通信学报2024,Vol.45Issue(3):227-243,17.DOI:10.11959/j.issn.1000-436x.2024057
基于身份认证的BACnet/IP分析与改进
Analysis and improvement of the BACnet/IP based on identity authentication
摘要
Abstract
To solve security issues arising from multiple attackable vulnerabilities and key leakage in BACnet/IP authen-tication,a security-enhanced BACnet/IP-SA protocol authentication scheme was proposed.By analyzing the authentica-tion message flow model of the protocol and modeling it using colored Petri net theory and CPN Tools,vulnerabilities in the security of BACnet/IP were identified.An improvement scheme was proposed based on the Dolev-Yao attacker model and formal analysis method.The BACnet/IP-SA protocol utilized the device's pseudo-identity to safeguard the actual identity information.It emploied the PUF response for authentication and verified the authenticity of the counterparty's identity.The session key was generated through the authentication value of the multi-information set.The protocol's se-curity was demonstrated by combining BAN logic and non-formal methods.The experimental results indicate that the proposed scheme can effectively resist security threats from multi-class attacks and key leakage,enhancing the security of the protocol authentication while reducing computational overhead.关键词
BACnet/IP/形式化分析/着色Petri网/BAN逻辑/协议改进Key words
BACnet/IP/formal analysis/colored Petri net/BAN logic/protocol improvement分类
信息技术与安全科学引用本文复制引用
谢鹏寿,朱家锋,康永平,冯涛,李威,冉玉翔..基于身份认证的BACnet/IP分析与改进[J].通信学报,2024,45(3):227-243,17.基金项目
国家自然科学基金资助项目(No.61862040,No.62162039) The National Natural Science Foundation of China(No.61862040,No.62162039) (No.61862040,No.62162039)
