Secure service discovery in building automation and control systems

Building Automation and Control Systems (BACS) are intelligent networks of distributed sensors and actuators, which enable monitoring and control of heating, ventilation, and air conditioning (HVAC), lighting, and safety systems deployed in commercial buildings. These sensors and actuators can be seen as resources of the corresponding nodes interacting with each other, and with users providing various device services. For easy commissioning and cost-effective operation of BACS, service discovery operations are essential. BACS is very critical part of a building infrastructure requiring that device and services are accessed and controlled in a secure way. Consequently, security and access control must be incorporated as integral part of the methods for service discovery in BACS. Furthermore, any security solution needs to take into account the domain specific requirements such as constraints on computation power, limited memory of nodes, and communication bandwidth, among others. The objective of this thesis is to identify design requirements of a secure service discovery protocol in BACS. Further based on these requirements, a design solution is presented and analyzed based on the constraints of the system. Functionality of the proposed design is implemented as a proof-ofconcept and the system is evaluated.

[1]  Wolfgang Granzer,et al.  Security in Building Automation Systems , 2010, IEEE Transactions on Industrial Electronics.

[2]  Charles E. Perkins,et al.  Service Location Protocol, Version 2 , 1999, RFC.

[3]  Brian Wellington,et al.  Secure Domain Name System (DNS) Dynamic Update , 2000, RFC.

[4]  Charles E. Perkins,et al.  Service Templates and Service: Schemes , 1999, RFC.

[5]  Donald E. Eastlake,et al.  Secret Key Establishment for DNS (TKEY RR) , 2000, RFC.

[6]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[7]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[8]  Frank Golatowski,et al.  SIRENA - Service Infrastructure for Real-time Embedded Networked Devices: A service oriented framework for different domains , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[9]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[10]  Jian Ma,et al.  Service discovery in wireless sensor networks: Protocols & classifications , 2009, 2009 11th International Conference on Advanced Communication Technology.

[11]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[12]  Zach Shelby,et al.  Constrained RESTful Environments (CoRE) Link Format , 2012, RFC.

[13]  Kerry Lynn,et al.  Extended Multicast DNS , 2011 .

[14]  François Jammes,et al.  Service-Oriented Device Communications Using the Devices Profile for Web services , 2005, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[15]  Radha Poovendran,et al.  The AES-CMAC Algorithm , 2006, RFC.

[16]  Edward Finch Is IP everywhere the way ahead for building automation , 2001 .

[17]  Lionel M. Ni,et al.  Service discovery in pervasive computing environments , 2005, IEEE Pervasive Computing.

[18]  Paul J. Leach,et al.  Simple Service Discovery Protocol/1.0 , 1999 .

[19]  Anthony Schoofs,et al.  Commercial Building Applications Requirements , 2010 .

[20]  Matthew MacDonald,et al.  Web Services Architecture , 2004 .

[21]  Toby Nixon,et al.  Web Services Dynamic Discovery (WS- Discovery) Version 1.1 , 2009 .

[22]  Randy Bush,et al.  Clarifications to the DNS Specification , 1997, RFC.

[23]  Charles E. Perkins,et al.  DHCP Options for Service Location Protocol , 1999, RFC.

[24]  Paolo Traverso,et al.  Service Discovery in Pervasive Computing Environments , 2009 .

[25]  Wolfgang Kastner,et al.  Communication systems for building automation and control , 2005, Proceedings of the IEEE.

[26]  David E. Culler,et al.  Extending IP to Low-Power, Wireless Personal Area Networks , 2008, IEEE Internet Computing.

[27]  Yakov Rekhter,et al.  Dynamic Updates in the Domain Name System (DNS UPDATE) , 1997, RFC.

[28]  Christian Bettstetter,et al.  A COMPARISON OF SERVICE DISCOVERY PROTOCOLS AND IMPLEMENTATION OF THE SERVICE LOCATION PROTOCOL , 2000 .

[29]  H. Almeida,et al.  Towards the UPnP-UP: Enabling User Profile to Support Customized Services in UPnP Networks , 2008, 2008 The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies.

[30]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[31]  Stuart Cheshire,et al.  DNS-Based Service Discovery , 2013, RFC.