Anonymous and Efficient Message Authentication Scheme for Smart Grid

Wu, Libing; Wang, Jing; Zeadally, Sherali; He, Debiao

doi:https://doi.org/10.1155/2019/4836016

Security and Communication Networks

On this page

Abstract Introduction Related Work Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2019 | Article ID 4836016 | https://doi.org/10.1155/2019/4836016

Anonymous and Efficient Message Authentication Scheme for Smart Grid

Libing Wu,^1,2Jing Wang,^1,2Sherali Zeadally,³and Debiao He^2,4

Academic Editor: Roberto Di Pietro

Received12 Dec 2018

Revised10 Apr 2019

Accepted22 Apr 2019

Published12 May 2019

Abstract

Smart grid has emerged as the next-generation electricity grid with power flow optimization and high power quality. Smart grid technologies have attracted the attention of industry and academia in the last few years. However, the tradeoff between security and efficiency remains a challenge in the practical deployment of the smart grid. Most recently, Li et al. proposed a lightweight message authentication scheme with user anonymity and claimed that their scheme is provably secure. But we found that their scheme fails to achieve mutual authentication and mitigate some typical attacks (e.g., impersonation attack, denial of service attack) in the smart grid environment. To address these drawbacks, we present a new message authentication scheme with reasonable efficiency. Security and performance analysis results show that the proposed scheme can satisfy the security and lightweight requirements of practical implementations and deployments of the smart grid.

1. Introduction

The explosive growth in mobile data services has paved the way for wireless communications to be achieved with lower energy consumption, higher throughout, and better quality of service [1]. The smart grid is one of the most significant technologies for developing smart homes and, as a result, we have witnessed an increase in interest among researchers and engineers in these technologies. Besides the one-way information flow communication as in the traditional power grid, the smart grid incorporates two-way communications to provide reliability, efficiency, and security for the electric system, where there are many machines (i.e., smart meters, sensing devices, control systems, and other household applications) involved to enable these two-way communications [2, 3].

Generally, network communication forms the core of the electric system automation applications of the smart grid. The deployment of one-way information flow communication networks is similar to that in the traditional smart grid. As for the two-way information flow communication network, it involves a neighborhood gateway which collects the electricity consumption records from corresponding consumers via wireless network connections [4]. Next, the neighborhood gateway sends its collected data to the control center for detailed consumption analysis via a wired network connection. Finally, the control center responds with real-time pricing information to the smart grid consumers or sends the electric control information to relieve the burden of electricity demand peak. At the consumer’s side, the device communicating with the neighborhood gateway is the smart meter which is resource-constrained and is responsible for collecting the electricity consumption reports through its connection with various household appliances. Figure 1 depicts the communication architecture for smart grid (and the entities concluded in a home area network (HAN) are some household appliances).

To enable network communications in the above architecture, it is desirable to choose the Internet Protocol-based communication technologies for the smart grid. Inevitably, such networks are prone to a number of external attacks, such as impersonation attack, tracking attack, and denied of service (DoS) attack [6]. Additionally, a large volume of sensitive data that directly impact user privacy is transmitted over these networks. Consequently, it is crucial to ensure that unauthorized entities cannot access such transmitted information or communicate with the information technologies elements in the smart grid communication systems.

Authentication and key agreement protocols are key technologies that can ensure the security of an information system. Together, they ensure the legitimacy and authenticity of a user’s identity and provide an agreed session key for secure communication between entities in a network. According to recent researches [7–10], several authentication schemes for smart grid were proposed over the last several years. We identify two major limitations of many of these recently proposed authentications for smart grid:(i)The computation cost of these schemes is not practical for smart grid environment: in a smart grid, most of smart things and applications connected to the Internet are constrained to computation capabilities. However, the smart devices (e.g., smart meters) in these authentication schemes are expected to perform some compute-intensive operations, such as the map-to-point hash and bilinear pairing operations.(ii)Important security properties or functions are not provided by these schemes: these schemes have various vulnerabilities that can be exploited in different types of attacks to the smart grid networks, such as the impersonation attack and denial of service attack. Some of these schemes cannot provide secure mutual authentication, key agreement, and user anonymity. These limitations seriously hinder their practical deployment and implementation in the smart grid environment.

Most recently, Li et al. [5] proposed an anonymous and lightweight message authentication scheme for smart grids. They only used some very lightweight cryptographic operations in their scheme, e.g., bitwise XOR operation and one-way hash functions. They also claimed that their scheme is provably secure and provides many necessary functions and security properties. However, we demonstrate that their scheme cannot provide secure mutual authentication and resistance against DoS attacks, which can seriously affect the availability of network communication systems. Since the message transmitted over the grid communication networks is delay-sensitive, these networks of smart grids are much more focused on the message delay than the data throughout when compared with the general Internet. Thus, Li et al.’s scheme is not practical in the deployment of smart grids. To address these weaknesses, we then propose an improved scheme and show that it is provably secure in Section 6.

The remainder of this paper is organized as follows. In the next two sections, we briefly review related works and relevant preliminaries, respectively. In Section 4, we review Li et al.’s scheme and identify the design weaknesses of their scheme. In Section 5, we describe our improved message authentication scheme for the smart grid. In Sections 6 and 7, we analyze the security and evaluate the performance of our proposed scheme respectively. Finally, we make some concluding remarks in the last section.

In the last decade, several cryptographic protocols including digital signature [11], encryption [12, 13], data aggregation [14, 15], secure data storage [16–18], and authentication schemes [9, 19] have been proposed as solutions to secure the smart grid by academia and industry [20]. The authentication scheme is the first line of defense to protect data security and enforce privacy protection for smart grids, and it is an important requirement in the deployment of smart grids.

Tsai and Lo [8] proposed an anonymous key distribution scheme to provide secure communications for smart grids by integrating identity-based signature and identity-based encryption. In their scheme, it is fairly easy for smart meters to authenticate each other, while some bilinear pairing operations are introduced. Later, Odelu et al. [21] pointed out that Tsai and Lo’s scheme fails to support SK-security and credential privacy of smart meters and then proposed a new authentication key agreement scheme for the smart grid environment to solve the vulnerabilities in [8].

Chim et al. proposed a gateway-assisted authentication for power usage information with privacy preservation for smart grids, which allowed the smart meters to aggregate power usage information [22]. Chan and Zhou proposed a two-factor cyberphysical device authentication scheme to resist coordinated cyberphysical attacks in a smart grid (SG) environment by combining a novel contextual factor and conventional authentication factor [23]. Then, Wazid et al. proposed a secure three-factor authentication scheme for renewable-energy-based smart grid environment, which can provide password and biometric update and smart meter anonymity [19]. Li et al. [24] also proposed a three-factor authentication scheme for smart grid and solved the shortcomings (i.e., wrong password detection mechanism, vulnerability in DoS attacks) in [25].

Li et al. claimed that many of the existing authentication schemes for wireless sensor networks more or less suffer from various weaknesses, so that they proposed a new secure authentication scheme with privacy preservation based on elliptic curve cryptography (ECC) for industrial Internet of things [26]. Mahmood et al. also proposed an ECC-based privacy-preserving authentication for smart grid communications with high efficiency by reducing some complex cryptographic operations [27]. Koo et al. also investigated both security and privacy into smart grid systems; they proposed a provably secure scheme with privacy-preserving aggregation and multisource smart meters authentication [28]. Before this, He et al. had proposed two related data aggregation schemes that are resistant against insider attacks in smart grid systems [14, 29].

Shen et al. designed two lightweight authentication protocols and a group key establishment algorithm between sensor nodes and personal digital assistants for wireless body area networks [30, 31]. Their proposed protocols were aimed at resource-constrained devices and therefore they can be applied to smart grid systems. Ennahbaoui and Idrissi [32] designed a zero-knowledge authentication and intrusion detection system for secure smart grids. In [33], Aujla et al. argued that traditional TCP/IP-based networks are not suitable for most smart applications, so they proposed an SDN-enabled multiattribute secure communication model for smart grids. Most recently, Li et al. [5] proposed a provably secure message authentication scheme with high efficiency for smart grids. However, in this work, we will demonstrate the scheme fails to provide mutual authentication and cannot mitigate the impersonation attacks and DoS attacks.

2.1. Our Contributions

In this subsection, we summarize the main contributions of this work as follows:(i)First, we propose a new anonymous message authentication scheme for smart grid. The proposed scheme addresses the weaknesses in Li et al.’s scheme with desire efficiency.(ii)Second, we make an in-depth security analysis to demonstrate out proposed scheme is provably secure and can fulfill those security requirements of the smart grid environment.(iii)Finally, we evaluate the performance of our proposed scheme and compare it with that in Li et al.’s scheme. The comparison results show that our scheme is more suitable for the practical deployment of the smart grid.

3. Preliminaries

Next, we present the threat models, some notations, and two mathematical problems used in this paper.

3.1. Notations

We use the following notations in this paper:(i): the -th smart meter gateway of the home area network (HAN).(ii): the -th smart meter gateway of the neighborhood area network (NAN).(iii): a cyclic multiplication group.(iv): a strong prime integer as the order of .(v): the generator of .(vi): the secure hash function, where .(vii): the secure hash function, where .(viii): the real identity of , where .(ix): the real identity of , where .(x): the exclusive-OR operation.(xi): the uplimited time interval.(xii): the probability of event .

