On the security of security extensions for IP-based KNX networks

Author

Judmayer, Aljosha ; Krammer, Lukas ; Kastner, Wolfgang

fYear

2014

fDate

5-7 May 2014

Firstpage

1

Lastpage

10

Abstract

The traditional areas of building automation like heating, ventilation and air conditioning as well as lighting and shading are more and more extended by services requiring a more robust security infrastructure like alarm-and access control systems. Additionally, building automation networks get integrated into existing IP-based networks, or even communicate directly over the Internet. Therefore, the attack surface of building automation systems has increased dramatically. This requires a solid security architecture and a profound knowledge of possible attack vectors. This work reviews two security extensions for KNXnet/IP regarding their individual security properties. Thereby, it is pointed out that the current version of the draft specification, called KNXnet/IP Secure, lacks some relevant details and has certain limitations concerning the provided level of security.

Keywords

IP networks; Internet; access control; air conditioning; building management systems; telecommunication security; ventilation; IF-based KNX networks; IP-based networks; Internet; KNXnet-IP secure; KNXnet/IP; access control systems; air conditioning; alarm-control systems; building automation; building automation networks; building automation systems; draft specification; heating; lighting; security extensions security; security infrastructure; security properties; shading; solid security architecture; ventilation; Authentication; Building automation; Cryptography; IP networks; Radiation detectors; Unicast;

fLanguage

English

Publisher

ieee

Conference_Titel

Factory Communication Systems (WFCS), 2014 10th IEEE Workshop on

Conference_Location

Toulouse

Type

conf

DOI

10.1109/WFCS.2014.6837593

Filename

6837593