[1] Friedrich Praus, Wolfgang Kastner, and Oliver Alt. Yet Another All-purpose EIBNet/IP Gateway. In Proc. KNX Scientific Conference, October 2004. [ bib | .pdf ]
Currently, we are designing a universal-applicable gateway to KNX systems. The hardware is based on an Fujitsu 16bit micro-controller with 24 MHz, 24Kbyte RAM, 384Kbyte flash memory, full USB support, 4 UARTs, 3 channels for I2C bus communication and an external bus interface. Our gateway will support EIBnet/IP (tunneling and routing) with an embedded web-server facilitating HEAD, GET and POST requests and CGI scripts. The gateway is intended as universal platform for ongoing development concerning integration of other fieldbus and multimedia bus systems to KNX, as well as gateway for remote IP services. In addition, it serves as a base for work in progress regarding the development of a set-top box for integration into the OSGi environment and plug and play networks. The paper presents the design of the hardware interfaces and interesting parts of the software implementation.

[2] Friedrich Praus. A Versatile Networked Embedded Platform for KNX/EIB. Master's thesis, Vienna University of Technology, Institute of Computer Aided Automation, Automation Systems Group, 2005. [ bib | .pdf ]
The deployment of home and building automation systems allows to increase comfort, safety and security and reduce operational cost. Today such systems typically follow a hierarchical distributed approach. While control networks interconnect smart sensors and actuators, a backbone network provides the infrastructure for management tasks. Devices interconnecting these networks have a strategic role. Especially in the home domain, the integration of various control and data networks is essential for maximum benefit. The European Installation Bus (KNX/EIB) is a popular control network designed to enhance electrical installations in buildings. It uses a proprietary twisted pair (TP) medium to interconnect devices like smart light switches and dimmers. The objective of this thesis is to design an embedded and versatile platform for ongoing development in the area of home and building automation systems with a focus on KNX/EIB TP. Besides two KNX/EIB TP interfaces, it provides RS-232, USB and Ethernet connectivity. The platform moreover has sufficient processing power and storage, enabling it to act as a “smart router” or gateway. The thesis first presents a classification of control network devices. It then discusses the hardware and software requirements for the desired platform. A detailed presentation of its design, implementation and operation with respect to hardware and software follows.

[3] Friedrich Praus and Wolfgang Kastner. A Versatile Networked Embedded Platform for KNX/EIB. In Junior Scientific Conference, pages 59--60, April 2006. [ bib | .pdf ]
The deployment of home and building automation systems (BAS) allows to increase comfort, safety and security and to reduce operational cost. Today such systems typically follow a hierarchical distributed approach. While control networks interconnect smart sensors and actuators, a backbone network provides the infrastructure for management tasks. Devices interconnecting these networks play a strategic role. Especially in the home domain, the integration of various control and data networks is essential for maximum benefit.

[4] Wolfgang Granzer, Wolfgang Kastner, Georg Neugschwandtner, and Friedrich Praus. A Modular Architecture for Building Automation Systems. In Proc. 6th IEEE International Workshop on Factory Communication Systems (WFCS '06), pages 99--102, June 2006. [ bib ]
The deployment of building automation systems (BAS) allows to increase comfort, safety and security and to reduce operational cost. Today such systems typically follow a two-layered hierarchical approach. While control networks interconnect distributed sensors, actuators and controllers, a backbone provides the necessary infrastructure for management tasks hosted by configuration and management devices. In addition, devices interconnecting the control network with the backbone and the backbone with further networks (e.g., the Internet) play a strategic role. All BAS devices contributing to a particular functionality differ in their requirements for hardware. This paper discusses requirements for devices used in the building automation domain and presents our work in progress to assemble platforms with different purposes relying on a modular architecture.

