On False Data Injection Attack against Building Automation Systems

KNX is one of the most popular protocols for a building automation system (BAS). However, its lack of security makes it subject to a variety of attacks. In this paper, we perform the first study of false data injection attack against a KNX based BAS. We design a man-in-the-middle (MITM) attack to change the data from a temperature sensor and inject false data to the BAS. We model the BAS system and formally analyze the impact of the false data injection attack on the system in term of energy cost. We find a small amount of erroneous input can incur significant energy cost, but is very hard to detect based on sensor data such as temperature alone. Since the MITM attack may disturb the KNX traffic pattern, we design a machine learning (ML) based detection strategy to detect the false data injection attack based on sophisticated features of the KNX telegram inter-arrival time. We perform real-world experiments and validate the presented false data injection attacks and ML detection strategy. We also simulate a BAS system and show that our proposed attack strategies can have a huge impact on BAS power consumption.


Towards Adversarial-Resilient Deep Neural Networks for False Data Injection Attack Detection in Power Grids

False data injection attack (FDIA) is a critical security issue in power...

Attack Detection and Isolation for Discrete-Time Nonlinear Systems

We address the problem of attack detection and isolation for a class of ...

Machine learning for automated quality control in injection moulding manufacturing

Machine learning (ML) may improve and automate quality control (QC) in i...

Fall of Giants: How popular text-based MLaaS fall against a simple evasion attack

The increased demand for machine learning applications made companies of...

False Data Injection Attacks on Hybrid AC/HVDC Interconnected System with Virtual Inertia – Vulnerability, Impact and Detection

Power systems are moving towards hybrid AC/DC grids with the integration...

Two-Way Coding and Attack Decoupling in Control Systems Under Injection Attacks

In this paper, we introduce the concept of two-way coding, which origina...

Dissemination Control in Dynamic Data Clustering For Dense IIoT Against False Data Injection Attack

The IoT has made possible the development of increasingly driven service...

1 Introduction

The building automation system may be used in commercial buildings as well as residential buildings. It manages and automates mechanical and electrical systems of a building, including heating, ventilation, and air conditioning (HVAC), lighting, metering, sensors, and actuators. Due to the increasing need of energy-efficient facilities and advancement of wireless technologies easing the complexity and cost of installation, the global BAS market size will grow from $73.5 billion in 2021 to $112.1 billion by 2026 [BASMarket:2021]. There are four popular building network protocols including BACnet, LonWorks, Modbus, and KNX. The global KNX Products market size was $4.381 billion in 2019 and is projected to reach $10.15 billion by 2026 [360:KNX:2019].

A BAS is a type of cyber-physical system and may be subject to both cyber attacks and physical attacks. A cyber attack may be used to break the networks, pollute or steal data. A physical attack may be used to manipulate and damage physical components. Antonini et al. [Antonini2015A_Practical] demonstrate a replay attack by sniffing the traffic messages. Sniffing the traffic also reveal device passwords. Wyss et al. [wyss_sholander_darby_phelan_2007] define the combination of physical attacks and cyber attacks manipulating or disrupting a physical component. Vacherot [vacherot:hal-03022310] designs a fuzzing tool to discover vulnerabilities in the KNX protocol. Molina [molina2014] uses a hotel room’s iPad to access the room’s KNX network and identifies the addresses of the devices in hotel rooms. He can then operate a KNX device remotely without the need of the hotel iPad. Rios presents in [Rio::FacilityManagementSystems::2014] several password retrieval attacks to exploit and gain access to facility management systems.

In this paper, we perform the first study of false data injection attack against a BAS. Our major contributions are summarized as follows. (i) We explore physical attacks and cyber attacks to craft a man-in-the-middle (MITM) attack and inject false data to a KNX based BAS. In particular, two Raspberry Pis with KNX adaptors are used to relay and change temperature sensor data. (ii) We model a HVAC system and formally analyze the impact of the fake data injection attack on the BAS in terms of energy cost. (iii) We design a machine learning (ML) based detection strategy to detect the false data injection based on the inter-arrival time of KNX telegrams. The MITM may disturb the KNX traffic pattern in a subtle way. Although features such as mean, variance and standard deviation cannot detect the difference, we find Jensen Shannon Divergence (JSD) provides a robust way of measuring the similarity of the probability distributions of the inter-arrival time of KNX telegrams and can be used to detect the attack. (iv) We perform real-world experiments on a BAS system installed by Siemens in our lab and validated the false data injection attack and ML based intrusion detection strategy. We simulate the HVAC system and mimic the real-time attacks. The simulation shows that our proposed attack strategies can have a huge impact on HVAC system power consumption, although only a small amount of erroneous input is plugged in the system, which has minimal impact on human comfort and very hard to be detected.

