Research On Network Security Architecture For Building Intelligent Systems

With the rapid development of Internet technology and building intelligent application, the building intelligent systems tend to be more open and accessable when interconnected with Internet under the impulsion of various novel demands. Out of the willing to reduce service costs and improve service quality, several intelligent building system vendors monitor and maintain their products of building automation and HVAC systems remotely. The property management companies monitor and manage their estate remotely through the Internet. More and more domestic cities interconnect the fire safety and security systems of major urban public buildings and communities with city unified remote monitor platform through the Internet to more effectively deal with sudden incidents of fire and safety, so the loss of life and property could be reduced significantly. Nevertheless, interconnecting building intelligent systems with the Internet brings not only the benefits but also more new network threats. Howerer, the building intelligent systems are short of protections against those threats. So, how to protect the building intelligention systems effectively can be a topic that is worth to be studied and solved.This thesis gives a survey on kinds of network security theories, the three main control network protocols LonWorks, BACnet and KNX/EIB. The network simulator OMNeT++ was chosen as a tool to test the security architecture on the basis of comprehensive comparison with other two mainstream simulators NS2 and OPNET. After the common structure of the building intelligent system nework was outlined, the positions where network attack may occur and the subjects who may suffer are pointed out. Faced by those attacks a formular especially designed for the building intelligent system is introduced to estimate the influences they could cause. Security architecture was constructed under the guidance of SSE-CMM and described in formal language. The security defects of the three control network standards are studied and the results show that the BACnet is relatively superior to the other ones in respect of security. The security architecture named LonSec is built under the condition that a new security device named SPU which shorts for security assistant unit is brought in. Finally, the LonSec was tested by simulating four types of network attack in OMNeT++ after the LonTalk protocol was added. The testing result demonstrates that LonSec works well in protecting the whole network. Through this research we conclude that the building intelligent system networks are in serious security condition. They are faced with kinds of security threats some of which are shared with traditional IP networks while more are unique. The formula proposed in the thesis can effectively estimate severity of these threats in order to provide reference to the targeted deployment of defensive measures.The established framework of the building intelligent system network security architecture is with characteristics of the building intelligent system networks and distinguished from IP network security architecture. It constructs a whole platform for the future research. The constructed network security architecture– LonSec for LonWorks network technology based building intelligent systems is a specific practice under the guidance of the framework. LonSec was tested by simulating four typical types of network attack in constructed OMNeT++ simulation enviroment. The results show that it protects LonWorks well. The successful network security architecture proves that it is necessary and feasible to solve most of security problems for the building intelligent system by construting security architecture.