论文信息 - On the security of security extensions for IP-based KNX networks

On the security of security extensions for IP-based KNX networks

The traditional areas of building automation like heating, ventilation and air conditioning as well as lighting and shading are more and more extended by services requiring a more robust security infrastructure like alarm-and access control systems. Additionally, building automation networks get integrated into existing IP-based networks, or even communicate directly over the Internet. Therefore, the attack surface of building automation systems has increased dramatically. This requires a solid security architecture and a profound knowledge of possible attack vectors. This work reviews two security extensions for KNXnet/IP regarding their individual security properties. Thereby, it is pointed out that the current version of the draft specification, called KNXnet/IP Secure, lacks some relevant details and has certain limitations concerning the provided level of security.

[1] Wolfgang Granzer,et al. Security in Building Automation Systems , 2010, IEEE Transactions on Industrial Electronics.

[2] Wolfgang Granzer,et al. Security Analysis of Open Building Automation Systems , 2010, SAFECOMP.

[3] Jason Eisner,et al. A natural language approach to automated cryptanalysis of two-time pads , 2006, CCS '06.

[4] Morris Dworkin,et al. Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2003 .

[5] Ilya Mironov,et al. Hash functions: Theory, attacks, and applications , 2005 .

[6] Wolfgang Granzer,et al. Securing IP backbones in building automation networks , 2009, 2009 7th IEEE International Conference on Industrial Informatics.

[7] Elaine B. Barker,et al. SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) , 2007 .

[8] Elaine B. Barker,et al. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography , 2007 .