A threat-model for building and home automation

@article{Meyer2016ATF,
  title={A threat-model for building and home automation},
  author={Dominik Meyer and Jan Haase and Marcel Eckert and Bernd Klauer},
  journal={2016 IEEE 14th International Conference on Industrial Informatics (INDIN)},
  year={2016},
  pages={860-866}
}
  • Dominik MeyerJ. Haase B. Klauer
  • Published 19 July 2016
  • Computer Science
  • 2016 IEEE 14th International Conference on Industrial Informatics (INDIN)
Security and privacy are very important assets within building and home automation because the System Control Unit (SCU) stores and processes a huge amount of data about the inhabitants or employees of the building. This data is necessary for managing the building and increasing the convenience of persons within. But this data can also be used to create a movement profile, monitor working times, and draw conclusions about people's health situation. Modern smart home implementations also control… 

Figures from this paper

BIoTA: Control-Aware Attack Analytics for Building Internet of Things

This paper proposes a building internet of things analyzer (BIoTA) framework that assesses the smart building HVAC control system’s security using formal attack modeling and evaluates the proposed attack analyzer's effectiveness on the commercial occupancy dataset and the KTH live-in lab dataset.

Enhancing Security in Smart Homes-A Review

This paper aims to provide a detailed review of the Methods or Techniques proposed to secure smart home systems by providing better design, access control techniques, encryption algorithms, and secure software applications.

New attack vectors for building automation and IoT

The paper presents new attack vectors and new threats using the threat model of Meyer et al.[1] and shows that these threats are also valid for IoT installations.

A Survey on Smart Home Authentication: Toward Secure, Multi-Level and Interaction-Based Identification

A generic model derived from an SHome use-case scenario is presented and a threat analysis is performed to identify possible means of attacks and leads to the specification of a set of desirable security requirements for the design of authentication solutions for SHome.

MASTER (In)security of video surveillance systems in building automation systems

A list of threats against VSSs is provided and a novel tool for detecting them by using passive network traffic analysis is developed and built on top of SilentDefense, a world-leading IDS for industrial control systems.

Wireless sensor/actuator device configuration by NFC with secure key exchange

This paper shows how to initialize new or replaced devices using an Android app with NFC and focusses on the public key exchange mechanism by Diffie-Hellman to prepare the device for encryption.

In ) security of video surveillance systems in building automation systems

  • Yeh
  • Computer Science
  • 2018
A definition of threats against VSSs is provided and a novel tool for detecting them by using passive network traffic analysis is developed, built on top of SilentDefense, a world-leading IDS for industrial control systems.

In ) security of video surveillance systems in building automation systems

  • Yeh
  • Computer Science
  • 2018
A definition of threats against VSSs is provided and a novel tool for detecting them by using passive network traffic analysis is developed, built on top of SilentDefense, a world-leading IDS for industrial control systems.

In ) security of video surveillance systems in building automation systems

  • Yeh
  • Computer Science
  • 2018
A definition of threats against VSSs is provided and a novel tool for detecting them by using passive network traffic analysis is developed, built on top of SilentDefense, a world-leading IDS for industrial control systems.

In ) security of video surveillance systems in building automation systems

  • Yeh
  • Computer Science
  • 2018
A definition of threats against VSSs is provided and a novel tool for detecting them by using passive network traffic analysis is developed, built on top of SilentDefense, a world-leading IDS for industrial control systems.

References

SHOWING 1-7 OF 7 REFERENCES

Security in Building Automation Systems

This paper starts with a security threat analysis and identifies the challenges of providing security in the building automation domain and two approaches that provide both secure communication and secure execution of possibly untrusted control applications are presented.

Common approach to functional safety and system security in building automation and control systems

Special focus is related to the commonalities between the development of safety and security systems to benefit from these commonalities in development.

A solution based analysis of attack vectors on smart home systems

  • Andreas BrauchliDepeng Li
  • Computer Science
    2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC)
  • 2015
This paper lists, analyzes and ranks possible attack vectors or entry points into a smart home system and proposes solutions to remedy or diminish the risk of compromised security or privacy and evaluates the usability impacts resulting from the proposed solutions.

Towards a model of privacy and security for smart homes

Based on the results of a risk analysis of a smart home automation system developed in collaboration with leading industrial actors, the first steps towards a general model of privacy and security for smart homes are outlined.

Threat Modeling: Designing for Security

Threat Modeling: Designing for Security is a unique how-to for security and software developers who need to design secure products and systems and test their designs and offers actionable how to advice not tied to any specific software, operating system, or programming language.

Toward a secure system engineering methodolgy

This paper presents a methodology for enumerating the vuinerabilities of a system, and determining what countermeasures can best close those vulnerabilities, and demonstrates how to correlate the attacker's characteristics with the characteristics of the vulnerability to see if an actual threat exists.

A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems

The design and implementation of an effective and efficient risk assessment framework and its software toolkit implementation is presented, which provides technological assurance that will lead to a higher confidence of Cloud service consumers and a cost-effective and reliable productivity of Cloud Service Provider and resources organized by individual Infrastructure Provider on the other side.