Aurinkosähkövaihtosuuntaajien väyläliitännät : Rakennusautomaation integraatio

Älykkäät sähköverkot ja kehittyvä energiatehokkuus luovat tarpeita aurinkosähkövaih-tosuuntaajien ja rakennusautomaation sovellus- ja laiteintegraatiolle. Opinnäytetyössä tutkitaan rakennusautomaation sekä aurinkosähkövaihtosuuntaajien (aurinkosähköinvertteri) yhteistoimintamahdollisuuksia asiakasvaatimusten sekä standardoinnin näkökulmista. Tavoitteena on tuottaa laite- ja sovellusintegraatiokonsepteja, joiden avulla älykkäiden sähköverkkojen ja kehittyvien rakennusautomaatiojärjestelmien yhteistoimintaa kyettäisiin mallintamaan. Työn kautta esille nousi merkkejä standardoinnin hitaudesta verrattuna teknologisen kehittymisen nopeuteen, mikä luonnostaan johtaa avointen järjestelmien ylivertaisuuteen esimerkiksi kommunikointiprotokollista puhuttaessa. Avoimet kommunikointiprotokollat BACnet ja KNX ovat selkeästi edellä rakennusautomaation integraatiomahdollisuuksien tarjoajina, mikä johtuu tiukoista kommunikaatiosääntöjen määritelmistä. Kumpikaan protokolla ei ota kantaa aurinkosähköinvertterin sovellusrajapinnan määritelmään, mikä tarjoaa laitevalmistajille ja toimijoille protokollan vapaan soveltamisen mahdollisuuden. Integraatioteknologioiden käyttömahdollisuudet ovat huikeat, sillä älykäs sähköverkko integraation ajurina ei ole vielä arkipäiväistynyt. Toisaalta älykkäämpiä rakennusautomaatiojärjestelmiä rakennetaan ekotehokkaisiin rakennuksiin vailla varsinaisia älykkäitä ohjaustoimintoja. Aurinkosähköjärjestelmät joutuvat kohtaamaan paikallisen mikrotuotannon, kehittyvän rakennusautomaatiojärjestelmän sekä älykkään sähköverkon viimeistään rakennusten energiaomavaraisuusvaateen tullessa velvoittavaksi.Photovoltaic solar power can help meet increasing requirements for Smart Grid and higher energy efficiency in buildings. This thesis examines the collaborative opportunities of intelligent building automation systems and photovoltaic solar inverters from the perspective of standardization. The goal of this thesis is to produce concepts which specify a future device and its application, and how this device can interoperate with smart grids, intelligent building automation systems and photovoltaic solar inverters. During the research for this thesis, it was discovered that there was very slow progress in standardization in comparison to the speed of technological development. This gap in standardization compared the speed of development often led to the development of the use of open communications protocols. Open communication protocols, such as BACnet and KNX, are clearly preferred in the integration of products in building automation systems. This is due to the strict definitions of the rules of communication. Because communication protocols do not specify an application integration interface, device manufacturers and service providers are able to implement applications on their own by following the latest standards. Open integration technologies with scalable platforms provide new opportunities in areas where smart grid technology is non-existent or is limited to grid automation. On the other hand, intelligent building automation systems are being built only in new eco-efficient buildings with no actual intelligent control functions for energy management. Photovoltaic systems, local energy production and intelligent building automation systems need to be prepared for the future’s requirement for self-sufficient energy production with seamless integration into smart grids

Cyber security of smart building ecosystems

Abstract. Building automation systems are used to create energy-efficient and customisable commercial and residential buildings. During the last two decades, these systems have become more and more interconnected to reduce expenses and expand their capabilities by allowing vendors to perform maintenance and by letting building users to control the machines remotely. This interconnectivity has brought new opportunities on how building data can be collected and put to use, but it has also increased the attack surface of smart buildings by introducing security challenges that need to be addressed. Traditional building automation systems with their proprietary communication protocols and interfaces are giving way to interoperable systems utilising open technologies. This interoperability is an important aspect in streamlining the data collection process by ensuring that different components of the environment are able to exchange information and operate in a coordinated manner. Turning these opportunities into actual products and platforms requires multi-sector collaboration and joint research projects, so that the buildings of tomorrow can become reality with as few compromises as possible. This work examines one of these experimental project platforms, KEKO ecosystem, with the focus on assessing the cyber security challenges faced by the platform by using the well-recognised MITRE ATT&CK knowledge base of adversary tactics and techniques. The assessment provides a detailed categorisation of identified challenges and recommendations on how they should be addressed. This work also presents one possible solution for improving the detection of offensive techniques targeting building automation by implementing a monitoring pipeline within the experimental platform, and a security event API that can be integrated to a remote SIEM system to increase visibility on the platform’s data processing operations

An analysis of security issues in building automation systems

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in BAS, however defining the threats against BAS, and detection of these threats is an area that is particularly lacking. This paper presents an overview of the current security measures in BAS, outlining key issues, and methods that can be improved to protect cyber physical systems against the increasing threat of cyber terrorism and hacktivism. Future research aims to further evaluate and improve the detection systems used in BAS through first defining the threats and then applying and evaluating machine learning algorithms for traffic classification and IDS profiling capable of operating on resource constrained BAS

