Advertisement

Applying the ACPO Guidelines to Building Automation Systems

  • Iain Sutherland
  • Theodoros Spyridopoulos
  • Huw Read
  • Andy Jones
  • Graeme Sutherland
  • Mikhailia Burgess
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)

Abstract

The increasing variety of Internet enabled hardware devices is creating a world of semi-autonomous, interconnected systems capable of control, automation and monitoring of a built environment. Many building automation and control systems that have previously been limited in connectivity, or due to cost only used in commercial environments, are now seeing increased uptake in domestic environments. Such systems may lack the management controls that are in place in commercial environments. The risk to these systems is further increased when they are connected to the Internet to allow control via a web browser or smartphone application. This paper explores the application of traditional digital forensics practices by applying established good practice guidelines to the field of building automation. In particular, we examine the application of the UK Association of Chief Police Officers guidelines for Digital Evidence, identifying the challenges and the gaps that arise in processes, procedures and available tools.

Keywords

Building control system Forensics ACPO Embedded systems 

Notes

Acknowledgments

The authors would like to thank EBS for proof reading the final version of the paper.

References

  1. 1.
    Kwona, O., Leea, E., Bahnb, H.: Sensor-aware elevator scheduling for smart building environments. Build. Environ. 72, 332–342 (2014)CrossRefGoogle Scholar
  2. 2.
    Berg Insight AB: Smart Homes and Home Automation—3rd Edition (2014). http://www.berginsight.com/ReportList.aspx?m_m=3
  3. 3.
    Fisk, D.: Cyber security, building automation, and the intelligent building. Intell. Build. Int. 4, 169–181 (2012). doi: 10.1080/17508975.2012.695277 CrossRefGoogle Scholar
  4. 4.
    Wendzel, S., Zwanger, V., Meier, M., Szlósarczyk, S.: Envisioning Smart Building Botnets. In: Sicherheit LNI 228, pp. 319–329, GI Vienna (2014)Google Scholar
  5. 5.
    Association of Chief Police Officers (ACPO): Good Practice Guide for Digital Evidence, Version 5, October 2011. http://www.acpo.police.uk/documents/crime/2011/201110-cba-digital-evidence-v5.pdf
  6. 6.
    Chen, C.Y.: The design of smart building evacuation system. Int. J. Comput. Technol. Appl. 5(1), 73–80 (2012)Google Scholar
  7. 7.
    Cho J., Lee G., Won J., Ryu E.: Application of Dijkstra’s algorithm in the smart exit sign. In: The 31st International Symposium on Automation and Robotics in Construction and Mining (ISARC 2014)Google Scholar
  8. 8.
    Nest (2015). https://nest.com
  9. 9.
    AMX Corporation (2015). http://www.amx.com/
  10. 10.
    Control4: Home automation (2015). http://www.control4.com/
  11. 11.
    LeGrand Building Control Systems. http://www.legrand.co.uk/building-control
  12. 12.
  13. 13.
  14. 14.
    SAVANT systems. https://www.savant.com/
  15. 15.
    Continental Automated Buildings Association (CABA): About Us. http://www.caba.org/about
  16. 16.
    Modbus: About Modbus Organisation. http://www.modbus.org/about_us.php
  17. 17.
    IEC: About the International Electrotechnical Commission: Vision and Mission (2015). http://www.iec.ch/about/?ref=menu
  18. 18.
    NIST: Guide to Industrial Control System (ICS) Security, Special Publication 800-82 (2011)Google Scholar
  19. 19.
  20. 20.
    North Building Technologies: North Commander (2015). http://www.northbt.com/products/commander/
  21. 21.
    Hayes G., El-Khatib K.: Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol. In: Third International Conference on Communications and Information Technology (ICCIT), pp. 179–184 (2013)Google Scholar
  22. 22.
    Zigbee Alliance. http://www.zigbee.org/
  23. 23.
  24. 24.
    Rios, B.: Owning a Building: Exploiting Access Control and Facility Management Systems. https://www.blackhat.com/asia-14/archives.html#Rios
  25. 25.
    Shodan Metadata Search Engine. http://www.shodanhq.com/
  26. 26.
    Rios, B.: Google’s Buildings Hackable (2013). http://blog.cylance.com/blog/bid/297050/Google-s-Buildings-Hackable
  27. 27.
    O’Harrow Jr., R.: Tridium’s Niagara Framework: Marvel of connectivity illustrates new cyber risks. 12 July 2012, Washington Post (2012). http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story_1.html
  28. 28.
    FBI: Vulnerabilities in Tridium Niagara Framework Result in Unauthorized Access to a New Jersey Company’s Industrial Control System, 23 July 2012. Situational Information Report, Federal Bureau of Investigation, Newark Division, SIR-00000003417 (2012). http://www.wired.com/images_blogs/threatlevel/2012/12/FBI-AntisecICS.pdf
  29. 29.
  30. 30.
    Petroulakis, N.E. Askoxylakis, I.G. Tryfonas T.: Life-logging in smart environments: challenges and security threats. In: 2012 IEEE International Conference on Communications (ICC), pp. 5680–5684 (2012). doi: 10.1109/ICC.2012.6364934

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Iain Sutherland
    • 1
    • 3
  • Theodoros Spyridopoulos
    • 2
  • Huw Read
    • 1
    • 4
  • Andy Jones
    • 3
    • 4
  • Graeme Sutherland
    • 5
  • Mikhailia Burgess
    • 1
  1. 1.Noroff University CollegeVest AgderNorway
  2. 2.Faculty of EngineeringUniversity of BristolBristolUK
  3. 3.Security Research InstituteEdith Cowan UniversityPerthAustralia
  4. 4.Faculty of Computing, Engineering and ScienceUniversity of South WalesPontypriddUK
  5. 5.North Building TechnologiesBrightonUK

Personalised recommendations