Master's Thesis Defense in Computer Science: Christopher Morales-Gonzalez 4/12

03/29/2022
By Christopher Morales-Gonzalez

The Kennedy College of Sciences, Department of Computer Science, invites you to attend a Master’s thesis defense by Christopher Morales-Gonzalez on “A Survey on Smart Building Security.”

Candidate Name: Christopher Morales-Gonzalez
Degree: Master’s
Defense Date: Tuesday, April 12, 2022
Time: 10 a.m.
Location: Via Zoom

Thesis/Dissertation Title: A Survey on Smart Building Security

Committee:

• Xinwen Fu (advisor), Computer Science Department, University of Massachusetts Lowell
• Benyuan Liu, Computer Science Department, University of Massachusetts Lowell
• Claire Lee, School of Criminology and Justice Studies, University of Massachusetts Lowell

Brief Abstract:
Smart buildings have become increasingly more complex and more common in everyday life. The goal of these buildings is to increase energy efficiency, promote automation, and decrease the overall financial costs of operating a building. We refer to these systems as Building Automation Systems (BAS). As with any application that requires a network to communicate, there needs to be security implemented to make sure that malicious individuals don't perform unauthorized actions that could have varying effects including but not limited to, financial and physical damage.

We conduct a survey of existing BAS protocols and look at the security services provided by them. We place an emphasis on the KNX protocol which is a highly used bus protocol. While analyzing the security of these protocols, we were able to design an attack model on the KNX protocol and have provided a proof-of-concept on a local testbed. We were also able to develop our own tool, KNX Bus Dump; This tool allows us to gather all communications on a KNX network through a TPUART connection and place them into a hex dump file that can be used by Wireshark to be analyzed. We then used this tool and knowledge to find and exploit a vulnerability in a Field Panel that was professionally installed by Siemens. This field panel can be extended to become a hybrid-protocol system that incorporates KNX to communicate. As we were reading these papers after this proof-of-concept, we looked for this vulnerability in other systems and if other proposals / solutions are susceptible to this.

Our survey includes a detailed analysis of the KNX protocol and then gives high level ideas of how other popular protocols, such as BACnet and Zigbee, work. For each, we look at the security scheme that the protocol itself provides and then also analyze proposed ideas and existing security solutions on those protocols for any vulnerabilities that could be exploited.