By Dr. Wolfgang Kastner, Institut fur Rechnergestu ̈tzte Automation Arbeitsgruppe Automatisierungssysteme
and Gianluca Cena, Ph.D., Italian National Research Council (CNR) Istituto di Elettronica e di Ingegneria dell’Informazione e delle Telecomunicazioni
Home and Building Automation (HBA) systems are traditionally concerned with the control of heating, ventilation, air conditioning, as well as lighting and shading systems. Services from the safety and security domain are typically provided by separated, appli- cation specific subsystems. An integration with the core HBA systems is done (if at all) at the management level.
Nowadays, the rising desire to integrate security-critical services even at the field level can be observed. The extension of the application domain of HBA systems therefore demands the underlying communication system to be reliable and robust against malicious manipulations. An analysis of existing technologies, however, exposes that they do not fulfill the additional requirements yet. The main reason is that the systems were developed at a time when security was considered as a side-issue at best. Hence, these systems rely on physical isolation and “Security by Obscurity”. This is obviously unacceptable within modern HBA systems since preventing physical access to the network by isolation is not always possible (e.g., WLANs) and “Security by Obscurity” is a technique that (if at all) provides only temporary protection. Thus, the development of a comprehensive security concept is of utmost importance.
This dissertation is focused on providing mechanisms for secure communication in HBA networks thus counteracting network attacks. Based on a security threat analysis, requirements and challenges for secure communication are identified. After an overview of state of the art technologies, a generic approach for securing communication in HBA networks is introduced. This approach uses the concept of secure communication rela- tionships where communication entities like devices or control applications are able to securely join and leave these relationships. Additionally, a framework that implements this security approach based on a multi-protocol stack is described. To prove the feasibility, the proposed security concept is formally evaluated and a prototype implementation is presented.