Glanzer, HaraldKrammer, LukasKastner, WolfgangMeier, MichaelReinhardt, DelphineWendzel, Steffen2017-06-212017-06-212016978-3-88579-650-3Buildings contain a number of technical systems in order to be able to fulfill their task of providing a comfortable, secure and safe environment. Apart from heating, ventilation and airconditioning as well as lighting and shading, critical services such as fire alarm or access control systems are added to building automation. The latter services require secure communication and high availability and are currently implemented by isolated subsystems. However, a tighter integration into an overall building automation network can raise synergies such as cost reduction, improvements in building control as well as easier management. For this purpose, the underlying communication system has to be robust and reliable against malicious manipulations. This paper proposes an extension for KNX paving the way for its deployment even in critical environments. For this purpose, it is necessary to detect and guard against malicious attacks as well as to cope with randomly occurring hardware faults. The former can be achieved through cryptography, whereas the latter by implementing structural redundancy. The proposal divides KNX installations into insecure and secure parts. While insecure parts allow to use standard KNX devices, secure parts are protected against malicious attacks and are realized in a redundant way. This allows to partially resist against transient hardware faults.enText/Conference Paper1617-5468