Security analysis of the KNX smart building protocol
- KNX is a protocol for smart building automation, e.g., for automated heating, air conditioning, or lighting. This paper analyses and evaluates state-of-the-art KNX devices from manufacturers Merten, Gira and Siemens with respect to security. On the one hand, it is investigated if publicly known vulnerabilities like insecure storage of passwords in software, unencrypted communication, or denialof-service attacks, can be reproduced in new devices. On the other hand, the security is analyzed in general, leading to the discovery of a previously unknown and high risk vulnerability related to so-called BCU (authentication) keys.
| Author: | Malte Küppers, Marko SchubaORCiD, Georg Neugebauer, Tim Höner, Sacha HackORCiD |
|---|---|
| DOI: | https://doi.org/10.1145/3600160.3605167 |
| Parent Title (English): | ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security |
| Publisher: | ACM |
| Document Type: | Conference Proceeding |
| Language: | English |
| Year of Completion: | 2023 |
| Date of the Publication (Server): | 2023/09/01 |
| First Page: | 1 |
| Last Page: | 7 |
| Note: | Article No.: 87 ARES 2023, August 29–September 01, 2023, Benevento, Italy |
| Link: | https://doi.org/10.1145/3600160.3605167 |
| Zugriffsart: | campus |
| Institutes: | FH Aachen / Fachbereich Elektrotechnik und Informationstechnik |
| collections: | Verlag / ACM |
