Securing IP backbones in building automation networks

Abstract: Abstract-The use of IP networks as common backbone is becoming of increased interest in today's building automation systems (BAS). With the use of IP also new attack scenarios that threaten the overall security of BAS are introduced. Due to the absence of native security mechanisms in IP and because of its long standing and pervasive use in the IT world, many vulnerabilities exist that are well-known to attackers. To counteract these threats, this paper presents a generic concept to secure IP backbones that is… Show more

“…Extensive research has been conducted in the field of security in Building Automation Systems (BASes) [3,4,5,2]. In [5], some well established open BASs have been analyzed regarding their individual security properties.…”

“…The specification is described and reviewed in Section 3. In [2], a generic security concept for securing IP-based communication in BAS is proposed. This concept is outlined and reviewed in Section 4.…”

“…In [2], a generic security concept for IP backbones is presented. The described approach uses asymmetric cryptography to establish a symmetric key set which is used to secure the communication among the involved devices.…”

“…The first extension was published by the KNX association and is called KNXnet/IP Secure [1]. The second security extension was proposed by Granzer et al [2] and is called generic security concept for IP backbones. It is shown that both proposed extensions have certain limitations concerning the provided security properties.…”

“…The contribution of this paper is the comparison of the two proposed security extensions KNXnet/IP Secure [1] and the generic security concept [2] in terms of security. Thereby, previously unreleased weaknesses are described and discussed.…”

On the security of security extensions for IP-based KNX networks

“…Extensive research has been conducted in the field of security in Building Automation Systems (BASes) [3,4,5,2]. In [5], some well established open BASs have been analyzed regarding their individual security properties.…”

“…The specification is described and reviewed in Section 3. In [2], a generic security concept for securing IP-based communication in BAS is proposed. This concept is outlined and reviewed in Section 4.…”

“…In [2], a generic security concept for IP backbones is presented. The described approach uses asymmetric cryptography to establish a symmetric key set which is used to secure the communication among the involved devices.…”

“…The first extension was published by the KNX association and is called KNXnet/IP Secure [1]. The second security extension was proposed by Granzer et al [2] and is called generic security concept for IP backbones. It is shown that both proposed extensions have certain limitations concerning the provided security properties.…”

“…The contribution of this paper is the comparison of the two proposed security extensions KNXnet/IP Secure [1] and the generic security concept [2] in terms of security. Thereby, previously unreleased weaknesses are described and discussed.…”

On the security of security extensions for IP-based KNX networks

Security Analysis of Open Building Automation Systems

Real-time and non-intrusive on-site diagnosis for commissioning wireless sensor and actuator networks in building automation