Lightweight Anonymous Authentication and Key Agreement Protocol for a Smart Grid
Abstract
:1. Introduction
2. Related Work
- 1.
- This paper proposes a lightweight identity authentication and key agreement scheme based on ECC. This scheme fully leverages the advantages of key exchange mechanisms, as well as the message authentication capabilities of ECC and one-way hash functions. Entity identities are transmitted anonymously between sessions and dynamically encrypted using random numbers that cannot be traced from session to session.
- 2.
- To accommodate the growing number of devices and users, the scheme negotiates a new session key before each session for the next secret communication. It eliminates the need to interrupt service or store keys, and can ensure that the AKA scheme can adapt to an expanding SG scale by responding to changes in the network in real time.
- 3.
- The security of the proposed protocol was rigorously proven under the random oracle model (ROM) and was verified by a ProVerif 2.05 tool. It achieves user anonymity, mutual authentication, perfect forward security, resistance to impersonation attacks, man-in-the-middle attacks, and resistance to ephemeral secret leakage attacks.
- 4.
- The proposed scheme demonstrates significant reductions in computation and communication overheads compared to related schemes, while also providing improved security and functionality features. A comparison shows that the proposed scheme exhibits higher efficacy and robustness.
3. Preliminaries
3.1. Communication Model
3.2. Elliptic Curve Cryptography
- Efficient key generation and management
- Enhanced authentication mechanisms
3.3. Elliptic Curve Cryptography Mathematical Problems
4. Proposed Protocol
4.1. System Setup Phase
4.2. Registration Phase
Algorithm 1 System setup phase and registration processes of | |
#******************** System setup phase ********************# | |
1. | TA chooses , point and . |
2. | TA distributes {}. |
#******************** Registration processes of ********************# | |
3. | selects , generates |
4. | computes |
5. | submits towards TA via secure channel. |
6. | If is valid and not in the database, then: |
7. | TA generates |
8. | TA computes |
9. | TA stores |
10. | TA sends to |
11. | Else: |
12. | computes , |
13. | If then: |
14. | computes |
15. | stores |
16. | Else: |
17. | Terminate session |
18. | End if; |
19. | End |
4.3. Authentication and Key Agreement Phase
Algorithm 2 Authentication and key agreement | |
#******************** Authentication and key agreement ********************# | |
1. | generates |
2. | computes , , , |
3. | sends to |
4. | computes , |
5. | computes ) |
6. | If then: |
7. | Terminate session |
8. | Else: |
9. | generates , |
10. | computes , |
11. | computes |
12. | sends to |
13. | computes |
14. | If then: |
15. | Terminate session |
16. | Else: |
17. | computes |
18. | End if; |
19. | End |
5. Security Analysis
5.1. Adversary Model
5.2. Formal Security Analysis
- (1)
- Acceptance: If an instance receives the final expected protocol message, then enters the acceptance state.
- (2)
- Freshness: Instances is fresh when the following conditions are met:
- is accepted and has the session key.
- Neither nor his partner (if existing) has been queried by .
- is not queried by 𝒜.
- (3)
- Empty: This state indicates that the instance’s input was not answered.
- (1)
- and have successfully authenticated each other and share the same session identifier.
- (2)
- and are both in the acceptance state;
- (3)
- and are mutual partners.
- (1)
- The probability of collisions in the output of the hash function is at most:
- (2)
- The probability of collisions in random numbers is at most:
- (1)
- If 𝒜 receives , 𝒜 performs hash queries to compute . Thus, the probability of encountering the cases , is: .
- (2)
- If 𝒜 receives , then the probability of encountering the case is: .
5.3. Descriptive Security Analysis
5.3.1. Anonymity and Untraceability
5.3.2. Perfect Forward Security
5.3.3. Mutual Authentication and Key Establishment
5.3.4. Privileged-Insider Attack Resistance
5.3.5. Replay Attack Resistance
5.3.6. Impersonation Attacks Resistance
5.3.7. Man-in-Middle Attack Resistance
5.4. Automatic Formal Verification by ProVerif
- (1)
- query attacker (SSKS).
- (2)
- query attacker (SSKSP).
