Security in networked building automation systems
|Supervisor:||Wolfgang Kastner , Georg Neugschwandtner|
Building Automation Systems (BAS) are concerned with automated control of building subsystems such as Heating Ventilation and Air Conditioning (HVAC). In this domain security issues have been underrated over the past years, since physical access to the subsystem of interest was typically mandatory for an attack. However, especially since the integration of BAS with the Internet, things have changed. This thesis gives a survey on security in building automation systems. After a brief introduction, different security concepts and mechanisms are presented. Next, possible threats, attacks and available countermeasures are discussed. Furthermore, the security mechanisms of currently available networks for BAS are analysed. Finally, an extension to a popular building automation network is presented. EIBsec extends EIB/KNX to support several security mechanisms that guarantee data integrity, confidentiality and freshness, as well authentication. Issues such as key management and distribution of software updates are also addressed.