Abstract
Building automation systems control a range of services, commonly heating, ventilation and air-conditioning. BACnet is a leading protocol used to transmit data across building automation system networks, for the purpose of reporting and control. Security is an issue in BACnet due to its initial design brief which appears to be centred around a centralised monolithic command and control architecture. With the advent of the Internet of Things, systems that were isolated are now interconnected. This interconnectivity is problematic because whilst security is included in the BACnet standard, it is not implemented by vendors of building automation systems. The lack of focus on security can lead to vulnerabilities in the protocol being exploited with the result that the systems and the buildings they control are open to attack. This paper describes two proof-of-concept protocol attacks on a BACnet system, proves one attack using experimentation and the other attack through simulation. The paper contextualises a range of identified attacks using a threat model based on the STRIDE threat taxonomy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: NIST Special Publication 800–82: Guide to Industrial Control Systems (ICS) Security. Special Publication, NIST, London (2015)
Peacock, M., Johnstone, M.N., Valli, C.: Security issues with BACnet value handling. In: Olivier Camp, P.M., Furnell, S. (eds.): Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, INSTICC, pp. 546-552. SciTePress (2017)
Chipkin, P.: BACnet for field technicians. Technical report. Chipkin Automation Systems (2009)
SSPC-135: BACnet: a data communciation protocol for building automation and control networks (2012)
Holmberg, D.G.: BACnet wide area network security threat assessment. Technical report. NIST (2003)
Kastner, W., Neugschwandtner, G., Soucek, S., Newman, H.: Communication systems for building automation and control. Proc. IEEE 93, 1178–1203 (2005)
Granzer, W., Kastner, W.: Communication services for secure building automation networks. In: 2010 IEEE International Symposium on Industrial Electronics (ISIE), pp. 3380–3385 (2010)
Peacock, M., Johnstone, M.N.: An analysis of security issues in building automation systems. In: Proceedings of the 12th Australian Information Security Management Conference, pp. 100–104 (2014)
Valli, C., Johnstone, M.N., Peacock, M., Jones, A.: BACnet - bridging the cyber physical divide one HVAC at a time. In: Proceedings of the 9th IEEE-GCC Conference and Exhibition, pp. 289–294. IEEE (2017)
Kaur, J., Tonejc, J., Wendzel, S., Meier, M.: Securing BACnet’s pitfalls. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 616–629. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_41
Caselli, M.: Intrusion detection in networked control systems: from system knowledge to network security. Ph.D thesis. University of Twente, Enschede (2016)
Holmberg, D.G., Bender, J.J., Galler, M.A.: Using the BACnet firewall router. ASHRAE Am. Soc. Heat. Refrig. Air Cond. J. 48, 10–14 (2006)
Johnstone, M.N., Peacock, M., den Hartog, J.: Timing attack detection on bacnet via a machine learning approach. In: Proceedings of the 13th Australian Information Security Management Conference, pp 57–64 (2015)
SSPC-135: BACnet addenda and companion standards (2014)
Newman, H.M.: BACnet: The Global Standard for Building Automation and Control Networks. Momentum Press LLC, New York (2013)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-oriented Software. Addison-Wesley Longman Publishing Co., Inc., Boston (1995)
Magar, A.: State-of-the-art in cyber threat models and methodologies. Report, Defence Research and Development Canada (2016)
Bernier, M.: Military activities and cyber effects (MACE) taxonomy. Taxonomy, Defence Research and Development Canada, Centre for Operational Research and Analysis (2013)
Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press, Redmond (2006)
Spivey, J.M.: The Z Notation: A Reference Manual. Prentice-Hall Inc., Upper Saddle River (1989)
Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21, 666–677 (1978)
(OMG), O.M.G.: Object Constraint Language (OCL). Version 2.4. (2014)
Acknowledgement
The authors would like to thank Marcelo Macedo for his assistance in implementing the simulation environment.
This research was supported by an Australian Government Research Training Program Scholarship.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Peacock, M., Johnstone, M.N., Valli, C. (2018). An Exploration of Some Security Issues Within the BACnet Protocol. In: Mori, P., Furnell, S., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2017. Communications in Computer and Information Science, vol 867. Springer, Cham. https://doi.org/10.1007/978-3-319-93354-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-93354-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93353-5
Online ISBN: 978-3-319-93354-2
eBook Packages: Computer ScienceComputer Science (R0)