Cyber-Physical Systems (CPSs) are systems in which software and hardware entities monitor and manage physical devices using communication channels. They have become ubiquitous in many domains including health monitoring, smart vehicles and energy efficiency as in smart buildings and smart grid operations. The introduction of a digital control system and a communication channel, to exchange data with the physical system, increases the chance of vulnerabilities in the overall system. This paper presents the state-of-the-art of the security vulnerabilities of such systems as well as the possible methods to mitigate/reduce such threats. We will describe recent promising solutions to guarantee confidentiality and authentication of the transported data in building automation network domains, and present ideas to analyze and formally verify the control commands issued by the (possibly compromised) control network computers for execution on SCADA system actuators. The purpose of the latter approach is to prevent malicious parties from injecting malicious commands and potentially driving the underlying physical system into an unsafe state.
Building automation systems rely heavily on general-purpose computers and communication protocols, which are often affected by security vulnerabilities. In this paper, we first analyze the attack surface of a real building automation system -based on the widely used KNX protocol-connected to a general-purpose IP network. To this end, we analyze the vulnerabilities of KNX-based networks highlighted by previous research work, which, however,did not corroborate their findings with experimental results. To verify the practical exploitability of these vulnerabilities and their potential impact, we implement a full-fledged testbed infrastructure that reproduces the typical deployment of a building automation system. On this testbed, we show the feasibility of a practical attack that leverages and combines the aforementioned vulnerabilities. We show the ease of reverse engineering the vendor-specific components of the KNX protocol. Our attack leverages the IP-to-KNX connectivity to send arbitrary commands which are executed by the actuators. We conclude that the vulnerabilities highlighted by previous work are effectively exploitable in practice, with severe results. Although we use KNX as a target, our work can be generalized to other communication protocols, often characterized by similar issues. Finally, we analyze the countermeasures proposed in previous literature and reveal the limitations that prevent their adoption in practice. We suggest a practical stopgap measure to protect real KNX-based BASs from our attack.
The feasibility of a solar-ORC system for domestic combined heat and power generation (CHP) is deeply affected by both the time-varying ambient conditions (e.g. solar irradiance, temperature, wind speed) and the thermal and electrical load profiles variability of the final application. The definition of a proper control strategy is proven to be a major design-challenge for successful operation of solar-ORC systems, with the main goal of assuring that the thermal power demand for space heating and Domestic Hot Water (DHW) production and the electricity needs are simultaneously satisfied. The rising demand for energy-autonomous systems also calls for the inclusion of a storage system within the base-layout, that could assure the electricity demand is properly matched after sunset or in very-low irradiance conditions, such as cloudy days. A comprehensive model accounts for the dynamic of the plant-integrated unit, featuring an ORC-based plant that bottoms a flat plate solar thermal collector: a parametric study is presented, and an off-design analysis is performed to properly assess the energy performance of the system. The heat availability to the ORC heat exchanger is evaluated, based on solar availability, thermal losses in the pipes and plant requirements, in terms of operating temperature and pressures and organic fluid mass flowrate. R245fa is selected as working fluid in the ORC-section. Sliding vanes machines expander and pump – are considered as rotary equipment. Flat plate heat exchangers complete the base layout, the analysis accounts for. Due to the need for DHW production, a storage unit for hot water is present, upstream the recovery branch: dependently on the ability the fluid at the collector outlet has to meet the ORC requirements for proper operation (about 110°C), the ORC evaporator is fed and the recovery section enabled. Both continuous and unsteady operation underwent an in-depth analysis, as well as the benefits associated with different discharge times for the storage unit. A dedicated control strategy is defined, dependently on whether the electrical output or the thermal one need to be maximized, and accounts for either a flash or a progressive tank discharge. A virtual platform allowed the setting-up of a pilot plant, for direct performance assessment, in presence of different amounts of tank discharges per day and different lower temperatures at the storage tank.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.