Abstract | ||
---|---|---|
Building automation systems control a range of services, commonly heating, ventilation and air-conditioning. BACnet is a leading protocol used to transmit data across building automation system networks, for the purpose of reporting and control. Security is an issue in BACnet due to its initial design brief which appears to be centred around a centralised monolithic command and control architecture. With the advent of the Internet of Things, systems that were isolated are now inter-connected. This interconnectivity is problematic because whilst security is included in the BACnet standard, it is not implemented by vendors of building automation systems. The lack of focus on security can lead to vulnerabilities in the protocol being exploited with the result that the systems and the buildings they control are open to attack. This paper describes two proof-of-concept protocol attacks on a BACnet system, proves one attack using experimentation and the other attack through simulation. The paper contextualises a range of identified attacks using a threat model based on the STRIDE threat taxonomy. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/978-3-319-93354-2_12 | Communications in Computer and Information Science |
Keywords | Field | DocType |
Building automation,State modelling,Security,Heating ventilation and air conditioning | Information system,Design brief,Enterprise resource planning,Computer security,Computer science,Command and control,Threat model,Automation,Building automation,BACnet | Conference |
Volume | ISSN | Citations |
867 | 1865-0929 | 0 |
PageRank | References | Authors |
0.34 | 2 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Matthew Peacock | 1 | 1 | 0.82 |
Michael N. Johnstone | 2 | 3 | 2.66 |
Craig Valli | 3 | 132 | 33.90 |