1,791
views
0
recommends
+1 Recommend
1 collections
    0
    shares

      Studying business & IT? Drive your professional career forwards with BCS books - for a 20% discount click here: shop.bcs.org

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      A Practical Attack Against a KNX-based Building Automation System

      Published
      proceedings-article
      , ,
      2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014) (ICSCSR)
      ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)
      11-12 September 2014
      cyber-physical systems security, building automation, KNX
      Bookmark

            Abstract

            Building automation systems rely heavily on general-purpose computers and communication protocols, which are often affected by security vulnerabilities. In this paper, we first analyze the attack surface of a real building automation system - based on the widely used KNX protocol-connected to a general-purpose IP network. To this end, we analyze the vulnerabilities of KNX-based networks highlighted by previous research work, which, however,did not corroborate their findings with experimental results. To verify the practical exploitability of these vulnerabilities and their potential impact, we implement a full-fledged testbed infrastructure that reproduces the typical deployment of a building automation system. On this testbed, we show the feasibility of a practical attack that leverages and combines the aforementioned vulnerabilities. We show the ease of reverse engineering the vendor-specific components of the KNX protocol. Our attack leverages the IP-to-KNX connectivity to send arbitrary commands which are executed by the actuators. We conclude that the vulnerabilities highlighted by previous work are effectively exploitable in practice, with severe results. Although we use KNX as a target, our work can be generalized to other communication protocols, often characterized by similar issues. Finally, we analyze the countermeasures proposed in previous literature and reveal the limitations that prevent their adoption in practice. We suggest a practical stopgap measure to protect real KNX-based BASs from our attack.

            Content

            Author and article information

            Contributors
            Conference
            September 2014
            September 2014
            : 53-60
            Affiliations
            [0001]Politecnico di Milano

            DEIB

            Via Ponzio 34/5

            Milan

            IT
            Article
            10.14236/ewic/ICSCSR2014.7
            7ea2e305-0ebe-430b-8b04-40403e7ba0a6
            © Alessio Antonini et al. Published by BCS Learning and Development Ltd. 2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014), St Pölten, Austria

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)
            ICSCSR
            2
            St Pölten, Austria
            11-12 September 2014
            Electronic Workshops in Computing (eWiC)
            ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICSCSR2014.7
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            cyber-physical systems security,KNX,building automation

            Comments

            Comment on this article