Abstract

A smart grid provides two-way communication by using the information and communication technology. In order to establish two-way communication, the advanced metering infrastructure (AMI) is used in the smart grid as the core infrastructure. This infrastructure consists of smart meters, data collection units, maintenance data management systems, and so on. However, potential security problems of the AMI increase owing to the application of the public network. This is because the transmitted information is electricity consumption data for charging. Thus, in order to establish a secure connection to transmit electricity consumption data, encryption is necessary, for which key distribution is required. Further, a group key is more efficient than a pairwise key in the hierarchical structure of the AMI. Therefore, we propose a group key distribution scheme using a two-dimensional key table through the analysis result of the sensor network group key distribution scheme. The proposed scheme has three phases: group key predistribution, selection of group key generation element, and generation of group key.

1. Introduction

A smart grid is a digitally enabled electrical grid that gathers, distributes, and acts on information about the behavior of all participants (suppliers and consumers) in order to improve the efficiency, importance, reliability, economics, and sustainability of electricity services. The smart grid is a new generation grid system that efficiently manages electricity consumption using two-way communication between users and power companies. Thus, users can check their electricity consumption in real time, and power companies can efficiently control the generation and supply of electricity. In order to achieve two-way communication, the advanced metering infrastructure (AMI) is used in the smart grid as a core infrastructure. This infrastructure consists of smart meters, data collection units (DCU), maintenance data management systems (MDMS), and so on [13].

However, the potential security problems of the AMI increase owing to the application of the public network. In particular, if the electricity consumption data is modified or exposed, it will lead to critical security problems because electricity consumption data is important information for charging. Thus, encryption is required for secure transmission of data. In addition, a key management and distribution scheme is needed for encryption [4, 5].

There are many devices and hierarchical structures for an AMI environment. If AMI uses a pairwise key for each device, the DCU and higher-level devices will be managing multiple keys. Therefore, the group key distribution scheme is more efficient than pairwise key distribution [3].

Therefore, we propose a two-dimensional key table-based group key distribution in AMI. The proposed scheme has three phases: key table predistribution, selection of group key generation element, and generation of group key. During the key table predistribution phase, the power company directs an input key table to the secure memory of the DCU and smart meter. Thus, the key table is not transmitted via the public network. During the selection of group key generation element phase, the DCU and smart meter select a group key generation element using the location information. Finally, the DCU and smart meter generate a group key using the group key generation element during the generation of group key phase.

The remainder of this paper is organized as follows. Section 2 describes the AMI infrastructure and analyzes previous studies of key distributions in AMI. In Section 3, we present our proposed two-dimensional key table-based group key distribution. Section 4 compares our proposed scheme with existing schemes. Finally, Section 5 concludes this paper.

2.1. Advanced Metering Infrastructure

AMI are systems that measure, collect, and analyze energy usage and communicate with metering devices such as electricity meters, gas meters, heat meters, and water meters, either on request or on a schedule [6]. Figure 1 presents the basic AMI architecture.

This system provides two-way electric communication between users and power companies, and the core technology is based on a smart meter for realizing the demand response mechanism. AMI architecture has three fields of networks: home area network (HAN), neighborhood area network (NAN), and wide area network (WAN) [6].

(i) HAN. A HAN is a dedicated network that connects devices at home, such as displays, load-control devices, and home appliances, seamlessly into the overall smart metering system. It also contains turnkey reference designs of systems to monitor and control these networks. Home area networks are required in the user domain to monitor and control smart devices in the user premises and to implement new functionalities. Within the user premises, a secure two-way communication interface called energy services interface (ESI) acts as an interface between the utility system and the user [7, 8].

(ii) NAN. In smart grid applications, the cognitive NAN collects power consumption information from households in a neighborhood and delivers them to a utility company through either open or private wide area networks. NANs typically comprise multiple utility meters, each of which is installed on or outside a house [7, 9].