Evaluating XMPP Communication in IEC 61499-based Distributed Energy Applications

The IEC 61499 reference model provides an international standard developed specifically for supporting the creation of distributed event-based automation systems. Functionality is abstracted into function blocks which can be coded graphically as well as via a text-based method. As one of the design goals was the ability to support distributed control applications, communication plays a central role in the IEC 61499 specification. In order to enable the deployment of functionality to distributed platforms, these platforms need to exchange data in a variety of protocols. IEC 61499 realizes the support of these protocols via "Service Interface Function Blocks" (SIFBs). In the context of smart grids and energy applications, IEC 61499 could play an important role, as these applications require coordinating several distributed control logics. Yet, the support of grid-related protocols is a pre-condition for a wide-spread utilization of IEC 61499. The eXtensible Messaging and Presence Protocol (XMPP) on the other hand is a well-established protocol for messaging, which has recently been adopted for smart grid communication. Thus, SIFBs for XMPP facilitate distributed control applications, which use XMPP for exchanging all control relevant data, being realized with the help of IEC 61499. This paper introduces the idea of integrating XMPP into SIFBs, demonstrates the prototypical implementation in an open source IEC 61499 platform and provides an evaluation of the feasibility of the result.Comment: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA

Combining Bluetooth Mesh and KNX : the best of both worlds

Bluetooth Mesh (BT Mesh) is a promising wireless technology for building automation. At the same time, KNX is a well-established building automation system that has a vast installed base. Specifically, the strength of KNX lies in its proven semantic models. These models are the foundation for interoperability and the implementation of larger systems. The presented project demonstrates how a user can easily connect a new BT Mesh system to a well-established, wired KNX building automation system. Notably, the project achieves this through a self-developed stateless gateway, which allows controlling BT Mesh devices from the KNX network and vice versa. As a result, it is possible to leverage existing management systems from KNX building automation systems in BT Mesh networks. Furthermore, the project validates this concept using Home Assistant, a well- known open-source home automation platform and demonstrates, that heterogeneous KNX and BT Mesh systems are feasible

SEABASS: Symmetric-keychain Encryption and Authentication for Building Automation Systems

There is an increasing security risk in Building Automation Systems (BAS) in that its communication is unprotected, resulting in the adversary having the capability to inject spurious commands to the actuators to alter the behaviour of BAS. The communication between the Human-Machine-Interface (HMI) and the controller (PLC) is vulnerable as there is no secret key being used to protect the authenticity, confidentiality and integrity of the sensor data and commands. We propose SEABASS, a lightweight key management scheme to distribute and manage session keys between HMI and PLCs, providing a secure communication channel between any two communicating devices in BAS through a symmetric-key based hash-chain encryption and authentication of message exchange. Our scheme facilitates automatic renewal of session keys periodically based on the use of a reversed hash-chain. A prototype was implemented using the BACnet/IP communication protocol and the preliminary results show that the symmetric keychain approach is lightweight and incurs low latency

Uncovering Vulnerable Industrial Control Systems from the Internet Core

Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., DRDoS~attacks). In this paper, we uncover unprotected inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. This traffic analysis is correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We provide an in-depth view on Internet-wide ICS communication. Our results can be used i) to create precise filters for potentially harmful non-industrial ICS traffic, and ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks

Internet of robotic things : converging sensing/actuating, hypoconnectivity, artificial intelligence and IoT Platforms

The Internet of Things (IoT) concept is evolving rapidly and influencing newdevelopments in various application domains, such as the Internet of MobileThings (IoMT), Autonomous Internet of Things (A-IoT), Autonomous Systemof Things (ASoT), Internet of Autonomous Things (IoAT), Internetof Things Clouds (IoT-C) and the Internet of Robotic Things (IoRT) etc.that are progressing/advancing by using IoT technology. The IoT influencerepresents new development and deployment challenges in different areassuch as seamless platform integration, context based cognitive network integration,new mobile sensor/actuator network paradigms, things identification(addressing, naming in IoT) and dynamic things discoverability and manyothers. The IoRT represents new convergence challenges and their need to be addressed, in one side the programmability and the communication ofmultiple heterogeneous mobile/autonomous/robotic things for cooperating,their coordination, configuration, exchange of information, security, safetyand protection. Developments in IoT heterogeneous parallel processing/communication and dynamic systems based on parallelism and concurrencyrequire new ideas for integrating the intelligent “devices”, collaborativerobots (COBOTS), into IoT applications. Dynamic maintainability, selfhealing,self-repair of resources, changing resource state, (re-) configurationand context based IoT systems for service implementation and integrationwith IoT network service composition are of paramount importance whennew “cognitive devices” are becoming active participants in IoT applications.This chapter aims to be an overview of the IoRT concept, technologies,architectures and applications and to provide a comprehensive coverage offuture challenges, developments and applications

Power Systems Monitoring and Control using Telecom Network Management Standards

Historically, different solutions have been developed for power systems control and telecommunications network management environments. The former was characterized by proprietary solutions, while the latter has been involved for years in a strong standardization process guided by criteria of openness. Today, power systems control standardization is in progress, but it is at an early stage compared to the telecommunications management area, especially in terms of information modeling. Today, control equipment tends to exhibit more computational power, and communication lines have increased their performance. These trends hint at some conceptual convergence between power systems and telecommunications networks from a management perspective. This convergence leads us to suggest the application of well-established telecommunications management standards for power systems control. This paper shows that this is a real medium-to-long term possibility