An exploration of some security issues within the BACnet protocol
Abstract
Building automation systems control a range of services, commonly heating, ventilation and air-conditioning. BACnet is a leading protocol used to transmit data across building automation system networks, for the purpose of reporting and control. Security is an issue in BACnet due to its initial design brief which appears to be centred around a centralised monolithic command and control architecture. With the advent of the Internet of Things, systems that were isolated are now interconnected. This interconnectivity is problematic because whilst security is included in the BACnet standard, it is not implemented by vendors of building automation systems. The lack of focus on security can lead to vulnerabilities in the protocol being exploited with the result that the systems and the buildings they control are open to attack. This paper describes two proof-of-concept protocol attacks on a BACnet system, proves one attack using experimentation and the other attack through simulation. The paper contextualises a range of identified attacks using a threat model based on the STRIDE threat taxonomy.
RAS ID
28214
Document Type
Conference Proceeding
Date of Publication
2018
School
School of Science
Copyright
subscription content
Publisher
Springer Verlag
Recommended Citation
Peacock, M., Johnstone, M. N., & Valli, C. (2018). An exploration of some security issues within the BACnet protocol. DOI: https://doi.org/10.1007/978-3-319-93354-2_12
Comments
Peacock, M., Johnstone, M. N., & Valli, C. (2018). An Exploration of Some Security Issues Within the BACnet Protocol. In International Conference on Information Systems Security and Privacy (pp. 252-272). Available here