3.2. Mathematical Problems

Let be a cyclic multiplication group with generator and a strong prime integer as its order, so that is also a large prime integer. For any number , mod is included in . For clarity, we omit the expression “mod p” in this paper. The following two mathematical problems are the security foundation of the proposed scheme in Section 5.(1)Discrete Logarithm (DL) Problem. Given two elements , the goal is to compute the value of , which is hard for a polynomial function with in polynomial time.(2)Computational Diffie-Hellman (CDH) Problem. Given three elements , where are kept secret, the goal is to compute the value of , which is hard for a polynomial function within polynomial time.

3.3. Network Model

In our network model, we focus on the communication security between the neighborhood gateway and the smart meter. As shown in Figure 2, we assume that a neighborhood area network (NAN) covers a number of home area networks (HANs, e.g., ), where the smart meter is a communication center. We also assume the smart meter as a gateway in the HAN.

(i)Registration center (RC): the RC represents a trusted third party that is responsible for generating all system parameter, and secret values (i.e., private key) for each communication party in the system.(ii)Neighborhood gateway (NAN-GW): the NAN-GW represents a gateway deployed in the NAN. It is in charge of receiving the consumption reports from each HAN-GW and then sends them to the control center. The main function of the NAN-GW is to detect the replay attack, impersonation attack, and other malicious attacks.(iii)Home gateway (HAN-GW): the HAN-GW represents a gateway deployed in the HAH. It is equipped with a smart meter in order to collect the consumption reports and then transmits them to the NAN-GW. The HAN-GW is resource-constrained and vulnerable to many network attacks.

4. Cryptanalysis of Li et al.’s Scheme

In this section, we briefly review the provably secure message authentication scheme proposed by Li et al. For more details, readers can refer to [5]. Focusing on the authentication phase, we demonstrate that this phase is vulnerable to the impersonation attack and the DoS attack.

4.1. Review of Li et al.’s Scheme

Li et al.’s scheme consists of three phases (i.e., initialization phase, authentication phase, and message transmission phase) and two communication parties (i.e., and ). Since the initialization phase and message transmission phase are the same as described in Sections 5.1 and 5.3, we omit them in this subsection. We only present the authentication phase as depicted in Figure 3.

Step A1. randomly selects a number and extracts the current timestamp to compute , and .

Step A2. sends to .

Step A3. Upon receiving message , extracts the current timestamp , checking whether holds. If so, it continues to compute for verifying . If the equation does not hold, it aborts the current authentication. Otherwise, it does the next step.

Step A4. randomly selects a number and extracts the current timestamp to compute , , and .

Step A5. sends to .

Step A6. Upon receiving message , extracts the current timestamp , checking whether holds. If it holds, it computes , . Then, it checks the correctness of to determine whether aborts this communication.

4.2. Design Weaknesses in Li et al.’s Scheme

With superior performance and desired properties over the related works, Li et al.’s scheme seems quite promising from the perspective of desirable features which their scheme supports. However, its potential threats in some realistic attack scenarios go beyond the provable security model, the security analysis of their scheme is insufficient. We will show that their scheme fails to achieve mutual authentication by verifying at the ’s side. Additionally, their scheme cannot resist impersonation attack where an attacker forges a message to impersonate .

Next we investigate the following new but realistic attacking scenario. Suppose the identity is somehow known to an attacker as in the case when is familiar to the user and guesses the via the user’s personal information. Since the authentication message is transmitted over an open channel, it is easy for to intercept during any authentication process. Suppose has obtained two messages and , where , and are unknown to the attacker. can impersonate by forging any request message with real-time as shown by following steps.

Step 1. Compute , , , and , .

Step 2. Select two variables to construct equations

Step 3. Compute one of solutions to above equations, such as

Step 4. Compute , , and .

Step 5. Send to a valid .

Correctness. Upon receiving the message from , first checks the freshness of . Then, it computes . Since we obtain . Next, checks whether . According to Step 2 above, we can get

Therefore, an attacker can pass ’s authentication without knowing a ’s private key. As a result, manages to make believe that he/she is a valid and continuously execute authentication operations. Thus, an external attacker can break the security of mutual authentication and launch the DoS attack on the smart grid by impersonating a legal gateway to connect with the corresponding . As a consequence, the smart grid network system cannot reject the connection of a malicious IP address by detecting the invalid data packages received, and thus it is susceptible to DoS attacks, which will lead to an increase in message delay.

Effectiveness. It is worth noting that the above attack is very effective because it only requires a passive eavesdropping attacker and involves a few lightweight cryptographic operations, such as addition, multiplication, exponentiation, and hash operations. For example, to get a solution in Step 3 and forge a successful authentication message , we only require three general hash operations, six multiplication operations, one division operation, four exponentiation operations, and three addition/subtraction operations. Given the running time of each operation referred in Li et al.’s scheme [5], the total time for to successfully implement an attack is about 1.396ms.

5. The Proposed Scheme

To overcome the weakness of Li et al.’s scheme, we propose an improved anonymous message authentication scheme for the smart grid. Similar to Li et al.’s scheme, our protocol also has three phases: the initialization phase, the authentication and key agreement phase, and the message transmission phase.

