Analysis and improvement of the BACnet/IP based on identity authentication

To solve security issues arising from multiple attackable vulnerabilities and key leakage in BACnet/IP authentication, a security-enhanced BACnet/IP-SA protocol authentication scheme was proposed.By analyzing the authentication message flow model of the protocol and modeling it using colored Petri net theory and CPN Tools, vulnerabilities in the security of BACnet/IP were identified.An improvement scheme was proposed based on the Dolev-Yao attacker model and formal analysis method.The BACnet/IP-SA protocol utilized the device’s pseudo-identity to safeguard the actual identity information.It emploied the PUF response for authentication and verified the authenticity of the counterparty’s identity.The session key was generated through the authentication value of the multi-information set.The protocol’s security was demonstrated by combining BAN logic and non-formal methods.The experimental results indicate that the proposed scheme can effectively resist security threats from multi-class attacks and key leakage, enhancing the security of the protocol authentication while reducing computational overhead.