SEABASS: Symmetric-keychain Encryption and Authentication for Building Automation Systems

There is an increasing security risk in Building Automation Systems (BAS) in that its communication is unprotected, resulting in the adversary having the capability to inject spurious commands to the actuators to alter the behaviour of BAS. The communication between the Human-Machine-Interface (HMI) and the controller (PLC) is vulnerable as there is no secret key being used to protect the authenticity, confidentiality and integrity of the sensor data and commands. We propose SEABASS, a lightweight key management scheme to distribute and manage session keys between HMI and PLCs, providing a secure communication channel between any two communicating devices in BAS through a symmetric-key based hash-chain encryption and authentication of message exchange. Our scheme facilitates automatic renewal of session keys periodically based on the use of a reversed hash-chain. A prototype was implemented using the BACnet/IP communication protocol and the preliminary results show that the symmetric keychain approach is lightweight and incurs low latency

An analysis of security issues in building automation systems

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in BAS, however defining the threats against BAS, and detection of these threats is an area that is particularly lacking. This paper presents an overview of the current security measures in BAS, outlining key issues, and methods that can be improved to protect cyber physical systems against the increasing threat of cyber terrorism and hacktivism. Future research aims to further evaluate and improve the detection systems used in BAS through first defining the threats and then applying and evaluating machine learning algorithms for traffic classification and IDS profiling capable of operating on resource constrained BAS

Second Set of Spaces

This document describes the Gloss infrastructure supporting implementation of location-aware services. The document is in two parts. The first part describes software architecture for the smart space. As described in D8, a local architecture provides a framework for constructing Gloss applications, termed assemblies, that run on individual physical nodes, whereas a global architecture defines an overlay network for linking individual assemblies. The second part outlines the hardware installation for local sensing. This describes the first phase of the installation in Strathclyde University

HOMEBOTS: Intelligent Decentralized Services for Energy Management

The deregulation of the European energy market, combined with emerging advanced capabilities of information technology, provides strategic opportunities for new knowledge-oriented services on the power grid. HOMEBOTS is the namewe have coined for one of these innovative services: decentralized power load management at the customer side, automatically carried out by a `society' of interactive household, industrial and utility equipment. They act as independent intelligent agents that communicate and negotiate in a computational market economy. The knowledge and competence aspects of this application are discussed, using an improved \ud version of task analysis according to the COMMONKADS knowledge methodology. Illustrated by simulation results, we indicate how customer knowledge can be mobilized to achieve joint goals of cost and energy savings. General implications for knowledge creation and its management are discussed

A low-cost ZigBee-based wireless industrial automation system

This paper describes the development of an industrial automation system based on a ZigBee wireless sensor network, designed for the monitoring and control of multiple refrigeration equipments in an industrial area, replacing the existing cabled network, which is based on the LonWorks platform. For this purpose, ZigBee routers were used to replace the local controllers at the refrigeration equipments, while the central management controller was re-placed by a ZigBee coordinator and a PC. The proposed system was devel-oped using a hardware platform based in the CC2530 integrated circuit and the Z-Stack software. Results from experimental field tests performed in an industrial environment are provided in order to assess the performance of the developed ZigBee network.This work is supported by FCT (Fundação para a Ciência e Tecnologia) with the reference project UID/EEA/04436/2013, and by FEDER funds through the COMPETE 2020 – Programa Operacional Competitividade e Internacionalização (POCI) with the reference project POCI-01-0145-FEDER-006941

Utilising a fieldbus protocol in a water quality monitoring system

This thesis presents a new water quality monitoring system developed at the University of Durham in conjunction with Partech Instruments Ltd. The system uses a fieldbus protocol to create an open, distributed control network, replacing the dedicated products currently offered. Echelon LonWorks has been used to create three nodes: a suspended solids sensor, a general-purpose interactive monitoring tool, and a universal relay setpoint module. When connected, these nodes provide a means of activating relays when the suspended solids level reaches a definable level, while providing a numerical display for the operator. The sensor may be calibrated for a number of different applications. The sensor uses infra-a-red light to monitor the light absorption and 90 scatter within the solution. By dynamically adjusting the intensity of the emitted light, the sensor is able to increase its range over conventional devices. Signal processing, linearization and calibration operations are carried out within the sensor software. The final measurement is communicated as a LonWorks network variable, allowing the sensor to be treated as an interoperable device. Several third-party products have been connected to the network and a high degree of interoperability demonstrated. Three network management software packages have been investigated, and their suitability assessed. The final prototype system shows the power, flexibility and cost-saving that a fieldbus protocol can provide in an industrial control environment

An Approach to remote process monitoring and control

The purpose of this thesis is to present an approach to remote monitoring and operation of distributed real time process control systems. Conventional monitoring of process control systems currently requires a great deal of close supervision from trained personnel located on-site. In many cases, researchers, developers or maintenance personnel cannot be at every location where such a system is installed. Currently, a standardized architecture for remote access to such systems is not available. In addition, most of these systems are very expensive and under-utilized. Researchers would benefit by having access to different parts of a system concurrently The benefits of a layered architecture for remote process monitoring and control will be analyzed through the use of a demonstration system that was realized to examine the real time performance of the interconnection mechanisms between the process controller(s) and the system monitoring interfaces. Low level, real-time process control is achieved by using specialized networking schemes called fieldbusses to interconnect all control devices. In this system, fieldbus controllers will also assume the role of servers connected to the Internet, in order to make device information available to any local or remote clients. In the proposed architecture, remote clients are user interfaces, implemented as JAVA applets, which can be accessed with a web browser. The proposed system architecture allows for client interfaces to gain remote access to various types of fieldbusses transparently