5.1. Initialization Phase

In this phase, the registration center (RC) generates the system parameters and private-public key pair for each registered entity (i.e., and ) as follows.

Step I1. The RC chooses a multiplication cyclic group with order , and the generator is . Next, the RC selects a secure one-way hash function and a secure hash function .

Step I2. For each registered entity, RC generates a distinct random number as private key and computes as the corresponding public key. Here, let be the -th HAN-GW’s private key, and be -th HAN-GW’s public key.

Step I3. The RC sends the key pair to (i.e., the -th HAN-GW) via a secure channel, where can be revealed to others.

Similarly, the -th NAN-GW can obtain its own key pair as from the RC as described in Step I3.

5.2. Authentication Phase

In this phase, and authenticate with each other. In addition, a temporary session key is created and used for encrypting subsequent transmitted messages. As depicted in Figure 4, the details are described as follows.

Step A1. first chooses a random number from group and assigns up the current timestamp . Then, computes and .

Step A2. sends the plain message to via a public channel.

Step A3. Upon receiving message at time , first checks the freshness of the timestamp by equation . If it holds, computes and further verifies the correctness of . If the final equation does not hold, aborts the authentication process. Otherwise, it continues to the next step.

Step A4. selects a random number from group and gets the current timestamp . Similarly, computes and the temporary session key . Finally, computes .

Here, we assume that already knows the identity of (i.e., ) because it is a control smart meter among several in a specific neighborhood.

Step A5. sends the plain message to via a public channel.

Step A6. Upon receiving message , assigns the current timestamp and checks . If it does not hold, aborts this authentication. Otherwise, first computes . Then verifies the correctness . If it holds, confirms that the temporary session key is associated with . Otherwise, aborts this authentication process.

5.3. Message Transmission Phase

In this phase, a secure symmetric encryption algorithm (i.e., Advanced Encryption Standard, AES) and a secure one-way hash function are used to guarantee the message’s confidentiality and integrity. The details are as follows.

Step M1. periodically collects user’s current electricity consumption report and computes the value of , where is the current timestamp. Then, encrypts the message as by using the above agreed session key , and sends to over a public channel.

Step M2. After receiving at time , runs the decryption algorithm to get the corresponding plaintext of with session key . The plaintext is in the form of . further verifies and to confirm the freshness and integrity of the received message.

6. Security Analysis and Comparisons

In this section, we first apply the following security model to prove that the proposed scheme is provably secure. Secondly, we make a further discussion to demonstrate that it can resist various well-known attacks along with the security requirements for smart grid.

6.1. Security Model

We assume that there are two entities and in a message authentication scheme . Let and denote the -th instance of and respectively. If the two entities do not need to be distinguished, we denote the -th instance of them as . All of them can have multiple instances and they are allowed to execute the scheme concurrently.

Definition 1 (adversary abilities). We use some oracles played between an adversary and a simulator to prove the security of the proposed scheme. is able to know all the public parameters of and and control the network. Moreover, can execute the following queries and get corresponding answers as follows:(i): maintains a table (or ) that is initialized to empty. Upon receiving the query, checks if is recorded in , if so, returns to . Otherwise, chooses a random number and outputs it to and then records the generated entry into (or ).(ii): this query simulates a passive attack. honestly performs the authentication scheme that allows to get access to the normal authentication process and outputs as the answer.(iii): executes the query with message and performs the message authentication scheme according to its specification and then returns the output result to .(iv): if the oracle has turned into the Accept state, can get the current session key of this oracle.(v): this oracle is used in the forward secrecy model, where can get the long-term secret key of from ’s answer.(vi): this oracle tests the AKA security of the session key. As the -th session, selects a bit , if , outputs the real session key as the answer. Otherwise, outputs a random string with the same length as the real session key.

Definition 2 (AKA-secure). Let the probability that guesses the bit involved in the Test query denote ’s advantage of breaking the scheme. More precisely, we denote the advantage as . We say a scheme is AKA-secure if is negligible for any polynomial adversary .

Definition 3 (MA-secure). We say a message authentication scheme for smart grid is mutual authentication (MA) secure if the probability is negligible for any polynomial adversary .

6.2. Formal Security Proof

In this subsection, we show that our improved scheme is provably secure for smart grid. Let denote the event that can break the authentication of -to- and denote the event that can break the authentication of -to- . Let denote the event that can break AKA security of the improved message authentication scheme. Let and be the advantage of the events that can break the authentication of to and the authentication of to , respectively.

Theorem 4. The proposed scheme for the smart grid is MA-secure if both and are negligible.

