Security in Building Automation Systems

Building automation systems are traditionally concerned with the control of heating, ventilation, and air conditioning, as well as lighting and shading, systems. They have their origin in a time where security has been considered as a side issue at best. Nowadays, with the rising desire to integrate security-critical services that were formerly provided by isolated subsystems, security must no longer be neglected. Thus, the development of a comprehensive security concept is of utmost importance. This paper starts with a security threat analysis and identifies the challenges of providing security in the building automation domain. Afterward, the security mechanisms of available standards are thoroughly analyzed. Finally, two approaches that provide both secure communication and secure execution of possibly untrusted control applications are presented.

[1]  W. Granzer,et al.  Key set management in networked building automation systems using multiple key servers , 2008, 2008 IEEE International Workshop on Factory Communication Systems.

[2]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[3]  Wolfgang Granzer,et al.  Enhanced control application development in Building Automation , 2009, 2009 7th IEEE International Conference on Industrial Informatics.

[4]  Alessandro Cilardo,et al.  Elliptic Curve Cryptography Engineering , 2006, Proceedings of the IEEE.

[5]  William Landi,et al.  Undecidability of static analysis , 1992, LOPL.

[6]  François-Xavier Standaert,et al.  A Tutorial on Physical Security and Side-Channel Attacks , 2004, FOSAD.

[7]  Wolfgang Granzer,et al.  Denial-of-service in automation systems , 2008, 2008 IEEE International Conference on Emerging Technologies and Factory Automation.

[8]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[9]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[12]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[13]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[14]  Srivaths Ravi,et al.  Hardware-Assisted Run-Time Monitoring for Secure Program Execution on Embedded Processors , 2006, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[15]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[16]  Christian Schwaiger,et al.  Smart card based security for fieldbus systems , 2003, EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696).

[17]  David G. Holmberg,et al.  BACnet wide area network security threat assessment , 2011 .

[18]  W. Granzer,et al.  Security in networked building automation systems , 2006, 2006 IEEE International Workshop on Factory Communication Systems.

[19]  Patrick Schaumont,et al.  Securing embedded systems , 2006, IEEE Security & Privacy.

[20]  Christof Paar,et al.  Elliptic and hyperelliptic curves on embedded μP , 2004, TECS.

[21]  Gerhard P. Hancke,et al.  Industrial Wireless Sensor Networks: Challenges, Design Principles, and Technical Approaches , 2009, IEEE Transactions on Industrial Electronics.

[22]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[23]  Wolfgang Kastner,et al.  Communication systems for building automation and control , 2005, Proceedings of the IEEE.

[24]  Wolfgang Kastner,et al.  Secure and customizable software applications in embedded networks , 2008, 2008 IEEE International Conference on Emerging Technologies and Factory Automation.

[25]  Marc Pierre Thuillard Safety and Security: Life Safety and Security Systems , 2002 .

[26]  Wolfgang Granzer,et al.  Securing IP backbones in building automation networks , 2009, 2009 7th IEEE International Conference on Industrial Informatics.

[27]  Peter Palensky,et al.  Common approach to functional safety and system security in building automation and control systems , 2007, 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA 2007).

[28]  Jianying Zhou,et al.  Theoretical basis for intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[29]  Daniel C. DuVarney,et al.  Model-carrying code: a practical approach for safe execution of untrusted applications , 2003, SOSP '03.

[30]  J.A. Gutierrez,et al.  IEEE 802.15.4: a developing standard for low-power low-cost wireless personal area networks , 2001, IEEE Network.

[31]  Masato Edahiro,et al.  Towards scalable and secure execution platform for embedded systems , 2007, 2007 Asia and South Pacific Design Automation Conference.

[32]  Vipul Gupta,et al.  Sizzle: a standards-based end-to-end security architecture for the embedded Internet , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[33]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.