(iii) WAN. Wide area networks form the communication backbone to connect highly distributed smaller area networks that serve power systems at different locations. When control centers are located far from the substations or end consumers, real-time measurements taken by the electric devices are transferred to the control centers through the wide area networks. Conversely, the wide area networks undertake the instruction communications from control centers to the electric devices [7, 8].

2.2. Group Key Distribution
2.2.1. Kamto et al.’s Scheme

In 2011, Kamto et al. [10] proposed lightweight key distribution and management for AMI (see Figure 2). The proposed scheme focuses on HAN and designs a group ID-based mechanism to establish both the pairwise and group keys with a small overhead. The notations of Kamto et al.’s scheme [10] are as in Table 1.

However, this scheme is vulnerable to a man-in-the-middle (MITM) attack. In the first transmission in this scheme, the gateway sends in plaintext. In addition, Node I sends in plaintext. If an attacker eavesdrops on a data transmission, he/she can identify IDs, , and , the public keys , , and the hash data , . Furthermore, an attacker can generate new transmitted data and ( = attacker) and send these messages to both entities. Then, each entity verifies the attacker’s hash data and accepts him/her, as this message does not include any identification element of the other entity. This means that an attacker can generate the symmetric keys , . Thus, this scheme has problems of the MITM attack.

2.2.2. Xia and Wang’s Scheme

Xia and Wang [11] analyzed the key management scheme proposed by Wu-Zhou and showed that it is vulnerable to an MITM attack. Then, Xia and Wang [11] proposed a new key distribution protocol and demonstrated that it is secure and efficient for a smart grid network (see Figure 3).

Their proposed scheme has three entities: service provider, smart meter, and trusted third party. The service provider manages electricity and sends electrical signals to the smart meter. When the smart meter receives electrical signals, it authenticates and responds to these electric signals. The trusted third party manages key distribution between the service provider and the smart meter. In order to generate a security key for all entities, the trusted third party uses the master key and hash function. The trusted third party selects large primes , and a random nonce (master key). Further, the supposed security key is stored in a tamper-proof memory and the smart meter gathers data using sensors that are located at home [11].

The notations of Xia and Wang’s scheme [11] are as in Table 2.

3. Proposed Scheme

3.1. Overview of Basic Structure

In this section, we propose a secure group key distribution scheme in the AMI. To achieve group key distribution between a smart meter and a DCU, our proposed scheme uses a key table. This scheme has three phases, that is, key table predistribution, selection of group key generation elements, and generation of group key phase. Figure 4 presents the basic structure of the proposed scheme.

3.2. Notation

The notations in Table 3 are used throughout this paper.

3.3. Key Table Predistribution Phase

This phase is the key table predistribution step, and it operates when the power company installs a DCU and smart meter. The power company directs the input key table to the secure memory of a DCU and smart meter. Thus, the key table is not transmitted via the public network.

To generate a key table, the power company selects a pseudorandom number generator and seed value. Then, the power company generates a key table that is a two-dimensional array. This key table includes group key generation elements. Each element can be expressed by KT[][] because of the two-dimensional array, and the size of each element is 1 byte. Figure 5 shows a pseudocode to generate a key table.(i)ArrayKT(): this function stores group key generation elements, which are generated by PRNG(·) on a two-dimensional array.(ii)PRNG(), pseudorandom number generation: this function generates a random nonce that is used for the key table.

The size of the key table reflects the actual size of the area where a smart meter and DCU are located. To achieve this, the area is divided into a certain size and is mapped to each element of the group key generation. For example, if the area is 10 km2 and the size of the division is 1 km2, the total number of divided areas is 100. Thus, the key table is a 10 × 10 array, and a 100-byte memory is sufficient for the key table because the size of each element of the group key generation is 1 byte.

Figure 6 is an example of mapping between an actual area and a key table.

3.4. Selection of Group Key Generation Element Phase

The purpose of this phase is to select an element from the key table using the location information (coordinates) of each DCU and smart meter. Moreover, these elements are randomly selected in a valid range.

This phase uses two components in order to select an element: location information of the DCU and smart meter and a valid range.(i)Location information:(a)coordinates of the key table;(b)expressed by KT[][] ();(c)the same as the location of a divided block that a DCU and smart meter are installed in and the actual size of the area.(ii)Valid range:(a)selection range of group key generation elements;(b)each coordinate of a DCU and smart meter is the center of a valid range;(c)size of range is a square circumscribed about a circle with a specific radius;(d)radius is randomly selected.

If this phase does not use a valid range, all locations are marked on the same area of the two-dimensional key table when smart meters are installed in a building. Despite the same area, the proposed scheme can select different group key generation elements because of the valid range. In addition, this valid range increases the number of cases of element that can be selected. As you can see in Figure 7, the DCU and smart meter select a different element in the valid range.

In order to select a group key generation element in a valid range, the DCU and smart meter calculate the maximum and minimum coordinates of the valid range. For this, the proposed scheme uses the exclusive-OR operation. The exclusive-OR operation facilitates the selection of a group key generation element within the limit of a valid range.

For example, if the radius of valid range is 10, a group key generation element is selected as Algorithm 1.

Location of smart meter ( )
Coordinates of = 50, = 40
Group key generation element of on key table
= ( + 10) − (PRNG(·) mod 20)
  = (50 + 10) − (PRNG(·) mod 20)
= ( + 10) − (PRNG(·) mod 20)
  = (40 + 10) − (PRNG(·) mod 20)

If a smart meter () is located at -coordinate 50 and -coordinate 40 in key table, it is denoted by and . These coordinates will be the center of a valid range. In order to select a group key generation element of in a valid range, calculates the coordinates of the group key generation element between the maximum and minimum coordinates of the valid range. To calculate this, the and coordinates are transferred to the maximum coordinates of a valid range initially. Then, subtract the specific number randomly selected between 0 and 20 (diameter of valid range) using pseudorandom number generation (PRNG(·)) from the maximum coordinate. The calculation result yields valid coordinates of the group key generation element. If the selected number is 20, the coordinates of group key generation elements equate to the minimum coordinates of the valid range. is the -coordinate of group key generation element and is the -coordinate of group key generation element.

3.5. Generation of Group Key Phase

In these phases, each DCU and smart meter generate a group key using the selected group key generation element. The group key is hash data that concatenates all group key generation elements. All DCU and smart meters generate the same group key. This phase follows four steps in order to generate a group key (see Algorithm 2).

Step  1. DCU Smart meter ( )
    
Step  2. DCU
    Duplicate check for smart meter
    Select group key generation element
     
    Generate group key
     
    Generate hash data to verify integrity
     
    Caculate ALoEle (exclude ( , )) ( )
     
Step  3. Smart meter ( ) DCU
    
Step  4. Smart meter ( )
    Select group key generation element
     
    Generate and compare hash data
     
     
    If result of comaprison is correct,
     

Step 1. After the selection of group key generation element, all smart meters send it to the DCU. The transmitted data consists of the smart meter ID and coordinates of the group key generation element. They do not send the value of the group key generation element. The smart meter ID is used to avoid a duplication of the element because of network latency or a replay attack and so forth.

Step 2. The DCU identifies all group key generation elements of each smart meter using the received data and coordinates and . Then, the DCU concatenates his group key generation element with others and generates a group key using a hash function with a concatenated element. When the generation of a group key is complete, the DCU calculates ALoEle and . ALoEle is a set of coordinates of the group key generation elements, which excludes each specific smart meter that receives ALoEle. In addition, is hash data with an exclusive-OR operation performed on the group key generation element. The purpose of is to verify the integrity of each group key generation element.

Step 3. In this step, the DCU sends ALoEle and to each smart meter in order to generate the same group key.

Step 4. Each smart meter selects a group key generation element of DCU and other smart meters using ALoEle. Then, they perform an exclusive-OR operation and a hash function with their group key generation element. Finally, they compare it with the received . If the result of the comparison is correct, they calculate the group key using the hash function.

