03/31/2025
By Christopher Morales-Gonzalez

The Kennedy College of Science, Richard A. Miner School of Computer & Information Sciences, invites you to attend a doctoral dissertation defense by Christopher Morales-Gonzalez titled, "Towards Secure Building Automation: Analyzing Protocol Vulnerabilities and Developing an Innovative Fuzzing Tool"

Time: Friday, April 4th, 2025, 10:30 a.m. - 12:30 p.m. EST.
Location: This will be an in-person defense at Suite 445, Wannalancit Mills (600 Suffolk Street, Lowell, MA 01854) in the Cyber Range. Remote attendance is allowed via Zoom. Link provided after abstract.

Join Zoom Meeting
https://uml.zoom.us/j/97432485872

Meeting ID: 974 3248 587

Committee Members:
Xinwen Fu (Advisor), Professor, Graduate Coordinator for Ph.D. Programs Miner School of Computer & Information Sciences.
Benyuan Liu (Member), Professor, Director, Miner School of Computer & Information Sciences, UMass Center for Digital Health (CDH), Computer Networking Lab, CHORDS
Claire Lee (Member), Associate Professor, School of Criminology and Justice Studies, Center for Asian American Studies, Center for Terrorism & Security Studies

Abstract:

Building Automation Systems (BASs) are pivotal in modern infrastructure, automating key functions such as climate control, lighting, and entry systems. However, many BASs rely on outdated communication protocols developed without robust security considerations, making them vulnerable to attacks. The increasing global adoption of these systems amplifies the urgency to address their security shortcomings. Current research is often fragmented, overlooking the critical interplay between BAS software, firmware, and communication protocols, leaving significant gaps in understanding the security posture of both legacy and emerging BAS technologies.

This thesis presents a comprehensive examination of BAS security, focusing on the unique challenges posed by both wired and wireless BAS networks. The study explores BASs as integrated systems, analyzing their vulnerabilities and security requirements in the context of modern automation. A detailed survey is conducted on seven widely used protocols—BACnet, EnOcean, KNX, LonWorks, Modbus, ZigBee, and Z-Wave—categorized into wired and wireless BAS communication methods. The survey identifies key weaknesses across these protocols, examines how newer secure protocols like BACnet Secure Connect and KNX Data Secure enhance security, and highlights persistent challenges. To contextualize these findings, a real-world case study demonstrates vulnerabilities in a BAS deployment and provides actionable recommendations derived from the survey. By consolidating disparate research and addressing the broader security posture of BASs, this work offers a cohesive understanding of the evolving threat landscape and identifies critical directions for future research.

In addition to the survey, this thesis introduces KNX Bus Dump, a tool designed to record and decode non-IP-based KNX traffic. This tool addresses a significant limitation in existing analysis platforms like Wireshark, which cannot process non-IP KNX traffic. By enabling developers to examine actual network communications, KNX Bus Dump provides a means to identify vulnerabilities and improve the security posture of KNX-based BAS deployments. These contributions emphasize the need for practical tools tailored to BAS-specific challenges.

While these tools and analyses address immediate needs, a critical gap remains in testing BAS systems for robustness against unknown threats. This thesis explores the domain of applying fuzzing—a method of fault discovery through unexpected inputs—to BAS software. Initial experiments uncovered two significant bugs in devices released in 2023 and 2024, demonstrating the feasibility of this approach. However, traditional fuzzers lack the adaptability required for BAS protocols, which are complex and often proprietary.

To address this gap, this thesis describes a novel tool which seeks to provide the capability to perform coverage-guided fuzzing for Java programs on a Windows system by extending the WinAFL fuzzer in such a way that the target doesn’t need to be recompiled. As Java remains a major programming language used to create building management software - an enticing target - for example, it should be expected these systems should be thoroughly tested for software bugs. By doing this, we achieve two major goals: the first is that it will aid in the betterment of BAS security as a whole by opening an avenue. The second is providing a foundational advancement for fuzzing methodologies / tools in broader cybersecurity contexts by allowing fuzzing of Java-based programs running in Windows systems.