on the security of security extensions for ip based knx
play

On the security of security extensions for IP-based KNX networks - PowerPoint PPT Presentation

Feb 21, 2023 •541 likes •1.06k views

On the security of security extensions for IP-based KNX networks Aljosha Judmayer ajudmayer@sba-research.org ajudmayer@auto.tuwien.ac.at On the security of security extensions for IP-based KNX networks 1 SBA Research P1.1: Risk Management

  1. On the security of security extensions for IP-based KNX networks Aljosha Judmayer ajudmayer@sba-research.org ajudmayer@auto.tuwien.ac.at On the security of security extensions for IP-based KNX networks 1

  2. SBA Research P1.1: Risk Management and Analysis Area 1 (GRC): P1.2: Secure BP Modeling, Simulation and Verifjcation Governance, Risk P1.3: Computer Security Incident Response T eam and Compliance P1.4: Awareness and E-Learning Area 2 (DSP): P2.1: Privacy Enhancing T echnologies Data Security and P2.2: Enterprise Rights Management P2.3: Digital Preservation Privacy Area 3 (SCA): P3.1: Malware Detection and Botnet Economics Secure Coding and P3.2: Systems and Software Security Code Analysis P3.3: Digital Forensics P4.1: Hardware Security and Difgerential Fault Area 4 (HNS): Analysis Hardware and P4.2: Pervasive Computing Network Security P4.3: Network Security of the Future Internet

  3. TU Vienna ● Thesis @ automation systems group => ● Paper @ 10th IEEE Workshop on Factory Communication Systems (WFCS), 2014 – Lukas Krammer (lkrammer@auto.tuwien.ac.at) – Wolfgang Kastner (k@auto.tuwien.ac.at) On the security of security extensions for IP-based KNX networks 3

  4. What the h3ck is KNX? On the security of security extensions for IP-based KNX networks 4

  5. What the h3ck is KNX? KNX is a standard for home and building automation ● K o N ne X Association pool of companies ● publish KNX Systems specification – Develop the ETS (Engineering Tool Software) – On the security of security extensions for IP-based KNX networks 5

  6. What the h3ck is KNX? KNX is a standard for home and building automation ● K o N ne X Association pool of companies ● publish KNX Systems specification (first version 2002) – Develop the ETS (Engineering Tool Software) – Ensuring the interoperability between products , applications and ● systems Different physical layers e.g. : ● Twisted pair cable (TP1) – Ethernet (IP) – ● called KNXnet/IP On the security of security extensions for IP-based KNX networks 6

  7. Building Automation Systems (BAS) ● Goal: “ intelligent buildings ” ● Old and busted: – heating, ventilation and air conditioning (HVAC) – BUS networks On the security of security extensions for IP-based KNX networks 7

  8. Building Automation Systems (BAS) ● Goal: “ intelligent buildings ” ● Old and busted: – heating, ventilation and air conditioning (HVAC) – BUS networks ● New hotness: – security and safety stuff (e.g. alarm systems, access control systems) – remote management and stuff ... – >> connected to IP based networks << !!!111! What can possibly go wrong? On the security of security extensions for IP-based KNX networks 8

  9. Building Automation Systems (BAS) ● Goal: “ intelligent buildings ” ● Old and busted: – heating, ventilation and air conditioning (HVAC) – BUS networks ● New hotness: – security and safety stuff (e.g. alarm systems, access control systems) – remote management and stuff ... – >> connected to IP based networks << !!!111! What can possibly go wrong? On the security of security extensions for IP-based KNX networks 9 Source: http://laughingsquid.com/wp-content/uploads/tetris1_img6080.jpg

  10. Security features in current/classical KNX ... ● On the security of security extensions for IP-based KNX networks 10

  11. Security features in current/classical KNX ... ● Optional 4 (in words “four”) byte password On the security of security extensions for IP-based KNX networks 11

  12. Security features in current/classical KNX ... ● Optional 4 (in words “four”) byte password .... transmitted in clear text On the security of security extensions for IP-based KNX networks 12

  13. What the spec has to say ... “For KNX, security is a minor concern, as any breach of security requires local access to the network” (KNX Systems Specification) On the security of security extensions for IP-based KNX networks 13

  14. What the spec has to say ... “For KNX, security is a minor concern, as any breach of security requires local access to the network” (KNX Systems Specification) “Filtering KNXnet/IP datagrams from the network requires network analysis tools and expertise. The content of a KNXnet/IP message is not self- descriptive but requires semantic knowledge ...” (KNX Systems Specification) On the security of security extensions for IP-based KNX networks 14

  15. What the spec has to say ... “For KNX, security is a minor concern, as any breach of security requires local access to the network” (KNX Systems Specification) “Filtering KNXnet/IP datagrams from the network requires network analysis tools and expertise. The content of a KNXnet/IP message is not self- descriptive but requires semantic knowledge ...” (KNX Systems Specification) On the security of security extensions for IP-based KNX networks 15

  16. How does a KNX BAS look like? On the security of security extensions for IP-based KNX networks 16

  17. How does a KNX BAS look like? GAMMA Training Kit (GTK2) ● Source:https://www.auto.tuwien.ac.at/images/practicals/siemens_gamma_img_0515.jpg On the security of security extensions for IP-based KNX networks 17

  18. How does a KNX BAS look like? Backbone lv. Field lv. On the security of security extensions for IP-based KNX networks 18

  19. How does a KNX BAS look like? M anagement d evices (ETS) WAN MD MD SAC IP Backbone ICD Backbone lv. I nter c onnection d evices ICD ICD Field lv. SAC SAC TP / Bus TP / Bus SAC SAC SAC SAC S ensors, A ctuators, and C ontroller devices On the security of security extensions for IP-based KNX networks 19

  20. How does a KNX BAS look like? M anagement d evices (ETS) KNX IP WAN MD MD KNXnet/IP SAC IP Backbone ICD Backbone lv. I nter c onnection d evices ICD ICD Field lv. SAC SAC TP / Bus TP / Bus SAC SAC SAC SAC S ensors, A ctuators, and C ontroller devices On the security of security extensions for IP-based KNX networks 20

  21. How does a KNX BAS look like? M anagement d evices (ETS) WAN MD MD C SAC IP Backbone ICD Backbone lv. I nter c onnection d evices ICD ICD Field lv. SAC USB SAC USB interface N 148/11 * USB interface to KNX bus TP / Bus TP / Bus * Connected to wiring by SAC SAC pressure contacts * eibd open source software SAC SAC S ensors, A ctuators, and C ontroller devices On the security of security extensions for IP-based KNX networks 21

  22. How does a KNX BAS look like? M anagement d evices (ETS) WAN MD MD C SAC IP Backbone ICD Backbone lv. I nter c onnection d evices ICD ICD Field lv. SAC USB SAC USB interface N 148/11 * USB interface to KNX bus TP / Bus TP / Bus * Connected to wiring by SAC SAC pressure contacts * eibd open source software SAC SAC * Eavesdrop S ensors, A ctuators, * DoS and C ontroller devices * Inject * Identify (2^16 addresses) On the security of security extensions for IP-based KNX networks 22

  23. Example ● Record all traffic on bus $ eibd --listen-local=/tmp/eibhandle -t1023 usb:2:4:1:0:0 $ vbusmonitor1 local:/tmp/eibhandle ● Send message “on” to group addr. $ groupswrite local:/tmp/eibhandle 1/1/5 1 ● Read configuration of device $ mread local:/tmp/eibhandle AA04 116 100 09 AA 04 09 00 09 01 09 02 09 03 09 04 09 05 0B 00 0B 02 FE 20 01 00 FE 01 FE 02 FE 03 02 04 FE 05 FE 06 FE 07 03 08 FE 09 FE 0A FE 0B 04 0C FE 0D FE On the security of security extensions for IP-based KNX networks 23

