Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids

Abstract

Authentication protocols are often used in smart grids to deliver the necessary level of security. A huge number of clients in such a system, however, provides the attacker with the ability to clone them, for example. Device fingerprints, or Physically Unclonable Functions (PUF), have been investigated as an authentication feature to thwart such attacks. In order to accomplish the necessary security in smart grid neighborhood area network communications and to prevent unwanted physical access to smart meters, a former study designed a lightweight authentication system in this way. The suggested protocol uses PUFs to reduce physical attacks. As a consequence, the server/meter impersonation attack is one of the many assaults that this protocol is thought to be secure against. On the other hand, it is generally acknowledged that no security solution should be trusted unless its security has been verified by independent researchers. As a result, this paper assesses the security of this protocol against a typical adversary who has access to or influences over the messages carried over the public channel. This study demonstrates that the attacker is simply capable of impersonating the server for the meter and vice versa. In addition, the suggested attacks desynchronize them, making the adversary the only one capable of interacting with the meter in the role of the legal server rather than the latter. Each of the proposed attacks is extremely effective, and their success probability is almost 1. Finally, a modification is suggested that successfully fixes the protocol’s security weaknesses. The security proof of the improved protocol has been done through the Scyther tool. The computational cost comparison shows that the overhead of the proposed protocol compared to the former scheme is 4.85%, while it withstands various attacks, including traceability, desynchronization, impersonation, man-in-the-middle, and secret disclosure attacks.

1. Introduction

Smart grids play an important role in smart cities and are a promising technology for improving power system reliability, flexibility, and efficiency. Information and communication technologies are the basic infrastructure in a smart grid. However, assuming that the network is accessed and controlled by adversaries, this technology poses significant risks. To overcome such disadvantages, authentication protocols play an important role in determining whether a user is a friend or foe. An authentication protocol is a series of information exchanges between two or more parties to determine whether a specific party is legitimate or not. In distributed systems, such as Internet of Things (IoT) systems and smart grids, edge clients/devices are distributed throughout the field. Hence, it could not be possible to use physical protection in many cases, and, as a result, they are vulnerable to adversarial access. Such an adversary, for example, may read their memory and attempt to clone them. If there is a human involved in the authentication process, it is possible to use other factors to provide a higher level of security. Smart card-based user name and password, for example, may be used to increase the security in that case [1,2,3,4] or the user’s biometrics [5,6,7,8]. However, the main challenge for employing multifactor authentication for many embedded devices, such as smart meters, is the fact that they should work 24/4 and be independent of the operator in many cases. Hence, researchers find a dual fingerprint for devices, which is known as a physically unclonable function (PUF) [9,10,11,12,13,14]. Although it could be a promising solution (assuming that PUFs behave fully reliable and randomly), the response is not entirely random, and the proposed protocol could be a target of modeling attacks [15,16,17,18,19], if the adversary accesses the PUF’s input/output.

1.1. Motivation

Following the provided argument, to realize their full potential, smart grid applications require a dependable, lightweight, and fast authentication system [20]. One of the most difficult security challenges in the smart grid is protecting the meters, as well as embedded devices in general, from security breaches that could have disastrous consequences [21]. Among the various proposals to improve the security of smart grids, those that consider physical access to meters are more realistic and can achieve a higher level of security [22]. The reason is that the meters are distributed throughout the field, and an adversary can always access them to read their memory, for example, to clone them. As a result, security based on stored credentials could not withstand attacks based on such access. A common approach to providing security against this type of attack is multi-factor authentication, and among various approaches, using a physically unclonable function (PUF) as a hardware fingerprint has recently received a lot of attention [22]. However, such a solution should provide sufficient security requirements to be applicable to transferring sensitive data.

1.2. Challenge

A former study proposed a lightweight mutual authentication for smart grid neighborhood area network communications based on PUF [23]. Designers provided formal and informal security analysis and claimed protection against a variety of attacks, including impersonation. However, this protocol, similar to any other security solution, should be investigated independently to highlight its pros and cons. To the best of our knowledge, no independent detailed security analysis for this protocol has been reported in the literature. Hence, this paper is aimed at addressing this shortage by shedding light on its security.

1.3. Our Contribution

The main contribution of this paper is to shed light on the security of a PUF-based authentication protocol for smart grid applications, which has been recently proposed in a former study [23]. Although the protocol is very lightweight and has several interesting features that make it a good candidate for the target application, this paper shows that the adversary can easily impersonate the server or the meter and can also desynchronize them permanently. Following the proposed attack in this paper, the adversary could be the only entity that can communicate with the meter as the legitimate server. In addition, an amendment is proposed that effectively addresses the protocol’s security flaws.

