Next Article in Journal
Laser-Based Mobile Visible Light Communication System
Previous Article in Journal
Generalized Pulse Width Modulation Switch Model for Converters Based on the Multistate Switching Cell in Discontinuous Conduction Mode
Previous Article in Special Issue
Preliminary Study of Novel Bio-Crypto Key Generation Using Clustering-Based Binarization of ECG Features
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Lightweight Hash-Based Authentication Protocol for Smart Grids

1
Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Republic of Korea
2
School of Computer and Information Engineering, Kwangwoon University, Seoul-si 01897, Republic of Korea
3
Department of Computer Information Security, Howon University, 64 Impi-myeon, Howondae 3-gil, Gunsan-si 54058, Republic of Korea
*
Author to whom correspondence should be addressed.
Sensors 2024, 24(10), 3085; https://doi.org/10.3390/s24103085
Submission received: 15 April 2024 / Revised: 4 May 2024 / Accepted: 9 May 2024 / Published: 13 May 2024

Abstract

:
Smart grids integrate information and communications technology into the processes of electricity production, transportation, and consumption, thereby enabling interactions between power suppliers and consumers to increase the efficiency of the power grid. To achieve this, smart meters (SMs) are installed in households or buildings to measure electricity usage and allow power suppliers or consumers to monitor and manage it in real time. However, SMs require a secure service to address malicious attacks during memory protection and communication processes and a lightweight communication protocol suitable for devices with computational and communication constraints. This paper proposes an authentication protocol based on a one-way hash function to address these issues. This protocol includes message authentication functions to address message tampering and uses a changing encryption key for secure communication during each transmission. The security and performance analysis of this protocol shows that it can address existing attacks and provides 105,281.67% better computational efficiency than previous methods.

1. Introduction

A smart grid (SG) is an advanced power-grid system that integrates information and communications technologies to enhance the efficiency and reliability of electricity production, transportation, and consumption [1]. These systems enable intelligent demand management, the linkage of new and renewable energies, and electric vehicle charging through real-time information exchange between suppliers and consumers [2]. As the sales of electric vehicles and power consumption increase significantly every year, SGs and related security issues have become more important [3]. One of the key components of the SG is the deployment of smart meters (SMs) in households and buildings [4,5,6,7,8,9,10], which enable the real-time monitoring and management of electricity usage by both power suppliers and consumers.
Information monitored in real time is important for security [11]. For example, if electricity usage is leaked outside, an attacker can determine whether a house is empty, and by analyzing this information, they can also determine the living patterns of the individual. This is an important personal privacy issue, as individuals may become involved in crimes or undesirable events against their will. In another example, problems may occur if electricity usage is falsified. Attackers may attempt to make financial gains by reducing their own usage; conversely, attackers may increase their usage and cause inconvenience to neighbors with whom they do not get along.
However, the security of SMs and their communication protocols is of paramount importance for preventing malicious attacks and ensuring the integrity and confidentiality of data. To address these security concerns, this paper introduces a hash-based lightweight authentication scheme specifically designed for SG environments. The proposed authentication scheme aims to provide a secure and efficient method for authenticating communication between SMs and power suppliers while considering the computational and communication constraints of these devices.
The primary objective of the authentication scheme is to ensure the following:
  • Secure memory protection: The scheme addresses the need for secure memory protection in SMs to safeguard against the unauthorized access and tampering of sensitive data stored within the devices.
  • Robust communication security: By employing a lightweight communication protocol, the scheme ensures secure communication between SMs and power suppliers, protecting against eavesdropping, message tampering, and replay attacks.
  • Efficient computational requirements: Recognizing the resource limitations of SMs, the proposed scheme aims to minimize the computational overhead, ensuring efficient authentication without compromising security.
Recently, researchers [4,5,6,7,8,9,10] have conducted studies on the security of SMs and their communication protocols; however, several of these studies [4,5,6,7,8,9,10] have failed to satisfy the various security requirements outlined earlier. In 2021, Aghapour et al. [10] published a study on lightweight cryptography. However, our study demonstrates that Aghapour et al. [10]’s study has vulnerabilities, such as inferred data reports, extracted keys, and the potential for message recovery. Therefore, a new authentication protocol is required for SGs.
We propose a scheme that satisfies these requirements. Our scheme is designed to provide secure memory protection and has been verified to satisfy ten security requirements, ensuring robust communication security. Our scheme is based on a one-way hash function and utilizes message authentication functions and changing encryption keys to satisfy efficient computational requirements. Through a comprehensive security and performance analysis, the proposed scheme demonstrates its effectiveness in addressing existing attacks and achieving better computational efficiency than previous studies.
The remainder of this paper is organized as follows: In Section 3, we present the hash functions of the system and attack models. The target scheme is introduced in Section 4. Section 5 describes the limitations of the proposed scheme. The proposed scheme is presented in Section 6. In Section 7, we provide formal and informal security analyses. In Section 8, we present a performance analysis of the proposed scheme, and in Section 9, we discuss the results. Finally, we conclude this paper in Section 10.