To understand detailed KNX protocols, we design and implement a KNX traffic analysis tool, KNX Bus Dump, which is presented at Blackhat Asia 2022.

Responsible disclosure: We have reported all our findings to Siemens and its development teams. We hope the BAS industry puts more efforts on BAS security.

2 Background

In this section we introduce the KNX protocol and addressing and programming devices.

2.1 KNX Protocol

KNX is a building control bus system, where every connected device utilizes the same transmission method and can exchange information via a bus network. KNX supports a wide range of devices using various communication mediums such as twisted-pair (TP), KNXnet/IP, powerline (PL), and radio frequency (RF). KNX devices and data can be accessed through individual addresses or group addresses. The KNX data frames, known as telegrams, have slightly altered structures depending on the medium and configured programming mode the device uses.

2.2 Addressing Device

Devices on a KNX network use two types of 16-bit addresses: individual addresses and group addresses.

Individual Address: The individual address of a device indicates its location within the topology. It is divided into three parts in the notation "area.line.deviceAddress". If deviceAddress is not 0, the address represents a regular KNX device or a line repeater. When a device sends a read or write request on a KNX bus, the source address field of the telegram contains the individual address of the device which sends the request.

Group Address: Group addresses are used to provide a means of accessing an object, or a KNX data point. The linking of an object to the group address allows for reading and writing by referencing the address it is linked to. A group address can be either 2 levels "main/sub", or 3 levels "main/middle/sub". The only rule for the group address is that they cannot be 0. Specifically, ‘0/0’ and ‘0/0/0’ for 2-level and 3-level addresses are prohibited because they are reserved for broadcast addresses on the KNX bus.

2.3 Programming Modes

KNX RF and TP devices offer several types of programming modes, which allow for different configuration options. There are two system configurations: System mode (S-mode) and Easy mode (E-mode). E-mode contains 3 different variations and We focus on the variation E-mode LTE-mode (LTE-mode) as it is the configuration method for KNX devices in our experiments.

S-Mode: KNX S-mode is the most common configuration for KNX devices. S-mode devices are configured to use individual group objects, where these objects are manually assigned and linked to group addresses. The assignment can be performed in the Engineering Tool Software (ETS) [ets_knx], KNX’s Windows-based configuration tool for designing and configuring building automation devices like sensors and actuators.

LTE-Mode: The LTE-mode configuration is for devices that require extended zoning information and a large address space for their data objects. The LTE frames are larger than those of S-mode devices due to the inclusion of extended fields in the telegram frame as shown in figure 1. KNX telegrams have a special bit in the control field to indicate whether the telegram is for an extended frame or standard.

Fig. 1: Extended LTE vs Standard KNX TP1 Frames

The extended control field is the second octet in a KNX LTE frame. It can be divided in three parts: the address type, hop count, and Extended Frame Format (EFF). The address type describes with the destination is to be viewed as a group or individual address, hop count limits the telegram distance to ensure not infinitely traversing the network, and the EFF describes the format that the destination address should be interpreted as. When this field is of the LTE extended address type, the last two bits of the field indicate the type of LTE extension the destination address should be interpreted as.

When accessing data from a LTE device, the logical tag address, object types (OT), object indices (OI), and a property IDs (PID) must all be provided. The OT defines which properties should be present. OI specifies which instance of the OT that you wish to access, for multiple instances of the same OT can be present. Finally, the PID is for which property from the OT you wish to access.

3 False Data Injection Attack

In this section, we first introduce physical attacks against KNX, removing victim devices and plugging attack devices into a victim KNX system. We then present the eavesdropping attack, which can be used to learn detailed protocols of the victim KNX system. At last, we present the false data injection attack via MITM.