Proof. Assume that the adversary has executed the above-mentioned oracles in the normal manner. In particular, we consider that executes the -query, if the simulator succeeds to compute the value of , it implies that the message is valid. If can produce a valid , it can produce another valid message , which means it can generate a valid . Then, can get ’s private key due to the following equations and Based the above two equations, we get Thus, can output as a solution of the DL problem. It is similar to [5] that the probability of forging a correct pair is . Therefore, the probability that can solve the DL problem is , which is contradicted with the hardness of DL problem. In other words, the probability of is negligible.
Similarly, considering the query , if the message can pass the verification of , it implies that can get a perfect hash recording including in , where . Therefore, can output as the instance of the CDH problem with the probability of , where is the bound times of hash queries. Since the CDH is hard, the probability is negligible.
To conclude, the improved scheme is MA-secure.

Theorem 5. The proposed scheme for smart grid is AKA-secure if is negligible.

Proof. Assume that an adversary correctly guesses the value of involved in the Test-query with a nonnegligible probability . We then show that there exists a simulator that can solve the CDH problem.
Let denote the event that obtains the correct session key, and let , denote the events that guesses in instance and instance respectively. From the Definition 2, the probability that guess the correct is at least , and thus we can get . Furthermore, we can get the following equations: Thus, we get .
According to Theorem 4, is negligible and, therefore, is nonnegligible. Since can break the AKA security, can output as the solution to the CDH problem of instance with nonnegligible probability, which contradicts with the hardness of CDH problem. Therefore, the proposed message authentication scheme for smart grid is AKA-secure.

6.3. Other Discussions on Security Properties

We now demonstrate how our improved scheme achieves the mutual authentication, session key agreement, user anonymity, perfect forward secrecy, and resistance to several attacks [14, 34–37].

Mutual Authentication. From the description of our proposed scheme, verifies the identity of via checking , and verifies the identity of via checking . The formal security analysis has proved that nobody can impersonate one of the two parties to cheat the other one by generating a valid authenticated message (or ) during the authentication process. Thus, our improved scheme can support mutual authentication.

Session Key Agreement. In the authentication and key agreement phase, and can independently compute the session key and , which can be used to encrypt messages in subsequent communications. Furthermore, can verify the correctness of the session key by recovering (by computing ) and matching it with its own computed . Thus, our improved scheme can achieve session key agreement.

User Anonymity. In our improved scheme, the real identity of is hidden by , where is a random number chosen by and it is unknown to others. So without knowing the value of , the only way to reveal the identity of is to compute , where is transmitted over the public channel while is the private key known only to . If the adversary intends to reveal ’s real identity, the adversary needs to get the value of or given , which means he/she has to solve the CDH problem. Else, the adversary cannot get ’s real identity. Thus, our improved scheme can provide user anonymity.

Perfect Forward Secrecy. and agree with a shared session key in the final step of the authentication and key agreement phase. If an attacker intends to compute the session key of a special communication, he/she has to obtain the real identity of and and compute from and as well. From the above analysis, he/she needs to solve the CDH problem or it cannot derive the correct session key even though he/she obtains long-term secret key. Thus, our improved scheme can provide perfect forward secrecy.

Resistance to Several Attacks. Next, we show how the improved scheme can resist tracking attack, replay attacks, impersonation attack, man-in-the-middle attack, and DoS attack.

(i) Resistance of Tracking Attack. The messages transmitted during each session phase are different and fresh as they are randomized by two random numbers . This means an attacker cannot link any two sessions to the same user or track a user’s behaviors from some sessions. Thus, our improved scheme can mitigate the tracking attack.

(ii) Resistance to Replay Attack. As every authenticated message (i.e., ) contains timestamps, which also includes in the computation of and , an old/intercepted authenticated messages cannot pass the verification of the other party in the current time. Thus, our improved scheme can mitigate the replay attack.

(iii) Resistance to Impersonation Attack. If an attacker intends to impersonate , he/she has to create a legal request message that he/she needs to compute a valid . It means that he/she needs to know the private key of . Similarly, impersonating should correctly compute the value of ; otherwise, it cannot pass the verification of . If the attacker succeeds to impersonate , he/she either gets the private key or solves the CDH problem with the instance . Thus, our improved scheme can mitigate the impersonation attack.

(iv) Resistance to Mathematical Analytical Attack. We define the attack on Li et al.’s protocol to be a mathematical analytical attack, and we now prove that our proposed protocol can resist this attack. For the sake of fairness, we assume that the identity is revealed to an attacker meaning that the attacker can get the information of and many pairs of . From the structure of , the attacker cannot construct a system of linear equations because it has no knowledge of . Next, we compute rather than , which further breaks the linear relations between equations. Thus, our proposed protocol can resist the mathematical analytical attack even if the attacker knows the user’s identity .

(v) Resistance to Man-in-the-Middle Attack. As we analyzed before, our improved scheme can provide mutual authentication, and no attacker is able to cheat through impersonating the other party. Thus, our improved scheme can mitigate the man-in-the-middle attack.