6. Performance Comparison
6.1. Security and Functionality Features Comparison
6.2. Computation Cost
6.3. Communication Costs
6.4. Analysis of Performance Comparison Results
7. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Mahmood, K.; Chaudhry, S.A.; Naqvi, H.; Kumari, S.; Li, X.; Sangaiah, A.K. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Gener. Comput. Syst. 2018, 81, 557–565. [Google Scholar] [CrossRef]
- Abbasinezhad-Mood, D.; Nikooghadam, M. Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications. Future Gener. Comput. Syst. 2018, 84, 47–57. [Google Scholar] [CrossRef]
- Baghestani, S.H.; Moazami, F.; Tahavori, M. Lightweight authenticated key agreement for smart metering in smart grid. IEEE Syst. J. 2022, 16, 4983–4991. [Google Scholar] [CrossRef]
- Rahman, M.A.; Islam, M.R.; Hossain, M.A.; Rana, M.S.; Hossain, M.J.; Gray, E.M. Resiliency of forecasting methods in different application areas of smart grids: A review and future prospects. Eng. Appl. Artif. Intell. 2024, 135, 108785. [Google Scholar] [CrossRef]
- Kumar, V.; Ahmad, M.; Mishra, D.; Kumari, S.; Khan, M.K. RSEAP: RFID based secure and efficient authentication protocol for vehicular cloud computing. Veh. Commun. 2020, 22, 100213. [Google Scholar]
- Badar, H.M.S.; Qadri, S.; Shamshad, S.; Ayub, M.F.; Mahmood, K.; Kumar, N. An identity based authentication protocol for smart grid environment using physical uncloneable function. IEEE Trans. Smart Grid 2021, 12, 4426–4434. [Google Scholar] [CrossRef]
- Sadhukhan, D.; Ray, S.; Obaidat, M.S.; Dasgupta, M. A secure and privacy preserving lightweight authentication scheme for smart-grid communication using elliptic curve cryptography. J. Syst. Archit. 2021, 114, 101938. [Google Scholar]
- Qiu, Y.; Ma, M. A mutual authentication and key establishment scheme for M2M communication in 6LoWPAN networks. IEEE Trans. Ind. Inform. 2016, 12, 2074–2085. [Google Scholar] [CrossRef]
- Huseinovic, A.; Mrdovic, S.; Bicakci, K.; Uludag, S. A survey of denial-of-service attacks and solutions in the smart grid. IEEE Access 2020, 8, 177447–177470. [Google Scholar]
- Xia, Z.; Liu, T.; Wang, J.; Chen, S. A secure and efficient authenticated key exchange scheme for smart grid. Heliyon 2023, 9, e17240. [Google Scholar] [CrossRef]
- Qiu, S.; Wang, D.; Xu, G.; Kumari, S. Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Trans. Dependable Secur. Comput. 2020, 19, 1338–1351. [Google Scholar] [CrossRef]
- Yu, S.; Park, K. Puf-based robust and anonymous authentication and key establishment scheme for v2g networks. IEEE Internet Things J. 2024, 11, 15450–15464. [Google Scholar] [CrossRef]
- Wang, L.J.; Zhang, K.Y.; Wang, J.Y.; Cheng, J.; Yang, Y.H.; Tang, S.B.; Yan, D.; Tang, Y.L.; Liu, Z.; Yu, Y.; et al. Experimental authentication of quantum key distribution with post-quantum cryptography. NPJ Quantum Inf. 2021, 7, 67. [Google Scholar] [CrossRef]
- Li, X.; Niu, J.; Alam Bhuiyan, Z.; Wu, F.; Karuppiah, M.; Kumari, S. A robust ECC-based provable secure authentication protocol with privacy preserving for industrial Internet of Things. IEEE Trans. Ind. Inform. 2017, 14, 3599–3609. [Google Scholar] [CrossRef]
- Wu, D.; Zhou, C. Fault-tolerant and scalable key management for smart grid. IEEE Trans. Smart Grid 2011, 2, 375–381. [Google Scholar]
- Khan, A.A.; Kumar, V.; Ahmad, M.; Rana, S.; Mishra, D. PALK: Password-based anonymous lightweight key agreement framework for smart grid. Int. J. Electr. Power Energy Syst. 2020, 121, 106121. [Google Scholar] [CrossRef]
- Safkhani, M.; Kumari, S.; Shojafar, M.; Kumar, S. An authentication and key agreement scheme for smart grid. Peer—Peer Netw. Appl. 2022, 15, 1595–1616. [Google Scholar] [CrossRef]
- Taqi, S.A.M.; Jalili, S. LSPA-SGs: A lightweight and secure protocol for authentication and key agreement based Elliptic Curve Cryptography in smart grids. Energy Rep. 2022, 8, 153–164. [Google Scholar]