  24. Example ● Record all traffic on bus $ eibd --listen-local=/tmp/eibhandle -t1023 usb:2:4:1:0:0 $ vbusmonitor1 local:/tmp/eibhandle ● Send message “on” to group addr. $ groupswrite local:/tmp/eibhandle 1/1/5 1 ● Read configuration of device $ mread local:/tmp/eibhandle AA04 116 100 09 AA 04 09 00 09 01 09 02 09 03 09 04 09 05 0B 00 0B 02 FE 20 01 00 FE 01 FE 02 FE 03 02 04 FE 05 FE 06 FE 07 03 08 FE 09 FE 0A FE 0B 04 0C FE 0D FE On the security of security extensions for IP-based KNX networks 24

  25. Example ● Record all traffic on bus $ eibd --listen-local=/tmp/eibhandle -t1023 usb:2:4:1:0:0 $ vbusmonitor1 local:/tmp/eibhandle ● Send message “on” to group addr. $ groupswrite local:/tmp/eibhandle 1/1/5 1 Group addr. 1/1/0 ● Read configuration of device $ mread local:/tmp/eibhandle AA04 116 100 09 AA 04 09 00 09 01 09 02 09 03 09 04 09 05 0B 00 0B 02 FE 20 01 00 FE 01 FE 02 FE 03 02 04 FE 05 FE 06 FE 07 03 08 FE 09 FE 0A FE 0B 04 0C FE 0D FE On the security of security extensions for IP-based KNX networks 25

  26. How does a KNX BAS look like? M anagement d evices (ETS) WAN MD MD SAC IP Backbone ICD Backbone lv. I nter c onnection d evices ICD ICD Field lv. SAC USB SAC USB interface N 148/11 * tcpdump * USB interface to KNX bus TP / Bus TP / Bus * tcpreplay * Connected to wiring by * IGMP SAC SAC pressure contacts * eibd open source software SAC SAC * Eavesdrop S ensors, A ctuators, * Identify (2^16 addresses) and C ontroller devices * Inject * DoS On the security of security extensions for IP-based KNX networks 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
Internet Security Certficate Extensions and Attributes Supporting Authentication in PPP and

Internet Security Certficate Extensions and Attributes Supporting Authentication in PPP and

Internet Security Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Nrnberg, Internet Security Dozent: Prof. Dr. Trommler 27.April 2004 Overview: 1. Introduction I. PKIX 2. Basics

560 views • 35 slides
PostMessage Security in Chrome Extensions Arseny Reutov areutov@ptsecurity.com

PostMessage Security in Chrome Extensions Arseny Reutov areutov@ptsecurity.com

PostMessage Security in Chrome Extensions Arseny Reutov areutov@ptsecurity.com https://raz0r.name OWASP London Chapter $ whoami Web application security researcher at Positive Technologies Member of Positive Hack Days

710 views • 37 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Presentation 1 School-based Security Staffing Security assistants are assigned to

Security Presentation 1 School-based Security Staffing Security assistants are assigned to

MCPS School Safety and Security Presentation 1 School-based Security Staffing Security assistants are assigned to every secondary school. Security team leaders are assigned to every high school and work often with feeder schools.

436 views • 12 slides
Security Presentation 1 School-based Security Staffing Security assistants are assigned to

Security Presentation 1 School-based Security Staffing Security assistants are assigned to

MCPS School Safety and Security Presentation 1 School-based Security Staffing Security assistants are assigned to every secondary school. Security team leaders are assigned to every high school and work often with feeder schools.