2. Related Work

In the field of SG security, several studies have proposed lightweight authentication schemes that address the unique challenges and requirements of SG environments.
In 2018, Mahomood et al. [4] proposed an authentication scheme based on elliptic curve cryptography (ECC) to satisfy the complex security requirements of SGs. In 2021, Sadhukhan et al. [6] introduced an ECC-based SG communication authentication scheme comprising a trusted authority, an SM, and a service provider. Sadhukhan et al. [6]’s scheme defends against impersonation attacks, which Mahomood et al. [4]’s scheme fails to protect against, and additionally satisfies, SM anonymity and data confidentiality. In 2021, Sureshkumar et al. [7] designed a scheme for the communication between service providers and SMs. However, Sureshkumar’s method is vulnerable because it does not use a one-time pad key. Furthermore, in 2023, Hu et al. [5] pointed out that Mahomood et al. [4]’s scheme does not ensure user anonymity and is vulnerable to ephemeral secret leakage attacks, and hence proposed an authentication and key agreement scheme for SGs with enhanced security based on ECC.
Recently, several authentication schemes for SG environments that do not use ECC have been proposed. In 2020, Kaveh and Mosavi [8] introduced an authentication scheme for SG environments using a physically unclonable function to counteract attacks involving physical replication or damage. Recently, Tanveer and Alasmary [9] proposed an authentication scheme for SG environments using the new hash function “Esch256”. In 2021, Aghapour et al. [10] proposed a fully lightweight two-way communication scheme for SG environments. Aghapour et al. [10] utilized only one-way hash functions and XOR operations for authentication between the participants, making their scheme the most lightweight one. However, in this study, we identified a critical vulnerability in Aghapour et al. [10]’s scheme. Their scheme enables the extraction of keys when data reports are inferred, and messages can be recovered based on the extracted key.

3. Preliminaries

In this section, the hash function, system model, and attack model are described. The details are as follows:

3.1. Hash Function

In this study, we adopt a hash function as an algorithm for verifying messages or for generating keys [12,13,14]. Hash functions are widely known to have the following four main characteristics:
  • Compute a hash function efficiently: The calculation of the hash value by the hash function must be fast, regardless of the size of the input data.
  • Preimage resistance: For the hash function h ( · ) , given y = h ( x ) , it should be computationally infeasible to find x.
  • Second preimage resistance: For the hash function h ( · ) , given x, it should be computationally infeasible to find another x 2 x such that h ( x ) = h ( x 2 ) .
  • Collision resistance: For the hash function h ( · ) , it should be computationally infeasible to find x 1 and x 2 , where x 1 x 2 such that h ( x 1 ) = h ( x 2 ) .
Furthermore, recent studies have shown that widely used hash functions, such as MD4, MD5, SHA1, RIPEMD-160, SHA2-256, and SHA-512, are prone to issues, such as collision resistance, second preimage resistance, and no length extension, owing to advances in computational speed [15]. Therefore, we assume that the hash function used in our scheme is the most recently developed and has yet to be found to be vulnerable: SHA3-256.

3.2. System Model

We proposed a scheme for communication between SMs and power supplier servers in an SG environment [16,17]. The two nodes that participate in the communication possess a hierarchical communication model as illustrated in Figure 1.
Smart grids provide bidirectional services; thus, automated communication occurs over public channels. If certain nodes provide incorrect status and situational information, the microgrid controlled by these nodes is at risk of being compromised [18]. Furthermore, while current smart grids are easily deployable and modifiable, they must be carefully designed due to the various existing cyber threats they face [19].
Smart grids have long been subject to attacks worldwide. In 2009, a senior analyst at the US CID reported that Russian and Chinese cyber spies had penetrated the US power grid [20]. In December 2016, Russia attacked Ukraine’s energy grid, which resulted in opening the circuit breakers of Ukraine’s energy grid and caused a power outage for about an hour [21].
Attacks on smart grids typically originate from the information sent from endpoint devices to common nodes such as neighborhood gateways. Attackers who infiltrate the smart grid network through these devices can then exploit vulnerabilities in the central control system to take over the smart grid. Subsequently, attackers may attempt attacks such as power shutdowns and personal data breaches through the control system, causing damage. To defend against such attacks, the FERC uses emergency orders and sanctions related to the cyber security of the power infrastructure [22], while NIST sets standards to ensure all systems in the smart grid are interoperable [23].
The details regarding the participating smart meters ( S M s) and neighborhood gateways ( N G ) are as follows:
  • Smart meter ( S M ): An electronic device that measures the consumption of utilities, such as electricity, gas, and water, collecting data in real time. It communicates with the neighborhood gateway to transmit data reports. Users utilize SMs to monitor their energy usage.
  • Neighborhood gateway ( N G ): A neighborhood gateway is configured within a neighborhood area network and communicates regularly with dozens to hundreds of smart meters. For example, it could be installed in a commercial building’s technical room, where it serves the role of transmitting data to a central energy management system, or it might be placed within a home to monitor the household’s energy consumption. In the case of a residential gateway, it could be connected via Bluetooth, Zigbee, or Wi-Fi, and typically supports a capacity of 128 MB or more [24,25]. At a minimum, the gateway must store the information from the smart meter until it can be sent to the cloud or the company. The neighborhood gateway enables smart meters to exchange information with the cloud or the company. It requests data from each SM and collects their data. The neighborhood gateway checks the confidentiality and integrity of the data collected from the SMs.

3.3. Attack Model

We propose a scheme based on the threat model suggested by Dolev–Yao [26,27]. The main characteristics of the Dolev–Yao model [26] are as follows:
  • The attacker eavesdrops on all the transmission packets used in the public channel.
  • The attacker attempts to decrypt the eavesdropped transmission packets to obtain the values (data report, message, etc.) intended for transmission through communication.
  • The attacker attempts to alter the messages used in communication by performing a man-in-the-middle attack.
  • The attacker attempts a replay attack.
In this paper, we propose a scheme that defends against these attacks and demonstrate its resistance to them.

