Secure Authentication in the Smart Grid
Abstract
:1. Introduction
1.1. Our Contribution
- We propose the first independent security analysis of LLAKEP in various scenarios with varying access to the adversary. Our security analysis demonstrates important security issues in this protocol.
- In terms of efficiency, we show that this protocol could be designed more efficiently and propose a promising solution to address this flaw.
- We propose the LLAKEP protocol as an improved protocol that uses the same set of cryptographic primitives as the LLAKEP protocol.
- We carefully evaluate the security of the proposed protocol both informally and formally using a real or random model and confirm its security using the Scyther tool. We also evaluate the security of the proposed protocol and compare it with the state of the art, which shows that the proposed protocol has a low communication cost and a comparable computation cost.
1.2. Paper Organization
2. Preliminaries
2.1. Notation
2.2. Elliptic Curve Cryptography
2.3. System Model
2.4. LLAKEP Description
2.5. Initialization
2.6. User Registration
2.7. Authenticated Key Agreement
- The EBR user enters its and on the smart glass. MC computes , , and verifies whether . Assuming that verification was successful, MC generates a random number and computes and , where is the current timestamp. Next, using a public channel, EBR sends to BSS.
- Once received the message, BSS verifies , calculates and and and verifies whether . Next, it generates a random number and computes , and , where is the current timestamp. Next, using a public channel, BSS sends to EBR.
- EBR verifies , calculates and verifies whether to authenticate BSS. After successful authentication, EBR calculates and , where is the current timestamp. Next, using a public channel, EBR sends to BSS.
- BSS verifies and computes and checks whether to authenticate EBR and store the session key , which is used for secure communication between EBR and BSS.
2.8. Password Change
3. On the Security of LLAKEP
3.1. Insider Adversary
3.1.1. Traceability and Anonymity
3.1.2. Known Session-Specific Temporary Information Attack
3.1.3. Impersonation Attack after a Successful KSTI Attack
- The adversary generates a random number and computes , and , where is the current timestamp. Next, using a public channel, the adversary sends to BSS.
- Obviously and are accepted by and is extracted by BSS from the received . Next, it generates a random number and computes , and and sends to EBR (impersonated by the adversary).
- The adversary calculates , and , where is the current timestamp. Next, using a public channel, the adversary sends to BSS.
- BSS verifies , calculates and verifies whether to authenticate EBR/adversary and store the session key , which is used for the secure communication between EBR/adversary and BSS.
3.2. Key Compromised Impersonation Attack
- The EBR user enters its and on the smart glass. MC verifies them, generates a random number and computes and and sends to BSS.
- The adversary extracts , computes and , generates a random number , computes , and and sends to EBR.
- EBR verifies , calculates and verifies whether to authenticate BSS/adversary which authenticates.
3.3. The Lack of Perfect Forward Secrecy
3.4. A Note on the LLAKEP Efficiency
4. LLAKEP Description
4.1. Initialization
4.2. User Registration
4.3. Authenticated Key Agreement
- The EBR user enters its and on the smart glass. MC computes , and and verifies whether to accept the login. If the verification was successful, MC obtains the current time , generates a random number and calculates and . Then, it sends to BSS over a public channel.
- BSS validates after receiving the message and calculates . If it detects the extracted in its database, BSS generates a random number and calculates , the temporary session key and . Then, it sends to EBR over a public channel.
- EBR computes the session key, after receiving the message, and verifies whether to authenticate BSS. If BSS has been authenticated, EBR returns to BSS.
- BSS verifies the received to authenticate EBR and also confirm the shared session key.
