Security in building automation systems

IEEE Transactions on Industrial Electronics

Volumn 57, Issue 11, 2010, Pages 3622-3630

  Granzer, Wolfgang ^a   Praus, Fritz ^a   Kastner, Wolfgang ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

Building automation; embedded networks; integration; security

Indexed keywords

BUILDING AUTOMATION; BUILDING AUTOMATION SYSTEMS; CONTROL APPLICATIONS; EMBEDDED NETWORK; SECURE COMMUNICATIONS; SECURE EXECUTION; SECURITY; SECURITY IN BUILDINGS; SECURITY MECHANISM; SECURITY THREATS;

AUTOMATION; HEATING;

INTELLIGENT BUILDINGS;

EID: 77956599919     PISSN: 02780046     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIE.2009.2036033     Document Type: Article

References (41)

1. W. Kastner, G. Neugschwandtner, S. Soucek, and H. M. Newman, "Communication systems for building automation and control", Proc. IEEE, vol. 93, no. 6, pp. 1178-1203, Jun. 2005.
2. M. Thuillard, P. Ryser, and G. Pfister, "Life safety and security systems", in Sensors in Intelligent Buildings, vol. 2. Weinheim, Germany: Wiley-VCH, 2001, pp. 307-397.
3. T. Novak, A. Treytl, and P. Palensky, "Common approach to functional safety and system security in building automation and control systems", in Proc. IEEE Int. Conf. Emerging Technol. Factory Autom., 2007, pp. 1141-1148.
4. Information Technology-Security Technique-Evaluation Criteria for IT Security, IEC 15408, 2005.
5. C. P. Pfleeger and S. L. Pfleeger, Security in Computing, 4th ed. Englewood Cliffs, NJ: Prentice-Hall, 2006.
6. D. Hwang, P. Schaumont, K. Tiri, and I. Verbauwhede, "Securing embedded systems", IEEE Security Privacy, vol. 4, no. 2, pp. 40-49, Mar. 2006.
7. S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady, "Security in embedded systems: Design challenges", ACM Trans. Embed. Comput. Syst., vol. 3, no. 3, pp. 461-491, Aug. 2004.
8. V. Gungor and G. Hancke, "Industrial wireless sensor networks: Challenges, design principles, and technical approaches", IEEE Trans. Ind. Electron., vol. 56, no. 10, pp. 4258-4265, Oct. 2009.
9. BACnet-A Data Communication Protocol for Building Automation and Control Networks, ANSI/ASHRAE 135, 2008.
10. Control Network Protocol Specification, ANSI/EIA/CEA 709.1, 1999.
11. KNX Specification, Konnex Assoc., Diegem, Belgium, 2009, Ver. 2.0.
12. Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs), IEEE 802.15.4, 2006.
13. ZigBee Specification 2007, ZigBee Alliance, San Ramon, CA, 2007.
14. D. G. Holmberg, "BACnet wide area network security threat assessment", Nat. Inst. Standards Technol., Gaithersburg, MD, NISTIR Tech. Rep. 7009, 2003.
15. ANSI/ASHRAE Addendum 135-2008 g: Updating BACnet Network Security, May 2010, Status: 5th public review. [Online]. Available: http://bacnet.org/Addenda/ index.html
16. C. Schwaiger and A. Treytl, "Smart card based security for fieldbus systems", in Proc. IEEE Int. Conf. Emerging Technol. Factory Autom., 2003, pp. 398-406.
17. Tunneling Component Network Protocols Over Internet Protocol Channels, ANSI/EIA 852, 2002.
18. W. Granzer, W. Kastner, G. Neugschwandtner, and F. Praus, "Security in networked building automation systems", in Proc. IEEE Int. Workshop Factory Commun. Syst., 2006, pp. 283-292. (Pubitemid 351470990)
19. A. Cilardo, L. Coppolino, N. Mazzocca, and L. Romano, "Elliptic curve cryptography engineering", Proc. IEEE, vol. 943, no. 2, pp. 395-406, Feb. 2006.
20. V. Gupta, M. Wurm, Y. Zhu, M. Millard, S. Fung, N. Gura, H. Eberle, and S. C. Shantz, "Sizzle: A standards-based end-to-end security architecture for the embedded Internet", Pervasive Mobile Comput., vol. 1, no. 4, pp. 425-445, Dec. 2005.