4. Review of Aghapour et al.’s Scheme [10]

In this section, we introduce the target scheme suggested by Aghapour et al. [10]. Their scheme consists of an initialization phase and a secure communication phase.

4.1. Initialization Phase

In Aghapour et al. [10]’s scheme, at this stage, each j-th S M j registers its identity I D j with a neighborhood gateway ( N G ). N G then transmits an initial secret key value K 0 j to each SM over a secure channel. Subsequently, N G stores the pair of the SM identity and secret key ( I D j , K 0 j ) in its database, and each SM S M j stores the initial secret key value K j 0 in its memory.

4.2. Secure Communication Phase

In the stage proposed by Aghapour et al. [10], message authentication between the j-th SM S M j and N G occurs over a public channel. The details are as follows.

4.2.1. First Authentication

  • N G generates the random number r i j for S M j . N G computes A i j = ( ( m i j r i j ) r i j ) K i j , V i j = H ( m i j r i j I D j T N G K i j ) , where m i j is the i-th message for S M j , T N G is a timestamp of N G , and H ( · ) is a one-way hash function. N G sends a message M 1 = { A i j , V i j , T N G , I D j } to S M j in the public channel.
  • S M j receives the message M 1 = { A i j , V i j , T N G , I D j } from N G , and computes ( m i j r i j ) r i j = A i j K i j to obtain r i j and m i j . S M j verifies V i j = h ( m i j r i j I D j T N G K i j ) . If it fails to verify the message, S M j stops the protocol. If its verification succeeds, the authenticity of N G is verified by S M j , and the first authentication phase ends.

4.2.2. Second Authentication

  • S M j computes E i j = ( h ( r i j ) D i j ) K i j , where D i j is the data report from the corresponding SM, and h ( · ) is a different hash function with H ( · ) . S M j creates the new key K i + 1 j = H ( r i j I D j T j K i j ) , where T j is a timestamp of S M j . It replaces the old key K i j with K i + 1 j . S M j makes the verification V i j = H ( D i j r i j I D j T j K i + 1 j ) and sends a message M 2 = { E i j , V i j , T j } to N G .
  • N G receives the message M 2 = { E i j , V i j , T j } from S M j and computes ( h ( r i j ) D i j ) = E i j K i j . N G computes K i + 1 j = H ( r i j I D j T j K i j ) . N G verifies V i j = H ( D i j r i j I D j T j K i + 1 j ) , and if its verification succeeds, N G compares D i j with the existing format and stores K i + 1 j in its database.

5. Limitations of Aghapour et al.’s Scheme [10]

We identified a critical vulnerability in the scheme proposed by Aghapour et al. [10] as previously described. In this section, we discuss the vulnerabilities identified in Aghapour et al. [10]’s scheme. The details are as follows:

5.1. Inferrability of the Data Report

We assume that the data report D i j can be inferred because it has a similar format. This is likely because the data report D i j , such as electricity usage, tends to be within a certain range of the actual values.

5.2. Inferrability of the Message

We can obtain the values of A i j and E i j using the values in M 1 and M 2 transmitted over the public channel. Using the obtained A i j and E i j values, we derive the following equation:
A i j E i j
= ( ( ( m i j r i j ) r i j ) K i j ) ( ( h ( r i j ) D i j ) K i j )
= ( ( m i j r i j ) r i j ) ( h ( r i j ) D i j )
Here, we assume that we can estimate D i j according to Section 5.1; thus, we obtain the value of r i j . In addition, we obtain h ( r i j ) using r i j . Finally, we can derive the message m i j using the previously obtained r i j , h ( r i j ) , and D i j .

5.3. Extraction of the Secret Key

In Section 5.2, we obtained r i j , m i j , and D i j . Using these variables, we derived the secret key value K i j using A i j . This is derived as follows:
A i j = ( ( m i j r i j ) r i j ) K i j
K i j = ( ( m i j r i j ) r i j ) A i j

6. Proposed Scheme

In this section, we propose enhanced hash-based authentication in SGs to address the vulnerabilities identified in Section 5. The notations used in this paper are explained in Table 1. The details are as follows:

6.1. Initialization Phase

In this phase, N G verifies the identity of each SM and assigns an initial secret key individually. The details are shown in Figure 2.
  • We denote the j-th SM as S M j . At this time, S M j selects its own identity information. When the identity chosen by S M j is denoted as I D j , S M j transmits the I D j information to N G through a secure channel.
  • N G receives the identity information of each SM through a secure channel. Assuming that it receives the identity I D j of the j-th SM, N G generates an initial secret key K 0 j for communication with S M j . N G then stores the pair I D j , K 0 j in its database. N G transmits the generated K 0 j to S M j through a secret channel, and S M j receives and stores the secret key K 0 j .

6.2. First Secure Communication Phase

In this phase, N G sends information to the j-th SM S M j through a public channel, protecting it from external leakage using hashing and concatenation operations. S M j checks the message received from N G and verifies its integrity. The details are presented in Figure 3.
  • To securely send a message to S M j , N G generates a random number r i j and a timestamp T N G . To protect the message m i j from external leakage, N G performs the following operations: A i j = ( ( m i j r i j ) r i j ) K i j , V i j = H ( m i j r i j I D j T N G K i j ) . N G then transmits M 1 = { A i j , V i j , T N G , I D j } to S M j through a public channel.
  • Upon receiving M 1 = { A i j , V i j , T N G , I D j } from N G , S M j checks if the timestamp T N G is within an appropriate range and performs the following operations to verify the message: ( m i j r i j ) r i j = A i j K i j . S M j computes m i j using the extracted r i j : m i j = ( m i j r i j ) r i j . Then, it computes V i j = H ( m i j r i j I D j T N G K i j ) to verify the integrity of the message. If the verification fails, the protocol is immediately halted. If the verification succeeds, the next phase proceeds.