1.4. Related Works

Following the protocol discussed in this paper, i.e., [23], nearly the same team of authors [24,25,26] and other researchers [27,28] proposed or analyzed new related schemes, which are worth noting in this section to highlight later advances in this field of research. Among those studies, [26] dedicated to designing a PUF on an FPGA. They specifically proposed an FPGA-based Anderson PUF and tested it on Spartan-6 family Xilinx XC6SLX9 FPGAs. Their finding shows that the proposed structure increases the unpredictability of the designed PUF while decreasing the required area overhead. Aghapour et al. proposed a lightweight protocol [25] that provides mutual authentication using a hash function as the main cryptographic primitive. Although the proposed protocol considered smart grid neighborhood area network communications, it does not employ PUF and by nature, any node can tamper with such an application. In addition, one of the messages is computed as $((m_i^j\oplus r_i^j)\parallel r_i^j)\oplus k_i^j$ where $r_i^j$ is a random value, $m_i^j$ is a data packet, and $k_i^j$ is the latest shared key. The shared key is updated after each successful session, first by the smart meter ${\mathrm{SM}}_j$ and then by the gateway NG. However, assuming the adversary allows ${\mathrm{SM}}_j$ to receive the message properly and update its session key to $k_{i+1}^j$ but blocks the sent message to NG, then they desynchronized because ${\mathrm{SM}}_j$ does not keep a copy of $k_i^j$. Even in that case, the protocol does not provide full security of $k_i^j$ if it is assumed $m_i^j$ has enough low entropy and can be predicted by the adversary because $m_i^j\oplus r_i^j\oplus r_i^j=m_i^j$. Hence the expected complexity of finding $k_{i+1}^j$ is $min(2^{\mathcal{H}\left(m_i^j\right)+\frac{1}{2}\mathcal{H}\left(K_i^j\right)},\mathcal{H}\left(K_i^j\right))$ while it should be $\mathcal{H}\left(K_i^j\right)$, where $\mathcal{H}(·)$ denotes the entropy function. In a later research, Aghapour et al. [24] proposed another protocol for smart grid applications that again uses the hash function to provide desired security. An interesting feature of this protocol is the use of a hash key chain to provide forward secrecy. However, if the adversary has access to ${\mathrm{SM}}_j$, it can tamper with it. In addition, in this protocol, the NG’s command is sent in plain text, which may not be desirable in some applications. Baghestani et al. [27] recently examined the security of a proposed authentication protocol by Kumar et al. [29] and demonstrated that smart meters are traceable in that protocol. Besides that, they proposed an elliptic curve cryptography (ECC)-based authentication protocol for smart grid applications. However, ECC is very time-consuming and may not be applicable in constrained environments. In addition, it also does not provide security against cloning attacks because it does not use PUF. Moreover, it can not withstand advanced attacks such as key compromise impersonation. Among the most recent research in this field is [30], which proposes a lightweight PUF-based authentication protocol for smart grid applications. Although the proposed protocol has interesting features compared to other related works such as [31,32], it has two important drawbacks. First, in a part of the protocol, the meter identifier is sent over a public channel plain, which is enough to trace it and compromise its anonymity. The second drawback is sending the PUF’s response to the network gateway. Hence, it could be a target for modeling attack by an insider.

Therefore, there is still enough room to do research in this field and design a secure protocol for smart grid applications. On the other hand, any new protocol should be evaluated by third parties to ensure its security, which emphasizes the necessity of this research and other related works.

1.5. Paper Organization

In the remainder of this article, the necessary notations and a description of the former protocol are provided in Section 2. Then, in Section 3, the conducted attacks against this protocol are introduced. In Section 4, the improved protocol and its evaluation are presented. Finally, the paper is concluded in Section 6.

2. Review of Former Scheme

Each phase of the former protocol, which has been proposed by Kaveh and Mosavi [23] and we call it KM-protocol, is briefly explained in the following section, using the list of notations in

Table 1. Used notations.

Symbol	Description
$C_i$	$i^{th}$ challenge of PUF
$R_i$	The response to $C_i$
$CRP$	A challenge-response pair
$TS$	Timestamp
SM	Smart-meter
NG	Neighborhood gateway
r	Random number
$ID$	The unique identifier
$h(·)$	One-way hash functions
$A\parallel B$	Concatenation of the strings A and B
$X_{LSW}$	Assuming $X=A\parallel B$, $X_{LSW}=B$
⊕	Bitwise XOR
r	Random number
$D_j$	Usage report of the ${\mathrm{SM}}_j$

.

As previously stated, KM-protocol is a lightweight authentication protocol for smart grids. The proposed protocol takes into account a neighborhood area network (NAN) in which a neighborhood gateway (NG) collects electricity data from hundreds of smart meters (SM). To gain a better understanding of the PUF-based KM-protocol, it is explained how it works in this section, and then its vulnerabilities are shown in the following section. The KM-protocol is divided into two phases: secure installation and secure communication. Secure Installation Phase: A smart meter must be registered by a neighborhood gateway before communication begins. As a result, the smart meter first sends $I{D}_j$ and a $CRP=(C_i,R_i)$ from the PUF function to NG, where $R_i={\mathrm{PUF}}_j\left(C_i\right)$. This data is saved in the database of the NG. As a result, the NG can use them in the authentication process, and the ${\mathrm{SM}}_j$ deletes $CRP$ from its memory.

