AS-Interface - sensor and actuator protocol and its security
AS-Interface (AS-i) - two-wire fieldbus protocol for sensors and actuators, data and power on a single cable, physical protection as the only option. OT Protocol Encyclopedia.
Jozef Sulwinski 
AS-Interface (Actuator Sensor Interface, AS-i) is a fieldbus protocol designed in 1994 specifically for connecting simple binary devices - proximity sensors, photoelectric sensors, pushbuttons, indicators, and pneumatic valves. The IEC 62026-2 standard defines a system where data and power (up to 8 A at 30 V DC) are transmitted on a single two-wire, unshielded cable with a distinctive yellow color and trapezoidal profile that prevents reverse connection.
AS-Interface occupies the lowest level in the industrial network hierarchy - replacing traditional point-to-point wiring (one cable per sensor) with a single bus connecting dozens of devices. It is widely used in assembly lines, material handling systems, packaging machines, and HVAC installations.
Protocol architecture
| Parameter | AS-Interface (AS-i) |
|---|---|
| Physical layer | 2-wire (data + power), yellow unshielded cable |
| Speed | 167 kbps |
| Topology | Any (bus, tree, star, ring) - no terminators |
| Authentication | None |
| Encryption | None |
| Addressing | 1-31 (v2.1) or 1-62 (v3.0 with extended addressing) |
| Payload | 4 bits per slave (v2.1) or 16 bits (v3.0) |
| Range | Up to 100 m (300 m with repeaters) |
| Cycle time | 5 ms (31 slaves) or 10 ms (62 slaves) |
| Power | Up to 8 A @ 30 V DC over the bus |
AS-Interface operates in a master-slave model with a single master (a PLC module, AS-i/Ethernet gateway) cyclically polling all slaves. A communication cycle takes 5 ms for 31 devices - determinism sufficient for most binary applications.
Key features:
- Simple connection - piercing technology allows connecting a slave module at any point on the cable without breaking the bus. Installing a single device takes minutes
- Bus-powered - sensors and simple actuators are powered directly from the AS-i cable (up to 100 mA per device). For actuators with higher power consumption, a black AUX cable (auxiliary power) is used
- Safety at Work - AS-i Safety (IEC 62026-7) enables transmission of safety signals (SIL 3 / PLe) on the same bus as standard signals
Applications
AS-Interface is the standard wherever a large number of simple binary devices need to be connected:
- Assembly lines - presence sensors, position sensors, safety light curtains
- Conveyors and material handling - position sensors, indicators, stop buttons
- Packaging machines - label sensors, metal detectors, pneumatic valves
- HVAC systems - damper actuators, flow sensors, reed switches
- Machine safety - light curtains, emergency stop buttons, door interlocks (via AS-i Safety)
TIP
AS-i Safety (IEC 62026-7) transmits SIL 3 safety signals on the same bus as standard signals. Compromising the AS-i bus in an installation with AS-i Safety can therefore affect not only machine operation but also safety functions protecting operator health. Physical protection of the AS-i cable in such installations is particularly critical.
Security assessment
AS-Interface is a protocol designed for maximum simplicity - 4 bits of data per device, deterministic 5 ms cycle, minimal latency. In this simplicity, there is no room for security mechanisms:
- No authentication - the master does not verify slave identity. A device connected to the bus with the appropriate address is automatically accepted
- No encryption - 4 bits of data per slave transmitted in plaintext. With AS-i v3.0 (16 bits), the situation does not change
- No cryptographic integrity - parity and CRC protect against transmission errors, not against manipulation
- Ease of connection - the same piercing technology that makes AS-i easy to install makes it easy to compromise. Connecting an unauthorized device to the cable requires no specialized tools
- Addressing as the only “barrier” - devices have addresses 1-31 (or 1-62). The master detects new devices on the bus but does not block their communication
Attack scenarios:
- Rogue slave connection - an attacker connects a device with an existing slave’s address, causing address conflicts and communication disruption (DoS)
- Slave replacement - replacing a sensor with a device sending false data (e.g. a presence sensor always reporting “no object”)
- Eavesdropping - reading the states of all sensors and actuators on the bus by connecting an analyzer
- AS-i Safety manipulation - in theory, AS-i Safety is resistant to manipulation (dynamic code, watchdog), but physical access to the cable opens an attack vector on the availability of safety functions
Segmentation and protection
The AS-Interface protocol offers no security mechanisms at the communication level. The only real protection is physical security and segmentation at the master/gateway level.
Physical protection - critical:
- AS-i cable routing - the yellow cable should run in enclosed cable trays or channels with controlled access. Every point on the cable is a potential connection point for an unauthorized device
- Junction boxes - AS-i modules mounted in open areas should be in enclosures with tamper switch monitoring
- Topology change monitoring - the AS-i master detects new slaves appearing on the bus. An alert on device count changes should be configured in the SCADA/DCS system
- Configuration reference - the master stores a list of expected slaves (projected configuration). Deviation from this list generates an error - ensure this mechanism is active and monitored
Segmentation at the master/gateway level:
- AS-i master/gateway as zone boundary - an AS-i/Ethernet gateway (e.g. Bihl+Wiedemann, Pepperl+Fuchs, ifm) connects the AS-i bus to the Ethernet/PROFINET/EtherNet/IP network. This is the only point where network segmentation is possible
- Firewall on the gateway Ethernet interface - communication from the AS-i gateway to PLC/SCADA should pass through a firewall with DPI
- Bus separation - separate AS-i segments for different machines or production lines, connected to the PLC through separate gateways
- Configuration access restriction - AS-i addressing and configuration tools (e.g. AS-i handheld programmer) should be controlled and secured like any other OT access point
Detailed guidelines for designing security zones in industrial networks are described in our article on OT network segmentation.
TIP
The new generation AS-Interface (ASi-5, 2019) increases speed to 230 kbps and payload to 32 bytes but still does not introduce cryptographic security mechanisms. If you need secure communication at the lowest level, consider IO-Link Safety or Ethernet-APL with native TLS.
Sources
- IEC 62026-2 - AS-Interface - international standard
- AS-International Association - standardization organization
- IEC 62026-7 - AS-i Safety at Work - functional safety on AS-i
- NIST SP 800-82 Rev. 3 - Guide to OT Security
- IEC 62443 - industrial automation system security
Need help in this area?
Our experts will help you assess the risk and plan next steps.