Announcing the Final Examination of Michael Cash for the degree of Doctor of Philosophy
This study explores the vulnerabilities inherent in two prominent Building Communication protocols and their potential exploitation for reconnaissance or infiltration into a Building Automation System (BAS). The initial phase of the study investigated the openness of the Building Automation and Controls network (BACnet) protocol. Here, an automation process software is devised to enumerate BACnet device objects and properties solely based on their IP addresses. Performing the automation and enumeration on a testbed of BACnet devices revealed its capability to correctly identify objects and properties as defined by the BACnet standard. Subsequently, the study delves into the analysis of attacks against the KNX communication protocol, with a particular emphasis on Man-in-the-Middle (MiTM) attacks against a BAS. An innovative defensive strategy using machine learning techniques is employed to differentiate fraudulent KNX traffic from a legitimate baseline, leveraging a customized similarity vector as a key feature for the machine learning models. Through rigorous experimentation incorporating the similarity feature vector against more traditional feature sets across different models, the findings indicated that our tailored similarity vector yielded superior accuracy compared to the conventional features. Additional recommendations were provided to further enhance the robustness of the models, including their validity through comparative analysis against statistical approaches. Finally, a vulnerability analysis is conducted on a comprehensive real-world BAS network characterized by its collective reach across multiple buildings, protocols, and devices. This network's intricate composition potentially exposes systems and protocols to novel attack vectors not conventionally susceptible to such conditions. The analysis encompasses a thorough examination of vulnerabilities spanning the BACnet and KNX protocols, as well as those at the host and network levels.
Committee in Charge:
Xinwen Fu, Chair, Computer Science
Qun Zhou-Sun, Co-Chair, Computer Engineering
Changchun Zou, Computer Science
Haofei Yu, Civil, Environmental, and Construction Engineering
Wei Zhang, Computer Science