Blog
About

113
views
0
recommends
+1 Recommend
1 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      A Practical Attack Against a KNX-based Building Automation System

      , ,

      2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014) (ICSCSR)

      ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)

      11-12 September 2014

      cyber-physical systems security, building automation, KNX

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Building automation systems rely heavily on general-purpose computers and communication protocols, which are often affected by security vulnerabilities. In this paper, we first analyze the attack surface of a real building automation system - based on the widely used KNX protocol-connected to a general-purpose IP network. To this end, we analyze the vulnerabilities of KNX-based networks highlighted by previous research work, which, however,did not corroborate their findings with experimental results. To verify the practical exploitability of these vulnerabilities and their potential impact, we implement a full-fledged testbed infrastructure that reproduces the typical deployment of a building automation system. On this testbed, we show the feasibility of a practical attack that leverages and combines the aforementioned vulnerabilities. We show the ease of reverse engineering the vendor-specific components of the KNX protocol. Our attack leverages the IP-to-KNX connectivity to send arbitrary commands which are executed by the actuators. We conclude that the vulnerabilities highlighted by previous work are effectively exploitable in practice, with severe results. Although we use KNX as a target, our work can be generalized to other communication protocols, often characterized by similar issues. Finally, we analyze the countermeasures proposed in previous literature and reveal the limitations that prevent their adoption in practice. We suggest a practical stopgap measure to protect real KNX-based BASs from our attack.

          Related collections

          Most cited references 4

          • Record: found
          • Abstract: not found
          • Article: not found

          Security in Building Automation Systems

            Bookmark
            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            Power consumption scheduling for peak load reduction in smart grid homes

              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Securing IP backbones in building automation networks

                Bookmark

                Author and article information

                Contributors
                Conference
                September 2014
                September 2014
                : 53-60
                Affiliations
                Politecnico di Milano

                DEIB

                Via Ponzio 34/5

                Milan

                IT
                Article
                10.14236/ewic/ICSCSR2014.7
                © Alessio Antonini et al. Published by BCS Learning and Development Ltd. 2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014), St Pölten, Austria

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)
                ICSCSR
                2
                St Pölten, Austria
                11-12 September 2014
                Electronic Workshops in Computing (eWiC)
                ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)
                Product
                Product Information: 1477-9358BCS Learning & Development
                Self URI (journal page): https://ewic.bcs.org/
                Categories
                Electronic Workshops in Computing

                Comments

                Comment on this article