Secure communication Phase: The following are the steps in the authentication process:

• Step one:

  1.

  The $I{D}_j$ of the ${\mathrm{SM}}_j$ is sent to the NG.

• Step two: The NG searches its database for a field that matches the $I{D}_j$ received. If a duplicate item is discovered, then:

  1.

  It obtains the associated $CRP=(C_i,R_i)$ for the received $I{D}_j$ and generates two random numbers, $r^{N1}$ and $r^{N2}$.

  2.

  Then A and V are calculated as $A=R_i\oplus ((r^{N1}\oplus T{S}_{\mathrm{NG}})\parallel r^{N2})$ and $V=h(R_i\oplus (T{S}_{\mathrm{NG}}\parallel r^{N1})\oplus (r^{N2}\parallel I{D}_j))$, where $T{S}_{\mathrm{NG}}$ is the timestamp of NG.

  3.

  NG replies $\{A,V,C_i\}$ to ${\mathrm{SM}}_j$.

• Step three: Upon receiving the messages, given $C_i$, the ${\mathrm{SM}}_j$ calculates $R_i={\mathrm{PUF}}_j\left(C_i\right)$ and obtains $r^{N1}$ and $r^{N2}$ from $A\oplus R_i$, where $T{S}_{NS}$ should be almost similar with the ${\mathrm{SM}}_j$’s timestamp $T{S}_j$. Afterwards, given $r^{N1}$ and $r^{N2}$, it verifies V and if the verification is passed:

  1.

  By generating a random number $r^{\mathrm{SM}}$, ${\mathrm{SM}}_j$ calculates a new challenge as $C_{i+1}=h(r^{\mathrm{SM}},r^{N2})$.

  2.

  Based on the new response $h\left(R_{i+1}\right)=h\left({\mathrm{PUF}}_j\left(C_{i+1}\right)\right)$, it generates $S=(h\left(R_{i+1}\right)\oplus (T{S}_j\parallel r^{N1}))\oplus R_i)$.

  3.

  Then ${\mathrm{SM}}_j$ computes E and $V^{\prime }$ as $E=(D_j\parallel (r^{N1}\oplus r^{\mathrm{SM}}))\oplus R_i$ and $V^{\prime }=h(h\left(R_{i+1}\right)\oplus (T{S}_j\parallel I{D}_j)\oplus (r^{\mathrm{SM}}\parallel D_j))$.

  4.

  Finally it transfers $\{E,S,V^{\prime }\}$ to NG and deletes all stored variables.

• Step four: After receiving the messages, by using $R_i$ the NG obtains $r^{\mathrm{SM}}$, $D_j$ and $h\left(R_{i+1}\right)$. Then in order to verify $V^{\prime }$, it computes $h(h\left(R_{i+1}\right)\oplus (T{S}_{\mathrm{NG}}\parallel I{D}_j)\oplus (r^{\mathrm{SM}}\parallel D_j))$. If the verification holds, the NG:

  1.

  Compares $D_j$ with the existing report format. If the comparison holds, it accepts the messages.

  2.

  NG calculates $C_{i+1}=h(r^{\mathrm{SM}},r^{N2})$ as the new challenge and saves $(C_{i+1},h\left(R_{i+1}\right))$ as a new CRP for the next authentication process.

  3.

  It accepts all messages and finishes a successful mutual authentication process.

Because the KM-protocol employs the concatenation (‖) and XOR (⊕) operations in its computation, the given property in Equation (1) is recalled:

$$\begin{array}{ccc}\hfill (x\parallel y)\oplus (u\parallel v)& =& (x\oplus u)\parallel (y\oplus v)\hfill \end{array}$$

(1)

where x, y, u, and v are appropriate strings. This property is used in the proposed analysis.

3. Cryptanalysis of KM-Protocol

Although the designer of the KM-protocol [23] claimed optimum security against various attacks in the context, important attacks against the KM-protocol are presented in this section using the same adversarial model and an ideal PUF model. More specifically, assuming that the adversary eavesdrops and stores the sent messages from NG to ${\mathrm{SM}}_j$, i.e., $A=R_i\oplus ((r^{N1}\oplus T{S}_{\mathrm{NG}})\parallel r^{N2}$ and $V=h(R_i\oplus ((T{S}_{\mathrm{NG}}\parallel r^{N1})\oplus (r^{N2}\parallel I{D}_j)$. The timestamp in this message is $T{S}_{\mathrm{NG}}$, which is known to all participants, including the adversary. Furthermore, assuming the adversary intends to impersonate NG to ${\mathrm{SM}}_j$ at a desired time $T{S}_{\mathrm{NG}}^{\prime }$, it computes $A^{\prime }=A\oplus (\Delta T{S}_{\mathrm{NG}}\parallel \Delta T{S}_{\mathrm{NG}})$ and sends $A^{\prime },V,C_i$ to ${\mathrm{SM}}_j$ when ${\mathrm{SM}}_j$ sends its $I{D}_j$, where $\Delta TS=T{S}_{\mathrm{NG}}^{\prime }\oplus T{S}_{\mathrm{NG}}$. It is obvious that:

$$\begin{array}{ccc}\hfill A^{\prime }& =& R_i\oplus ((r^{N1}\oplus T{S}_{\mathrm{NG}})\parallel r^{N2})\oplus (\Delta TS\parallel \Delta TS)\hfill \\ & =& R_i\oplus ((r^{N1}\oplus T{S}_{\mathrm{NG}}\oplus (T{S}_{\mathrm{NG}}^{\prime }\oplus T{S}_{\mathrm{NG}})\parallel (r^{N2}\oplus \Delta TS))\hfill \\ & =& R_i\oplus ((r^{N1}\oplus T{S}_{\mathrm{NG}}^{\prime })\parallel (r^{N2}\oplus \Delta TS))\hfill \end{array}$$

(2)

After receiving the message, given $C_i$, the ${\mathrm{SM}}_j$ calculates $R_i$ and obtains ${r^{\prime }}^{N1}=r^{N1}$ and ${r^{\prime }}^{N2}=r^{N2}\oplus \Delta TS$ from $A^{\prime }\oplus R_i$, and verifies whether:

$$\begin{array}{ccc}\hfill V& \underset{=}{?}& h(R_i\oplus ((T{S}_{\mathrm{NG}}^{\prime }\parallel {r^{\prime }}^{N1})\oplus ({r^{\prime }}^{N2}\parallel I{D}_j)))\hfill \\ & =& h(R_i\oplus ((T{S}_{\mathrm{NG}}^{\prime }\parallel r^{N1})\oplus ((r^{N2}\oplus \Delta TS)\parallel I{D}_j)))\hfill \\ & =& h(R_i\oplus (((T{S}_{\mathrm{NG}}^{\prime }\oplus \Delta TS)\parallel r^{N1})\oplus (r^{N2}\parallel I{D}_j))\hfill \\ & =& h(R_i\oplus ((T{S}_{\mathrm{NG}}\parallel r^{N1})\oplus (r^{N2}\parallel I{D}_j)))\hfill \\ & =& V\hfill \end{array}$$

(3)

As a result, following Equations (2) and (3), the adversary will be authenticated by ${\mathrm{SM}}_j$ with a probability of ‘1’, at any time $T{S}_{\mathrm{NG}}^{\prime }$. It shows that, contrary to what the designers claim, the KM-protocol is vulnerable to impersonation attacks.

Next, a ${\mathrm{SM}}_j$ impersonation attack is proposed that will desynchronize both ${\mathrm{SM}}_j$ and NG. Consider a valid session between ${\mathrm{SM}}_j$ and NG in which ${\mathrm{SM}}_j$ sends its $I{D}_j$ to NG and receives $\{C_i,A,V\}$ and again ${\mathrm{SM}}_j$ computes and transfers $\{E,S,V^{\prime }\}$. The adversary stores $I{D}_j$, $\{C_i,A,V\}$ and $\{E,S,V^{\prime }\}$ but prevents NG form receiving $\{E,S,V^{\prime }\}$, where $S=(R_{i+1}\oplus (T{S}_{\mathrm{NG}}\parallel r^{N1}))\oplus R_i)$, $E=(D_j\parallel (r^{N1}\oplus r^{\mathrm{SM}}))\oplus R_i$ and $V^{\prime }=h(R_{i+1}\oplus (T{S}_{\mathrm{NG}}\parallel I{D}_j)\oplus (r^{\mathrm{SM}}\parallel D_j))$. As a result, NG does not update its $CPR(C_i,R_i)$ record. The adversary then does the following procedure:

1.

Sends $I{D}_j$ to NG.

2.

NG retrieves the related $CRP(C_i,R_i)$ and generates ${r^{\prime }}^{N1}$ and ${r^{\prime }}^{N2}$ and computes $\widehat{A}=R_i\oplus (({r^{\prime }}^{N1}\oplus T{S}_{\mathrm{NG}}^{\prime })\parallel {r^{\prime }}^{N2}$ and $V=h(R_i\oplus ((T{S}_{\mathrm{NG}}^{\prime }\parallel {r^{\prime }}^{N1})\oplus ({r^{\prime }}^{N2}\parallel I{D}_j)$ and replies $\{A,V,C_i\}$ to the ${\mathrm{SM}}_j$, which is impersonated by the adversary.

3.

The adversary computes $\widehat{A}\oplus A=(({r^{\prime }}^{N1}\oplus {r^{\prime }}^{N1})\oplus (T{S}_{\mathrm{NG}}^{\prime }\oplus T{S}_{\mathrm{NG}}))\parallel ({r^{\prime }}^{N2}\oplus {r^{\prime }}^{N2})$. Given that timestamp is a public value, the adversary can compute $\Delta TS=T{S}_{\mathrm{NG}}^{\prime }\oplus TS$ and extract ${\Delta }_1={r^{\prime }}^{N1}\oplus {r^{\prime }}^{N1}$ and ${\Delta }_2={r^{\prime }}^{N2}\oplus {r^{\prime }}^{N2}$ from $\widehat{A}\oplus A$. Next, the adversary computes $\widehat{S}=S\oplus (\Delta TS\parallel {\Delta }_1)$, $\widehat{E}=E\oplus (0\parallel (\Delta TS\oplus {\Delta }_1))$ and returns $\{\widehat{E},\widehat{S},V^{\prime }\}$ to NG.