583 views • 27 slides
From the Ground Up Security DNS-based Security of the

From the Ground Up Security DNS-based Security of the

From the Ground Up Security DNS-based Security of the Internet Infrastructure Benno Overeinder NLnet Labs http://www.nlnetlabs.nl/ INTRO NLnet

795 views • 28 slides
The security of Mozilla Firefoxs Extensions Kristjan Krips Topics Introduction The

The security of Mozilla Firefoxs Extensions Kristjan Krips Topics Introduction The

The security of Mozilla Firefoxs Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting The attacks could result

517 views • 20 slides
Model-based Security Security: ganzheitliche Engineering Eigenschaft: Jan Jrjens

Model-based Security Security: ganzheitliche Engineering Eigenschaft: Jan Jrjens

2 Herausforderung: Security Model-based Security Security: ganzheitliche Engineering Eigenschaft: Jan Jrjens Sicherheits-Mechanismen umgehen statt brechen. Sichere Systems aus Computing Department unsicheren Komponenten ? The

314 views • 6 slides
AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated

AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated

1. Why we created AEZ AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated Encryption 5. Components FF0 and EME4 by Enciphering 6. AEZ Extensions Viet Tung Hoang Ted Krovetz

721 views • 31 slides
Language/OS Based Security 1 Infrastructure 2 Security Abstraction Layers 3 OS Security

Language/OS Based Security 1 Infrastructure 2 Security Abstraction Layers 3 OS Security

Language/OS Based Security 1 Infrastructure 2 Security Abstraction Layers 3 OS Security Control 4 Abstraction Imperfections OS: Each process has exclusive access to its own CPU and memory Illusion!! A process may be able to

429 views • 21 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 5. Tracking information flow in web

641 views • 30 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann &amp; Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday &amp; Friday, 9:00 10:30 William Stallings

670 views • 19 slides
Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster,

Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster,

Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko University of California, San Diego Recent Email Communications

449 views • 28 slides
Design Automation for Cryptography Anupam Chattopadhyay Assistant Professor, School of Computer

Design Automation for Cryptography Anupam Chattopadhyay Assistant Professor, School of Computer

Design Automation for Cryptography Anupam Chattopadhyay Assistant Professor, School of Computer Science and Engineering School of Physical and Mathematical Sciences, Nanyang Technological University June 7, 2017 Motivation Security not a

669 views • 27 slides
Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System

Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System

Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System Microprocessor used as a component in a device and is designed for a specific control function within a device Used In: Cell Phones

560 views • 31 slides
SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 ,

SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 ,

Motivations Design of SPAE Security of the scheme Performances SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 , Sbastien Riou 2 1 Univ. Grenoble Alpes / Institut Fourier,

519 views • 27 slides
How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron

How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron

How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron Velasco 1 , Solymar Ayala Cortez 1 Olga Kosheleva 2 , and Vladik Kreinovich 3 1 Department of Geological Sciences 2 Department of Teacher Education 3

562 views • 23 slides
Intrusion Tolerant IDS James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM

Intrusion Tolerant IDS James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM

Intrusion Tolerant IDS James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM Forschungslaboratorium R uschlikon, Switzerland 19 June 2001 1 MAFTIA A European project whose aim is to develop: Malicious- and Accidental-

366 views • 13 slides
Bug Squashing with SQLsmith andreas.seltenreich@credativ.de October 25, 2018

Bug Squashing with SQLsmith andreas.seltenreich@credativ.de October 25, 2018

Bug Squashing with SQLsmith andreas.seltenreich@credativ.de October 25, 2018 andreas.seltenreich@credativ.de PGConf.EU 2018 1 / 32 Outline Motivation Testing Methodology Analysis of Bugs Uncovered Design Future Work

1.6k views • 37 slides
MSc in Computer Engineering, Cybersecurity and Artificial Intelligence, Fault Diagnosis and

MSc in Computer Engineering, Cybersecurity and Artificial Intelligence, Fault Diagnosis and

MSc in Computer Engineering, Cybersecurity and Artificial Intelligence, Fault Diagnosis and Estimation in Dynamical Systems (FDE), a.a. 2019/2020, Lecture 2 A brief review of analysis of continuous-time linear dynamical systems Prof. Mauro

591 views • 48 slides
Approaching Automation Necessary for introducing a task Prioritize automation steps based

Approaching Automation Necessary for introducing a task Prioritize automation steps based

Learning objectives Understand the main purposes of automating software analysis and testing Identify activities that can be fully or partially Automating Analysis and Test automated Understand cost and benefit trade-offs in

799 views • 12 slides

More recommend