Files and links (1)
Published, Version of Record (VoR)Open Access via Drexel Libraries Read and Publish Program 2024CC BY V4.0, Open
Conference proceeding
Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing
CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security , pp 1761-1775
09 Dec 2024
Featured in Collection : Research Supported by Drexel Libraries' OA Programs
Abstract
Building Automation Systems (BAS) play a pivotal role in modern smart buildings, integrating sensors, controllers, and software to manage crucial functions such as HVAC, lighting, and more. The global smart building market is on the rise, underscoring the importance of securing BAS networks. This paper introduces the Building Automation System Evaluator (BASE), a specialized fuzzer designed to assess the security of BAS networks. BAS networks typically involve a BAS client communicating with a BAS server through BAS protocols (e.g., BACnet, KNX), each presenting unique challenges in BAS network fuzzing. These challenges encompass complex packet structures and sequencing in BAS protocols, closed-source clients with indeterminable code coverage, and unobservable server status with limited throughput. BASE automatically identifies protocol structures, dynamically instruments clients for code coverage analysis, and monitors responses for new coverage areas. Collected timestamps are used to estimate the input scan intervals of servers, optimizing throughput. We evaluated BASE on various BAS servers and clients, uncovering 13 new vulnerabilities. Furthermore, we present three attack case studies, highlighting the real-world security implications of these vulnerabilities in BAS systems, such as delayed fire detection, loss of climate control, and security breaches. We reported our findings to the respective vendors, who acknowledged the implications, and some have subsequently patched their systems based on our reports.
Metrics
Details
- Title
- Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing
- Creators
- Yue Zhang (Corresponding Author) - Drexel University, Computer ScienceZhen Ling - Southeast UniversityMichael Cash - University of Central FloridaQiguang Zhang - Southeast UniversityChristopher Morales-Gonzalez - University of Massachusetts LowellQun Zhou Sun - University of Central FloridaXinwen Fu - University of Massachusetts Lowell
- Publication Details
- CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security , pp 1761-1775
- Conference
- CCS '24: ACM SIGSAC Conference on Computer and Communications Security (Salt Lake City, Utah, 14 Oct 2024–18 Oct 2024)
- Publisher
- Association for Computing Machinery
- Number of pages
- 15
- Grant note
- Drexel Startup FundUS National Science Foundation (NSF): 1931871, 2325451 Jiangsu Provincial Key RD Programs: BE2021729, BE2022680, BE2022065-5 Jiangsu Provincial Key Laboratory of Network and Information Security Grant: BM2003201 Key Laboratory of Computer Network and Information Integration of Ministry of Education of China: 93K-9 Collaborative Innovation Center of Novel Software Technology and Industrialization
We thank the shepherd and the anonymous reviewers for their valuable suggestions and comments. This research was supported in part by Drexel Startup Fund, by US National Science Foundation (NSF) Awards 1931871 and 2325451, by Jiangsu Provincial Key R&D Programs Grant Nos. BE2021729, BE2022680, and BE2022065-5, Jiangsu Provincial Key Laboratory of Network and Information Security Grant No. BM2003201, Key Laboratory of Computer Network and Information Integration of Ministry of Education of China Grant No. 93K-9, and Collaborative Innovation Center of Novel Software Technology and Industrialization. Any opinions, findings, conclusions, and recommendations in this paper are those of the authors and do not necessarily reflect the views of the funding agencies.
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Web of Science ID
- WOS:001436367300121
- Scopus ID
- 2-s2.0-85211648742
- Other Identifier
- 9798400706363; 991021970301004721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Collaboration types
- Domestic collaboration
- International collaboration
- Web of Science research areas
- Computer Science, Artificial Intelligence
- Computer Science, Hardware & Architecture
- Computer Science, Theory & Methods
- Telecommunications