4.4. Password Change
5. Security and Cost Analysis of LLAKEP
5.1. Informal Security Analysis
5.1.1. Replay Attack
5.1.2. Impersonation Attack
5.1.3. Traceability and Anonymity
5.1.4. Secret Disclosure Attack
5.1.5. Permanent De-Synchronization Attack
5.1.6. Man-in-the-Middle Attack
5.1.7. Stolen Smart Glass Attack
5.1.8. Insider Adversary
5.1.9. Perfect Forward Secrecy
5.1.10. Known Session-Specific Temporary Information Attack
5.1.11. Key Compromised Impersonation Attack
5.2. Formal Security Evaluation
5.2.1. Scyther
- Suppose that the long-term key is revealed to the adversary, what attack scenarios are the protocol vulnerable to?
- Assume the session key is exposed, what attack scenarios are the protocol vulnerable to?
- Suppose that the protocol state is exposed, what attack scenarios are the protocol vulnerable to?
5.2.2. Formal Security Analysis in RoR Model
5.3. Cost Analysis
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
IoT | Internet of Things |
EIoT | Energy Internet of Things |
IoD | Internet of Drones |
IIoT | Industrial Internet of Things |
IoV | Internet of Vehicles |
MIoT | Medical Internet of Things |
NVM | Non Volatile Memory |
IT | Information Technology |
EBR | Electric Bike Riders |
BSS | Battery Swap Station |
MC | Microprocessor Chip |
ECC | Elliptic Curve Cryptography |
KSTI | Known Session-specific Temporary Information |
KCI | Key Compromised Impersonation |
MitM | Man in the Middle Attack |
Appendix A. SPDL Description of the Proposed Protocol
Listing A1: SPDL description of the proposed protocol. |
References
- Bolla, R.; Bruschi, R.; Davoli, F.; Cucchietti, F. Energy Efficiency in the Future Internet: A Survey of Existing Approaches and Trends in Energy-Aware Fixed Network Infrastructures. IEEE Commun. Surv. Tutor. 2011, 13, 223–244. [Google Scholar] [CrossRef]
- Boccadoro, P.; Striccoli, D.; Grieco, L.A. An extensive survey on the Internet of Drones. Ad Hoc Netw. 2021, 122, 102600. [Google Scholar] [CrossRef]
- Franco, J.; Aris, A.; Canberk, B.; Uluagac, A.S. A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems. IEEE Commun. Surv. Tutor. 2021, 23, 2351–2383. [Google Scholar] [CrossRef]
- Ji, B.; Zhang, X.; Mumtaz, S.; Han, C.; Li, C.; Wen, H.; Wang, D. Survey on the Internet of Vehicles: Network Architectures and Applications. IEEE Commun. Stand. Mag. 2020, 4, 34–41. [Google Scholar] [CrossRef]
- Papaioannou, M.; Karageorgou, M.; Mantas, G.; Sucasas, V.; Essop, I.; Rodriguez, J.; Lymberopoulos, D.K. A Survey on Security Threats and Countermeasures in Internet of Medical Things (IoMT). Trans. Emerg. Telecommun. Technol. 2022, 33, e4049. [Google Scholar] [CrossRef]
- Ma, Z.; Ma, J.; Miao, Y.; Liu, X.; Choo, K.R.; Gao, Y.; Deng, R.H. Verifiable Data Mining Against Malicious Adversaries in Industrial Internet of Things. IEEE Trans. Ind. Inform. 2022, 18, 953–964. [Google Scholar] [CrossRef]
- Gonzalez Granadillo, G.; Zarzosa, S.G.; Diaz, R. Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors 2021, 21, 4759. [Google Scholar] [CrossRef]
- Zhdanova, M. Security and Trust in Safety Critical Infrastructures. Ph.D. Thesis, Technical University of Darmstadt, Darmstadt, Germany, 2022. [Google Scholar]