6.3. Second Secure Communication Phase

In this phase, S M j protects and transmits its data report via a public channel to prevent external leakage. N G verifies the data report received from S M j and checks its integrity. The details are presented in Figure 4.
  • To securely send the data report D i j to N G , S M j generates a timestamp T j and performs the following operations: E i j = ( h ( r i j ) h ( K i j ) D i j ) K i j . It then computes the new key value K i + 1 j = H ( r i j I D j T N G K i j ) and performs the verification V i j = H ( m i j r i j I D j T j K i + 1 j ) . Then, S M j transmits M 2 = { E i j , V i j , T j } to N G through a public channel.
  • Upon receiving M 2 = { E i j , V i j , T j } from S M j , N G checks if the timestamp T j is within an appropriate range and performs the following operations for verification D i j : ( h ( r i j ) h ( K i j ) D i j ) = E i j K i j , D i j = ( h ( K i j ) D i j ) h ( K i j ) . N G compares D i j with existing reports, and if it matches the established format, it is accepted. When N G computes K i + 1 j = H ( r i j I D j T N G K i j ) and checks the verification V i j = H ( m i j r i j I D j T j K i + 1 j ) , if the verification is successful, K i + 1 j replaces the existing K i j .

7. Security Analysis of the Proposed Scheme

In this section, we describe the formal and informal security analyses of the proposed scheme. The formal security analysis is conducted using ProVerif 2.05 [28], whereas the informal security analysis includes ten different analyses, including providing mutual authentication and resisting replay attacks.

7.1. Formal Security Analysis

In this section, we discuss the results of a formal analysis of our scheme conducted using ProVerif. The analysis using ProVerif demonstrates the results of verifying and analyzing the security of the proposed scheme as in several recent studies [29,30,31,32].
We define two types of channels: privateChannel and publicChannel. The reason for setting the publicChannel as private is discussed later when explaining the S M j and N G processes. The constants are set with the S M j I D and the N G unique value as N. Functions define XOR, concatenate, and two hash operations, and events for S M j and N G are defined for both the first and second authentication phases. The detailed information is provided in Table 2.
The initial and authentication phases of S M j and N G are listed in Table 3 and Table 4. The initial phases of S M j and N G are transmitted through the privateChannel. Subsequently, the first authentication begins. However, the process of omitting the part where r is concatenated cannot be implemented using ProVerif. Therefore, to modify it such that N G sends r to S M j , the publicChannel is set to private to verify the formality.
We verify the results in Table 5 using the queries listed in Table 6. The results are as follows:
  • Query inj-event(EVENT) ==> inj-event(EVENT) is true.
  • Query not attacker(K) is true.
“Query inj-event(EVENT) ==> inj-event(EVENT) is true” indicates that the event has been verified, and the authentication is successful. This indicates that the event occurred as expected, and under the specified conditions, the authentication mechanism functioned correctly. “Query not attacker(K) is true” indicates that the result of this query is true, which indicates that the attacker could not discover the keys within the array.

7.2. Informal Security Analysis

In this section, we present an informal verification of the proposed scheme. Table 7 shows a comparison with previous studies [5,7,10,33]. We conducted ten informal verifications, and the details are as follows.

7.2.1. Provide Mutual Authentication

The proposed scheme verifies the integrity of the message received by S M j from N G during the first authentication phase and the integrity of the message received by N G from S M j during the second authentication phase. Therefore, the proposed scheme provides mutual authentication.

7.2.2. Resist Replay Attack

In the proposed scheme, the decision to proceed with the subsequent operations is based on verifying the timestamps T N G and T j transmitted during the first and second authentication phases, respectively. Therefore, the proposed scheme is resistant to replay attacks.

7.2.3. Resist Smart Meter Impersonation Attack

For an attacker to impersonate S M j , they must be able to deceive N G into passing the V i j verification during the second authentication phase. To do this, the attacker must obtain the information necessary to generate V i j , which includes m i j , r i j , and K i + 1 j . The information required to generate K i + 1 j includes r i j and K i j . As the attacker cannot calculate these values from the information A i j and V i j available through the public channel, the attacker cannot impersonate S M j .

7.2.4. Resist Extraction of the Secret Key

The only way for an attacker to obtain K i j is by already knowing m i j and r i j , and then performing the operation ( ( m i j r i j ) r i j ) A i j or by intercepting it from the private channel. Assuming that interception from the private channel is not possible and because m i j and r i j are neither directly disclosed nor calculated, an attacker cannot obtain K i j in our scheme.

7.2.5. Resist Inferrability of the Message

The message m i j is extracted by performing an XOR operation between A i j and K i j . However, as there is no way for an attacker to obtain K i j , messages cannot be inferred in our scheme.

7.2.6. Resist Message Altering

In our scheme, message m i j and data report D i j are included in the information contained in A i j and E i j , respectively. To verify the integrity of each message m i j and data report D i j , ensuring they have not been altered, V i j and V i j are used for verification. Therefore, if an attacker arbitrarily changes the message to create A i j and E i j and attempts to extract the message, it will not pass the verification. Each message and data report can only be verified with the encryption key K i j ; however, as K i j cannot be extracted by the attacker, the attacker cannot verify the message and data report. Therefore, the proposed scheme resists message alterations.