[5] Wolfgang Granzer, Wolfgang Kastner, Georg Neugschwandtner, and Friedrich Praus. Security in Networked Building Automation Systems. In Proc. 6th IEEE International Workshop on Factory Communication Systems (WFCS '06), pages 283--292, June 2006. Best Paper Award of WFCS '06. [ bib ]
Enriching Building Automation Systems (BAS) with new services formerly provided by separate subsystems promises synergies, but increases demands on the BAS architecture. In particular, the integration of security subsystems significantly tightens security requirements on the protocol of a networked control system. First, this paper gives a survey on security in BAS. Possible threats and attacks are discussed. Weaknesses in the security mechanisms of important open networked BAS (LonWorks, BACnet, KNX/EIB) are summarized. Then, a security extension to KNX/EIB is presented. It includes several security mechanisms that guarantee data integrity, confidentiality and freshness, as well as authentication to provide secure process data and management communication. Relevant configuration related issues such as key management and distribution are also addressed.

[6] Christian Reinisch, Wolfgang Granzer, Friedrich Praus, and Wolfgang Kastner. Wireless Communication in KNX/EIB. In Proc. KNX Scientific Conference, November 2006. [ bib ]
[7] Friedrich Praus, Wolfgang Kastner, and Georg Neugschwandtner. A Versatile Networked Embedded Platform for KNX/EIB. In Proc. KNX Scientific Conference, November 2006. [ bib | .pdf ]
The deployment of building automation systems (BAS) allows to increase comfort, safety and security and reduce operational cost at the same time. Today such systems typically follow a twolayered hierarchical approach. While control networks interconnect distributed sensors, actuators and controllers, a backbone provides the necessary infrastructure for management tasks hosted by configuration and management devices. In addition, devices interconnecting the control network with the backbone on the one hand and the backbone with further networks (e.g., the Internet) on the other hand play a strategic role. According to their particular functionality and the resulting demands on the necessary hardware and software support, BAS devices can be categorized in three distinct device classes. Based upon this classification the paper presents a generic hardware and software framework whose flexible design fits all these classes. Devices for a particular purpose (i.e., class) can be derived from the universally applicable, generic framework, easing development. This process is demonstrated for a multi-purpose hardware platform applicable to multiple device classes. Moreover, three case studies for this platform are presented which illustrate how software applications from all classes make use of this universally applicable platform.

[8] Friedrich Praus, Wolfgang Granzer, Georg Gaderer, and Thilo Sauter. A Simulation Framework for Fault-Tolerant Clock Synchronization in Industrial Automation Networks. In Proc. 12th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA'07), pages 1465--1472, September 2007. [ bib | .pdf ]
Many applications such as distributed measurements or real-time networks benefit from a common notion of time. Protocols providing high precision and simple clock synchronization are necessary to achieve such a common time base. However, most of the available protocols are lacking with regard to fault tolerance and performance in case of a fault. The project IMAGINE (Introduction of Master Group Based Industrial Ethernet) overcomes these limitations by introducing a fault-tolerant IEEE 1588 master group. A proof of concept for a largeor even medium- scale network is, however, very difficult to obtain under laboratory conditions. Therefore, a simulation framework has been developed, which is presented in this paper.

[9] Friedrich Praus, Thomas Flanitzer, and Wolfgang Kastner. Secure and Customizable Software Applications in Embedded Networks. In Proc. 13th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA'08), pages 1473--1480, sep 2008. [ bib | DOI | .pdf ]
Improved technology and economically feasible costs allow a widespread deployment of embedded systems in various application domains - ranging from integration into cars, industrial automation up to building automation. A sophisticated security architecture considering the challenging constraints on these systems and providing secure communication, secure software as well as physical security is needed. This paper presents an approach to allow untrusted, possible (intentional) malicious software to be executed securely on a low end embedded system. A proof of concept and an evaluation for a building automation system is given.

[10] Christian Reinisch, Wolfgang Granzer, Friedrich Praus, and Wolfgang Kastner. Integration of Heterogeneous Building Automation Systems Using Ontologies. In Proceedings of 34th Annual Conference of the IEEE Industrial Electronics Society (IECON '08), pages 2736--2741, November 2008. [ bib ]
The challenge of integrating heterogeneous systems in order to combine their functionality is of utmost importance for the further deployment of building automation systems. The goal is to allow comprehensive communication among the systems. This will provide enhanced possibilities thus making way for intelligent buildings. Traditionally, integration is achieved using gateways which require considerable configuration effort. To alleviate this overhead and provide a unified system view, a generic application model is proposed that can accommodate all functionality found in building automation systems. The employment of this model promises several benefits such as a central point for configuration and system access. The method of choice are ontologies, which allow to offer a seminal representation of knowledge, an abstraction of the heterogeneous network infrastructure and automatic reasoning on the stored knowledge.

