Security in Building Automation Systems

  title={Security in Building Automation Systems},
  author={Wolfgang Granzer and Fritz Praus and Wolfgang Kastner},
  journal={IEEE Transactions on Industrial Electronics},
Building automation systems are traditionally concerned with the control of heating, ventilation, and air conditioning, as well as lighting and shading, systems. They have their origin in a time where security has been considered as a side issue at best. Nowadays, with the rising desire to integrate security-critical services that were formerly provided by isolated subsystems, security must no longer be neglected. Thus, the development of a comprehensive security concept is of utmost importance… 

Figures and Tables from this paper

An analysis of security issues in building automation systems
An overview of the current security measures in BAS is presented, outlining key issues, and methods that can be improved to protect cyber physical systems against the increasing threat of cyber terrorism and hacktivism.
Software security requirements in building automation
An extensive survey of the security requirements for distributed control applications and analyzes software protection methods is provided and an architecture tackling the problem on how to secure software running on different device classes and preventing attacks on smart homes and buildings is briefly introduced.
Security Assessment of a Distributed, Modbus-Based Building Automation System
  • T. Tenkanen, T. Hämäläinen
  • Computer Science, Engineering
    2017 IEEE International Conference on Computer and Information Technology (CIT)
  • 2017
This work presents an approach to apply a method of data flow recognition and environment analysis to building automation through a case study on a distributed building automation system utilizing the Modbus protocol at the sites and presents suggested methods for mitigating the risks.
On the security of security extensions for IP-based KNX networks
This work reviews two security extensions for KNXnet/IP regarding their individual security properties and points out that the current version of the draft specification, called KNX Net/IP Secure, lacks some relevant details and has certain limitations concerning the provided level of security.
Security challenges in building automation and SCADA
The state-of-the-art of the security vulnerabilities of cyber-Physical Systems as well as the possible methods to mitigate/reduce such threats are presented.
Cybersecurity Perspectives for Smart Building Automation Systems
This work provides a critical overview of cybersecurity challenges for smart building automation systems by focusing on key areas of development at the device, system and communication and interoperability levels.
Security Analysis of Building Automation Networks - Threat Model and Viable Mitigation Techniques
This work analyzes the direct threats to the building automation network domain, considering an attacker able to eavesdrop or modify arbitrarily the packets, and details the threat model under consideration, identifying the security desiderata and proposes a secure communication protocol together with a new distributed key agreement scheme.
A secure interoperable architecture for building-automation applications
The architecture is designed to provide energy consumption and monitoring applications with an interface protecting their privacy, and implements an advanced secure interface for building-automation software, using secure event-handling and Role-Based Access Control.
Secure service discovery in building automation and control systems
The objective of this thesis is to identify design requirements of a secure service discovery protocol in BACS and to present and analyze a design solution based on the constraints of the system.
Secure control applications in building automation using domain knowledge
  • F. Praus, W. Kastner
  • Computer Science
    2010 8th IEEE International Conference on Industrial Informatics
  • 2010
A system model is derived that allows specifying security attributes for data points, function blocks, embedded applications, and, finally, distributed control applications and the applicability of the model is demonstrated for selected use cases.


Security in networked building automation systems
A security extension to KNX/EIB is presented that includes several security mechanisms that guarantee data integrity, confidentiality and freshness, as well as authentication to provide secure process data and management communication.
Common approach to functional safety and system security in building automation and control systems
Special focus is related to the commonalities between the development of safety and security systems to benefit from these commonalities in development.
Key set management in networked building automation systems using multiple key servers
To eliminate a single point of failure in this infrastructure, a redundancy concept featuring multiple key servers is presented and the management of shared secrets and the necessary infrastructure used to manage them is targeted.
Denial-of-service in automation systems
A novel, generic approach how denial-of-service (DoS) attacks can be prevented or, if prevention is not possible, can be detected at least.
Smart card based security for fieldbus systems
  • C. Schwaiger, A. Treytl
  • Computer Science
    EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696)
  • 2003
This work introduces a secure smart card and discusses the security services that were implemented, based on some simple but realistic assumptions about a possible security policy, for fieldbus systems for building automation.
Communication systems for building automation and control
The task of building automation and the systems and communications infrastructure necessary to address it is introduced and an overview of relevant standards is given, including BACnet, LonWorks and EIB/KNX as open systems of key significance in the building automation domain.
Securing IP backbones in building automation networks
A generic concept to secure IP backbones that is applicable to available BAS standards without the need of an adaption of existing BAS protocols is presented and a prototype implementation for the KNX standard is presented.
Secure and customizable software applications in embedded networks
An approach to allow untrusted, possible (intentional) malicious software to be executed securely on a low end embedded system and an evaluation for a building automation system is presented.
Enhanced control application development in Building Automation
The main idea is to base the application model on a generic ontology and to provide a sandbox for the execution environment to ease the CA development and at the same time to provide security for their execution.
Security in embedded systems: Design challenges
An introduction to the challenges involved in secure embedded system design is provided, recent advances in addressing them are discussed, and opportunities for future research are identified.