7.2.7. Resist Injection Attack

In the authentication phases, as message m i j and data report D i j to be transmitted contain the verification variables V i j and V i j , it is impossible to perform a data injection attack on the original message and data report. This prevents SQL injections, cross-site scripting, code injections, and other related attacks from becoming feasible.

7.2.8. Provide forward Secrecy

Our scheme employs a method for hashing values that include K i j to generate K i + 1 j . Even if the future key K i + 1 j is compromised, it is computed as K i + 1 j = H ( r I D j T N G K i j ) , which makes it impossible to deduce the value of K i j because of the one-way nature of the hash function. Thus, the proposed scheme provides forward secrecy.

7.2.9. Provide One-Time Pad Key

Our scheme employs a method for hashing values that include K i j to generate the new key K i + 1 j . Thus, the proposed scheme provides a one-time pad key.

7.2.10. Resist Man-in-the-Middle Attack

In the scenario where an attacker accesses the public channel used during the first and second authentication phases of our scheme to carry out a man-in-the-middle attack, the only information they can obtain are M 1 = { A i j , V i j , T N G , I D j } and M 2 = { E i j , V i j , T j } . These values include the smart meter’s identity information and timestamps T N G and T j , but among the A i j = ( ( m i j r i j ) r i j ) K i j , V i j = H ( m i j r i j I D j T N G K i j ) , V i j = H ( m i j r i j I D j T j K i + 1 j ) , and E i j = ( h ( r i j ) h ( K i j ) D i j ) K i j information, the V i j and V i j values are hashed and therefore unusable. Even if the attacker can see the A i j or E i j values, without knowing the session key, which changes with each session, they cannot recreate these values. Therefore, a man-in-the-middle attack is not feasible.

8. Performance Analysis of the Proposed Scheme

In this section, we compare the performance of our paper with related studies. Performance analysis was conducted in the environment of Table 8. The time taken for a hash algorithm was measured as 0.012 ms for symmetric key encryption, decryption was 0.19 ms, and for scalar multiplication in the field, it was 28.03 ms. The computational overhead of the authentication phases for our scheme and related studies [5,7,10,33] is presented in Table 9.
We compute the performance of our scheme in the environment of Table 8 using five hash functions, resulting in a total computational load of 5 T h for the neighborhood gateway and 5 T h for the smart meter, totaling 10 T h = 0.12 ms. According to our findings, Hu et al. [5]’s scheme requires the neighborhood gateway to perform four field multiplications (4 T m ) and use 5 T h . The smart meter operates at 4 T m + 5 T h , totaling 8 T m + 10 T h = 224.36 ms. In Garg et al. [33]’s scheme, the neighborhood gateway performs three field multiplications ( T m ), four hash function operations ( T h ), and one symmetric key encryption ( T e ). Additionally, Garg et al.’s smart meter computes at 3 T m + 4 T h + 1 T e , totaling 6 T m + 8 T h + 2 T e = 168.656 ms. Similarly, Sureshkumar et al. [7]’s scheme calculates the neighborhood gateway at 3 T m + 6 T h , and the smart meter at 1 T m + 4 T h , totaling 4 T m + 10 T h = 112.24 ms. Furthermore, we confirmed that the vulnerable scheme by Aghapour et al. [10] involves 4 T h for both the neighborhood gateway and the smart meter, resulting in a total of 8 T h = 0.096 ms.

9. Discussion of Performance

Based on Section 8, we quantify and compare how much better our performance is. The formula we use is as follows:
( t 1 t 2 ) / t 2
According to Formula (6), our scheme demonstrates superior performance by 186,966.67%, 140,546.67%, 93,533.33% and 80.00% compared to Hu et al. [5]’s, Garg et al. [33]’s scheme, Sureshkumar et al. [7]’s scheme and Aghapour et al. [10] scheme. In contrast to other studies [5,7,10,33] which primarily utilize public key or symmetric key cryptography, our scheme mainly uses hash operations to construct lightweight protocols.
According to Table 7, which compares the security aspects of our scheme against others, we found that our scheme performs about 20% worse than Aghapour et al. [10]’s scheme in terms of efficiency. However, our scheme is significantly safer than the proposal by Aghapour et al. [10]. We have developed a scheme that provides a one-time pad key, which Sureshkumar et al. [7]’s scheme failed to do. Moreover, our scheme outperforms the average of the four schemes, including those by Garg et al. [33] and Hu et al. [5], by approximately 105,281.67%.

10. Conclusions

In this paper, we proposed a lightweight authentication scheme for SG environments. Our scheme minimizes computational requirements by using only hash functions and XOR operations, and provides security against ten protocol vulnerabilities that previous studies failed to defend, including the extraction of secret keys and the inferrability of the message. We demonstrate that our scheme satisfies the security requirements using ProVerif, a formal verification tool. Moreover, in terms of performance, our scheme shows a superior computational speed of 105,281.67% compared with other schemes.

Author Contributions

Conceptualization, S.K.; Methodology, K.K., S.K. and Y.L.; Software, K.K. and J.R.; Validation, S.K. and J.R.; Formal analysis, K.K. and Y.L.; Supervision, D.W.; Funding acquisition, D.W. All authors have read and agreed to the published version of the manuscript.

Funding

This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. RS-2023-00239728).

