Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Literature
  3. World Literature

BUILDING AUTOMATION SYSTEMS SECURITY IN BUILDING

advertisement 
F R A U N H O F E R - I N S T I T U T F Ü R K O M M U N I K AT I O N , I N F O R M AT I O N S V E R A R B E I T U N G U N D E R G O N O M I E F K I E
Realization and Experiences with a Low-Cost Building
Automation Security Testbed for Educational Purposes
Jaspreet Kaur and Steffen Wendzel
kaur@cs.uni-bonn.de, steffen.wendzel@fkie.fraunhofer.de
BUILDING AUTOMATION SYSTEMS
SECURITY IN BUILDING AUTOMATION SYSTEMS
Building automation systems (BAS) are concerned with
control and monitoring of buildings, while aiming to
achieve different goals such as:
•  provide safety for inhabitants (e.g. by integrating fire
alarm systems or physical access control),
•  control the climate in the building/supervise and control
the heating, ventilation, and air conditioning equipment
•  perform facility management (indicate problem by
generating reports, graphs and annunciating alarms)
•  perform energy management strategies to reduce
operating and energy costs
Building automation systems dearth the aspect of security
as they originated at the time when security was not an
utmost concern. Some security challenges concerned with
building automation systems (Granzer et al., 2010) are:
•  Network attacks: Manipulation, fabrication or interruption
of the transmitted data over the network
•  Device attacks:
Software level: code injection, exploiting algorithm
Physical level: component replacement, microprobing
•  Network steganography: Hidden exfiltration of sensor
data (e.g. monitoring of inhabitants or employees)
(Wendzel, 2012)
Linux Machines with BACnet stack (act as BACnet devices) Linux machine with Snort (acts as Traffic Normalizer) Messages sent via Scapy (Protocol Fuzzer) JAHRESBERICHT
System structure of the virtual testbed for traffic normalization between BACnet devices
VIRTUAL TESTBED
Major goal: Allow teaching of BAS fundamentals and
BAS security for students and employees in a highly
configurable way without requiring expensive BAS
hardware.
Defensive mechanism: Traffic Normalization
We realized traffic normalization as a protection measure
for one of the widely used BAS protocols BACnet.
•  Sits on the communication path between the BACnet
devices and monitors the traffic exchanged between the
devices in order to detect anomalies
•  Reports malicious activity and perform actions (drop/
modify) as per normalization rules
Benefits:
•  Very simple, cheap solution and available as open source
•  Easy to get hands-on with the logic and code
•  Dynamically show the behavior and relationship of the
components involved
•  Comprehensive testing can be done effectively without
damaging the real hardware
•  Results in reduced training time
•  Efficient monitoring of network flow with the help of
Wireshark
12/13
Related documents
Building Automation System
Building Automation System
Growth Market Reports - Building Automation System
Growth Market Reports - Building Automation System
Division 26 - Electrical - Facilities Operations and Development
Division 26 - Electrical - Facilities Operations and Development
➀ ET9500 QUICK START GUIDE
➀ ET9500 QUICK START GUIDE
NVT28U
NVT28U
Zone Controller - Automated Logic
Zone Controller - Automated Logic
View more detailed specifications . - Airtek
View more detailed specifications . - Airtek
A6V10320293 en
A6V10320293 en
ProtoCessor Configuration Auto Selector
ProtoCessor Configuration Auto Selector
IP Gateway KNX/BACnet N 143 – certified system
IP Gateway KNX/BACnet N 143 – certified system
Touch-Plate BACnet Catalog - Touch
Touch-Plate BACnet Catalog - Touch
By David Fisher, Member ASHRAE One signature feature of BACnet
By David Fisher, Member ASHRAE One signature feature of BACnet
Download
advertisement