Building automation systems (BAS) are concerned with control and monitoring of buildings, while aiming to achieve different goals such as: •  provide safety for inhabitants (e.g. by integrating fire

alarm systems or physical access control), •  control the climate in the building/supervise and control

the heating, ventilation, and air conditioning equipment •  perform facility management (indicate problem by

generating reports, graphs and annunciating alarms) •  perform energy management strategies to reduce

operating and energy costs

Realization and Experiences with a Low-Cost Building Automation Security Testbed for Educational Purposes

BUILDING AUTOMATION SYSTEMS

Building automation systems dearth the aspect of security as they originated at the time when security was not an utmost concern. Some security challenges concerned with building automation systems (Granzer et al., 2010) are: •  Network attacks: Manipulation, fabrication or interruption

of the transmitted data over the network •  Device attacks:

Software level: code injection, exploiting algorithm Physical level: component replacement, microprobing

•  Network steganography: Hidden exfiltration of sensor data (e.g. monitoring of inhabitants or employees) (Wendzel, 2012)

SECURITY IN BUILDING AUTOMATION SYSTEMS

Benefits: •  Very simple, cheap solution and available as open source •  Easy to get hands-on with the logic and code •  Dynamically show the behavior and relationship of the

components involved •  Comprehensive testing can be done effectively without

damaging the real hardware •  Results in reduced training time •  Efficient monitoring of network flow with the help of

Wireshark

VIRTUAL TESTBED

Major goal: Allow teaching of BAS fundamentals and BAS security for students and employees in a highly configurable way without requiring expensive BAS hardware. Defensive mechanism: Traffic Normalization We realized traffic normalization as a protection measure for one of the widely used BAS protocols BACnet. •  Sits on the communication path between the BACnet

devices and monitors the traffic exchanged between the devices in order to detect anomalies

•  Reports malicious activity and perform actions (drop/modify) as per normalization rules

Jaspreet Kaur and Steffen Wendzel

Linux  Machines  with  BACnet  stack  (act  as  BACnet  devices)  

Linux  machine  with  Snort  (acts  as  Traffic  

Normalizer)   Messages  sent  via  Scapy  (Protocol  Fuzzer)  

System structure of the virtual testbed for traffic normalization between BACnet devices

kaur@cs.uni-bonn.de, steffen.wendzel@fkie.fraunhofer.de

FR

AU

NH

OF

ER

-IN

ST

ITU

T F

ÜR

KO

MM

UN

IKA

TIO

N,

INF

OR

MA

TIO

NS

VE

RA

RB

EIT

UN

G U

ND

ER

GO

NO

MIE

FK

IE /

JA

HR

ES

BE

RIC

HT

20

12

/13

F R A U N H O F E R - I N S T I T U T F Ü R K O M M U N I K AT I O N , I N F O R M AT I O N S V E R A R B E I T U N G U N D E R G O N O M I E F K I E

12/13JAHRESBER I CH T