Security Analysis of Building Automation Networks: Threat Model and Viable Mitigation Techniques

Building automation systems are becoming increasingly commonplace in modern cities, thanks to the advantages they bring in terms of power efficiency and ease of management. Typically, they are connected to consumer grade platforms, to perform monitoring and management actions via a proper IP gateway, possibly from a remote location. In this work, we analyze the direct threats to the building automation network domain, considering an attacker able to eavesdrop or modify arbitrarily the packets. We detail the threat model under consideration, identifying the security desiderata and propose a secure communication protocol, together with a new distributed key agreement scheme. We analyze the feasibility of their implementation and the overhead in terms of computation and communication costs, using the KNX network standard as case study