Analysis and improvement of the BACnet/IP based on identity authentication

Pengshou XIE; Jiafeng ZHU; Yongping KANG; Tao FENG; Wei LI; Yuxiang RAN

Tongxin xuebao (Mar 2024)

Analysis and improvement of the BACnet/IP based on identity authentication

Pengshou XIE,
Jiafeng ZHU,
Yongping KANG,
Tao FENG,
Wei LI,
Yuxiang RAN

Affiliations

Pengshou XIE
Jiafeng ZHU
Yongping KANG
Tao FENG
Wei LI
Yuxiang RAN

Journal volume & issue: Vol. 45
pp. 227 – 243

Abstract

Read online

To solve security issues arising from multiple attackable vulnerabilities and key leakage in BACnet/IP authentication, a security-enhanced BACnet/IP-SA protocol authentication scheme was proposed.By analyzing the authentication message flow model of the protocol and modeling it using colored Petri net theory and CPN Tools, vulnerabilities in the security of BACnet/IP were identified.An improvement scheme was proposed based on the Dolev-Yao attacker model and formal analysis method.The BACnet/IP-SA protocol utilized the device’s pseudo-identity to safeguard the actual identity information.It emploied the PUF response for authentication and verified the authenticity of the counterparty’s identity.The session key was generated through the authentication value of the multi-information set.The protocol’s security was demonstrated by combining BAN logic and non-formal methods.The experimental results indicate that the proposed scheme can effectively resist security threats from multi-class attacks and key leakage, enhancing the security of the protocol authentication while reducing computational overhead.

BACnet/IP;formal analysis;colored Petri net;BAN logic;protocol improvement

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords