Title :
Covert Channels and Their Prevention in Building Automation Protocols: A Prototype Exemplified Using BACnet
Author :
Wendzel, Steffen ; Kahler, B. ; Rist, T.
Author_Institution :
Fac. of Math. & Comput. Sci., Univ. of Hagen, Hagen, Germany
Abstract :
Security in building automation systems (BAS) recently became a topic in the security community. BAS form a part of enterprise networks and can be utilized to gain access to a company network or to violate a security policy. Up to now, the threat of covert channels in BAS protocols was not discovered. While a first available solution can limit ``high level´´ covert channels in BAS, there is no solution available to prevent covert channels on the lower level (i.e., in BAS protocols). In this paper, we present network covert storage and network covert timing channels in the network and application layer of the BACnet protocol stack to show that protocol-level covert channels in BAS are feasible. Additionally, we introduce the first means enabling a BAS to become multi-level secure on the network and application layer to prevent covert channels. We built a prototype based on the BACnet firewall router (BFR) to implement multi-level security in BACnet environments.
Keywords :
building management systems; firewalls; protocols; telecommunication security; BACnet firewall router; BAS protocols; building automation protocols; building automation systems; company network; enterprise networks; high level covert channels; multilevel security; network covert storage; network covert timing channels; security community; security policy; Automation; Buildings; Protocols; Receivers; Security; Temperature sensors; Timing; access control; building automation; covert channels; network security;
Conference_Titel :
Green Computing and Communications (GreenCom), 2012 IEEE International Conference on
Conference_Location :
Besancon
Print_ISBN :
978-1-4673-5146-1
DOI :
10.1109/GreenCom.2012.120
