Security analysis of the KNX smart building protocol
- KNX is a protocol for smart building automation, e.g., for automated heating, air conditioning, or lighting. This paper analyses and evaluates state-of-the-art KNX devices from manufacturers Merten, Gira and Siemens with respect to security. On the one hand, it is investigated if publicly known vulnerabilities like insecure storage of passwords in software, unencrypted communication, or denialof-service attacks, can be reproduced in new devices. On the other hand, the security is analyzed in general, leading to the discovery of a previously unknown and high risk vulnerability related to so-called BCU (authentication) keys.
| Verfasserangaben: | Malte Küppers, Marko SchubaORCiD, Georg Neugebauer, Tim Höner, Sacha HackORCiD |
|---|---|
| DOI: | https://doi.org/10.1145/3600160.3605167 |
| Titel des übergeordneten Werkes (Englisch): | ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security |
| Verlag: | ACM |
| Dokumentart: | Konferenzveröffentlichung |
| Sprache: | Englisch |
| Erscheinungsjahr: | 2023 |
| Datum der Publikation (Server): | 01.09.2023 |
| Erste Seite: | 1 |
| Letzte Seite: | 7 |
| Bemerkung: | ARES 2023: The 18th International Conference on Availability, Reliability and Security. August 29 - September 1, 2023. Benevento, Italy. Article No.: 87 |
| Link: | https://doi.org/10.1145/3600160.3605167 |
| Zugriffsart: | campus |
| Fachbereiche und Einrichtungen: | FH Aachen / Fachbereich Elektrotechnik und Informationstechnik |
| collections: | Verlag / ACM |