- Sureshkumar, V.; Anandhi, S.; Amin, R.; Selvarajan, N.; Madhumathi, R. Design of robust mutual authentication and key establishment security protocol for cloud-enabled smart grid communication. IEEE Syst. J. 2020, 15, 3565–3572. [Google Scholar] [CrossRef]
- Cheng, Q.; Ma, Y. Cryptoanalysis on the Forward Security of Two Authenticated Key Protocols. J. Electron. Inf. Technol. 2022, 44, 4294–4303. [Google Scholar]
- Srinivas, J.; Das, A.K.; Li, X.; Khan, M.K.; Jo, M. Designing anonymous signature-based authenticated key exchange scheme for Internet of Things-enabled smart grid systems. IEEE Trans. Ind. Inform. 2020, 17, 4425–4436. [Google Scholar] [CrossRef]
- Baruah, B.; Dhal, S. An authenticated key agreement scheme for secure communication in smart grid. In Proceedings of the 2021 International Conference on COMmunication Systems & NETworkS (COMSNETS), Bangalore, India, 5–9 January 2021; pp. 447–455. [Google Scholar]
- Khan, A.A.; Kumar, V.; Ahmad, M.; Rana, S. LAKAF: Lightweight authentication and key agreement framework for smart grid network. J. Syst. Archit. 2021, 116, 102053. [Google Scholar]
- Mehta, P.J.; Parne, B.L.; Patel, S.J. SE-LAKAF: Security enhanced lightweight authentication and key agreement framework for smart grid network. Peer-Peer Netw. Appl. 2023, 16, 1513–1535. [Google Scholar] [CrossRef]
- Yu, S.J.; Park, K.S. ISG-SLAS: Secure and lightweight authentication and key agreement scheme for industrial smart grid using fuzzy extractor. J. Syst. Archit. 2022, 131, 102698. [Google Scholar] [CrossRef]
- Li, Y. An improved lightweight and privacy preserving authentication scheme for smart grid communication. J. Syst. Archit. 2024, 152, 103176. [Google Scholar] [CrossRef]
- Khan, A.A.; Kumar, V.; Ahmad, M. An elliptic curve cryptography based mutual authentication scheme for smart grid communications using biometric approach. J. King Saud Univ.-Comput. Inf. Sci. 2022, 34, 698–705. [Google Scholar] [CrossRef]
- Wang, C.; Huo, P.; Ma, M.; Zhou, T.; Zhang, Y. A provable secure and lightweight ECC-based authenticated key agreement scheme for edge computing infrastructure in smart grid. Computing 2023, 105, 2511–2537. [Google Scholar] [CrossRef]
- Gopstein, A.; Nguyen, C.; O’Fallon, C.; Hastings, N.; Wollman, D. NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2021.
- Kumari, A.; Abbasi, M.Y.; Kumar, V.; Khan, A.A. A secure user authentication protocol using elliptic curve cryptography. J. Discret. Math. Sci. Cryptogr. 2019, 22, 521–530. [Google Scholar]
- Khan, A.A.; Kumar, V.; Prasad, R.; Idrisi, M.J. SGAK: A Robust ECC based Authenticated Key Exchange Protocol for Smart Grid Networks. IEEE Access 2024. [Google Scholar] [CrossRef]
- LaMacchia, B.; Lauter, K.; Mityagin, A. Stronger security of authenticated key exchange. In International Conference on Provable Security; Springer: Berlin/Heidelberg, Germany, 2007; pp. 1–16. [Google Scholar]
- Mohammadali, A.; Haghighi, M.S.; Tadayon, M.H.; Mohammadi-Nodooshan, A. A novel identity-based key establishment method for advanced metering infrastructure in smart grid. IEEE Trans. Smart Grid 2016, 9, 2834–2842. [Google Scholar] [CrossRef]
- Bellare, M.; Rogaway, P. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, VA, USA, 3–5 November 1993; pp. 62–73. [Google Scholar]
- Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
- Blanchet, B. An efficient cryptographic protocol verifier based on prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, NS, Canada, 11–13 June 2001; pp. 82–96. [Google Scholar]
- Wu, Y.; Guo, H.; Han, Y.; Li, S.; Liu, J. A Security-Enhanced Authentication and Key Agreement Protocol in Smart Grid. IEEE Trans. Ind. Inform. 2024, 20, 11449–11457. [Google Scholar] [CrossRef]
- Salem, F.M.; Khairy, R.; Ali, I.A. An elliptic curve-based lightweight mutual authentication scheme for secure communication in smart grids. Int. J. Inf. Technol. 2024, 1–11. [Google Scholar] [CrossRef]
