基于身份认证的BACnet/IP分析与改进OA北大核心CSTPCD

To solve security issues arising from multiple attackable vulnerabilities and key leakage in BACnet/IP authen-tication,a security-enhanced BACnet/IP-SA protocol authentication scheme was proposed.By analyzing the authentica-tion message flow model of the protocol and modeling it using colored Petri net theory and CPN Tools,vulnerabilities in the security of BACnet/IP were identified.An improvement scheme was proposed based on the Dolev-Yao attacker model and formal analysis method.The BACnet/IP-SA protocol utilized the device's pseudo-identity to safeguard the actual identity information.It emploied the PUF response for authentication and verified the authenticity of the counterparty's identity.The session key was generated through the authentication value of the multi-information set.The protocol's se-curity was demonstrated by combining BAN logic and non-formal methods.The experimental results indicate that the proposed scheme can effectively resist security threats from multi-class attacks and key leakage,enhancing the security of the protocol authentication while reducing computational overhead.