. Some productions deal with security by building a big wall around their insecure legacy systems, but in this day and age of IoT connectivity, it is becoming more and more difficult to remain an island. A single laptop connected to the copper entertainment network that joins a WiFi access point is the hole in the dyke that could bring down your entire production.

How is Pathway Connectivity Compliant?

Pathway Connectivity Solutions® is part of Acuity Brands, a publicly-traded company and the largest lighting manufacturer in North America.  Acuity takes these new laws and the potential threats very seriously and is committed to mitigating any harm to its customers. As a result, Pathway Connectivity products, are implemented with additional security features.
Authenticated Firmware
AUTHENTICATED FIRMWARE UPGRADES
Signed software updates ensure our products only accept verified software from Pathway. Any attempt to upload modified firmware will be rejected.
Protected Network
PASSWORD PROTECTED NETWORK
People using the network may discover and view device properties. No third-party software or unauthorized users using Pathscape may configure any Pathway gear without knowing the password.
Device to Device
DEVICE-TO-DEVICE AUTHENTICATION
DMX-over-Ethernet distribution with Pathway Secure sACN (ssACN) protocol, adding authentication so that only the correct lighting data is used during your performances.
Guest Controller
GUEST CONTROLLER ON-RAMP
Third-party developers may employ Pathway's security protocols and transmit ssACN to our gateways.

Compliant Pathway Connectivity Products

Any device that is capable of connecting to the Internet, either directly or indirectly, and is assigned an IP address is at risk. To take the risk and worry away, we ensure that any of our products with an Ethernet port have additional Security and are compliant with Title 1.81.26 of the California Civil Code.  

 

These Pathway Connectivity products include:

Resources

Overview of Security Domains

Opting Out of Security

The ACME Data Bomb

Periodical Article

Cybersecurity Reference Article: Legal Requirements Push Toward Good Practice (published 2020 in ESTA’s Protocol Magazine)

How to Enable Art Net sACN Reception

Security features that are appropriate to the nature and function of the device.

Tools for Developers

Pathway Secure Streaming ACN

"Pathway Secure Streaming ACN" or "ssACN" is a new protocol using much of ANSI E1.31, but adds a layer of authentication. Receiving devices, like Pathport DMX/RDM gateways, share a secret with known controllers in the venue to verify the data source before driving the lighting rig. A cryptographic hash message is added to each E1.31 packet, verifying the authenticity of the source and the sequence of the data. Any invalid packets are ignored; only the correct lighting data is used during your performances.

Anyone familiar with E1.31 will understand that implementing ssACN is not a large engineering task. It's essentially using a standard, readily available algorithm called Blake2s and adding a "postamble" to the standard sACN packet.

Download the ssACN View application for either Windows (64-Bit only) or MacOS using the link in the Downloads section below. This application is built on the open-source app sACN View (see https://sacnview.org), and will allow sending, receiving and monitoring of Pathway's Secure sACN for testing purposes.

 

SsACN

 

We have created a project on git-hub (https://github.com/Pathway-Connectivity) with a modified version of sACNView so you can download and compile the code yourself. 

There is a dissector for Wireshark version 3.5.0 or higher to aid in understanding the document. The two images below show what ssACN packets look like in the standard release of Wireshark and with the dissector written by Pathway Connectivity.

SsACN-2




;Wireshark

 

 

ssACN View Downloads