A Cybersecurity Framework for Wireless-Controlled Smart Buildings Ⅰ: Two-Position Control

摘要

Due to the rapid development of telecommunication and network technology, wireless devices and systems (e.g., Siemens, Lutron, etc.) have more and more market share in residential and commercial buildings because of their many advantages such as easy deployment and maintenance. The wireless systems are open and flexible, but vulnerable to cyber-attacks since the data packets are transmitted by radio waves rather than by physical medium. The current cybersecurity system (e.g., Intrusion detection system) examines the data traffic to identify the anomalies in the network. However, it is unable to detect the attacks that tamper with the control logic or operating data, which results in the malfunction of the system. The project aims to cover the gap by developing an integrated cyber-physical security framework for detecting cyber-attacks in buildings. The paper reports the framework developed for a twoposition controlled wireless system. The testbed for the study used is a wireless-based lighting system, which consists of a wireless occupancy sensor, an actuator for the light switch, and an open-source operating platform for system control and monitor. The data transmission over the wireless network collected by a sniffing device showed the unique characteristics (a cluster of data with a unique pattern) related to the status of the devices in the system. The developed framework examines cyber data transmission by using a finite state machine model to identify anomalous operations. The finite state machine model can use the cyber data (data transmission) to interrelate / map cyber information (unique clusters) with physical system status and control to identify the operation of the system in normal or abnormal conditions. The developed framework successfully and effectively detected a cyber-attack tested in the two-position testbed. The paper provides the details of the cyber information on the wireless network, classification of packets for the status, and the integration of a cyber and physical model, the finite state machine model, and the cyber-attack test and validation.