- Zhang, X.; Huang, X.; Yin, H.; Huang, J.; Chai, S.; Xing, B.; Wu, X.; Zhao, L. LLAKEP: A Low-Latency Authentication and Key Exchange Protocol for Energy Internet of Things in the Metaverse Era. Mathematics 2022, 10, 2545. [Google Scholar] [CrossRef]
- Lansky, J.; Rahmani, A.M.; Ali, S.; Bagheri, N.; Safkhani, M.; Hassan Ahmed, O.; Hosseinzadeh, M. BCmECC: A Lightweight Blockchain-Based Authentication and Key Agreement Protocol for Internet of Things. Mathematics 2021, 9, 3241. [Google Scholar] [CrossRef]
- Rostampour, S.; Safkhani, M.; Bendavid, Y.; Bagheri, N. ECCbAP: A Secure ECC based Authentication Protocol for IoT edge devices. Pervasive Mob. Comput. 2020, 67, 101194. [Google Scholar] [CrossRef]
- Dolev, D.; i-Chih Yao, A.C. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–207. [Google Scholar] [CrossRef]
- Canetti, R.; Krawczyk, H. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In Advances in Cryptology—EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, 6–10 May 2001; Pfitzmann, B., Ed.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2001; Volume 2045, pp. 453–474. [Google Scholar] [CrossRef] [Green Version]
- Safkhani, M.; Bagheri, N.; Kumari, S.; Tavakoli, H.; Kumar, S.; Chen, J. RESEAP: An ECC-Based Authentication and Key Agreement Scheme for IoT Applications. IEEE Access 2020, 8, 200851–200862. [Google Scholar] [CrossRef]
- Limbasiya, T.; Das, D. Lightweight Secure Message Broadcasting Protocol for Vehicle-to-Vehicle Communication. IEEE Syst. J. 2020, 14, 520–529. [Google Scholar] [CrossRef]
- Hlauschek, C.; Gruber, M.; Fankhauser, F.; Schanes, C. Prying Open Pandora’s Box: KCI Attacks against TLS. In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, DC, USA, 10–11 August 2015. [Google Scholar]
- Ma, Z.; He, J. Outsider Key Compromise Impersonation Attack on a Multi-factor Authenticated Key Exchange Protocol. In Applied Cryptography and Network Security Workshops—ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S&P, SCI, SecMT, SiMLA, Rome, Italy, 20–23 June 2022; Zhou, J., Adepu, S., Alcaraz, C., Batina, L., Casalicchio, E., Chattopadhyay, S., Jin, C., Lin, J., Losiouk, E., Majumdar, S., et al., Eds.; Lecture Notes in Computer Science; Springer: Cham, Switzerland, 2022; Volume 13285, pp. 320–337. [Google Scholar] [CrossRef]
- Hosseinzadeh, M.; Ahmed, O.H.; Ahmed, S.H.; Trinh, C.; Bagheri, N.; Kumari, S.; Lansky, J.; Huynh, B. An Enhanced Authentication Protocol for RFID Systems. IEEE Access 2020, 8, 126977–126987. [Google Scholar] [CrossRef]
- RISE GmbH. KCI Attacks against TLS. Available online: https://kcitls.org/ (accessed on 20 December 2022).
- Johnson, D.; Menezes, A.; Vanstone, S.A. The Elliptic Curve Digital Signature Algorithm (ECDSA). Int. J. Inf. Sec. 2001, 1, 36–63. [Google Scholar] [CrossRef]
- Lowe, G. A hierarchy of authentication specifications. In Proceedings of the 10th Computer Security Foundations Workshop, Rockport, MA, USA, 10–12 June 1997; pp. 31–43. [Google Scholar]
- Darbandeh, F.G.; Safkhani, M. SAPWSN: A secure authentication protocol for wireless sensor networks. Comput. Netw. 2022, 220, 109469. [Google Scholar] [CrossRef]
- Cremers, C. CISPA. Available online: https://people.cispa.io/cas.cremers/publications/index.html (accessed on 20 December 2022).
