2015
DOI: 10.1007/978-3-319-18467-8_41
|View full text |Cite
|
Sign up to set email alerts
|

Securing BACnet’s Pitfalls

Abstract: Abstract. Building Automation Systems (BAS) are crucial for monitoring and controlling buildings, ranging from small homes to critical infrastructure, such as airports or military facilities. A major concern in this context is the security of BAS communication protocols and devices. The building automation and control networking protocol (BACnet) is integrated into products of more than 800 vendors worldwide. However, BACnet devices are vulnerable to attacks. We present a novel solution for the two most import… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
6
0

Year Published

2017
2017
2022
2022

Publication Types

Select...
4
4
1

Relationship

0
9

Authors

Journals

citations
Cited by 19 publications
(10 citation statements)
references
References 6 publications
0
6
0
Order By: Relevance
“…The QoS is affected by such an attack, which can be conducted by an attacker without any special skills. Router advertisement flooding can be used by attackers in order to exhaust the resources of a device by means of the routing maintenance protocol [153], resulting in a DoS. In BACnet, this methodology can be applied using who-is-router-to-network messages and the source addresses SADR and SNET.…”
Section: Network Layer Attacksmentioning
confidence: 99%
“…The QoS is affected by such an attack, which can be conducted by an attacker without any special skills. Router advertisement flooding can be used by attackers in order to exhaust the resources of a device by means of the routing maintenance protocol [153], resulting in a DoS. In BACnet, this methodology can be applied using who-is-router-to-network messages and the source addresses SADR and SNET.…”
Section: Network Layer Attacksmentioning
confidence: 99%
“…Several publications are fully dedicated to DoS attacks at the automation and management layers [26,27,28,29,10,16,17,11,30,22]. Two main type of DoS attacks can be conducted at this layer [26]: host-based and network-based.…”
Section: Denial Of Service Attacksmentioning
confidence: 99%
“…While in BACnet, an attack similar to ARP spoofing can be launched where a compromised device generates BACnet's "I-Am-Router-To-Network" messages with the fake content and forces other devices to send their messages via the attacker host [1]. With this, MITM [9]. • Interception and Traffic Redirection -An adversary can spoof "I-Am-Router-To-Network" or "Router-Available-to-Network" messages, thus tricking the other field devices into redirecting selective traffic messages to itself.…”
Section: A Threat Modelmentioning
confidence: 99%
“…• Interception and Traffic Redirection -An adversary can spoof "I-Am-Router-To-Network" or "Router-Available-to-Network" messages, thus tricking the other field devices into redirecting selective traffic messages to itself. Consequently, the adversary will be able to gain access to the traffic data and eavesdrops on the confidential monitoring data [9].…”
Section: A Threat Modelmentioning
confidence: 99%