Performance Analysis of a Secured BACnet/IP Network

The Building Automation and Control networks (BACnet) protocol is one of the most widely used protocols in the building automation domain. In order to meet growing security requirements, an optional security architecture is defined in the BACnet standard. The purpose of this paper is to carry out a performance analysis on a BACnet/IP network, which is secured according to this security architecture. The additional time costs for client and server devices as well as the transmission costs are evaluated with regard to all levels of security defined in the standard. In this context, message signing with HMAC in combination with MD5 or SHA-256 and message encryption with AES-128 is investigated. To the best of the authors’ knowledge there are no works dealing with the performance of secured BACnet networks. The results should serve for further comparison with BACnet Secure Connect (BACnet/SC), which is currently under development and makes use of state-of-the-art security mechanisms like the Transport Layer Security (TLS).

[1]  Tae-Jin Park,et al.  Performance evaluation of BACnet MS/TP protocol using experimental model , 2005, 2005 IEEE International Conference on Industrial Technology.

[2]  Seung Ho Hong,et al.  A Performance Analysis of BACnet® Local Area Networks , 2008 .

[3]  Michael A. Galler,et al.  Using the BACnet (R) firewall router | NIST , 2006 .

[4]  Piyush Gupta,et al.  A Comparative Analysis of SHA and MD 5 Algorithm , 2014 .

[5]  Bart Preneel,et al.  Power-analysis attack on an ASIC AES implementation , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[6]  Hans Dobbertin Cryptanalysis of MD5 Compress , 1996 .

[7]  Falko Dressler,et al.  Practical Evaluation of the Performance Impact of Security Mechanisms in Sensor Networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[8]  Thomas Rist,et al.  Covert Channels and Their Prevention in Building Automation Protocols: A Prototype Exemplified Using BACnet , 2012, 2012 IEEE International Conference on Green Computing and Communications.

[9]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[10]  Jaspreet Kaur,et al.  Securing BACnet's Pitfalls , 2015, SEC.

[11]  David G. Holmberg,et al.  BACnet wide area network security threat assessment , 2011 .