21. W.-S. Juang, S.-T. Chen, and H.-T. Liaw, "Robust and efficient passwordauthenticated key agreement using smart cards", IEEE Trans. Ind. Electron., vol. 55, no. 6, pp. 2551-2556, Jun. 2008.
22. W. Granzer, C. Reinisch, and W. Kastner, "Key set management in networked building automation systems using multiple key servers", in Proc. IEEE Int. Workshop Factory Commun. Syst., 2008, pp. 205-214.
23. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. Boca Raton, FL: CRC, 1997.
24. T. Wollinger, J. Pelzl, V. Wittelsberger, C. Paar, K. Saldamli, and C. K. Koc, "Elliptic and hyperelliptic curves on embedded μP", ACM Trans. Embed. Comput. Syst., vol. 3, no. 3, pp. 509-533, Aug. 2004.
25. M. Luk, G. Mezzour, A. Perrig, and V. Gligor, "MiniSec: A secure sensor network communication architecture", in Proc. Int. Conf. Inf. Process. Sens. Netw., 2007, pp. 479-488.
26. W. Granzer, D. Lechner, F. Praus, and W. Kastner, "Securing IP backbones in building automation networks", in Proc. IEEE Int. Conf. Ind. Informat., 2009, pp. 410-415.
27. W. Granzer, C. Reinisch, and W. Kastner, "Denial-of-service in automation systems", in Proc. IEEE Int. Conf. Emerging Technol. Factory Autom., 2008, pp. 468-471.
28. F. Koeune and F.-X. Standaert, "A tutorial on physical security and sidechannel attacks", in Foundations of Security Analysis and Design III. Berlin, Germany: Springer-Verlag, Sep. 2005, pp. 78-108.
29. B. Chess and G. McGraw, "Static analysis for security", IEEE Security Privacy, vol. 2, no. 6, pp. 76-79, Nov. 2004.
30. G. C. Necula and P. Lee, "Safe, untrusted agents using proof-carrying code", in Mobile Agents and Security, vol. 1419, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, Jan. 1998, pp. 61-91.
31. Z. Li, A. Das, and J. Zhou, "Theoretical basis for intrusion detection", in Proc. IEEE Inf. Assurance Workshop, 2005, pp. 184-192.
32. V. Kiriansky, D. Bruening, and S. Amarasinghe, "Secure execution via program shepherding", in Proc. USENIX Security Symp., 2002, pp. 191-206.
33. Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, and M. H. Jakubowski, "Oblivious hashing: A stealthy software integrity verification primitive", in Proc. Int. Workshop Inf. Hiding, 2003, pp. 400-414.
34. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks", in Proc. USENIX Security Conf., 1998, pp. 63-78.
35. D. Arora, S. Ravi, A. Raghunathan, and N. K. Jha, "Hardware-assisted run-time monitoring for secure program execution on embedded processors", IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 14, no. 12, pp. 1295-1308, Dec. 2006.
36. I. Hiroaki, M. Edahiro, and J. Sakai, "Towards scalable and secure execution platform for embedded systems", in Proc. Des. Autom. Conf., 2007, pp. 350-354.
37. W. Landi, "Undecidability of static analysis", ACM Lett. Program. Lang. Syst., vol. 1, no. 4, pp. 323-337, Dec. 1992.
38. R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. DuVarney, "Model-carrying code: A practical approach for safe execution of untrusted applications", in Proc. ACM Symp. Oper. Syst. Principles, 2003, pp. 15-28.
39. F. Praus, T. F. Thomas, and W. Kastner, "Secure and customizable software applications in embedded networks", in Proc. IEEE Int. Conf. Emerging Technol. Factory Autom., 2008, pp. 1473-1480.
40. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "seL4: Formal verification of an OS kernel", in Proc. ACM Symp. Oper. Syst. Principles, 2009, pp. 207-220.
41. F. Praus, W. Granzer, and W. Kastner, "Enhanced control application development in building automation", in Proc. IEEE Int. Conf. Ind. Informat., 2009, pp. 390-395.