[11] Friedrich Praus and Wolfgang Kastner. User Applications Development Using Embedded Java. In Proc. KNX Scientific Conference, November 2008. [ bib | .pdf ]
Building Automation Systems (BAS) aim at improving control and management of mechanical and electrical systems in buildings. It is the task of Sensors, Actuators and Controllers (SACs) to interact with the physical environment and perform measurement and control tasks. In building automation networks they, typically, consist of a network interface and a microcontroller (MCU) where an application specific hardware is attached. In a similar way, the software may be split into a system software part providing basic functionality and a (customizable) user application (UA) dealing with the attached hardware. Within KNX this concept is well known, as customized application modules are connected via the physical external interface to standardized bus attachment units. However, KNX UA development traditionally required profound hardware knowledge. This paper presents an approach to leverage user application development. With limited hardware resources of SACs in mind, an embedded virtual machine provides a lean environment for Java based user applications. Interfacing to KNX and the specific hardware is done by a well-defined Java user application programming interface. In addition, a management interface allows to download and configure UAs inside the virtual machine. The programming concept, configuration and management issues as well as the workflow are described in detail. As proof of concept for SACs supporting our approach two hardware platforms have been chosen: a stripboard equipped with an ATMega168 MCU and KNX connection via the Freebus project, and KNXcalibur, a Fujitsu MCU based board connected to KNX via TP-UART. The contribution is rounded up by a first performance analysis.

[12] Friedrich Praus, Wolfgang Granzer, and Wolfgang Kastner. Enhanced Control Application Development in Building Automation. In Proc. 7th IEEE International Conference on Industrial Informatics (INDIN'09), pages 390--395, jun 2009. [ bib | .pdf ]
Building Automation Systems (BAS) lack a common application model. Thus, the development of control applications (CAs) is not a very straightforward task and requires profound expertise. When in addition security has to be considered, inexperienced developers are overwhelmed by the manifold demands and constraints. This paper presents an approach to ease the CA development and at the same time to provide security for their execution. The main idea is to base the application model on a generic ontology and to provide a sandbox for the execution environment. The programming concept, configuration and management issues as well as the workflow are described in detail. Finally, a proof of concept for BACnet and KNX is given.

[13] Wolfgang Granzer, Daniel Lechner, Friedrich Praus, and Wolfgang Kastner. Securing IP Backbones in Building Automation Networks. In Proc. 7th IEEE International Conference on Industrial Informatics (INDIN '09), pages 410--415, jun 2009. [ bib ]
The use of IP networks as common backbone is becoming of increased interest in today’s building automation systems (BAS). However, with the use of IP also new attack scenarios that threaten the overall security of BAS are introduced. Due to the absence of native security mechanisms in IP and because of its long standing and pervasive use in the IT world, many vulnerabilities exist that are well-known to attackers. To counteracts these threats, this paper presents a generic concept to secure IP backbones that is tailored for the use in building automation. A main advantage of the concept is its flexibility. Due to the used protocol architecture, it is applicable to available BAS standards without the need of an adaption of existing BAS protocols. As a proof-of-concept, a prototype implementation for the KNX standard is also presented in the paper.

[14] Friedrich Praus and Wolfgang Kastner. Secure Control Applications in Building Automation Using Domain Knowledge. In Proc. 8th IEEE International Conference on Industrial Informatics (INDIN'10), pages 52--57, jul 2010. [ bib | .pdf ]
When security-critical applications are considered to be integrated into the building automation domain, two requirements need to be fulfilled: providing security features at the network level and support for security mechanisms at the application level. This paper tackles the second goal using domain knowledge based on existing and related international application level standards. After the demands for secure applications and an underlying security policy are stated, a system model is derived that allows specifying security attributes for data points, function blocks, embedded applications, and, finally, distributed control applications. In conclusion, the applicability of the model is demonstrated for selected use cases.

