With the upcoming Internet of Things and Industry 4.0 the Smart Home/Smart Office or more generally the Smart Building is becoming more and more important. Smart Buildings use technology from the traditional home and building control and connect it to the internet. Commercials from the television promise to control the complete home from the smartphone or tablet but never say a word about IT security. When vendors talk about security they mean securing your home with alarm systems but forget to say that all this security may easily be bypassed, if the control systems are not secure by the means of IT security. So, let’s have a closer look at that.
Security of professional Building Management Systems
In a Smart Building every system beginning from the building’s heating, lighting, energy management, security system (mainly CCTV and alarming system) and more can be managed from a central management system. The controlled systems are either connected directly via a data bus, via power line or wireless via radio. Home and building automation is mainly designed to reduce energy and maintenance costs and was originally planned to be a closed system which can only be controlled from inside the building. Therefore IT security was not a primary goal in the design phase of the protocols.
KNX is the worldwide standard for home and building control. It was developed by the KNX Association in Belgium. The specification standard of the KNX network protocol for example states that IT security is from minor importance because an attacker requires physical access to the network. From security side, this point of view is extremely critical and is based on wrong assumptions. A Smart Building often covers not only the inside of the building but also easy accessible areas in the outside. One light bulb which is connected to the buildings control system can be enough for an attacker. The security assumption also ignores the fact that an attack can also be performed by an insider. This can be for example a technician from an external company or a disgruntled employee. The risk is even higher as soon as wireless connections are used instead of wired connections because no “physical” access is required.
That the missing IT security considerations are a realistic threat shows the project Draugr from Mark Semmler. This is a small box based on a Raspberry Pi (see picture below from Philipp Bohk licensed under Creative Commons Attribution-Share Alike 3.0 Unported which was expanded by the functionality to communicate with KNX based control systems. With this box connected to the buildings control system the complete system can be infiltrated. For example a smart light bulb in the outdoor area which is connected to the KNX bus could be dismounted and replaced with that box. Once the box is connected to the buildings control system it can be remote controlled via UMTS. Of course, the box must not be detected. So, to hide the attack, a sophisticated criminal could camouflage the box as a light switch and could replace an existing light switch with its own. The Draugr project shows that attacks on control systems are realistic and can be conducted by every advanced criminal hacker.
Because control systems of buildings are now also connected to the internet they are at even higher risk. The buildings internal control system is connected to a management console which is also accessible from the internet. If this management console is vulnerable to attacks from the internet, the complete building and also the persons in the building are at risk.
Home, smart Home
Home users are at other risks which have to be considered when implementing a smart home control system. An Insider attack for example is very unlikely but in contrast the threat to be a target of theft is accordingly higher. At first glance the smart home (the building) seems to be more secure against housebreaking because it can control the light and the shutter automatically so that it seems that somebody is at home while the family is on holiday. But what if a thief gains access to such a control system? At this point the attacker sees that the light and shutter is controlled by the smart home and not by a person. With the status of the heating and other systems a thief can clearly identify if and maybe how many people are in the house. Another risk for example is an upgrade of a door lock to a smart door lock which can be controlled by a smartphone. In such a case the complete security depends on the security of the smartphone app.
How to improve?
All these risks can only be eliminated if vendors begin to consider IT security from the beginning of the design phase of their products. Also the used protocols have to be updated. They need the ability to encrypt the complete traffic and to authenticate and authorize all devices connected to the control system. Additionally, a risk analysis has to be performed in the planning phase of a smart building. A trusted architect for smart systems with expert knowledge in this area shall be consulted. The different areas like indoor and outdoor or different floors as well as security relevant devices like smart door locks have to be separated by placing the devices in separate segments. This can be done for example by using backbone and line couplers or creating multiple smart home installations. Access to the management console from the internet has to be restricted, e.g. by firewalls. When selecting the device vendor for a smart home solution, selection criteria like support period or implemented security measures shall be considered. Security and safety critical systems shall only be connected to control systems after the security of protocols and devices was improved. Maybe there will be Common Criteria Protection Profiles developed, which would set a minimum security standard for these types of devices.
Only if all these recommendations are met, a smart building can also be a secure building.