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Jumayev, B.A.; Nazarov, S. Smart Calculation of Heat Energy Supplied by Hot Water. IEIE Trans. Smart Process. Comput. 2023, 12, 155–161. [Google Scholar] [CrossRef]
  2. Barman, P.; Dutta, L.; Bordoloi, S.; Kalita, A.; Buragohain, P.; Bharali, S.; Azzopardi, B. Renewable energy integration with electric vehicle technology: A review of the existing smart charging approaches. Renew. Sustain. Energy Rev. 2023, 183, 113518. [Google Scholar] [CrossRef]
  3. Hasan, M.K.; Habib, A.A.; Shukur, Z.; Ibrahim, F.; Islam, S.; Razzaque, M.A. Review on cyber-physical and cyber-security system in smart grid: Standards, protocols, constraints, and recommendations. J. Netw. Comput. Appl. 2023, 209, 103540. [Google Scholar] [CrossRef]
  4. Mahmood, K.; Chaudhry, S.A.; Naqvi, H.; Kumari, S.; Xiong, L.; Sangaiah, A.K. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Gener. Comput. Syst. 2018, 81, 557–565. [Google Scholar] [CrossRef]
  5. Hu, S.; Chen, Y.; Zheng, Y.; Xing, B.; Li, Y.; Zhang, L.; Chen, L. Provably secure ECC-based authentication and key agreement scheme for advanced metering infrastructure in the smart grid. IEEE Trans. Ind. Inform. 2023, 19, 5985–5994. [Google Scholar] [CrossRef]
  6. Sadhukhan, D.; Ray, S.; Obaidat, M.S.; Dasgupta, M. A secure and privacy preserving lightweight authentication scheme for smart-grid communication using elliptic curve cryptography. J. Syst. Archit. 2021, 114, 101938. [Google Scholar] [CrossRef]
  7. Sureshkumar, V.; An hi, S.; Amin, R.; Selvarajan, N.; Madhumathi, R. Design of robust mutual authentication and key establishment security protocol for cloud-enabled smart grid communication. IEEE Syst. J. 2020, 15, 3565–3572. [Google Scholar] [CrossRef]
  8. Kaveh, M.; Mosavi, M.R. A lightweight mutual authentication for smart grid neighborhood area network communications based on physically unclonable function. IEEE Syst. J. 2020, 14, 4535–4544. [Google Scholar] [CrossRef]
  9. Tanveer, M.; Alasmary, H. LACP-SG: Lightweight authentication protocol for smart grids. Sensors 2023, 23, 2309. [Google Scholar] [CrossRef]
  10. Aghapour, S.; Kaveh, M.; Mosavi, M.R.; Martín, D. An ultra-lightweight mutual authentication scheme for smart grid two-way communications. IEEE Access 2021, 9, 74562–74573. [Google Scholar] [CrossRef]
  11. Shim, S.; Kim, J.Y.; Hwang, S.W.; Oh, J.M.; Kim, B.K.; Park, J.H.; Hyun, D.J.; Lee, H. A Comprehensive Review of Cyber-physical System (CPS)-based Approaches to Robot Services. IEIE Trans. Smart Process. Comput. 2024, 13, 69–80. [Google Scholar] [CrossRef]
  12. Ryu, J.; Lee, H.; Lee, Y.; Won, D. SMASG: Secure mobile authentication scheme for global mobility network. IEEE Access 2022, 10, 26907–26919. [Google Scholar] [CrossRef]
  13. Degefa, F.; Ryu, J.; Kim, H.; Won, D. MES-FPMIPv6: MIH-Enabled and enhanced secure Fast Proxy Mobile IPv6 handover protocol for 5G networks. PLOS ONE 2022, 17, e0262696. [Google Scholar] [CrossRef]
  14. Lee, H.; Ryu, J.; Won, D. Secure and Anonymous Authentication Scheme for Mobile Edge Computing Environments. IEEE Int. Things J. 2024, 11, 5798–5815. [Google Scholar] [CrossRef]
  15. Cheval, V.; Cremers, C.; Dax, A.; Hirschi, L.; Jacomme, C.; Kremer, S. Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security 23), Anaheim, CA, USA, 9–11 August 2023; pp. 5899–5916. [Google Scholar]
  16. Abbasinezhad-Mood, D.; Nikooghadam, M. An ultra-lightweight and secure scheme for communications of smart meters and neighborhood gateways by utilization of an ARM Cortex-M microcontroller. IEEE Trans. Smart Grid 2017, 9, 6194–6205. [Google Scholar] [CrossRef]
  17. Ye, F.; Qian, Y.; Hu, R.Q. Energy efficient self-sustaining wireless neighborhood area network design for smart grid. IEEE Trans. Smart Grid 2014, 6, 220–229. [Google Scholar] [CrossRef]
  18. Khurana, H.; Hadley, M.; Lu, N.; Frincke, D.A. Smart-grid security issues. IEEE Secur. Priv. 2010, 8, 81–85. [Google Scholar] [CrossRef]
  19. Aloul, F.; Al-Ali, A.R.; Al-Dalky, R.; Al-Mardini, M.; El-Hajj, W. Smart grid security: Threats, vulnerabilities and solutions. Int. J. Smart Grid Clean Energy 2012, 1, 1–6. [Google Scholar] [CrossRef]
  20. Gorman, S. Electricity grid in US penetrated by spies. Wall Str. J. 2009, 8. [Google Scholar]
  21. Gjesvik, L.; Szulecki, K. Interpreting cyber-energy-security events: Experts, social imaginaries, and policy discourses around the 2016 Ukraine blackout. Eur. Secur. 2023, 32, 104–124. [Google Scholar] [CrossRef]