(vi) Resistance of DoS Attack. Assuming that an attacker intends to implement the DoS attack, he/she may flood the with some messages. If the message can pass the verification of , it will cause wastage of computation and communication resources of when computing and transmitting the response message, which results in increased delay for data communications in the smart grid. In our improved scheme, an illegal message can be effectively detected by and thus aborts the current communication thereby avoiding additional unnecessary computation and communication costs. Thus, our improved scheme can provide resistance of DoS attack to some extent.

7. Performance Evaluation and Comparisons

In this section, we evaluate the performance of our improved scheme and compare it with Li et al.’s scheme [5]. For fair comparison, we use the experimental data referred in [5] to evaluate the performance of Li et al.’s scheme and our proposed scheme.

Here, we briefly recall the experimental platform and the selected parameters used in Li et al.’s scheme. The executing platform for running related cryptographic operations is a personal computer with an Intel(R) Core TM i7-4710HQ 2.50GHz processor, 8GB memory, Win8 operating system. The related operations (e.g., modular exponentiation, bilinear pairing operation) are executed based on the MIRACL C/C++ library with Visual C++ 2010. To achieve the same security level for different schemes, Li et al. chose a multiplication cyclic group consisting of -bit integers.

Let AES and 160-bit SHA1 algorithms be the symmetric encryption algorithm and hash function to handle messages in the schemes. Note that each block in AES is 128 bits. The following notations denote the average running times of related cryptographic operations and the corresponding results are presented in Table 1. Here, we ignore the XOR, modular addition operations from the comparison because their running times are negligible.(i): The running time of a modular exponentiation operation.(ii): The running time of a modular inversion operation.(iii): The running time of a modular multiplication operation.(iv): The running time of a AES encryption/decryption operation.(v): The running time of a SHA1 hash operation.

The authentication and key agreement phase of Li et al.’s scheme [5] requires a total of three modular exponentiation operations, one modular multiplication operation, one modular inversion operation, and four SHA1 hash operations at the ’s side to compute . While at the ’s side, it requires five modular exponentiation operations, one modular multiplication operation, and four SHA1 hash operations to calculate . Therefore, Li et al.’s scheme takes around ms and ms at ’s and ’s sides respectively during the authentication and key agreement phase.

In our proposed scheme, the authentication and key agreement phase requires a total of three modular exponentiation operations, one modular multiplication operation, and four SHA1 hash operations at the ’s side to compute . While at the ’s side, it also requires five modular exponentiation operations, one modular multiplication operation, and four SHA1 hash operations to calculate . Therefore, this phase only takes around ms and ms at ’s and ’s sides respectively.

For the communication cost, we need to transmit two elements in the group (i.e., ) and only one element in the group (i.e., ) at the ’s side, and there is one element in (i.e., ), two elements in group (i.e., ) to be transmitted at the ’s side. We assume that denotes the length of element in group and denote the length of element in group and . Thus, the total communication cost of our proposed scheme is bits (assume that the length of identity is 64 bits). Similarly, we note that there are three elements in (i.e., ) and five elements in the group (i.e., ) to be transmitted over the network channel. Thus, the total communication cost of Li et a’.’s scheme is bits.

As shown in Tables 2 and 3, our proposed scheme addresses the security weakness of the authentication phase without increasing the computation and communication costs when it is compared to [5]. In particular, the computation cost at the HAN-GW’s side is even slightly lower than that of [5] because the proposed protocol removes the inversion operation. Therefore, our proposed protocol is more suitable for the practical deployment of the smart grid.

8. Conclusion

Device authentication and secure message transmission are important processes in the practical deployment of the smart grid. Li et al. recently proposed a lightweight message authentication scheme for the smart grid with user anonymity and they claimed it is secure. However, we found that their scheme fails to achieve device mutual authentication, which results in possible network availability attacks that include DoS attacks. To address the weaknesses in Li et al.’s scheme, we proposed an improved message authentication scheme which does not incur additional computation and communication costs. A security analysis demonstrates that our proposed scheme can satisfy various security requirements for the smart grid. Our future work will focus on reducing the communication cost during the authentication process.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request. Fully documented templates are available in the elsarticle package on CTAN.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The work was supported by the National Natural Science Foundation of China (Nos. 61772377, 61572370, 61572379) and the fund of the Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS201608).

