الفهرس 
1 IntroductionOnly 14 pages are availabe for public view
 |  | from | 117 |  |  |
| | | from | 117 | | |
Abstract
Automation system (AS) in airports is growing very fast, so the needs to protect such applications are increased. The hacking is the greatest problem affected on AS networks. Denial of Service (DoS) attack has great impact on all devices in AS. A lot of techniques have been developed that can protect systems from DoS attack. The first method is bridges, physical network segment has to be divided into smaller so called virtual network segments. Network segments are not logically separated from each other i.e., they do not have a dedicated network address. Therefore, virtual network segments are invisible to network members. Second method, using Linux kernel and Linux virtual server. It is considered to be immune to most poisoned traffic attacks like tearDROP or TARGA. The backlog queue of the system defaults to 128 entries and TCPSYC cookies is enabled. After this, the system will be very robust against flood attacks. The expected growth in DoS attacks in airports should be offset by significant growth in the protection measures This thesis presents proposal solutions to solve this problem in order to decrease the risk factor by using trusted authentication device, counter, and connecting the network with two automation routers. The first automation router is the basic and the other one is reserve. Then, dividing the devices into normal and Very Important Devices (VID), connecting VID with two networks, trust point to prevent attackers from access to AS and the optimal solution mixing between the previous ones. The thesis demonstrates the used techniques in Building Automation Systems (BAS) in Airports (BASIA), LonTalk, KNX/EIB and BACnet. Security Enhancement of networked Building Automation Systems In Airports (BASIA) uses encryption algorithms and hash functions. Additionally, comparison between LonWorks, KNX/EIB, BACnet and proposal is done, in order to show that the proposal guarantees security demands. The security mechanisms of LonWorks, BACnet and KNX/EIB are not sufficient to fulfill the requirements on BAS integrating security subsystems. They cannot provide an effective protection against the security threats mentioned. The security architecture of BACnet is more advanced. However, the cryptographic algorithm used is obsolete and should be replaced by a modern one (Advanced Encryption Standard (AES)). Additionally, these techniques must be improved to avoid certain security flaws. A key problem which has not been solved by any of these three techniques is the generation and distribution of the required initial secrets. Even if the architecture of the system itself is secure, a mechanism must be available to distribute the initial secrets in a secure manner. Development of AS program in BASIA based on Automated Logic company software , this program made integration between encryption algorithms (AES) and Hash functions (MD5) to achieve security demands (Authentication , Integrity, Confidentiality, Freshness ) these modification done through program phases ( 4 phases): First phase : Sending Messages. Second phase : Socket Programming. Third phase : End to End Encryption. Fourth phase : Communication between users and server in BAS Security program. With applying some attack on the developed AS program which developed (AES+ Hash or AES only) in BASIA with same environment. The obtained result is the send messages become more security, more integrity, most confidentiality and freshness.