- Chaudhry, S.A.; Yahya, K.; Garg, S.; Kaddoum, G.; Hassan, M.M.; Zikria, Y.B. LAS-SG: An elliptic curve-based lightweight authentication scheme for smart grid environments. IEEE Trans. Ind. Inform. 2022, 19, 1504–1511. [Google Scholar] [CrossRef]
Schemes | Problem Description | Vulnerability | Cause |
---|---|---|---|
[16] | A password-based anonymous lightweight key agreement framework is proposed. | Cannot provide user anonymity and cannot resist password guessing attacks. | The attacker extracted a fixed value from the messages transmitted over the open channel. |
[19] | A lightweight scheme based on ECC with improved scheme [16]. | Cannot resist temporary private key leakage attacks. | The final session key does not include the temporary keys of both parties. |
[21] | A new identity authentication key exchange scheme based on anonymous signatures is proposed. | Cannot resist man-in-the-middle attacks and impersonation attacks. | Secret value leakage led to an attack. |
[23] | A lightweight authentication and key agreement protocol for smart grids is proposed. | Does not meet user anonymity and session key security requirements. | The user ID was not dynamically transmitted. |
[25] | An AKA scheme is designed based on a fuzzy extractor. | Cannot resist temporary secret leakage attacks and does not provide untraceability. | User IDs are not transmitted dynamically leading to tracing and random number leaks leading to session keys being computed. |
Symbol | Explanation |
---|---|
Trust Anchor | |
smart meter and its identity | |
service provider and its identity | |
A non-singular elliptic curve: | |
P | The base point |
Private/public key of | |
Private/public key of | |
A cryptographic (collision-resistant) one-way hash function | |
The session key between and | |
Timestamps | |
Maximum transmission delay | |
Exclusive-or operation | |
Concatenation operations | |
Secure channel | |
Public channel | |
𝒜 | Adversary |
Query Type | Significance |
---|---|
This query can return the private keys stored in the compromised to 𝒜. | |
This query enables 𝒜 to obtain generated by the entity and its partner. | |
This query allows 𝒜 to obtain the ephemeral secrets of | |
This query allows 𝒜 to obtain all exchanged messages between the participants and . | |
In this query, 𝒜 sends a message to ; if the message is valid, 𝒜 outputs the response received from ; otherwise, the query is ignored. | |
Test () | This query allows 𝒜 to send a session key request to , and probabilistically outputs the result of a fair coin flip . If Test () does not reach an acceptance state, the result is . Otherwise, if , 𝒜 receives the actual session key; otherwise, 𝒜 receives a random value with the same size of the session key. |
This query allows 𝒜 to obtain a random number as the hash value of . |
Scheme | F1 | F2 | F3 | F4 | F5 | F6 | F7 | F8 | F9 |
---|---|---|---|---|---|---|---|---|---|
ours | √ | √ | √ | √ | √ | √ | √ | √ | √ |
[37] | √ | √ | √ | √ | √ | √ | √ | √ | √ |
[38] | √ | √ | √ | √ | √ | √ | × | √ | √ |
[39] | √ | √ | √ | √ | √ | √ | × | √ | √ |
[7] | √ | √ | × | √ | √ | √ | √ | √ | √ |
[21] | √ | √ | √ | √ | √ | × | √ | × | √ |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhang, Y.; Chen, J.; Wang, S.; Ma, K.; Hu, S. Lightweight Anonymous Authentication and Key Agreement Protocol for a Smart Grid. Energies 2024, 17, 4550. https://doi.org/10.3390/en17184550
Zhang Y, Chen J, Wang S, Ma K, Hu S. Lightweight Anonymous Authentication and Key Agreement Protocol for a Smart Grid. Energies. 2024; 17(18):4550. https://doi.org/10.3390/en17184550
Chicago/Turabian StyleZhang, Ya, Junhua Chen, Shenjin Wang, Kaixuan Ma, and Shunfang Hu. 2024. "Lightweight Anonymous Authentication and Key Agreement Protocol for a Smart Grid" Energies 17, no. 18: 4550. https://doi.org/10.3390/en17184550
APA StyleZhang, Y., Chen, J., Wang, S., Ma, K., & Hu, S. (2024). Lightweight Anonymous Authentication and Key Agreement Protocol for a Smart Grid. Energies, 17(18), 4550. https://doi.org/10.3390/en17184550