4.

NG obtains ${r^{\prime }}^{\mathrm{SM}}$ as follows:

$$\begin{array}{ccc}\hfill {r^{\prime }}^{\mathrm{SM}}& =& {(\widehat{E}\oplus R_i)}_{LSW}\oplus {r^{\prime }}^{N1}\hfill \\ & =& \left((r^{N1}\oplus r^{\mathrm{SM}})\right)\oplus {\left(R_i\right)}_{LSW})\oplus (\Delta TS\oplus {\Delta }_1)\oplus {\left(R_i\right)}_{LSW})\oplus {r^{\prime }}^{N1}\hfill \\ & =& \left((r^{N1}\oplus r^{\mathrm{SM}})\right)\oplus (\Delta TS\oplus r^{N1}\oplus {r^{\prime }}^{N1})\oplus {r^{\prime }}^{N1}\hfill \\ & =& r^{\mathrm{SM}}\oplus \Delta TS\hfill \end{array}$$

(4)

It also obtains $R_{i+1}^{\prime }$ as follows:

$$\begin{array}{ccc}\hfill R_{i+1}^{\prime }& =& \widehat{S}\oplus (T{S}_{\mathrm{NG}}^{\prime }\parallel {r^{\prime }}^{N1})\oplus R_i\hfill \\ & =& (R_{i+1}\oplus (T{S}_{\mathrm{NG}}\parallel {r^{\prime }}^{N1}))\oplus R_i)\oplus (\Delta TS\parallel {\Delta }_1)\oplus (T{S}_{\mathrm{NG}}^{\prime }\parallel {r^{\prime }}^{N1})\oplus R_i\hfill \\ & =& R_{i+1}\hfill \end{array}$$

(5)

and verifies whether:

$$\begin{array}{}& \hfill V^{\prime }& \underset{=}{?}& h(R_{i+1}\oplus (T{S}_{\mathrm{NG}}^{\prime }\parallel I{D}_j)\oplus ({r^{\prime }}^{\mathrm{SM}}\parallel D_j))\hfill & & =& h(R_{i+1}\oplus (T{S}_{\mathrm{NG}}^{\prime }\parallel I{D}_j)\oplus ((r^{\mathrm{SM}}\oplus \Delta T)\parallel D_j))\hfill \mathrm{(6)}& & =& h(R_{i+1}\oplus ((T{S}_{\mathrm{NG}}^{\prime }\oplus \Delta T)\parallel I{D}_j)\oplus (\left(r^{\mathrm{SM}}\right)\parallel D_j))\hfill & & =& h(R_{i+1}\oplus (T{S}_{\mathrm{NG}}\parallel I{D}_j)\oplus (r^{\mathrm{SM}}\parallel D_j))\hfill \mathrm{(7)}& & =& V^{\prime }\hfill \end{array}$$

Following the driven values in Equations (4) and (5), the verification of Equation (7) is successful, and the adversary is authenticated as a legitimate ${\mathrm{SM}}_j$, confirming that impersonation was successful.

Following the above attack, the adversary was successfully authenticated as a legitimate ${\mathrm{SM}}_j$. NG, on the other hand, calculates $C_{i+1}=h(r^{\prime \mathrm{SM}},r^{\prime N2})$ as a new challenge, saves $(C_{i+1},R_{i+1})$ as a new CRP for the next authentication process, and deletes $CRP(C_i,R_i)$ from its database. It means that NG has a new $CRP(C_{i+1},R_{i+1})$ that is almost certainly not a valid CPR for the embedded PUF within ${\mathrm{SM}}_j$. Therefore, NG is no longer recognized as valid by ${\mathrm{SM}}_j$, indicating that the adversary successfully desynchronized them. The adversary who stored $A,V$, and $C_i$ is now the only entity that can communicate with ${\mathrm{SM}}_j$ as a result of the proposed NG impersonation attack.

4. Proposed Protocol

In this section, the KM-protocol is modified as little as possible to counter the proposed attack in this paper, and the security and efficiency of the revised protocol are discussed in comparison to the original protocol.

Suggested Remedy

The main reason for carrying out the proposed attacks is the adversary’s ability to manipulate messages via the XOR operation. Hence, to avoid the proposed attacks, it is recommended to overcome the adversary’s current control over the transferred messages.

To be more precise, similar to the KM-protocol, the improved protocol also includes two phases: secure installation and secure communication. The secure installation phase is unaffected by the revised protocol, except that $(C_i,h\left(R_i\right))$ are sent to the NG instead of the KM-protocol’s $(C_i,R_i)$. However, the steps in the authentication process (authentication phase) is revised as follows:

• Step one:

  1.