[15] Friedrich Praus, Christian Reinisch, Paul Leitner, and Wolfgang Kastner. Open Source Approaches to Integrate KNX into Media Centers. In Proc. KNX Scientific Conference, November 2010. [ bib ]
[16] Wolfgang Granzer, Friedrich Praus, and Wolfgang Kastner. Security in Building Automation Systems. IEEE Transactions on Industrial Electronics, 57(11):3622--3630, November 2010. [ bib ]
Building automation systems are traditionally concerned with the control of heating, ventilation, air conditioning, as well as lighting and shading systems. They have their origin in a time where security has been considered as a side-issue at best. Nowadays, with the rising desire to integrate security-critical services that were formerly provided by isolated subsystems, security must no longer be neglected. Thus, the development of a comprehensive security concept is of utmost importance. This paper starts with a security threat analysis and identifies the challenges of providing security in the building automation domain. Afterwards, the security mechanisms of available standards are thoroughly analyzed. Finally, two approaches that provide both secure communication and secure execution of possibly untrusted control applications are presented.

[17] Wolfgang Kastner, Friedrich Praus, Georg Neugschwandtner, and Wolfgang Granzer. KNX. In B.M. Wilamowski and J.D. Irwin, editors, Industrial Electronics Handbook, volume 2: Industrial Communication Systems, chapter 42, pages 42--1 -- 42--14. CRC Press, 2nd edition, 2011. [ bib ]
[18] Wolfgang Granzer, Friedrich Praus, and Peter Balog. Source Code Plagiarism in Computer Engineering Courses. In Proc. 3rd International Conference on Education, Training and Informatic (ICETI'12). Paper ID: EB266TP, Mar 2012. Best presentation award. [ bib | .pdf ]
In today's university life, teachers are often confronted with plagiarism. A special form of plagiarism is source code plagiarism typically found in programming courses at universities and schools. Detecting or even preventing source code plagiarism is by no means a trivial task. Therefore, this paper explains and discusses different methods that can be used to prevent and detect source code plagiarism. The second part of this paper is focused on automatic tools that assist in detecting plagiarism. Finally, an approach is presented which can be used to detect source code plagiarism in PLC (programmable logic controller) programs.

[19] Luka Samardzija and Friedrich Praus. ANT goes KNX -- an open platform gateway for ANT and KNX. In Proc. KNX Scientific Conference, November 2012. [ bib | .pdf ]
This paper investigates the interoperability of ANT and KNX. ANT is a low power wireless networking technology targeted for embedded systems. KNX is a world wide standard for home and building control. Although the KNX standard already implements a wide range of application fields and further additional implementations e.g. a tabled-pc contorled home environment, ANT is capable to enhancement the KNX expirience. This paper handles the interoperability of ANT and KNX, starting with brief hardware introduction, examining the firm- and middleware, and in a final step analysing the application level and protocol features of both technologies. The main focus of this work is not only a theoretical and informal investigation, but a pragmatic realisation of an ANT/KNX gateway. The result of this paper is a generic and open framework for the junction of ANT and KNX.

[20] Richard Isaacs and Friedrich Praus. Design & development of a prototype android app for a KNX home. In Proc. KNX Scientific Conference, November 2012. [ bib | .pdf ]
Smartphone Apps provide personal and customizable access to the Internet and immediate surroundings. With the introduction of KNXnet/IP, an IP communication to KNX networks became possible enabling KNX installations to be connected to those Apps easily. This paper describes the relevant tasks for the design and development of a prototype Android App that provides location independent access for supervising a home network. The App imports a static configuration model of the home network and provides an intuitive user interface. This network configuration is automatically created by exported standard information from the KNX project database with an additional custom parsing. The open source Java library, Calimero, is used for the communication to a KNXnet/IP server for management and transport layer telegrams. The Android App implements a client/service architecture persisting all network data and events to a local database. The graphical user interface (GUI) provides a basic set of features for monitoring, import, diagnostic and control functions. The App is tested using the Siemens Gamma Training Kit (GTK) with a typical home configuration.

[21] Johannes Kropf, Barbara Prazak-Aram, Lukas Roedl, Friedrich Praus, and Christian Siegel. Large Scale Integration and evaluation of AAL Technologies in Eastern Austria - the moduLAAr project. In AAL Forum, volume Session D3, Sep 2013. [ bib ]
[22] Wolfgang Granzer, Friedrich Praus, and Peter Balog. Source Code Plagiarism in Computer Engineering Courses. JSCI: Journal of Systemics, Cybernetics and Informatics, 11(6):4, 2013. [ bib | http ]
In today's university life, teachers are often confronted with plagiarism. A special form of plagiarism is source code plagiarism typically found in programming courses at universities and schools. Detecting or even preventing source code plagiarism is by no means a trivial task. Therefore, this paper explains and discusses different methods that can be used to prevent and detect source code plagiarism. The second part of this paper is focused on automatic tools that assist in detecting plagiarism. Finally, an approach is presented which can be used to detect source code plagiarism in PLC (programmable logic controller) programs.

[23] Richard Wagner, Peter Wolff, Klaus Schäffer, and Friedrich Praus. Ambient Assitive Technologies: The mobile robot P3AAT. In Wilfried Kubinger, Alexander Hofmann, and Friedrich Praus, editors, Proceedings of the Austrian Robotics Workshop (ARW'13), number 978-3-200-03095-4, pages 93--97. FH Technikum Wien, May 2013. [ bib | .pdf ]
This paper reports preliminary results on a student project dealing with the development of an autonomous mobile service robot. The robot is able to navigate autonomously, detect bottles in different shapes and grasp them. The paper describe the hardware components used by the robot and the software architecture based on the Robot Operation System.

[24] Friedrich Praus and Wolfgang Kastner. Identifying Unsecured Building Automation Installations. In Proc. 19th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA'14), number 978-1-4799-4845-1, September 2014. [ bib | .pdf ]
Building automation systems rely more and more on IP-based communication, which allows easier management, maintenance and, in general, interaction with other domains. When the connection to the Internet comes into play, security mechanisms need to be deployed to prevent attacks on these systems. Based on a worldwide scan of IPv4 addresses, this paper illustrates that security awareness is unfortunately still neglected. Thousands of building automation systems are directly connected to the Internet, allowing unauthenticated and unauthorized access to their underlying datapoints.

[25] Friedrich Praus and Wolfgang Kastner. Spotting Unsecured KNX Installations. In Proc. KNX Scientific Conference, November 2014. KNX Scientific Award 2014. [ bib | .pdf ]
IP based KNX installations are meantime widespread all over the world. They allow interconnec- tion of different KNX field segments to a common backbone which might be home for management applications. Also, IP-based access paves the way for energy monitoring and management systems dedicated for functional buildings. Future homes and ambient assisted living applications may benefit from new services that reside within the cloud. The Internet itself, however, is an open medium, which is used by adversaries all over the world to attack connected devices. In the industrial automation, such attacks already have been performed. Even worse, often security vulnerabilities are present in those sensors, actuators and controllers. To our best knowledge, up to now no extensive research is available, which deeply analyzes existing KNX installations being connected to the Internet. Thus, based on a worldwide scan of IPv4 addresses, this paper will illustrate that security awareness among integrators, developers and end-users is unfortunately still neglected in the KNX domain. Thou- sands of installations are directly connected to the Internet, allowing unauthenticated and unauthorized access to their underlying datapoints. This paper also covers a discussion on possible countermea- sures as well as the non-functional and functional security requirements in KNX.

[26] Friedrich Praus. Secure Control Applications in Smart Homes and Buildings. PhD thesis, Technische Universität Wien, November 2015. [ bib ]
With today's ongoing integration of heterogeneous building automation systems, increased comfort, energy efficiency, improved building management, sustainability as well as advanced applications such as active assisted living scenarios become possible. These smart homes and buildings are implemented as decentralized systems, where embedded devices are connected via networks to exchange their data.

Obviously, the demands -- especially regarding security -- increase: Secure communication becomes equally important as secure software being executed on the embedded devices. While the former has (recently) been addressed by standardization committees and manufacturers, until now no scientific research is available, that targets the problem of secure control applications in this domain. No attack model has been defined, no security measures have been recommended, existing measures from other domains are either too cost or time intensive to deploy, cannot be trivially applied to or do not cover specific demands and constraints of the building automation domain. Thus, deploying adequate control application security measures is left open to developers, who are overburdened with the manifold and often unknown security requirements. This yields to insecure control applications, which enable adversaries to attack building automation systems.

This dissertation introduces an architecture for distributed control applications in smart homes and buildings, which tackles the problem on how to secure software running on different device classes. The following novelties are contributed, which -- to the best knowledge of the author -- have not been addressed in research, yet: a comprehensive identification of security requirements for control applications in smart homes and buildings, an application model capable of depicting control applications in a formal way, the concept of security attributes, being able to formally specify a security policy, and a framework, which allows the secure development and execution of control applications, and an enforcement of the defined security policies.

[27] Denise Schindelböck, Friedrich Praus, and Walter Gall. A Diabetes Self-Management Prototype in an AAL-Environment to Detect Remarkable Health States. In Günter Schreier, Elske Ammenwerth, Alexander Hörbst, and Dieter Hayn, editors, Health Informatics Meets eHealth, volume 223, pages 273--280. IOS Press, 2016. ISBN: 978-1-61499-645-3, Best Scientific Poster Award eHealth Summit Austria 2016. [ bib | DOI | http ]
Every year life span is increasing and simultaneously the proportion of people with one or more chronic diseases. This paper presents an implementation of a prototype with a decision tree to detect dangerous health conditions for Diabetes Type 1 and Diabetes Type 2. With the information we collect from Personal Health Devices and data from the Active-Assisted-Living environment, we are in the position to customize thresholds and to get individual results. With the help of a modified Glucose-Insulin Model (based on the minimal model of Stolwijk & Hardy) we predicted the future glucose concentration of the patient. We validated our model with an intention-to-treat pilot study including 8 subjects and obtained a significantly better (p < 2.2−16) result than the original model.

[28] Friedrich Praus, Wolfgang Kastner, and Peter Palensky. Software security requirements in building automation. In Sicherheit 2016: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 8. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 5.-7. April 2016, Bonn, pages 217--228, 2016. [ bib | .pdf ]
[29] Friedrich Praus, Wolfgang Kastner, and Peter Palensky. Secure Control Applications in Smart Homes and Buildings. Journal of Universal Computer Science, 22(9):1249--1273, September 2016. [ bib | http ]
With today’s ongoing integration of heterogeneous building automation sys- tems, increased comfort, energy efficiency, improved building management, sustainabil- ity as well as advanced applications such as active & assisted living scenarios become possible. These smart homes and buildings are implemented as decentralized systems, where embedded devices are connected via networks to exchange their data. Obviously, the demands – especially regarding security – increase: Secure communica- tion becomes equally important as secure software being executed on the embedded devices. While the former has been addressed by standardization committees, manu- facturers and researchers, until now the problem of secure control applications in this domain has not been addressed extensively. This leads to insecure and unprotected soft- ware being executed on the embedded devices. Thus, adversaries are capable of attack- ing building automation systems. This paper introduces an architecture for distributed control applications in smart homes and buildings, which tackles the problem on how to secure software running on different device classes. The following novelties are contributed: an application model capable of depicting control applications in a formal way, the concept of security at- tributes, being able to formally specify a security policy, and a framework, which allows the secure development and execution of control applications, and an enforcement of the defined security policies.

