Access control in building automation and control systems

dc.contributorAalto Universityen
dc.contributor.advisorKumar, Sandeep
dc.contributor.advisorMorchon Garcia, Oscar
dc.contributor.advisorKeoh, Sye Loong
dc.contributor.authorSoni, Amit
dc.contributor.departmentTietotekniikan laitosfi
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.schoolSchool of Scienceen
dc.contributor.supervisorAura, Tuomas
dc.description.abstractBuilding Automation and Control Systems (BACS) are being deployed in commercial buildings to enable monitoring and control of the various intelligent systems like HVAC, safety, access and lighting systems. Lighting is an integral part of BACS, allowing for optimized lighting operation where Lighting devices interact with each other, with users, and with other third party systems such as energy management. A key need when interacting is the controlled and trustworthy access to services so that only authenticated and authorized entities can have access and control to the services provided by a device. However, secure authentication and authorization is not easy due to the large-scale nature of future BACS comprising many resource-constrained sensors and actuators distributed in the building. The thesis presents centralized and distributed access control architecture designs for BACS based on their requirements and constraints. We further present a hybrid version of an access control architecture which improves existing centralized or distributed access control methods. The hybrid version allows for the deployment of re-encoded access control policies to the accessed devices under request. Re-encoding serves the purpose of efficient storage and evaluation of the policies in the resource constrained devices. The proposed access control systems can be applied to generic BACS and run on top of communication protocols such as ZigBee or 6LoWPAN/CoAP. We have further implemented a prototype to prove the concept on actual field devices used by Philips Lighting. The operating system used by devices is Contiki-OS. The final system requires 10KBs of FLASH and allows caching of access control policies in the device. The access control system can be used in applications scenarios related to the Internet of Things.en
dc.subject.keywordbuilding automationen
dc.subject.keywordaccess controlen
dc.subject.keywordsensor networksen
dc.subject.keywordconstraint devicesen
dc.titleAccess control in building automation and control systemsen
dc.type.okmG2 Pro gradu, diplomityö
dc.type.ontasotMaster's thesisen
dc.type.ontasotPro gradu -tutkielmafi