  ${\mathrm{SM}}_j$ sends its $I{D}_j$ to the NG, if it fails uses the $I{D}_j^{old}$.

• Step two: NG looks up the $CRP=(C_i,h\left(R_i\right))$ associated with the received $I{D}_j$ and generates a random number $r^N$. Following that, A and V are calculated as $A=h\left(R_i\right)\oplus r^N$ and $V=h(h\left(R_i\right)\parallel T{S}_{\mathrm{NG}}\parallel r^N\parallel I{D}_j)$, where $T{S}_{\mathrm{NG}}$ is the NG timestamp. Then NG responds to ${\mathrm{SM}}_j$ with $A,V,C_i,T{S}_{\mathrm{NG}}$.
• Step three: When the messages are received, ${\mathrm{SM}}_j$ verifies the received $T{S}_{\mathrm{NG}}$ and, given $C_i$, calculates $h\left(R_i\right)=h\left({\mathrm{PUF}}_j\left(C_i\right)\right)$ and obtains $r^N=A\oplus h\left(R_i\right)$. Following that, it verifies V before generating a random number $r^{\mathrm{SM}}$ in order to calculate a new challenge as $C_{i+1}=h(r^{\mathrm{SM}}\parallel r^N)$. Then it computes $S=h\left(R_{i+1}\right)\oplus h(r^N\parallel T{S}_{\mathrm{NG}})$, $E=(D_j\parallel r^{\mathrm{SM}})\oplus h(r^N\parallel h\left(R_{i+1}\right)\parallel h\left(R_i\right)\parallel T{S}_{\mathrm{NG}})$, $I{D}_j^{new}=h(h\left(R_{i+1}\right)\parallel C_{i+1})$ and $V^{\prime }=h(h\left(R_{i+1}\right)\parallel T{S}_{\mathrm{NG}}\parallel I{D}_j^{new}\parallel r^{\mathrm{SM}}\parallel D_j\parallel C_{i+1})$. Finally it transfers $\{E,S,V^{\prime }\}$ to NG, stores new $I{D}_j^{new}=h(h\left(R_{i+1}\right)\parallel C_{i+1})$ and deletes all stored variables, exclude $I{D}_j^{new}$ and $I{D}_j^{old}=I{D}_j$.
• Step four: After receiving the messages, NG computes $h\left(R_{i+1}\right)=S\oplus h(r^N\parallel T{S}_{\mathrm{NG}})$ and $(D_j\parallel r^{\mathrm{SM}})=E\oplus h(r^N\parallel h\left(R_{i+1}\right)\parallel h\left(R_i\right)\parallel T{S}_{\mathrm{NG}})$, $C_{i+1}=h(r^{\mathrm{SM}}\parallel r^N)$ and $I{D}_j^{new}=h(h\left(R_{i+1}\right)\parallel C_{i+1})$. Next it verifies whether $V^{\prime }\stackrel{?}{=}h(h\left(R_{i+1}\right)\parallel T{S}_{\mathrm{NG}}\parallel I{D}_j^{new}\parallel r^{\mathrm{SM}}\parallel D_j\parallel C_{i+1})$ to accept the messages. Then, NG stores $I{D}_j^{new}$ and corresponding $(C_{i+1},h\left(R_{i+1}\right))$ for the next authentication process.

The authentication phase of the improved protocol is depicted in Figure 1.

5. Security and Cost Evaluation of the Improved Protocol

When the computations of V and $V^{\prime }$ in the KM-protocol and the proposed protocol are compared, it is clear that the main difference is that ⊕ is replaced with ‖ and $C_{i+1}$ is included in the computation of $V^{\prime }$. These changes successfully prevent the proposed attacks. Following this fix, it is extremely difficult to impersonate NG or ${\mathrm{SM}}_j$ by replaying a message with a $T{S}_{\mathrm{NG}}$ timestamp at another $T{S}_{\mathrm{NG}}^{\prime }$ timestamp. Furthermore, any change in A, E, or S affects $h\left(R_{i+1}\right)$ or $C_{i+1}$, and $V^{\prime }$ is not verified by NG. Hence, the proposed meter impersonation attack will fail as well. On the other hand, the adversary cannot perform the proposed desynchronization attack if s/he cannot impersonate the meter ${\mathrm{SM}}_j$. In the rest of this section, the security of the proposed protocol is presented in more detail. Through the analysis, an active adversary with access to the transferred messages over the public channels, i.e., $I{D}_j,E,S,V^{\prime },A,V,C_i,T{S}_{\mathrm{NG}}$, is considered, where:

$$\begin{array}{cc}\hfill A=& h\left(R_i\right)\oplus r^N\hfill \\ \hfill V=& h(h\left(R_i\right)\parallel T{S}_{\mathrm{NG}}\parallel r^N\parallel I{D}_j)\hfill \\ \hfill S=& h\left(R_{i+1}\right)\oplus h(r^N\parallel T{S}_{\mathrm{NG}})\hfill \\ \hfill E=& (D_j\parallel r^{\mathrm{SM}})\oplus h(r^N\parallel h\left(R_{i+1}\right)\parallel h\left(R_i\right)\parallel T{S}_{\mathrm{NG}})\hfill \\ \hfill V^{\prime }=& h(h\left(R_{i+1}\right)\parallel T{S}_{\mathrm{NG}}\parallel I{D}_j^{new}\parallel r^{\mathrm{SM}}\parallel D_j\parallel C_{i+1})\hfill \\ \hfill C_{i+1}=& h(r^{\mathrm{SM}}\parallel r^N)\hfill \\ \hfill I{D}_j^{new}=& h(h\left(R_{i+1}\right)\parallel C_{i+1})\hfill \end{array}$$

(8)

5.1. Replay Attack

Through a replay attack, the adversary aims to use an eavesdropped message from an early time at a later time to impersonate a protocol entity. The current timestamp is used in the computation of $V=h(h\left(R_i\right)\parallel T{S}_{\mathrm{NG}}\parallel r^N\parallel I{D}_j)$ and $V^{\prime }=h(h\left(R_{i+1}\right)\parallel$$T{S}_{\mathrm{NG}}\parallel I{D}_j^{new}\parallel r^{\mathrm{SM}}\parallel D_j\parallel C_{i+1}$ in the proposed protocol, similar to the KM-protocol. Hence, this protocol does not suffer from replay attacks.

5.2. Impersonation Attack

Given that it is not feasible to do a replay attack; the adversary should manipulate the transferred messages to do a successful impersonation attack. In order to impersonate NG, the adversary must return a valid tuple $(A,V,C_i,T{S}_{\mathrm{NG}})$, which corresponds to the current timestamp $T{S}_{NG}$. However, it is not possible to compute $V=h(h\left(R_i\right)\parallel T{S}_{\mathrm{NG}}\parallel r^N\parallel I{D}_j)$ without first knowing $h\left(R_i\right)=h\left({\mathrm{PUF}}_j\left(C_i\right)\right)$. However, the only way to get that value is from $A=h\left(R_i\right)\oplus r^N$, which is masked by a new random value, or from the previous $S=R_i\oplus h({r^{\prime }}^N\parallel T{S}_{\mathrm{NG}}^{\prime })$, which is masked by ${r^{\prime }}^N$ once more. Hence, the adversary has no significant chance to impersonate NG. To impersonate SM, however, the adversary must return a valid set of $E,S,$ and $V^{\prime }$ for the given time $T{S}_{\mathrm{NG}}$. On the other hand, $V^{\prime }=h(h\left(R_{i+1}\right)\parallel T{S}_{\mathrm{NG}}\parallel I{D}_j^{new}\parallel r^{\mathrm{SM}}\parallel D_j\parallel C_{i+1})$ and the adversary requires $h\left(R_{i+1}\right)=h\left({\mathrm{PUF}}_j\left(C_{i+1}\right)\right)$ to compute it. Given that the only way to get that value is via $A=h\left(R_i\right)\oplus r^N$ or $S=h\left(R_{i+1}\right)\oplus h(r^N\parallel T{S}_{\mathrm{NG}})$, that are masked, this protocol does not suffer from impersonation attacks.

5.3. Traceability and Anonymity

As long as the protocol’s entities have not participated in a successful session, $I{D}_j$ and $C_i$ remain unaffected in the proposed protocol, but they will be randomized in the next session as $I{D}_j^{new}=h(h\left(R_{i+1}\right)\parallel C_{i+1})$ and $C_{i+1}=h(r^{\mathrm{SM}}\parallel r^N)$. The adversary cannot track the target SM for an extended period of time because $r^{\mathrm{SM}}$ and $r^N$ are also masked. Other parameters, such as $E,S,V^{\prime },A$ and V, are randomized by session-dependent ephemeral values and therefore cannot be traced. Hence, this protocol provides long-term untraceability.

5.4. Secret Disclosure Attack

In the proposed protocol, the secret parameter is the PUF’s response and it is masked by ephemeral values through different sessions, i.e., $A=h\left(R_i\right)\oplus r^N$ and $S=R_i\oplus h({r^{\prime }}^N\parallel T{S}_{\mathrm{NG}}^{\prime })$. Hence, the adversary has no chance to retrieve the PUF’s response, which guarantees the protocol’s security against secret disclosure attacks.

5.5. Man-in-the-Middle Attack

If the adversary is able to change the transferred messages without being detected, then it has conducted a successful man-in-the-middle attack. The structure of $V=h(h\left(R_i\right)\parallel T{S}_{\mathrm{NG}}\parallel r^N\parallel I{D}_j)$ and $V^{\prime }=h(h\left(R_{i+1}\right)\parallel T{S}_{\mathrm{NG}}\parallel I{D}_j^{new}\parallel r^{\mathrm{SM}}\parallel D_j\parallel C_{i+1})$ have been selected such that the integrity of the transferred messages is guaranteed. Therefore, the proposed protocol provides the desired security against man-in-the-middle attacks.