4. Security Analysis

4.1. Integrity of Group Key

Kamto et al.’s scheme generates a public and private key based on the Diffie-Hellman key exchange scheme and the exchange key between a gateway and node using the exponentiation operation. They also use a hash function () to protect the integrity of the data transferred over the network. The data consists of the IDs of gateways and nodes (), the result of the exponentiation operation (), and the hash value of integrity verification ().

However, the hash value is generated using data transferred over the network (, ). Therefore, it cannot guarantee the integrity of the data, because anyone can generate a hash value () using the data transferred over the network.

In the proposed scheme, when the DCU sends a set of group key generation elements (ALoEle) and a hash value () to each smart meter, the DCU does not send any information to generate the hash value (). The transmitted data consists of coordinates of group key generation elements and the ID of a smart meter. Thus, an attacker who does not have a valid key table cannot generate a hash value () (see Table 4).

If an attacker changes the group key generation element of a smart meter, the smart meter can verify the modification. For example, the data integrity verification of the smart meter () is as follows:(i)attacker (A):(a)data eavesdropping: ;(b)changing coordinates of the group key generation element: ;(ii)DCU:(a)select the group key generation element and generation group key: ;(b)generate the hash value and a set of group key generation elements: ;(1);(2), (Exclude );(c)send to smart meter (): ;(iii)smart meter:(a)select the group key generation element using ALoEle;(b)generate and compare the hash value with the group key generation element of ;(1);(2);(c)result of comparison is incorrect.

4.2. Confidentiality of Group Key

Xia and Wang’s scheme claims that the session key is secure because only TA knows the prime number () and master key (). Thus, if an attacker know the user’s secret key (, ), he cannot calculate the session key because of the discrete mathematics problem. In fact, an attacker can calculate the session key when he knows a secret key and eavesdrops on a data transmission over the network.

However, our proposed scheme can provide confidentiality of the group key because this scheme does not send the group key and group key generation element. In addition, an attacker who does not possess the key table (KT) cannot identify the correct group key generation element because the transmitted data is just bit string, that is, coordinates. Moreover, an attacker cannot generate the correct group key owing to the same reason.

If an attacker eavesdrops on a set of group key generation elements (ALoEle) and hash value () when the DCU sends it to each smart meter, he cannot determine the group key (). The hash value is generated by all group key generation elements. These elements are calculated by exclusive-OR operations. It is difficult to determine the group key generation element owing to the characteristics of the hash function. Thus, an attacker cannot generate a valid hash value. As noted above, a set of group key generation elements (ALoEle) consists of coordinates of each smart meter’s group key generation element from the key table. Thus, an attacker cannot determine the group key generation element without the key table (KT), and he cannot generate the group key () (see Table 4).

5. Conclusion

Recently, smart grid systems have been widely considered as fundamental components for improving the monitoring and control of a power distribution infrastructure. In order to manage and facilitate two-way communication, the AMI is used in smart grids as the core infrastructure. However, the potential security problems of the AMI increase owing to the application of the public network. In particular, if the electricity consumption data is modified or exposed, it can result in critical security problems owing to the important information for charging. Thus, encryption is needed to secure this transmission. Moreover, a key management and distribution scheme is required to aid encryption. Further, if AMI uses a pairwise key for each device, the DCU and higher-level devices will have to manage multiple keys. Because the AMI has many devices and a hierarchical structure, the group key distribution scheme is more efficient than pairwise key distribution. Therefore, many studies on smart grids are being conducted to efficiently manage power distribution globally.

Therefore, we proposed a two-dimensional key table-based group key distribution in AMI. The proposed scheme has three phases: key table predistribution, selection of group key generation element, and generation of group key. These phases manage keys efficiently and provide data security. Therefore, the proposed scheme is expected to improve data security.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work was supported by the National Research Foundation of Korea (NRF) Grant funded by the Korea government (MSIP) (no. NRF-2012R1A2A2A01010886). This work was supported by the Soonchunhyang University Research Fund.