3.1 Physical Attack

A KNX device such as a temperature sensor is often exposed to the public and subject to a physical attack. For a KNX device connected on a TP1 transmission bus used in our context, removing it from the bus requires removal of the twisted pair either from the bus or from the KNX device’s terminal port. If the cable is removed from the device end, this same cable can be used by an attacking device to access the KNX bus. A traditional topology of a KNX bus is by daisy-chaining devices together in a line, for a maximum of 64 devices per line. Most KNX devices in the daisy topology have 4 positive-negative terminal pairs and each terminal pair can connect to another device. If a terminal pair is available, a device can use this terminal to connect to the bus, where it can see any telegrams being transmitted or send its own telegrams to the bus to any other connected device.

3.2 Eavesdropping Attack

Eavesdropping attack provides a means of understanding the detailed protocol and how KNX telegrams of a device are formed, allowing the attack to craft its own telegrams in respect to the victim device. In an eavesdropping attack, the attacker attaches their own device to the KNX bus and constantly listens on the bus for any telegrams that are sent. After performing a data dump, the attacker is presented with a plethora of information such as: source and destination KNX addresses, group addresses, and other information pertaining to the specific device functions. The data can be used to understand the communication protocol being used such as what type of KNX telegrams are being sent. In the case of LTE frames, the logical tags, OT, PID, and OI are also reported.

3.3 False Data Injection via MITM Attack

With the information gained from eavesdropping and properly crafted telegram messages, we can deploy man-in-the-middle (MITM) attacks using two Raspberry Pis against KNX as shown in Figure 2 for the purpose of stealthy false data injection. Without loss of generality, we use the temperature sensor as the example. The client Pi is connected to the sensor via a KNX adaptor, changes the data of received telegrams from the sensor, and forwards changed telegrams to the server Pi. The server Pi is connected to the DXR2 controller and sends the changed telegrams to DXR2. The two Pis also forward telegrams generated by DXR2 to the victim sensor and other types of telegrams than temperature readings generated by victim sensor to DRX2 without change.

Using two Raspberry Pis is necessary for stealthy data injection. One Pi can use only one KNX adaptor. If one Pi and one KNX adaptor is used in the MITM attack, the sensor will be connected to DXR2 directly via the KNX adaptor although the Pi can still intercept sensor telegrams, change them and forward them to DXR2. However, DXR2 will receive both original and changed telegrams, and can detect the attack easily. Using two Pis and two KNX adaptors separates the sensor and DRX2 into two different KNX local networks and addresses the issue above. We also use UDP for the two Pis to communicate with each other since UDP introduce less delay and jitters than TCP.

Fig. 2: MITM Attack against Sensor. Note: it can also be deployed against the actuator although not presented in this paper due to space limit

4 Impact of False Data Injection

We can utilize the physical and cyber attack in Section 3 to control various KNX devices such as the light, damper and temperature sensor, and to inject fake data to the HVAC system. For example, a temperature sensor of a BAS is often exposed to the public and can be manipulated. In this paper, we focus on injecting false temperature value, which may cause severe energy cost and break the energy-efficient property of the BAS system. In this section, we first model the HVAC system, and then formalize the impact of the temperature data intrusion on the HVAC system.

4.1 HVAC System Model

We model a HVAC system as shown in Figure 3 which consists of a chiller, water pumps, air handling unit (AHU), and the constant boundary conditions representing the typical cooling tower system. The AHU serves one thermal zone. The entire HVAC system is driven by complex control sequences with proportional–integral (PI) loops. The AHU has three dampers in the mixing plenum to restrict the amount of air that can enter or exit by varying their position. And then the mixed air is cooled down by the cooling coil to maintain the supply air setpoint temperature so as to keep the people inside the building comfortable. The chilled water temperature will increase as absorbing the heat from the mixed air and finally returns to the chiller by a chilled water pump. Eventually, the supply fan distributes the cooled mixed air into the thermal zone through ductworks. In the chiller, the heat absorbed by the refrigerant in the evaporator will be transferred to condenser water by the vapor compression cycle. The water is then pumped into a cooling tower to release the heat.

Fig. 3: HVAC system model

4.2 Impact Formalization

We formalize how the components in the HVAC system work together to maintain the room temperature setpoint, and show how the room temperature change results in the energy cost.

In the AHU, The air mass flow rate in the duct-work is adjusted by PI control to maintain the room temperature at the setpoint as shown in Equation (1). and are the air mass flow rate from the supply fan and the return fan, respectively. According to the affinity laws [stewart2018surface], the supply fan and return fan power consumption and are modeled as a third-degree polynomial function of the air mass flow rate as shown in Equations (2)-(3). If the room temperature sensor value is raised, the supply and return air mass flow rate and need to be increased accordingly by increasing fan speed due to the system trying to lower the room temperature, which incurs more energy cost.