5.6. Permanent De-Synchronization Attack

To do a permanent desynchronization attack, the adversary should successfully do an impersonation attack or act as a man-in-the-middle. Following Section 5.2 and Section 5.5, the adversary has no chance to conduct such attacks. Hence, the proposed protocol resists permanent desynchronization attacks.

5.7. Modeling Attack

To do a modeling attack, the adversary needs access to several challenge/response pairs of the target PUF. Any adversary that monitors the channel has access to the challenges, but the responses are masked by ephemeral session-dependent values. Hence, such an adversary cannot model the embedded PUF. Because it has access to the exact response of PUF, a malicious NG can do this against the KM-protocol. However, in the proposed protocol, it has $h\left(R_i\right)$, not the exact $R_i$. Therefore, the proposed protocol does not suffer from a modeling attack.

5.8. Scyther

To verify the security of the proposed protocol formally, it has been modeled using SPDL and verified by the Scyther tool [33]. The evaluation results are represented in Figure 2, which confirms the security of the proposed protocol.

5.9. Cost Analysis

The computational cost of the improved protocol with KM-protocol and other related protocols for smart grids is compared and represented in this section. Through this analysis, $T_{E/D}$, $T_H$, $T_{PUF}$, $T_{GEN/REC}$, and $T_{ECC}$ are used respectively to denote the computational time of a call to symmetric encryption/decryption, a one-way hash function, a PUF operation, the data generation and reproduction algorithm of the fuzzy extractor, and ECC point-multiplication. The expected time of those primitives is quoted from [30] and presented in

Table 2. Cost comparison of different primitives in micro-second, when a Quad-core Cortex-A72 (ARM v8) 64 bit SoC 1. 5GHz as NG and a MSP430FR5969-microcontroller as the meter1 [30].

Primetive	SM ($\mathit{\mu }$s)	NG ($\mathit{\mu }$s)
$T_{E/D}$	83.75	16.9
$T_H$	262	25.1
$T_{PUF}$	22.5	0.5
$T_{GEN}$	8912.8	1968
$T_{REC}$	32,891.8	8806

, taking into account an embedded platform with a quad-core Cortex-A72 (ARM v8) 64-bit SoC at 1.5 GHz as NG and a MSP430FR5969 microcontroller as the meter. Since the PUF output is noisy, a fuzzy extractor should be used while regenerating the PUF response. Hence, to be fair, that time is added to the protocols whenever it is applicable, e.g., in the KM-protocol and the proposed protocol.

The details of each protocol computation and the approximate computation time based on the above-mentioned setup are provided in

Table 3. Cost comparison of different protocols versus the proposed protocols.

	[31]		[32]		[30]		[23]		0 urs
	SM	NG	SM	NG	SM	NG	SM	NG	SM	NG
E/D	0	0	0	0	1	5	0	0	0	0
H	4	5	3	9	4	12	2	3	6	6
PUF	2	0	1	0	2	2	2		2	0
GEN	0	1	0	0	0	2	0	0	0	0
REC	1	0	1	0	1	1	1	0	1	0
Time	34,389.8	2093.5	33,902.8	225.9	34,473.55	13,128.7	33,865.8	75.3	35,437.8	150.6
Total	36,483.3		34,128.7		47,602.25		33,941.1		35,588.4

and also depicted in Figure 3. Following the provided comparison, the overhead of the proposed protocol compared to the KM-protocol is only 4.85%, which is acceptable compared to the provided security level.

6. Conclusions

This paper proposes several successful and efficient attacks against a recently proposed PUF-based protocol for smart grid applications, i.e., KM-protocol. The adversary can impersonate any protocol party, such as NG or ${\mathrm{SM}}_j$, after monitoring a KM-protocol session and initiating another consequence session. Furthermore, following the proposed “SM” impersonation attack, “NG” and “SM” will be permanently desynchronized. The legitimate NG, on the other hand, can no longer communicate with the target ${\mathrm{SM}}_j$, whereas the adversary can communicate with ${\mathrm{SM}}_j$ at any time.

Minor changes to the KM-protocol were proposed to counter the proposed attacks and remedy the KM-protocol, which almost entirely prevent the aforementioned flaws at insignificant extra cost when compared to the original protocol.

It is worth noting that the KM-protocol sends the meter identifier, i.e., $I{D}_j$, over the public channel, which allows for a traceability attack and compromises the meter’s anonymity. This attack was taken into account in the proposed alternative; however, it is still possible to trace a meter as long as it has not participated in a successful session of the protocol. One simple solution is to mask its identifier in the first step, such as by sending $SI{D}_j=h(I{D}_j\parallel T{S}_j)$. Although the such protocol provides anonymity in this manner, the outcome is not scalable. It is possible to revise the protocol to provide scalability as well, but this will increase the protocol’s cost, so it is left for future work.