A cyber physical system (CPS) integrates and combines physical, computational and communication functionalities to map physical processes to the cyber world. Indeed, a CPS can dynamically monitor, control and modify functional parameters of a physical system by implementing remote real-time sensing and actuation using machine-to-machine communication. Particularly, in a smart city CPS, a number of devices are deployed in hostile areas and time-varying environments to monitor environmental conditions, which rises the risk of security attacks trying to alter its normal operation. Consequently, security mechanisms should be implemented to protect the CPS and secure data exchange between its devices. This paper investigates the design of a security scheme, named zero knowledge proof chaotic authentication and key agreement, for an environmental monitoring CPS, that enables mutual authentication and key agreement between devices. The proposed scheme uses the chaotic Chebyshev polynomial map based public key encryption technique to build private and public keys while validating the devices identities using the zero knowledge proof protocol. Our designed security scheme allows scalable and dynamic distribution of different types of keys to provide authentication and confidentiality services for unicast and multicast traffics. The efficiency analysis of the designed security scheme demonstrates its resilience to many security attacks targeting the CPS. Moreover, the performance evaluation using simulation shows the achievement of devices authentication and keys distribution with an acceptable false rejection rate, a decreased communication overhead and a reduced energy consumption.

网络物理系统 (CPS) 集成并结合了物理、计算和通信功能，以将物理过程映射到网络世界。事实上，CPS 可以通过使用机器对机器通信实现远程实时传感和驱动，动态地监视、控制和修改物理系统的功能参数。特别是在智慧城市 CPS 中，许多设备部署在敌对地区和时变环境中以监控环境条件，这增加了试图改变其正常运行的安全攻击的风险。因此，应实施安全机制来保护 CPS 并确保其设备之间的数据交换安全。本文研究了一种名为零知识证明混沌认证和密钥协商的安全方案的设计，对于环境监控 CPS，它可以实现设备之间的相互身份验证和密钥协商。所提出的方案使用基于混沌切比雪夫多项式映射的公钥加密技术来构建私钥和公钥，同时使用零知识证明协议验证设备身份。我们设计的安全方案允许不同类型密钥的可扩展和动态分配，为单播和多播流量提供身份验证和保密服务。设计的安全方案的效率分析证明了它对许多针对 CPS 的安全攻击的弹性。此外，使用仿真的性能评估显示了设备认证和密钥分发的实现，错误拒绝率可接受，