Fan speed changes would propagate to water pump power changes since the control operations of the fans, pump, and chiller are highly interrelated. The change of supply air mass flow rate affect the change of supply air temperature . At the beginning of the transient state, we can assume that the chiller cooling capacity as shown in equation (5) is fixed. Since the fan speed PI control responds before the heat transfer, we can also assume the mixed air temperature is fixed. is the specific heat capacity of air. Based on the air side of heat transfer Equation (5), supply air temperature increases with the supply air mass flow rate which is increased by the room temperature as mentioned before.


The chilled water mass flow rate is controlled based on the supply air temperature to be kept at the setpoint as shown in Equation (6). The chilled water pump power consumption is modeled as a third-degree polynomial function of the chilled water mass flow rates as shown in equation (7). Therefore, the pump power also increases to maintain the supply air temperature at the setpoint based on the equation 6 and 7.


As the pump power rises, more chilled water is provided in order to maintain the supply air temperature. Then, the increase in chilled water mass flow rate leads to an increase in chiller cooling capacity according to the water side of heat transfer equation (8), where is the specific heat capacity of water, and are the return and supply chilled water temperature. DOE-2 electric chiller simulation model [hydeman2002tools] is adopted to approximate chiller power . The coefficient of performance (COP) of chiller is fixed in our model, so that the chiller power can be formulated as shown in equation (9). The increased which further leads to an increase in chiller power .


Finally, the total power consumption for the entire HVAC system can be calculated by the summation of the power consumed by all fans, the chilled water pump, and the chiller.


5 Defense

The false data injection attack presented in Section 3 uses the MITM attack, which may change the KNX network traffic pattern due to network delays and jitters. To detect the MITM attack, we present a machine learning (ML) based strategy in this section. We assume that an admin collects telegram data and performs detection at the DXR2 controller shown in Figure 2.

5.1 Training Phase

We collect a telegram arrival time series of 24 hours with the MITM attack and a telegram arrival time series of 24 hours without attack as ground truth datasets. We split the dataset equally into segments, i.e. , and split the dataset equally into segments, i.e. . Each segment contains telegrams within a time period of , denoted as detection time window, corresponding to how long an attack may last.

Then we extract feature vectors from the collected datasets. For a data segment in the ground truth dataset, we construct its feature vector by measuring its similarity with each segment of the baseline dataset without attack, i.e. the dataset

in our case. For example, we construct segment ’s feature vector as follows, where : (i) We first calculate the inter-arrival time series of , i.e. . (ii) We then calculate the inter-arrival time series for each segment , in the baseline dataset and get

; (iii) We now calculate the probability distribution similarity between

and each . A popular technique called Jensen Shannon Divergence (JSD) is used to measure the similarity of the probability distributions. We assume that the data space is . The probability distribution of two datasets are and . JSD is calculated as follows.


where , . The closer to 0 , the more similar these two datasets. We denote the similarity of and as , and ; (iv) After we calculate the similarity of with each segment , in respectively, we get a list of similarity level as . We use this similarity level list as the feature vector of the segment . For each data segment in the ground truth dataset and , we do the same as done for , derive its probability distribution similarity with each segment of the baseline dataset , and get a group of feature vectors.

With these feature vectors, we train a classification model to identify the MITM telegram segment. We label the feature vectors of the attack dataset as positive class, and the feature vectors of dataset without attack as negative class. We randomly split the labeled feature vectors into a training dataset and a testing dataset. The training dataset contains positive feature vectors and negative feature vectors. The other

of the feature vectors are used as the testing dataset. We train a classification model based on the training dataset for attack detection. Two classic ML algorithms, Weka’s J48 Decision Tree and SMO Support Vector Machines (SVM), are used.

We do not use any form of mean, variance and standard deviation as features since these statistics are sensitive to outliers. Our experiments also verified such observations.

5.2 Detection Phase

We can use the trained ML model to detect the MITM attack, thus the false data injection attack. For real-time online detection, we can just collect a telegram arrival time series in a period of

and classify it using the trained ML model. We use the testing dataset to obtain the detection rate. The ML model takes a feature vector in the testing dataset as an input and outputs a negative class or a positive class. By comparing the output class with the true class label of the feature vector, we can know if the classification, i.e. attack detection, is correct, and further calculate the detection rate. In our experiments, we set different detection time window

and evaluate the detection rate versus .

6 Evaluation

In this section, we first present the experimental setup. Then we show the impact of the false data injection attack on the HVAC system. Finally, we demonstrate the effectiveness of the proposed ML based detection scheme.

6.1 Experiment Setup

Figure 4 shows the experiment setup using a Siemens BACnet Field Panel on the University of Central Florida campus. We use the Siemens DXR2.E12P-102B BAS controller in our testbed. The KNX temperature sensor is the Siemens QMX3.P74B-1WSB Room Operator Unit. The KNX device data of the DXR2 can be viewed and monitored in real time by the Siemens Desigo CC building management software platform. We use two Raspberry Pi 3 with 16 GB flash memory running Raspbian OS version 10 Buster. We use two KNX Raspberry Pi HAT (PiHAT) and the PiHAT connects to the Pi’s TPUART on-board pins using 4 Dupont wires. We use twisted pair cables to connect one Pi to the DRX2 and connect the other Pi to the temperature sensor. An Ethernet switch is used to connect the two Pis together so that the two Pis work as the men in the middle to perform the attack. The two Pis use UDP to relay KNX telegrams since TCP introduces more delay and jitters. We use the Calimero KNX network Java library to create KNX programs and devices, including devices which use the LTE configuration.

Fig. 4: Experiment setup for MITM attack against temperature sensor

6.2 Attack Impact on HVAC System

We have validated the MITM attack against both the temperature sensor and damper shown in Figure 4. We use a simulation tool named and the Modelica Buildings library [wetter2014modelica] to simulate the HVAC model as introduced in Section 4.1 and mimic the real-time attacks to evaluate the impact of the false data injection attack. Three types of false data intrusion scenarios are conducted in the simulation.

Simulation Settings. The TYM3 weather data source is used to obtain a realistic ambient temperature, and a self-built solar radiation module can produce practical solar radiation to plug in the system. The room temperature setpoint is 22C, and the supply air temperature setpoint and the supply water temperature setpoint are 14C and 6C respectively. We will conduct the attack starting at 7:00 am and continuing for 12 hours. The simulation will last for 1 day, and the sampling rate is every 10 seconds. We evaluate three types of false data injection attack as follows. (i) TRoomBias. Constantly adding 1C bias to the original room temperature sensor measurement. (ii) TRoomFix. Overwriting the original room temperature sensor measurement to a constant 22.005C. (iii) DamperFix. Changing the outside air damper opening level from 30% to 50%.

Fig. 5: The fans, pump, chiller, and total power consumption comparison under the normal condition and different single component attack scenarios

Energy Cost. Figure 5 shows the fans, pump, chiller, and total power consumption under the first three attacks and without attack. It can be seen that the power consumption of all components has risen significantly. Our proposed attack strategies can have a huge impact on HVAC system power consumption, although only a small amount of erroneous input is plugged in the system which has minimal impact on human comfort and very hard to detect.

6.3 Defense Effectiveness

We use a popular ML tool Weka V3.8.6 to train the ML model and evaluate the effectiveness of the proposed defense scheme on the MITM attack against the temperature sensor. Two classic ML algorithms, i.e. Weka J48 decision tree and Weka SMO support vector machines (SVM), are used. We gathered the datasets from our real-world testbed and set the detection time window as min, min, min, min, min, respectively. The detection rate is defined as the overall accuracy of recognizing negative and positive feature vectors in the testing datasets. Figure 6 shows the detection rate per different detection time window. It can be observed that our proposed defense scheme is effective, especially with the SVM model reaching detection rate of 100%.

Fig. 6: Detection Rate per Different Detection Time Window

7 Conclusion

In this paper we demonstrate the feasibility and impact of the false data injection attack against building automation systems. In such an attack, an attacker physically removes a BAS sensor, and launchs a Man-In-the-Middle attack so as to inject fake data into the BAS. We carefully model the impact of false data injection attack on the HVAC system, and evaluate the energy cost by simulating multiple attack strategies. We are the first to study the false data injection attack against a BAS and its impact. Machine learning based strategies are presented to detect the false data injection attack based on the telegram inter-arrival time. The SVM classifier can achieve a detection rate of 100%.