- Abdalla, M.; Fouque, P.; Pointcheval, D. Password-Based Authenticated Key Exchange in the Three-Party Setting. In Public Key Cryptography—PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, 23–26 January 2005; Vaudenay, S., Ed.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2005; Volume 3386, pp. 65–84. [Google Scholar]
- Bagheri, N.; Kumari, S.; Camara, C.; Peris-Lopez, P. Defending Industry 4.0: An Enhanced Authentication Scheme for IoT Devices. IEEE Syst. J. 2022, 16, 4501–4512. [Google Scholar] [CrossRef]
- Rostampour, S.; Bagheri, N.; Bendavid, Y.; Safkhani, M.; Kumari, S.; Rodrigues, J.J.P.C. An Authentication Protocol for Next Generation of Constrained IoT Systems. IEEE Internet Things J. 2022, 9, 21493–21504. [Google Scholar] [CrossRef]
- Khan, A.A.; Kumar, V.; Ahmad, M.; Rana, S.; Mishra, D. PALK: Password-based anonymous lightweight key agreement framework for smart grid. Int. J. Electr. Power Energy Syst. 2020, 121, 106121. [Google Scholar] [CrossRef]
- Abbasinezhad-Mood, D.; Nikooghadam, M. An Anonymous ECC-Based Self-Certified Key Distribution Scheme for the Smart Grid. IEEE Trans. Ind. Electron. 2018, 65, 7996–8004. [Google Scholar] [CrossRef]
- He, D.; Wang, H.; Khan, M.K.; Wang, L. Lightweight anonymous key distribution scheme for smart grid using elliptic curve cryptography. IET Commun. 2016, 10, 1795–1802. [Google Scholar] [CrossRef]
- Wu, F.; Xu, L.; Li, X.; Kumari, S.; Karuppiah, M.; Obaidat, M.S. A Lightweight and Provably Secure Key Agreement System for a Smart Grid with Elliptic Curve Cryptography. IEEE Syst. J. 2019, 13, 2830–2838. [Google Scholar] [CrossRef]
- Garg, S.; Kaur, K.; Kaddoum, G.; Rodrigues, J.J.P.C.; Guizani, M. Secure and Lightweight Authentication Scheme for Smart Metering Infrastructure in Smart Grid. IEEE Trans. Ind. Inform. 2020, 16, 3548–3557. [Google Scholar] [CrossRef]
Symbol | Description |
---|---|
EBR | Electric bike riders |
BSS | Battery swap station |
MC | Microprocessor chip |
A | Adversary |
Identity of an electric bike rider EBR | |
Password of an electric bike rider EBR | |
Private key of X | |
Public key of X | |
Session key | |
An elliptic curve E over a prime finite field with p being a large prime | |
n | Order of base point G |
Scalar multiplication on elliptic curves and G is a base point in | |
Concatenation operation between strings A and B | |
XOR operation between strings A and B | |
Key derivation function | |
A one-way hash function that generates digests |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hosseinzadeh, M.; Ali Naqvi, R.; Safkhani, M.; Tightiz, L.; Majid Mehmood, R. Secure Authentication in the Smart Grid. Mathematics 2023, 11, 176. https://doi.org/10.3390/math11010176
Hosseinzadeh M, Ali Naqvi R, Safkhani M, Tightiz L, Majid Mehmood R. Secure Authentication in the Smart Grid. Mathematics. 2023; 11(1):176. https://doi.org/10.3390/math11010176
Chicago/Turabian StyleHosseinzadeh, Mehdi, Rizwan Ali Naqvi, Masoumeh Safkhani, Lilia Tightiz, and Raja Majid Mehmood. 2023. "Secure Authentication in the Smart Grid" Mathematics 11, no. 1: 176. https://doi.org/10.3390/math11010176
APA StyleHosseinzadeh, M., Ali Naqvi, R., Safkhani, M., Tightiz, L., & Majid Mehmood, R. (2023). Secure Authentication in the Smart Grid. Mathematics, 11(1), 176. https://doi.org/10.3390/math11010176