References

W.-L. Chin, Y.-H. Lin, and H.-H. Chen, “A framework of machine-to-machine authentication in smart grid: a two-layer approach,” IEEE Communications Magazine, vol. 54, no. 12, pp. 102–107, 2016.
View at: Publisher Site | Google Scholar
M. M. Fouda, Z. M. Fadlullah, N. Kato, R. Lu, and X. S. Shen, “A lightweight message authentication scheme for smart grid communications,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 675–685, 2011.
View at: Publisher Site | Google Scholar
A. S. Sani, D. Yuan, J. Jin, L. Gao, S. Yu, and Z. Y. Dong, “Cyber security framework for internet of things-based energy internet,” Future Generation Computer Systems, 2018.
View at: Google Scholar
H. Li, R. Lu, L. Zhou, B. Yang, and X. Shen, “An efficient Merkle-tree-based authentication scheme for smart grid,” IEEE Systems Journal, vol. 8, no. 2, pp. 655–663, 2014.
View at: Publisher Site | Google Scholar
X. Li, F. Wu, S. Kumari, L. Xu, A. K. Sangaiah, and K.-K. R. Choo, “A provably secure and anonymous message authentication scheme for smart grids,” Journal of Parallel and Distributed Computing, 2017.
View at: Google Scholar
A. O. Otuoze, M. W. Mustafa, and R. M. Larik, “Smart grids security challenges: classification by sources of threats,” Journal of Electrical Systems and Information Technology, vol. 5, no. 3, pp. 468–483, 2018.
View at: Publisher Site | Google Scholar
H. Nicanfar, P. Jokar, K. Beznosov, and V. C. M. Leung, “Efficient authentication and key management mechanisms for smart grid communications,” IEEE Systems Journal, vol. 8, no. 2, pp. 629–640, 2014.
View at: Publisher Site | Google Scholar
J.-L. Tsai and N.-W. Lo, “Secure anonymous key distribution scheme for smart grid,” IEEE Transactions on Smart Grid, vol. 7, no. 2, pp. 906–914, 2016.
View at: Publisher Site | Google Scholar
N. Saxena, B. J. Choi, and R. Lu, “Authentication and authorization scheme for various user roles and devices in smart grid,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 5, pp. 907–921, 2016.
View at: Publisher Site | Google Scholar
K. Mahmood, S. Ashraf Chaudhry, H. Naqvi, T. Shon, and H. Farooq Ahmad, “A lightweight message authentication scheme for smart grid communications in power sector,” Computers and Electrical Engineering, vol. 52, pp. 114–124, 2016.
View at: Publisher Site | Google Scholar
N. Saxena and S. Grijalva, “Efficient signature scheme for delivering authentic control commands in the smart grid,” IEEE Transactions on Smart Grid, vol. 9, no. 5, pp. 4323–4334, 2018.
View at: Publisher Site | Google Scholar
A. N. Samudrala and R. S. Blum, “Asymptotic analysis of a new low complexity encryption approach for the internet of things, smart cities and smart grid,” in Proceedings of the IEEE International Conference on Smart Grid and Smart Cities (ICSGSC '17), pp. 200–204, July 2017.
View at: Google Scholar
L. Ji, L. Wang, and C. Liao, “A new method of encryption wireless energy transmission for ev in the smart grid,” CES Transactions on Electrical Machines and Systems, vol. 1, no. 4, pp. 405–410, 2017.
View at: Google Scholar
D. He, N. Kumar, S. Zeadally, A. Vinel, and L. T. Yang, “Efficient and privacy-preserving data aggregation scheme for smart grid against internal adversaries,” IEEE Transactions on Smart Grid, vol. 8, no. 5, pp. 2411–2419, 2017.
View at: Publisher Site | Google Scholar
Z. Wang, “An identity-based data aggregation protocol for the smart grid,” IEEE Transactions on Industrial Informatics, vol. 13, no. 5, pp. 2428–2435, 2017.
View at: Publisher Site | Google Scholar
B. Li, Y. Huang, Z. Liu, J. Li, Z. Tian, and S.-M. Yiu, “HybridORAM: practical oblivious cloud storage with constant bandwidth,” Journal of Information Science, 2018.
View at: Google Scholar
Z. Huang, S. Liu, X. Mao, K. Chen, and J. Li, “Insight of the protection for data security under selective opening attacks,” Information Sciences, vol. 412-413, pp. 223–241, 2017.
View at: Publisher Site | Google Scholar
X. Chen, J. Li, J. Weng, J. Ma, and W. Lou, “Verifiable computation over large database with incremental updates,” Institute of Electrical and Electronics Engineers. Transactions on Computers, vol. 65, no. 10, pp. 3184–3195, 2016.
View at: Google Scholar | MathSciNet
M. Wazid, A. K. Das, N. Kumar, and J. J. P. C. Rodrigues, “Secure three-factor user authentication scheme for renewable-energy-based smart grid environment,” IEEE Transactions on Industrial Informatics, vol. 13, no. 6, pp. 3144–3153, 2017.
View at: Publisher Site | Google Scholar
I. Colak, S. Sagiroglu, G. Fulli, M. Yesilbudak, and C.-F. Covrig, “A survey on the critical issues in smart grid technologies,” Renewable & Sustainable Energy Reviews, vol. 54, pp. 396–405, 2016.
View at: Publisher Site | Google Scholar
