Abstract
Building Automation Systems (BAS) are crucial for monitoring and controlling buildings, ranging from small homes to critical infrastructure, such as airports or military facilities. A major concern in this context is the security of BAS communication protocols and devices. The building automation and control networking protocol (BACnet) is integrated into products of more than 800 vendors worldwide. However, BACnet devices are vulnerable to attacks. We present a novel solution for the two most important BACnet layers, i.e. those independent of the data link layer technology, namely the network and the application layer. We provide the first implementation and evaluation of traffic normalization for BAS traffic. Our proof of concept code is based on the open source software Snort.
Chapter PDF
Similar content being viewed by others
References
ISO 16484–5:2012 Building automation and control systems - Part 5: Data communication protocol
Merz, H., Hansemann, T., Hübner, C.: Building Automation: Communication systems with EIB/KNX, LON and BACnet. Signals and Communication Technology. Springer (2009)
Proofpoint Inc.: Proofpoint Uncovers Internet of Things (IoT) Cyberattack. Report (January 2014). http://goo.gl/ENgpTR
Wendzel, S., Zwanger, V., Meier, M., Szlósarczyk, S.: Envisioning Smart Building Botnets. In: GI Sicherheit. LNI, vol. 228, pp. 319–329 (2014)
Malan, G.R., Watson, D., Jahanian F. and Howell, P.: Transport and application protocol scrubbing. In: Proc. IEEE Conf. Computer Communications (INFOCOM), pp. 1381–1390 (2000)
Snort - open source network intrusion prevention system and network intrusion detection system. https://www.snort.org/
Handley, M., Paxson, V., Kreibich, C.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: Proc. USENIX Security Symposium, Berkeley (2001)
Holmberg, D.G.: Enemies at the gates. BACnet Today, B24–B28, November 2003
Soucek, S., Zucker, G.: Current developments and challenges in building automation. e&i (Elektrotechnik und Informationstechnik) 129(4), 278–285 (2012)
Wendzel, S., Kahler, B., Rist, T.: Covert Channels and their Prevention in Building Automation Protocols - A Prototype Exemplified Using BACnet. In: Proc. 2nd Workshop on Security of Systems and Software Resiliency, pp. 731–736. IEEE (2012)
Granzer, W., Kastner, W., Neugschwandtner, G., Praus, F.: Security in networked building automation systems. In: Proc. 2006 IEEE International Workshop on Factory Communication Systems, pp. 283–292 (2006)
Čeleda, P., Krejčí, R., Krmíček, V.: Flow-Based Security Issue Detection in Building Automation and Control Networks. In: Szabó, R., Vidács, A. (eds.) EUNICE 2012. LNCS, vol. 7479, pp. 64–75. Springer, Heidelberg (2012)
Szlósarczyk, S., Wendzel, S., Kaur, J., Meier, M., Schubert, F.: Towards Suppressing Attacks on and Improving Resilience of Building Automation Systems - an Approach Exemplified Using BACnet. In: GI Sicherheit. LNI vol. 228, pp. 407–418 (2014)
Bowers, B.: How to Own a Building: Exploiting the Physical World with BacNET and the BACnet Attack Framework, Shmoocon (2013). http://goo.gl/Ea1LZu
Holmberg, D.G., Bender, J., Galler, M.: Using the BACnet firewall router. BACnet Today, B10–B14, November 2006
Tom, S.: BACnet for a City - Saving Energy one Small Building at a Time; BACnet Today and the Smart Grid, B4–B9, November 2012
ASHRAE: Proposed Addendum ai to Standard 135–2012, BACnet - A Data Communication Protocol for Building Automation and Control Networks (2014)
Wendzel, S.: The Problem of Traffic Normalization in a Covert Channel’s Network Environment Learning Phase. In: Sicherheit 2012. LNI, vol. 195, pp. 149–161. GI (2012)
Biondi, P.: The Scapy community: Scapy Documentation, Release 2.1.1 (2010). http://goo.gl/nPEUFx
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kaur, J., Tonejc, J., Wendzel, S., Meier, M. (2015). Securing BACnet’s Pitfalls. In: Federrath, H., Gollmann, D. (eds) ICT Systems Security and Privacy Protection. SEC 2015. IFIP Advances in Information and Communication Technology, vol 455. Springer, Cham. https://doi.org/10.1007/978-3-319-18467-8_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-18467-8_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18466-1
Online ISBN: 978-3-319-18467-8
eBook Packages: Computer ScienceComputer Science (R0)