[30] Friedrich Praus, Wolfgang Granzer, and Peter Balog. KNX security devices. In Proc. KNX Scientific Conference, October 2016. KNX Scientific Award 2016. [ bib | .pdf ]
As recently shown in [1], thousands of KNX installations are being connected to the Internet un- protectedly. Fortunately, today security awareness is rising and security mechanisms are available, allowing to secure KNX installations. KNX Data Security (AN158) and KNXnet/IP Security (AN159) secure the building automation network (BAN) by providing secure communication as well as verify- ing the identity of the involved network nodes (i.e. authentication). This prevents security threats like unauthorized interception (e.g. network sniffing), modification (e.g. man-in-the-middle attacks) and fabrication (e.g. replay attacks). Also, security guidelines are available [2, 3]. Nevertheless, network as well as device attacks exist, that cannot be prevented using such methods. For BANs typical representatives are interruption attacks, which have the objective of making a service or data unavailable. These attacks are also referred to as Denial of Service (DoS) attacks. In order to interrupt the communication in a BAN, the adversary is trying to waste network and system resources to prevent the sensor actuator and controller (SAC) from performing its expected function. DoS attacks are always hard to handle, which is especially true for SACs where nodes are subject to stiff resource limitations. Besides, attacks evolving from programming errors/bugs (i.e. buffer overflows) in software running on KNX devices can still occur, even if security measures are deployed. Such attacks or threats can only be detected or prevented by a system having a global view of exchanged process data [1]. The paper is structured as follows: After a discussion on the security of KNX in the year 2016 in Section 1, the process to provide security is discussed in Section 2. Section 3 presents two device concepts that have the aim to prevent or at least to detect the attack scenarios mentioned above. A so called secure KNX firewall acts as an interconnection device which is able to prevent attacks by physically separating two or more different BANs. Process data exchange on the network interfaces is being analyzed and depending on the deployed security policy data telegrams are filtered. It al- lows to drop physically addressed telegrams, prohibit process data exchange between unknown user applications, and evaluate security attributes allowing e.g. telegrams from specified devices contain- ing specific data. A network based KNX Intrusion Detection System (IDS) on the other hand is able to detect abnormal network communication as well as abnormal behavior of devices. After having detected such an abnormal situation, it must be determined whether it has to be considered as an attack. Typical attack scenarios that are detected by such an IDS are process data exchange between user applications that violates a statically defined policy or communication relationship, unauthorized management communication i.e. physical destination addresses, or high bus load. The configuration of both device types is based on security policy which can be derived from the ETS project. A test environment demonstrating compatibility to standard (existing) KNX installations without influencing the normal operation regarding its performance is also presented. The main contents of the paper are based on the dissertation of the author [4].

[31] Clemens Hammer, Johannes Klug, and Friedrich Praus. KNX in academic education and training. In Proc. KNX Scientific Conference, October 2016. [ bib | .pdf ]
The home automation sector is a steadily growing market. Clearly, it is of importance to enhance the current education and training programs at the involved institutes. However, this is often related to a high investment into the required hardware, which provides a financial obstacle for students and institutes. The usage of simulation and training kits as proposed in this paper not only allows to reduce this financial barrier, but also enhances the quality of the education programs itself. Typical learning outcomes and teaching use cases are (1) ETS commissioning, (2) user application development on embedded devices, (3) smart phone application/visualization development or (4) providing a physical test setup for specialists and researchers. Especially the realization of a functional prototype setup represents a big challenge, since a lot of physical devices such as lights, HVAC components or roller shutters are required. This is even harder for larger courses with around 30 participants or more (a typical size of a class at university of applied sciences), where one student or at most a group of two students should have access to smart home hardware. Besides, it is desirable that these training kits allow different teaching methods such as blended or distance learning. To realize such a setup, one question arises: How can training equipment be developed, which is space and cost effective on the one side and on the other side implements all necessary components, which are equipped inside a typical smart home? To reduce the finical investment into training devices, minimize the required dimensions of a physical training setup and enhance trainings the paper describes the following three approaches: -) Full simulation of the hardware and software (cf. Fig. 4): The advantage of a full simulation method is, that no smart home hardware is needed. With the aid of a software simulator (JavaFX and KNXnet/IP based, KNX group communication support), arbitrary sensors and actuators are configured the same way as real hardware and the control interfaces and the current states are displayed graphically. Additionally, a real hardware setup can be linked to the simulator via KNXnet/IP. Teaching use cases (2) and (3) are supported. -) Physical home automation components in combination with simulated process devices (cf. Fig. 5): Real KNX hardware such as switching and dimming actuators, KNXnet/IP devices and control panels are installed inside a mobile training case and the process devices are partly simulated. This means, that for example lights are realized as a customary LED lamps, whereas roller shut- ters and HVAC components are simulated by the usage of optical imitations (e.g. a visualization element consisting of 8 blue LEDs simulating the current data point value of an air condition). Teaching use cases (1) – (3) are supported. -) Test labor with permanently installed actuators and sensors (cf. Fig. 6): The test labor itself is realized as a room, which contains only real physical smart home components. Therefore, no physical process needs to be simulated and the whole system behavior can be observed and evaluated in real life. Teaching use cases (1) – (4) are supported.