  22. Eisen, J.B. Who Regulates the Smart Grid: FERC’s Authority over Demand Response Compensation in Wholesale Electricity Markets. San Diego J. Clim. Energy L. 2012, 4, 69. [Google Scholar]
  23. Gopstein, A.; Nguyen, C.; O’Fallon, C.; Hastings, N.; Wollman, D. NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2021. [Google Scholar]
  24. Casa. EMH Metering. 4 May 2024. Available online: https://emh-metering.com/en/products/smart-meter-gateway/casa/ (accessed on 4 May 2024).
  25. Xiaomi. Smart-Home-Hub-2-Xiaomi UK. 4 May 2024. Available online: https://www.mi.com/uk/product/xiaomi-smart-home-hub-2/ (accessed on 4 May 2024).
  26. Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
  27. Park, B.; Kim, J.; McNair, J. ISAS: AAA Protocol-based Handover and Improved Security Methodology through the Integration Security Authentication System Constitute. IEIE Trans. Smart Process. Comput. 2023, 12, 358–367. [Google Scholar] [CrossRef]
  28. Blanchet, B.; Smyth, B.; Cheval, V.; Sylvestre, M. ProVerif 2.05: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial. 2023. Available online: https://bblanche.gitlabpages.inria.fr/proverif/manual.pdf (accessed on 4 May 2024).
  29. Kim, K.; Ryu, J.; Lee, H.; Lee, Y.; Won, D. Distributed and Federated Authentication Schemes Based on Updatable Smart Contracts. Electronics 2023, 12, 1217. [Google Scholar] [CrossRef]
  30. Kang, T.; Woo, N.; Ryu, J. Enhanced Lightweight Medical Sensor Networks Authentication Scheme Based on Blockchain. IEEE Access 2024, 12, 35612–35629. [Google Scholar] [CrossRef]
  31. Kim, K.; Ryu, J.; Lee, Y.; Won, D. An improved lightweight user authentication scheme for the internet of medical things. Sensors 2023, 23, 1122. [Google Scholar] [CrossRef]
  32. Liu, Y.; Cheng, C.; Gu, T.; Jiang, T.; Li, X. A lightweight authenticated communication scheme for smart grid. IEEE Sens. J. 2015, 16, 836–842. [Google Scholar] [CrossRef]
  33. Garg, S.; Kaur, K.; Kaddoum, G.; Rodrigues, J.J.; Guizani, M. Secure and lightweight authentication scheme for smart metering infrastructure in smart grid. IEEE Trans. Ind. Inform. 2019, 16, 3548–3557. [Google Scholar] [CrossRef]
Figure 1. A system model where the smart meter and neighborhood gateway communicate with other neighborhoods’ edge nodes over the internet.
Figure 1. A system model where the smart meter and neighborhood gateway communicate with other neighborhoods’ edge nodes over the internet.
Sensors 24 03085 g001
Figure 2. The phase of registering the identity I D j of the smart meter S M j with the neighborhood gateway N G proposed in this study.
Figure 2. The phase of registering the identity I D j of the smart meter S M j with the neighborhood gateway N G proposed in this study.
Sensors 24 03085 g002
Figure 3. The first authentication phase between smart meter S M j and neighborhood gateway N G proposed in this study.
Figure 3. The first authentication phase between smart meter S M j and neighborhood gateway N G proposed in this study.
Sensors 24 03085 g003
Figure 4. The second authentication phase between smart meter S M j and neighborhood gateway N G proposed in this study.
Figure 4. The second authentication phase between smart meter S M j and neighborhood gateway N G proposed in this study.
Sensors 24 03085 g004
Table 1. Notations used in this paper.
Table 1. Notations used in this paper.
NotationsDescription
S M j j-th smart meter
N G Neighborhood gateway
I D j S M j ’s identification
m i j i-th message for S M j
D i j Data report of i-th S M j
V i j , V i j Verification
K i j i-th secret key for S M j
r i j i-th random number for S M j
h ( · ) , H ( · ) One-way hash function
X Y Concatenation operator
Bitwise XOR operator
T N G , T j Timestamp for N G and S M j
Table 2. ProVerif code for defining values and functions.
Table 2. ProVerif code for defining values and functions.
(*—-channels—-*)
free privateChannel:channel [private].
free publicChannel:channel [private].
(*—-constants—-*)
free ID:bitstring [private].
free N:bitstring [private].
(*—-shared key—-*)
free K:bitstring [private].
(*—-functions—-*)
fun xor(bitstring, bitstring):bitstring.
fun concat(bitstring, bitstring):bitstring.
fun h(bitstring):bitstring.
fun H(bitstring):bitstring.
equation forall a:bitstring, b:bitstring; xor(xor(a, b), b) = a.
(*—-events—-*)
event startfstS(bitstring).
event endfstS(bitstring).
event startfstN(bitstring).
event endfstN(bitstring).
event start2ndS(bitstring).
event end2ndS(bitstring).