V. Odelu, A. K. Das, M. Wazid, and M. Conti, “Provably secure authenticated key agreement scheme for smart grid,” IEEE Transactions on Smart Grid, vol. 9, no. 3, pp. 1900–1910, 2018.
View at: Google Scholar
T. W. Chim, S.-M. Yiu, V. O. K. Li, L. C. K. Hui, and J. Zhong, “PRGA: Privacy-preserving recording & gateway-assisted authentication of power usage information for smart grid,” IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 1, pp. 85–97, 2015.
View at: Publisher Site | Google Scholar
A. C.-F. Chan and J. Zhou, “Cyber–physical device authentication for the smart grid electric vehicle ecosystem,” IEEE Journal on Selected Areas in Communications, vol. 32, no. 7, pp. 1509–1517, 2014.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, S. Kumari, F. Wu, and K.-K. R. Choo, “A robust biometrics based three-factor authentication scheme for global mobility networks in smart city,” Future Generation Computer Systems, vol. 83, pp. 607–618, 2018.
View at: Publisher Site | Google Scholar
P. Gope and T. Hwang, “Enhanced secure mutual authentication and key agreement scheme preserving user anonymity in global mobile networks,” Wireless Personal Communications, vol. 82, no. 4, pp. 2231–2245, 2015.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, M. Z. A. Bhuiyan, F. Wu, M. Karuppiah, and S. Kumari, “A robust ECC based provable secure authentication protocol with privacy protection for industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3599–3609, 2018.
View at: Publisher Site | Google Scholar
K. Mahmood, S. A. Chaudhry, H. Naqvi, S. Kumari, X. Li, and A. K. Sangaiah, “An elliptic curve cryptography based lightweight authentication scheme for smart grid communication,” Future Generation Computer Systems, vol. 81, pp. 557–565, 2018.
View at: Publisher Site | Google Scholar
D. Koo, Y. Shin, and J. Hur, “Privacy-preserving aggregation and authentication of multi-source smart meters in a smart grid system,” Applied Sciences, vol. 7, no. 10, p. 1007, 2017.
View at: Google Scholar
D. He, S. Zeadally, H. Wang, and Q. Liu, “Lightweight data aggregation scheme against internal attackers in smart grid using elliptic curve cryptography,” Wireless Communications and Mobile Computing, vol. 2017, Article ID 3194845, 11 pages, 2017.
View at: Publisher Site | Google Scholar
J. Shen, S. Chang, Q. Liu, and X. Sun, “A lightweight multi-layer authentication protocol for wireless body area networks,” Future Generation Computer Systems, vol. 78, pp. 956–963, 2018.
View at: Google Scholar
J. Shen, Z. Gui, S. Ji, J. Shen, H. Tan, and Y. Tang, “Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks,” Journal of Network and Computer Applications, vol. 106, pp. 117–123, 2018.
View at: Publisher Site | Google Scholar
M. Ennahbaoui and H. Idrissi, “Zero-knowledge authentication and intrusion detection system for grid computing security,” in Information Innovation Technology in Smart Cities, pp. 199–212, Springer, 2018.
View at: Google Scholar
G. S. Aujla, R. Chaudhary, S. Garg, N. Kumar, and J. J. P. C. Rodrigues, “SDN-enabled multi-attribute-based secure communication for smart grid in IIOT environment,” IEEE Transactions on Industrial Informatics, vol. 14, no. 6, pp. 2629–2640, 2018.
View at: Publisher Site | Google Scholar
D. He and D. Wang, “Robust biometrics-based authentication scheme for multiserver environment,” IEEE Systems Journal, vol. 9, no. 3, pp. 816–823, 2015.
View at: Publisher Site | Google Scholar
Q. Feng, D. He, S. Zeadally, N. Kumar, and K. Liang, “Ideal lattice-based anonymous authentication protocol for mobile devices,” IEEE Systems Journal, pp. 1–11, 2018.
View at: Publisher Site | Google Scholar
C. Lin, D. He, X. Huang, K. R. Choo, and A. V. Vasilakos, “BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0,” Journal of Network and Computer Applications, vol. 116, no. 1, pp. 42–52, 2018.
View at: Publisher Site | Google Scholar
D. He, N. Kumar, H. Wang, L. Wang, K.-K. R. Choo, and A. Vinel, “A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 633–645, 2018.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2019 Libing Wu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1782

Downloads

1260

Citations

Security and Communication Networks

Anonymous and Efficient Message Authentication Scheme for Smart Grid

Abstract

1. Introduction

2. Related Work

2.1. Our Contributions

3. Preliminaries

3.1. Notations

3.2. Mathematical Problems

3.3. Network Model

4. Cryptanalysis of Li et al.’s Scheme

4.1. Review of Li et al.’s Scheme

4.2. Design Weaknesses in Li et al.’s Scheme

5. The Proposed Scheme

5.1. Initialization Phase

5.2. Authentication Phase

5.3. Message Transmission Phase

6. Security Analysis and Comparisons

6.1. Security Model

6.2. Formal Security Proof

6.3. Other Discussions on Security Properties

7. Performance Evaluation and Comparisons

8. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright