Security in networked building automation systems

Granzer, Wolfgang; Kästner, Wolfgang; Neugschwandtner, Georg; Praus, Fritz

doi:10.1109/wfcs.2006.1704168

Cited by 50 publications

(37 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, the interconnectivity of BAS enables remote attacks. Attacks on BAS can focus on gaining physical access to a building [8] (e.g., by exploiting window or door actuators), on gaining access to an organizational intranet [9], on terrorist attacks [8] (e.g., turning off fire alarms before a fire is placed), on monitoring inhabitants [10], or on disabling a building's functionality via denial-of-service (DoS) attacks [11].Čeleda et al [12] and Szlósarczyk et al [13] showed that different types of DoS attacks exist for BAS. As pointed out by Bowers [14], BACnet devices are not robust enough to deal with abnormal traffic, since protocol implementations are vulnerable to malformed packets and various forms of attacks.…”

Section: Related Workmentioning

confidence: 99%

Securing BACnet’s Pitfalls

Kaur

Tonejc

Wendzel

et al. 2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Abstract. Building Automation Systems (BAS) are crucial for monitoring and controlling buildings, ranging from small homes to critical infrastructure, such as airports or military facilities. A major concern in this context is the security of BAS communication protocols and devices. The building automation and control networking protocol (BACnet) is integrated into products of more than 800 vendors worldwide. However, BACnet devices are vulnerable to attacks. We present a novel solution for the two most important BACnet layers, i.e. those independent of the data link layer technology, namely the network and the application layer. We provide the first implementation and evaluation of traffic normalization for BAS traffic. Our proof of concept code is based on the open source software Snort.

show abstract

Section: Related Workmentioning

confidence: 99%

Securing BACnet’s Pitfalls

Kaur

Tonejc

Wendzel

et al. 2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

show abstract

“…There is some research on securing BMS networks and connected devices using special protocols or systems preventing unauthorised operations [9,10]. The main issue of this approach is a very limited computational power and a lack of other resources available in such devices [11].…”

Section: Related Workmentioning

confidence: 99%

Traffic Measurement and Analysis of Building Automation and Control Networks

Krejčí

Čeleda²,

Dobrovolný³

2012

Dependable Networks and Services

View full text Add to dashboard Cite

Abstract. This paper proposes a framework for a flow-based network traffic monitoring of building automation and control networks. Current approaches to monitor special environment networks are limited to checking accessibility and a state of monitored devices. On the other hand, current generation of flow-based network monitoring tools focuses only on the IP traffic. These tools do not allow to observe special protocols used, for example, in an intelligent building network. We present a novel approach based on processing of flow information from such special environment. To demonstrate capabilities of such approach and to provide characteristics of a large building automation network, we present measurement results from Masaryk University Campus.

show abstract

“…Depending on the security requirements of the application, a secured channel may guarantee different security objectives. These are data integrity, freshness and/or confidentiality [2]. To achieve the security objectives, security mechanisms are necessary.…”

Section: Secure Communicationmentioning

confidence: 99%

“…However, devices must agree on a common mechanism to generate the dynamic node key set. This can, for example, be a monotonically increasing counter or a (exchanged) nonce, which are then used by both partners to derive the dynamic node key set [2].…”

Section: • Secure Point-to-point Process Data Communicationmentioning

confidence: 99%