Non-Crypto Authentication for Smart Grid Based on Edge Computing

As a new computing architecture, edge computing has gradually penetrated into the smart grid and provide real time monitoring and control. However, as a new type of node arranged in the network, its own security protection has become an incredibly challenging task. Security authentication is the first line of defence for security protection. Due to its fast and light-weight characteristics, physical layer channel information access authentication technology for non-cryptographic packets is a potential identification method for the smart grid terminal access under the edge computing system, in which the real time response is incredibly important. This paper aims to investigate the physical layer authentication method compared with the traditional upper layer authentication technology, and an authentication scheme suitable for smart grid is proposed.


Introduction
A large number of smart terminals are deployed in the smart grid. They can realize the power grid status monitoring and power consumption interaction through communication, which makes the smart grid system vulnerable to message tampering and forgery, malicious node attacks, denial of service attacks (DoS), etc., so it is necessary to provide more effective security for the smart grid [1][2][3]. Message authentication can ensure the integrity and authenticity of messages [4][5][6]. But the traditional encryption based upper authentication mechanism has high computational complexity and time delay and is not suitable for real-time message authentication of intelligent terminal equipment with limited resources and energy.
Physical layer (PL) authentication technology is a kind of non-cryptographic authentication methods which can identify the uniqueness of the terminal through the characteristics of the physical layer and try to solve the security access problem of communication from the signal level [7-10]. It is not only lightweight, but also suitable for the access of massive heterogeneous terminals, which does not care about the upper layer protocol, or even do not need to know the detailed structure of the terminals' physical frame. This paper aims to investigate the PL authentication method compared with the traditional upper layer authentication technology, and an authentication scheme suitable for smart grid is proposed.

Edge Computing and PL Authentication
As a new computing architecture, edge computing has gradually penetrated into many fields and plays an important role. Because of the proximity, edge computing network architecture can provide better security than cloud computing architecture, but as a new type of node arranged in the network, its own security protection has become an incredibly challenging task.
When the security vulnerabilities in edge computing are exploited by hackers, the security of many access terminals and data can not be guaranteed, which will also threaten the security of the network. Therefore, the security protection system of the edge computing needs to be established and improved.
Security authentication is the first line of defence for security protection. Identity and authentication management functions run through the whole security service function level. The reliable identification of access terminal identity by edge devices is very important to protect the security of applications and data. In terms of its function, edge computing devices need to provide real-time response, so the secure access authentication methods need fast and light-weight. Therefore, fast and reliable secure access authentication for terminal devices on the edge side is a major security challenge faced by the edge computing system. At the same time, the computing resources of edge computing devices are much stronger than that of terminals, so it is very meaningful to make full use of the computing power of the edge side to develop a high security and fast authentication method suitable for edge computing architecture.

Figure 1. Edge computing and physical layer authentication
As the first entrance of data, edge computing has good real-time performance because of its natural distribution close to the terminal, which can well meet the needs of real-time response on the Internet of things and can also provide asymmetric resources. Specially, the identified accuracy of the PL authentication can be highly improved by the machine learning methods. However, training of these methods is cost resources. Under the edge computing system, such cost can be undertaken by the edge device and the terminal almost do nothing. Therefore, this authentication method is an authentication method with asymmetric resources. Compared with the terminal, the edge side can carry more complex computing and storage functions. When a terminal or node transmits data to the edge side, the edge side authenticates the data packet legally through the physical layer authentication. At the terminal, the terminal can extract channel information from the information packet for packet authentication without task redundancy, which makes the terminal or micro node hardly bear the computing load. At the same time, the computing resources of the edge side let the packet authentication to use machine learning and other methods for physical layer authentication.

The System Model of PL Authentication
In this section, the PL access authentication model is illustrated as Figure 2. The legitimate communication parties L and R conduct communication partners, and the illegal access node E also exists in the network. In this case, the edge device R can use the channel characteristics to identify whether the access node is consistent with its claim, that is, the physical layer authentication based on channel characteristics. In the following, we will use R for edge device, i.e. receiver, L for legal access node, and E for illegal access node Eve.  Assuming that there is a strong correlation between consecutive data frames, the time interval between the two frames is within the coherent time. If the two are close, it means that the sender is a legal access node L; if the two are not close, it means that the intention access node is an illegal access node E, thus, one verification is completed. Finally, a lot of data frames are continuously verified. Suppose R has successfully authenticated that the th k data frame is sent by L, and the error free channel information is LR k H ; the sender identity of the   1 th k  data frame is needed to verify, and the error free channel information is Zero hypothesis 0 : the channel information without error in the   1 th k  frame is equal to that in the th k frame, and the node to be accessed is the legal access node L; Alternative hypothesis 1 : the channel information without error in the   1 th k  frame is not equal to that in the th k frame, and the node to be accessed is illegal access node E.

The Proposed PL Authentication
Machine learning, as one of the hot topics in academic and industry, aims to improve computer algorithm and performance through continuous data analysis and learning. Its classification algorithm is various and suitable for different data types and scenarios. Combining machine learning with channel characteristics is a new exploration idea in the field of physical layer authentication. Decision tree, AdaBoost, support vector machine, k-nearest neighbour and ensemble learning all are belong to Machine learning, in which the training data dimension is one of the key problems.
The overall idea of the scheme is as follows: the edge device R collects and pre-processes the channel information of legal access node L and illegal access node E to form a binary data set. The training set is modelled by machine learning classification algorithm to train the classifier, and then the trained classifier is used to identify the access node. The details of the proposed scheme are presented as follows.
Step 1, the edge device R collects the channel state information (CSI) of transmission packets from the legal node L and illegal node E as following. Firstly, the edge device R collects and stores the initial CSI from legal node L as 11 LR H ， and stores the second frame CSI from legal node L as 21 where the subscript 2,1 denotes the first collection of the 2 th data frame. Then, the edge device R does the first CSI collection to the 3 th data frame and get 3,1 H that will be labelled as ,,

TTT.
Step 3, edge device R transfers the training set , , , ( , ), , , ( , ), , , ( , ), In SS , we have 2, , , , Step 4, the edge device R uses machine learning classification algorithm to train the "machine" according to the training set SS of the second classification to generate the final classifier.
Step 5, the edge device R extracts the packet CSI of the unknown node to be accessed as 3  、 、 based on the difference of channel information in any two combinations of three consecutive frames. The classifier with qualified authentication rate is used to judge whether the received packet is a legal access node or a faked illegal access node, so as to realize the packet identification. The unknown access node needs to be a trained user, that is, its channel information is collected and stored, because the binary classification learning here is supervision study.
Using two-dimensional features can avoid the contingency of using only one-dimensional features, and can improve the authentication rate of the points to be classified in theory, which has a good advantage to the heterogeneous smart grid terminals.

Conclusions
The non-crypto PL authentication scheme for the smart grid edge computing system is proposed, in which the training set is modelled by machine learning classification algorithm to train the classifier, and then the trained classifier is used to identify the access terminal. Two-dimensional features of CSI are used as training and test sets in the machine learning algorithms armed to improve the performance of PL authentication. This scheme makes full use of the computing power of the edge side to develop a high security and fast authentication method suitable for edge computing architecture, in which terminals do almost nothing and can keep high security.

Acknowledgments
This work is supported by the National major R & D program (No. 2018YFB0904900, 2018YFB0904905).