On Building Automation System security

IF 3.2 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Christopher Morales-Gonzalez , Matthew Harper , Michael Cash , Lan Luo , Zhen Ling , Qun Z. Sun , Xinwen Fu
{"title":"On Building Automation System security","authors":"Christopher Morales-Gonzalez ,&nbsp;Matthew Harper ,&nbsp;Michael Cash ,&nbsp;Lan Luo ,&nbsp;Zhen Ling ,&nbsp;Qun Z. Sun ,&nbsp;Xinwen Fu","doi":"10.1016/j.hcc.2024.100236","DOIUrl":null,"url":null,"abstract":"<div><p>Building Automation Systems (BASs) are seeing increased usage in modern society due to the plethora of benefits they provide such as automation for climate control, HVAC systems, entry systems, and lighting controls. Many BASs in use are outdated and suffer from numerous vulnerabilities that stem from the design of the underlying BAS protocol. In this paper, we provide a comprehensive, up-to-date survey on BASs and attacks against seven BAS protocols including BACnet, EnOcean, KNX, LonWorks, Modbus, ZigBee, and Z-Wave. Holistic studies of secure BAS protocols are also presented, covering BACnet Secure Connect, KNX Data Secure, KNX/IP Secure, ModBus/TCP Security, EnOcean High Security and Z-Wave Plus. LonWorks and ZigBee do not have security extensions. We point out how these security protocols improve the security of the BAS and what issues remain. A case study is provided which describes a real-world BAS and showcases its vulnerabilities as well as recommendations for improving the security of it. We seek to raise awareness to those in academia and industry as well as highlight open problems within BAS security.</p></div>","PeriodicalId":100605,"journal":{"name":"High-Confidence Computing","volume":"4 3","pages":"Article 100236"},"PeriodicalIF":3.2000,"publicationDate":"2024-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2667295224000394/pdfft?md5=5f78ccec6343d24a81a3bf545e6ddec0&pid=1-s2.0-S2667295224000394-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"High-Confidence Computing","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667295224000394","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Building Automation Systems (BASs) are seeing increased usage in modern society due to the plethora of benefits they provide such as automation for climate control, HVAC systems, entry systems, and lighting controls. Many BASs in use are outdated and suffer from numerous vulnerabilities that stem from the design of the underlying BAS protocol. In this paper, we provide a comprehensive, up-to-date survey on BASs and attacks against seven BAS protocols including BACnet, EnOcean, KNX, LonWorks, Modbus, ZigBee, and Z-Wave. Holistic studies of secure BAS protocols are also presented, covering BACnet Secure Connect, KNX Data Secure, KNX/IP Secure, ModBus/TCP Security, EnOcean High Security and Z-Wave Plus. LonWorks and ZigBee do not have security extensions. We point out how these security protocols improve the security of the BAS and what issues remain. A case study is provided which describes a real-world BAS and showcases its vulnerabilities as well as recommendations for improving the security of it. We seek to raise awareness to those in academia and industry as well as highlight open problems within BAS security.

楼宇自动化系统安全
由于楼宇自动化系统(BAS)具有气候控制自动化、暖通空调系统、入口系统和照明控制等诸多优点,因此在现代社会中的使用率越来越高。许多正在使用的楼宇自动化系统已经过时,并且存在许多源于底层楼宇自动化系统协议设计的漏洞。在本文中,我们对 BAS 以及针对七种 BAS 协议(包括 BACnet、EnOcean、KNX、LonWorks、Modbus、ZigBee 和 Z-Wave)的攻击进行了全面的最新调查。此外,还介绍了对安全 BAS 协议的全面研究,包括 BACnet Secure Connect、KNX Data Secure、KNX/IP Secure、ModBus/TCP Security、EnOcean High Security 和 Z-Wave Plus。LonWorks 和 ZigBee 没有安全扩展。我们指出了这些安全协议如何提高 BAS 的安全性,以及还存在哪些问题。我们还提供了一个案例研究,描述了现实世界中的一个 BAS,并展示了其漏洞以及改进其安全性的建议。我们力求提高学术界和工业界人士的认识,并强调 BAS 安全方面的未决问题。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
4.70
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信