event start2ndN(bitstring).
event end2ndN(bitstring).
Table 3. ProVerif code for the SM.
Table 3. ProVerif code for the SM.
(*—-SMj process—-*)
let SMj =
out(privateChannel, (ID));
in(privateChannel, (XK:bitstring));
event startfstS(ID);
in(publicChannel, (XA:bitstring, XV:bitstring, XT:bitstring, XXID:bitstring, Xr:bitstring));
let P = xor(xor(XA, XK), XA) in
let Xm = xor(P, Xr) in
let XXV = H(concat(concat(Xm, Xr), concat(concat(XXID, XT), XK))) in
event endfstS(ID);
event start2ndS(ID);
if XV = XXV then
new Tj:bitstring;
new D:bitstring;
let E = xor(xor(concat(h(Xr), h(XK)), D), XK) in
let newK = H(concat(concat(Xr, XXID), concat(XT, XK))) in
let Vp = H(concat(concat(Xm, Xr), concat(concat(XXID, Tj), newK))) in
out(publicChannel,(E, Vp, Tj));
event end2ndS(ID).
Table 4. ProVerif code for the neighborhood gateway.
Table 4. ProVerif code for the neighborhood gateway.
(*—-NG process—-*)
let NG =
in(privateChannel, (XID:bitstring));
out(privateChannel, (K));
event startfstN(N);
new r:bitstring;
new m:bitstring;
new T:bitstring;
let A = xor(xor(m, r), K) in
let V = H(concat(concat(m, r), concat(concat(XID, T), K))) in
out(publicChannel,(A, V, T, XID, r));
event endfstN(N);
event start2ndN(N);
in(publicChannel,(XE:bitstring, XVp:bitstring, XTj:bitstring));
let PP = xor(XE, K) in
let XD = xor(PP, concat(h(r), h(K))) in
let XnewK = H(concat(concat(r, XID), concat(T, K))) in
let XXVp = H(concat(concat(m, r), concat(concat(XID, XTj), XnewK))) in
if XVp = XXVp then
event end2ndN(N).
Table 5. ProVerif query results.
Table 5. ProVerif query results.
Query inj-event(endfstS(IDj)) ==> inj-event(startfstS(IDj)) is true.
Query inj-event(end2ndS(IDj)) ==> inj-event(start2ndS(IDj)) is true.
Query inj-event(endfstN(IDj)) ==> inj-event(startfstN(IDj)) is true.
Query inj-event(end2ndN(IDj)) ==> inj-event(start2ndN(IDj)) is true.
Query not attacker(K[]) is true.
Table 6. ProVerif code for queries.
Table 6. ProVerif code for queries.
(*—-queries—-*)
query IDj:bitstring; inj-event(endfstS(IDj)) ==> inj-event(startfstS(IDj)).
query IDj:bitstring; inj-event(end2ndS(IDj)) ==> inj-event(start2ndS(IDj)).
query IDj:bitstring; inj-event(endfstN(IDj)) ==> inj-event(startfstN(IDj)).
query IDj:bitstring; inj-event(end2ndN(IDj)) ==> inj-event(start2ndN(IDj)).
query attacker(K).
(*—-process—-*)
process
((!SMj)|(!NG))
Table 7. Comparison of security features.
Table 7. Comparison of security features.
Security FeaturesSureshkumar et al. [7]Garg et al. [33]Hu et al. [5]Aghapour et al. [10]Ours
Provide Mutual AuthenticationOOOOO
Resist Replay AttackOOOOO
Resist Smart Meter Impersonation AttackOOOOO
Resist Extraction of the Secret KeyOOOOO
Resist Inferrability of the MessageOOOXO
Resist Message AlteringOOOXO
Resist Injection AttackOOOOO
Provide Forward SecrecyOOOOO
Provide One-time Pad KeyXOOOO
Resist Man-in-the-Middle AttackOOOXO
Table 8. Development environment.
Table 8. Development environment.
ItemValue
CPUIntel(R) Core(TM) i7-8565U CPU @ 1.80 GHz 1.99 GHz (Intel, Santa Clara, CA, USA)
RAM16.0 GB
OSWindows 10 Home
SoftwareJDK 17
Security levelsecp521r1 ECC
Table 9. Comparisons of computational costs (ms).
Table 9. Comparisons of computational costs (ms).
SchemesHu et al. [5]Garg et al. [33]Sureshkumar et al. [7]Aghapour et al. [10]Ours
NG, SP 4 T m + 5 T h 3 T m + 4 T h + 1 T e 3 T m + 6 T h 4 T h 5 T h
= 112.18 = 84.328 = 84.162 = 0.048 = 0.06
Smart Meter(SM) 4 T m + 5 T h 3 T m + 4 T h + 1 T e 1 T m + 4 T h 4 T h 5 T h
= 112.18 = 84.328 = 28.078 = 0.048 = 0.06
Total 8 T m + 10 T h 6 T m + 8 T h + 2 T e 4 T m + 10 T h 8 T h 10 T h
= 224.36 = 168.656 = 112.24 = 0.096 = 0.12
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kook, S.; Kim, K.; Ryu, J.; Lee, Y.; Won, D. Lightweight Hash-Based Authentication Protocol for Smart Grids. Sensors 2024, 24, 3085. https://doi.org/10.3390/s24103085

AMA Style

Kook S, Kim K, Ryu J, Lee Y, Won D. Lightweight Hash-Based Authentication Protocol for Smart Grids. Sensors. 2024; 24(10):3085. https://doi.org/10.3390/s24103085

Chicago/Turabian Style

Kook, Sangjin, Keunok Kim, Jihyeon Ryu, Youngsook Lee, and Dongho Won. 2024. "Lightweight Hash-Based Authentication Protocol for Smart Grids" Sensors 24, no. 10: 3085. https://doi.org/10.3390/s24103085

APA Style

Kook, S., Kim, K., Ryu, J., Lee, Y., & Won, D. (2024). Lightweight Hash-Based Authentication Protocol for Smart Grids. Sensors, 24(10), 3085. https://doi.org/10.3390/s24103085

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop