https://orcid.org/0000-0003-2666-6874
Figures
Abstract
The incorporation of information and communication technologies in the power grids has greatly enhanced efficiency in the management of demand-responses. In addition, smart grids have seen considerable minimization in energy consumption and enhancement in power supply quality. However, the transmission of control and consumption information over open public communication channels renders the transmitted messages vulnerable to numerous security and privacy violations. Although many authentication and key agreement protocols have been developed to counter these issues, the achievement of ideal security and privacy levels at optimal performance still remains an uphill task. In this paper, we leverage on Hamming distance, elliptic curve cryptography, smart cards and biometrics to develop an authentication protocol. It is formally analyzed using the Burrows-Abadi-Needham (BAN) logic, which shows strong mutual authentication and session key negotiation. Its semantic security analysis demonstrates its robustness under all the assumptions of the Dolev-Yao (DY) and Canetti- Krawczyk (CK) threat models. From the performance perspective, it is shown to incur communication, storage and computation complexities compared with other related state of the art protocols.
Citation: Mutlaq KA-A, Nyangaresi VO, Omar MA, Abduljabbar ZA, Abduljaleel IQ, Ma J, et al. (2024) Low complexity smart grid security protocol based on elliptic curve cryptography, biometrics and hamming distance. PLoS ONE 19(1): e0296781. https://doi.org/10.1371/journal.pone.0296781
Editor: Pandi Vijayakumar, University College of Engineering Tindivanam, INDIA
Received: August 19, 2023; Accepted: December 19, 2023; Published: January 23, 2024
Copyright: © 2024 Mutlaq et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
Data Availability: All relevant data are within the manuscript and its Supporting information files.
Funding: This work is supported by Natural Science Foundation of Top Talent of SZTU (grant No. 20211061010016). This work is partially supported by National Natural Science Foundation of China (61972263, 62073225), and the Stable Support Plan for Higher Education Institutions in Shenzhen (20200810113310001). The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript. Our authors did not receive any salary from the funders.
Competing interests: The authors have declared that no competing interests exist.
1. Introduction
Electrical grids comprise of networks that perform power generation, transmission as well as distribution. In this environment, there is need for communication and coordination with the power control centers so as to control and monitor the grid. To boost power supply quality, incorporate novel communication technologies, enhance efficient energy distribution and minimize energy consumptions, smart grids have been developed [1–4]. In essence, the smart grid (SG) integrates communication and information technologies with power systems so as to enhance reliability, efficiency and sustainable power management. In so doing, SG can potentially alleviate challenges of traditional grid systems such as delayed demand response (DR), blackouts and inefficiency in energy management. In addition, the SG can offer reliable energy distribution, live monitoring of energy consumption, two-way energy flow, better resource allocations, outages prediction and prevention, ideal real-time balance between energy demand and supply, as well as incorporation of micro energy generators such as solar power into the electricity grid. Authors in [5] point out that the SG’s advanced automation and distributed intelligence can provide fault detection, recovery as well as DR management. A typical SG comprises of smart meters, renewable energy resources, smart appliances, distribution networks [6], power plants and transmission networks. As discussed in [7], the SG facilitates the integration of cleaner energy technologies with energy management. This helps in enhancing efficiency and reliability in the power network. In this environment, the smart meter (SM) offers fine-grained home or enterprise power consumption information.
In spite of the numerous merits of the smart grids, many issues remain unresolved in these networks. For instance, the SG requires the deployment of numerous components for control and monitoring. This calls for the amalgamation of power resources at various levels, such as operating systems, cloud databases, networking and smart systems [8]. The massive flow of information in the distributed SG is exposed to many cyber attacks, which compromise its integrity, confidentiality and availability [9–11]. These attacks can have adverse effects on the consumers as well as the operation of the grid. As explained in [12], the SM is the point of contact with the SG and is the vulnerable link. Therefore, malicious SM endpoints may instigate attacks such as Sybil, false data injection, identity theft and consumption report altering. In addition, Denial of Service (DoS), data tampering, Man-in-the-Middle (MitM), impersonation, phishing, Sybil and spoofing attacks as being serious challenges in smart grids. On the other hand, eavesdropping, insertion, modification, deletion, forgery [13] and interception of exchanged messages have been noted in [14] to be critical issues that need urgent solution. Similarly, SGs have been noted in [15] to be susceptible to impersonation attacks, MitM, replays and session key disclosure. These attacks may effectively lead to the forwarding of erroneous feedback to the control center, and hence inappropriate decisions may be made [16]. It may also cause malicious consumption data to the SM, resulting in consumers being charged for energy that they have not utilized [17].
The transmission of messages between consumers and control centers over insecure wireless communications [18] is the major source of SG vulnerabilities. Since the SG security is firmly tied with the data exchange network, it is critical to enforce Authentication, Authorization and Access Control (AAA) at the device level [19]. As explained in [20], proper device identification and authentication can play central responsibility in the elimination of the above attacks. On the other hand, strong identification, management and authentication of SG devices can potentially aid in the prevention of password breaches, identity theft and impersonation [21]. Owing to the limited computation and communication capability of the SG components such as smart meters, lightweight and secure authentication and key agreement (AKA) schemes are needed in this environment. Although numerous AKA schemes have been developed for this purpose, they have various shortcomings that impede their effective deployments.
A. Motivation
The smart grids are susceptible to numerous attacks such as false command and data injections due to the message exchanges over the open transmission channels. These attacks can cause the utility centers to make erroneous decisions that may have adverse effects such as blackouts. It is also possible for consumer privacy to be compromised such that private information such as economic status, household occupancy and behavioral patterns are discerned. As such, great efforts have been made to develop security solutions in smart grids using techniques such as blockchain, elliptic curve cryptography, public key infrastructure, asymmetric key cryptography, and physical unclonable function. However, most of these approaches incur extensive computation, storage and communication complexities [22]. This limits their deployment in resource-limited smart grid components such as smart gas meters. In addition, most of the current security schemes have susceptibility to numerous attacks and fail to provide mutual authentication, anonymity, non-traceability and key freshness. There is therefore need for novel AKA protocols that address these challenges.
B. Research contributions
In this sub-section, the major contributions of the proposed protocol are summarized as follows:
- A protocol leveraging on elliptic curve, smart cards, Hamming distance and biometrics is developed for privacy and security enhancement in smart grid networks.
- Random nonces are deployed to uphold the freshness of the exchanged messages. This is shown to be crucial in the prevention of de-synchronization attacks that are common in most of the timestamp-based authentication schemes.
- Formal security is carried out through the BAN logic to demonstrate that the smart grid network entities successfully validate each other and negotiate session keys for traffic encryption.
- Extensive semantic analysis is executed, which shows that our protocol is robust under all the assumptions of the Canetti- Krawczyk and Dolev-Yao threat models.
- Comparative performance evaluation is effected, which shows that our protocol incurs lower computation, storage and communication complexities compared with other related schemes.
C. Paper organization
The rest of this paper is organized structures as follows: Section 2 discusses the related work, while Section 3 details the system model. Conversely, Section 4 presents the proposed protocol while Section 5 details its security analysis. This is followed by the performance analysis in Section 6, while Section 7 concludes the paper and gives future research directions.
2. Related work
Security and privacy issues in smart grids have attracted a lot of attention and research work from the industry and academia. As such, numerous AKA schemes have been proposed to address these challenges [23, 24]. For instance, a pairing based anonymous scheme is developed in [25]. However, this scheme is susceptible to ephemeral secret leakage and impersonation attacks [26]. Based on elliptic curve cryptography (ECC), a self-certified scheme is introduced in [27] for key distribution between the SM and control center. However, this technique is vulnerable to DoS attacks and cannot preserve session key security [28]. Similarly, the authentication approach in [29] is susceptible to session key disclosure and impersonation attacks [30]. To address the problems in [29], a provably secure AKA scheme is developed in [30]. Another important technology that can be used to offer energy management, reliability, privacy and security in distributed smart grid environment is the blockchain [31–33]. As such, a blockchain-based security protocol is presented in [15] to offer response management in smart grids. This approach is demonstrated to achieve mutual authentication, key agreement, resist various attacks and offer demand response integrity. However, the blockchain incurs heavy computation and storage overheads [34]. These challenges can be addressed by the scheme in [35]. Even though the authentication protocol in [35] offers efficient data aggregation, it is defenseless against MitM attacks due to lack of mutual authentication procedures. To protect against outsider and insider threats, an authorization and authentication scheme is developed in [36]. Alternatively, a protocol based on identities is introduced in [37] to boost the smart grid security levels. However, the protocol in [37] cannot offer anonymity and untraceability. The authors in [38] demonstrate that this scheme is susceptible to numerous attacks, and hence they introduce a novel lightweight protocol to overcome these security issues. Similarly, the key management protocol in [39] guarantees anonymity of the communicating entities. In addition, it has lower computation costs when compared with the scheme developed in [29]. However, the protocol in [39] is never evaluated against attacks such as privileged insider, known session-specific temporary information (KSSTI), spoofing and de-synchronization.
The Physical Unclonable Function (PUF) presents another valuable technology for providing high security levels at relatively low costs. As such, PUF-based protocols have been presented in [40–42] for the smart grids. The scheme in [41] does not necessitate the maintenance of secret keys for message exchanges with the aggregator. However, security schemes based on PUF technology have stability challenges due to the stochastic nature of PUF outputs. Conversely, an authentication scheme based on temporary credentials is introduced in [43] to secure the smart grid demand response. However, this protocol can support only one smart meter and hence has scalability issues. In addition, attackers can impersonate the Utility Center (UC) since it lacks initial verification on the UC side [44]. This setback can be addressed by the self-sovereign verification protocol in [7] as well as the anonymous authentication protocol in [45]. Although the protocol in [7] protects against masquerading and identity theft, the scheme in [45] is susceptible to DoS attacks [28]. To provide mutual authentication in smart grids, authors in [46] have introduced a pair-wise key generation scheme. However, this approach cannot uphold anonymity and confidentiality [28]. This problem is addressed by the password-based anonymous key agreement protocol in [47], which provides strong mutual authentication, confidentiality, anonymity, perfect forward key secrecy and non-traceability. Unfortunately, this scheme has some design flaws regarding its two points multiplication over the elliptic curve [48]. In addition, it cannot uphold session key security. Further, it is shown to be vulnerable to passive and active attacks which limit its applicability [40]. As such, an improved AKA protocol has been developed in [48]. Although this scheme offers mutual authentication and session key agreement, it is never evaluated against any attack vectors. In addition, it incorporates timestamps during mutual authentication and hence is vulnerable to de-synchronization attacks.
To boost the security in some of the two-factor authentication protocols discussed above, ECC-based AKA techniques have been introduced in [27, 28, 47–52] for industrial smart grids. However, the deployed ECC requires high communication and computation costs [14]. On the other hand, a masked symmetric key-based protocol is developed in [53]. However, attacks such as privileged insider, masquerading and replay are not considered in this scheme. Similarly, a symmetric key and message authentication code-based approach is presented in [54]. Unfortunately, the timestamp deployed in this protocol can potentially lead to clock synchronization problems [55]. This challenge is solved by the scheme in [56], even though this technique cannot verify two entities of the smart grid [57]. Alternatively, the three-factor user validation scheme developed in [51] is vulnerable to stolen mobile device and impersonation attacks [52]. As such, the authors in [52] have introduced an enhanced three-factor AKA protocol to overcome these challenges. Similarly, an AKA scheme for securing demand response is presented in [58]. Unfortunately, since this technique is based on the traditional power grid system, it is inefficient and is unable to offer demand response records integrity. Based on the above discussion, it is clear that most of the current schemes for security and privacy protection in the smart grids have numerous challenges that render them unsuitable for deployment in smart grids. In addition, some of the schemes such as the one in [57] require the involvement of third parties during the establishment of secure communication among the smart grid devices. This inadvertently presents a single point of failure and may result in privileged insider attacks when this third turns out to be malicious. On the other hand, most of the Public-Key-Infrastructure (PKI) based schemes such as the ones in [35, 59, 60], and asymmetric key cryptography based schemes require heavy execution and bandwidth requirements. This is obviously not suitable for smart grid components such as smart gas meters. Although ECC-based techniques such the ones in [61, 62] have reduced computation overheads compared with PKI-based schemes, the smart meters still need to carry out computationally extensive operations. Additionally, the scheme in [61] does not consider privacy protection during the AKA procedures [55]. On its part, the Diffie-Hellman and digital signature-based scheme in [63] incurs high computation and communication costs during signature generation and verification. On the other hand, anonymous authentication scheme is presented in [64] while efficient security protocols are developed in [65, 66]. Conversely, multi-factor authentication schemes are presented in [67, 68] while a blockchain-based protocol is introduced in [69]. However, the protocols in [64–66, 68] have not been evaluated against attacks such as de-synchronization and KSSTI. Similarly, the scheme in [67] has not been evaluated against attacks such as forgery and privileged insider. On the other hand, the blockchain deployed in [69] renders this scheme inefficient [70]. Consequently, the development of novel AKA protocols to address these challenges cannot be overemphasized.
To overcome some of the above challenges, this paper leverages on ECC, Hamming distance and fuzzy extraction to develop a provably secure security scheme. The biometric authentication is facilitated by fuzzy extraction and Hamming distance, while ECC helps in the generation of the random nonces. It is shown that biometric authentication renders our protocol robust against attacks such as privileged insider, guessing and masquerading. On the other hand, the ECC-facilitated random nonces offer untraceability and anonymity. They also help defend against attacks such as de-synchronization, man-in-the-middle (MitM), KSSTI and forgery. These cryptographic primitives are also demonstrated to be lightweight compared to other approaches such as PKI and blockchain.
3. System model
This section describes some mathematical preliminaries, threat model as well as the security requirements of the proposed scheme.
A. Mathematical preliminaries
The proposed security scheme is based on ECC, Hamming distance and fuzzy extraction. Compared with other public-key cryptosystems such as Rivest, Shamir and Adleman (RSA), ECC provides equivalent security level but with shorter key sizes. This is beneficial to resource-limited setting [62] exampled by Internet of Things (IoT) and many smart grid edge devices. In this section, we introduce some mathematical formulations for the basic building blocks of the proposed protocol. This includes hamming distance, fuzzy extraction and elliptic curve cryptography formulations as discussed below.
1) Hamming distance.
The Hamming distance plays a critical role during the exchange of information over noisy communication media. During this process, the following 3 definitions hold:
Definition 1: Suppose that the sender wants to forward message Msg = {0, 1}q. The Hamming distance comes handy in fuzzy commitment procedures that facilitate correct transmission of Msg to the receiver. Here, the error correction code (ECC) comprises of code-phrases CS ⊆ {0, 1}ℕ. At the sender, message Msgi ∈ Msg is mapped to an element in CS before being transmitted.
Definition 2: For increased levels of redundancy, ℕ > q. A typical ECC has two functions, for translation and decoding. Let us denote translation function as t and decoding function as d. As such:
In this regard, d maps ℕ—bit string s to the nearest code-phase in CS in terms of the Hamming distance (HD). If this mapping is not successful, then d outputs Ω.
Definition 3: Suppose that d has a correction threshold of CT. Then, for some code-phrase RC ∈ CS, error term ET ∈ {0, 1}ℕ with hamming weight ||ET|| ≤ CT, the mapping is executed as follows:
2) Fuzzy extraction.
During biometric authentication process, the fuzzy commitment procedures play a crucial role in validating the input template. In this regard, the following definitions are critical.
Definition 4: Suppose that h: {0,1}ℕ → {}ℙ is a secure hash function. Taking W as an ℕ—bit witness, then the sender can deploy the fuzzy commitment technique F: ({0,1}ℕ, ({0,1}ℕ) → ({0,1}ℙ, ({0,1}ℕ) to commit a code-phrase RC ∈ CS using W as F (RC,W) = (ē, ū). Here, ē = h (RC) and ū = W⊕RC.
Definition 5: Provided that W* is fairly close to W, then it can be deployed to decipher commitment F (RC,W) = (ē, ū). In essence, W* need to be exactly equivalent to W. For any successful deciphering, the receiver need to derive RC* = f (W*⊕ū). Since ū = W⊕RC, then RC* = f (W*⊕ū) = f (RC⊕(W*⊕W)).
Definition 6: To validate the sender, the receiver checks whether ē ≟ h (RC*). Upon successful verification, the deciphering process is treated as being valid. Otherwise, W*is treated as malicious and the sender is flagged as such.
Definition 7: In the field of biometric authentication, the input biometric data Bioi* is not always exactly similar to the biometric template Bioi. This constitutes noise in this data and hence can be deployed in the fuzzy commitment procedures. In essence, Bioi is treated as W and therefore RC can be deciphered using input biometric W* that is fairly close to W.
3) Elliptic curve cryptography.
Suppose that Zp = {0, 1,…, p − 1}, where p > 3. We also let δ1, δ2 ∈ Zp be constants such that (mod p). Then, the definitions below describe the elliptic curve properties and procedures:
Definition 8: A non-singular elliptic curve (EC)y2 = s3+ δ1s+ δ2 over the Galois finite field GF(p) is a set Ep (δ1, δ2) of the solutions (s, y) ∈ Zp × Zp to the congruence y2 ≡ s3+ δ1s+ δ2 (mod p).
Definition 9: Suppose that P = (sP, yP), Q = (sQ, yQ) ∈ Ep (δ1, δ2) and Ø is the zero point or point at infinity. Under this condition, sQ = sP and yQ = -yp when P + Q = Ø. In addition, P + Ø = Ø + P = P, for all P ∈ Ep (δ1, δ2).
Definition 10: Taking # ǹ as the number of points on Ep (δ1, δ2), then in accordance with Hasse’s theory, the inequality below holds:
This means that there are p points on Ep (δ1, δ2) over Zp. Additionally, Ep (δ1, δ2) constitute commutative group in accordance with addition modulo p operation.
Definition 11: In accordance with the EC point addition, we take P and Q as two points on the EC Ep (δ1, δ2). Then Ǻ = (sǺ, yǺ) = P + Q is derived as described below:
where
Definition 12: Based on the elliptic curve point multiplication (scalar multiplication), we let P ∈ Ep (δ1, δ2). Then, 6P implies repeated additions such that 6P = P + P + P + P + P + P.
B. Threat model
The Dolev-Yao (DY) and Canetti- Krawczyk (CK) threat models are frequently utilized in the semantic evaluation of authentication schemes. Therefore, this paper adopts these two threat models, in which it is assumed that adversary Å:
- Can forge, delete, reuse, change, insert, block and eavesdrop the messages exchanged across the insecure communication channels.
- Has the potential and capability of physically accessing the smart grid components such as the smart meter and extract secret security tokens stored in its memory. This is facilitated using techniques such as side-channeling.
- Upon obtaining the smart meter security parameters, Å can launch attacks such as spoofing, forgery, guessing, de-synchronization, KSSTI, replay, masquerading, man-in-the-middle and privileged insider.
- Can capture session keys as well as their intermediary states.
C. Security requirements
To provide enhanced message protection in the smart grid environment, the following goals need to be fulfilled:
- Anonymity: This property ensures that user and smart meter real identities cannot be discerned from any messages captured over the transmission channel.
- Untraceability: An attacker who successfully intercepts the message exchange process between the smart meter and the smart grid server should not be in a position to associate any communication sessions to a specific user or smart meter.
- Mutual Authentication: All the communicating entities should verify each other’s identity before they can commence message exchanges.
- Session Key Negotiation: After successfully validation procedures, the smart grid entities must agree on some shared key that they will utilize to protect the exchanged messages.
- Attacks Resilience: It should be cumbersome for the adversary to launch common smart grid attacks such privileged insider, spoofing, physical capture, smart card loss, forgery, replay, masquerading, de-synchronization, guessing, KSSTI, and man-in-the-middle attacks.
4. The proposed protocol
The proposed protocol involves three entities which include the Smart Meter (SMi), User (Ui) and Smart Grid Server (SGSi) as shown in Fig 1. Here, the SMi collects energy consumption information from the consumers and forwards the same to the SGSi located at the utility control center. As illustrated in Fig 1, the communication channel between SMi and SGSi is the public internet.
Depending on the received consumption reports from the SMi, decisions are made by the SGSi regarding energy adjustments. In this context, the Ui refers to the system administrator located at the utility control center. Table 1 details the symbols used in this paper.
From the execution perspective, this scheme comprises of 7 phases: system initialization, smart meter registration, user registration, login, authentication, session negotiation, and finally password change. The sub-sections below discuss the details of each of these phases.
A. System initialization
In this scheme, the smart grid server SGSi is a trusted entity that bridges the communication between the smart meter SMi and user Ui. During the initialization phases, the security tokens applicable during the subsequent registration, login, authentication and key establishment phases are derived.
Step 1: The SGSi selects elliptic curve additive group G over some finite field Fp, where P is the generator, whose order is a large prime number ℕ.
Step 2: The SGSi generates random nonce and sets it as its clandestine key. Next, the SGSi derives its corresponding public key PK = PR1. Next, the SGSi chooses SGSMK as its master key. The keys R1 and SGSMK will be used later during the registration, login and authentication phases to derive ephemeral parameters.
Step 3: Security parameters R1 and SGSMK are secretly kept by the SGSi in its database. Next, it publishes parameter set {P, E (Fp), PK, G}. All these security parameters are deployed by the network entities to compute intermediary tokens during the registration, login, authentication and key negotiation phases. Fig 2 presents the diagrammatical depiction of these steps.
B. Smart meter registration
Before the deployment of the smart meters, they must generate and be assigned security parameters that they store in their memories. These parameters are then used during login phase and also to authenticate these smart meters to the smart grid network. To realize this, the two steps described below are executed.
Step 1: The smart grid server SGSi chooses value SMIDi as the identity of smart meter SMi. Next, it derives SKS-SM = h (SMIDi||SGSMK) as the secret key between SGSi and SMi as shown in Fig 2.
Step 2: The SGSi composes registration message Reg1 = {SMIDi, SKS-SM} which is forwarded to the SMi for private buffering in its memory. Finally, smart meter SMi is deployed in particular premises.
C. User registration
In smart grids, the users may be interested in accessing the smart grid data deployed in some given premises. It is therefore important that all users be registered at the smart grid server SGSi as shown in Fig 2. This registration is important as the users are assigned parameters that they will deploy during the subsequent login, authentication and session key establishment phases. This phase is executed using the five steps described below.
Step 1: The user Ui chooses some unique user identity UIDi and strong password PWi. Next, the user Ui generates random nonce R2 that is used to derive parameter A1 = h (R2||PWi).
Step 2: The user imprints biometric Bioi on the reader device. Next, the user registration request Reg2 = {UIDi, A1, Bioi} is composed and transmitted over to the SGSi across secure communication channels.
Step 3: After getting registration request Reg2 from Ui, the SGSi selects some random code-phrase RCi ∈ CS for this particular user. Next, it derives F (RCi, Bioi) = (ē, ū), where ē = h (RCi) and ū = RCi ⊕ Bioi.
Step 4: The SGSi derives parameter A2 = h (UIDi||A1||RCi) and A3 = h (UIDi||SGSMK)⊕h (A1||RCi). Afterwards, the SGSi stores parameter set {ē, f (.), ū, A2, A3, PK} in Ui’s smart card USC. Next, it composes registration response message Reg3 = {USC} that is sent to Ui over secure channels. Finally, the SGSi buffers UIDi in its database.
Step 5: On getting this smart card, the user appends R2 into it. As such, the smart card now holds parameter set {ē, f (.), ū, A2, A3, PK, R2}. Algorithm 1 below summarizes the system initiation, user registration and smart meter registration processes.
Algorithm 1. System Initiation, User and Smart Meter Registration
Begin
# ***System Initialization***
Choose G over Fp and generate random nonce R1 as private key
Derive corresponding public key as PK and master key as SGSMK
Secretly keep R1 and SGSMK at SGSi and publish parameter set {P, E (Fp), PK, G}
#****Smart Meter Registration***
Choose SMIDi as smart meter SMi’s identity
Set SKS-SM as secret key between smart grid server SGSi and smart meter SMi
Privately store parameter set {SMIDi, SKS-SM}in smart meter SMi’s memory
Deploy SMi in its application domain
#***User Registration***
Select user identity and password as UIDi and PWi respectively
Generate random nonce R2 and derive A1
Imprint user biometric Bioi into the reader, compose registration message Reg1 then forward it to SGSi
Select random code-phrase RCi then derive values F (RCi, Bioi), A2 and A3
Store values {ē, f (.), ū, A2, A3, PK} in smart card USC
Construct registration message Reg2 then forward it to user Ui
Buffer user identity UIDi in smart grid server SGSi’s database
Append random nonce R2 to smart card USC
End
D. Login, mutual authentication and session negotiation phase
The aim of this phase is to ensure that all users and smart meters accessing the smart grid server are legitimate entities and hence protect the network against attacks. In addition, the session key is derived which will be used to encipher the data exchanged among the users, smart meters and smart grid servers. To accomplish this, user biometric data Bioi*, password PWi, user identity UIDi and smart card USC are deployed. Here, the USC buffers the security tokens that the user utilizes to derive ephemeral security parameters. This is an 8 step process as described below. Algorithm 2 gives the summary of the login, mutual authentication and session negotiation phase.
Step 1: The user the inserts USC into its reader device before imprinting biometric Bioi*. Thereafter, the smart card computes . Since ū = RCi⊕Bioi), then RCi* can also be expressed as
.
Step 2: The smart card confirms whether h (RCi*) ≟ē = h (RCi). Essentially, the session is aborted whenever this verification flops. This means that the user has to initiate another login attempt. Otherwise, this particular user has successfully passed the biometric authentication.
Step 3: The user inputs identity UIDi and password PWi after which parameter A2* = h (UIDi|| h (R2||PWi||RCi*) is derived. This is followed by the checking of whether A2* ≟ A2 such that the session is aborted when these two parameters are not equivalent. Consequently, the user must re-enters the correct values for UIDi and PWi. Otherwise, the user’s UIDi and PWi have been successfully verified by the smart card.
Step 4: The USC chooses some arbitrary nonce R3 and parameter . Next, it computes security parameters A4 = A3⊕h (h(R2||PWi||RCi*), A5 = ñP, B1 = ñPK = ñPR1, B2 = UIDi⊕B1, B3 = A4⊕R3, B4 = h (UIDi||R3)⊕SMIDi and B5 = h (A4||SMIDi||B1||R3). Finally, it constructs login request message LogReq = {A5, B2, B3, B4, B5} that is sent to the SGSi as illustrated in Fig 3.
Step 5: On receiving login request LogReq, the SGSi computes parameters B1* = A5R1 = ñPR1 and UIDi* = B2⊕B1*. Next, it confirms whether the derived identity UIDi* is in its database such that the login request is rejected if it is not. When this happens, the SGSi must request the user to resend valid message LogReq. Otherwise, the SGSi computes A4* = h(UIDi*||SGSMK), R3* = B3⊕A4*, SMIDi* = B4⊕h(UIDi*||R3*) and B5* = h (A4*||SMIDi*||B1*||R3*). It then checks whether B5* ≟ B5 such that the session is aborted if these parameters are not identical. Once again, the SGSi prompts the user to re-forward valid message LogReq. Otherwise, the SGSi generates some arbitrary nonce R4 that it deploys to re-compute secret key SKS-SM* = h (SMIDi*||SGSMK), C1 = UIDi*⊕SKS-SM*, C2 = R4⊕h(UIDi*||SKS-SM*), C3 = R4⊕R3* and C4 = h (UIDi*|| SMIDi*||SKS-SM*||R3*||R4). Finally, it composes authentication message Auth1 = {C1, C2, C3, C4} which it forwards to the SMi.
Step 6: Upon getting hold of message, the SMi derives UIDi** = C1⊕SKS-SM, R4* = h (UIDi**||SKS-SM)⊕ C2, R3** = R4*⊕C3 and C4* = h (UIDi**||SMIDi||SKS-SM||R3**||R4*). It then checks whether C4* ≟ C4 such that the session is aborted on condition that this validation flops. Here, SMi requests the SGSi to resend valid login message Auth1. Otherwise, the SMi generates arbitrary nonce R5 that it utilizes to compute C5 = R5⊕SKS-SM, ɸM = h (UIDi**||SMIDi||R3**||R4*||R5) and D1 = h (SKS-SM||ɸM||R5). At the end, the SMi composes authentication message Auth2 = {C5, D1} that is sent to the SGSi.
Step 7: Once it has obtained message Auth2, the SGSi derives R5* = C5⊕SKS-SM*, ɸS = h (UIDi*||SMIDi*||R3*||R4||R5*) and D1* = h (SKS-SM*||ɸS||R5*). Next, it confirms whether D1* ≟ D1 such that the session is rejected when this validation flops. When this happens, SGSi must prompt the SMi to re-forward valid authentication message Auth2. Otherwise, the SGSi derives D2 = A4*⊕R4, D3 = R3*⊕R5* and D4 = h (UIDi*||ɸS||R4||R5*). Finally, the SGSi constructs authentication message Auth3 = {D2, D3, D4} that is forwarded to user Ui.
Step 8: Upon obtaining message Auth3, user Ui computes R4** = D2 ⊕ A4, R5** = D3 ⊕ R3, ɸU = h (UIDi||SMIDi||R3||R4**||R5**) and D4* = h (UIDi||ɸU||R4**||R5**). Thereafter, it validates whether D4* ≟ D4 such that the session is terminated whenever this verification fails. Once again, the user has to prompt the SGSi for the correct authentication message Auth3.
Algorithm 2. Login, Mutual Authentication and Session Negotiation
Begin
#***Login***#
Insert USC to the card reader and imprint Bioi*
Compute RCi*
IF h (RCi*) ! = ē ! = h (RCi) THEN:
Terminate session
ELSE: Biometric authentication passed
ENDIF
Input UIDi, PWi and derive A2*
IF A2* ! = A2 THEN:
Abort session
ELSE: UIDi, PWi have passed verification
Select R3, ñ and derive A4, A5, B1, B2, B3, B4 & B5
Construct LogReq and forward it to SGSi
Derive B1*and UIDi*
IF UIDi* is not in database THEN:
Deny login request
#***Mutual authentication and session negotiation***#
ELSE: compute A4*, R3*, SMIDi* and B5*
IF B5* ! = B5THEN:
Abort session
ELSE: Generate R4 and derive SKS-SM*, C1, C2, C3 and C4
Compose Auth1 and forward it to SMi
Derive UIDi**, R4*, R3** and C4*
IF C4* ! = C4THEN:
Terminate session
ELSE: Generate R5 and compute C5, ɸM & D1
Compose Auth2 and forward it to SGSi
Derive R5*, ɸS & D1*
IF D1* ! = D1THEN:
End session
ELSE: Compute D2, D3 & D4
Construct Auth3 and forward it to Ui
Derive R4**, R5**, ɸU and D4*
IF D4* ! = D4 THEN:
Terminate session
ELSE: Set session key as ɸU = ɸS = ɸM
ENDIF; ENDIF; ENDIF;
ENDIF; ENDIF; ENDIF;
End
Otherwise, the user, smart meter and the smart grid server have successfully authenticated each other. In addition, these three entities share session key ɸU = ɸS = ɸM. As such, the user can now access the smart meter data through the smart grid server.
In Algorithm 2, the expected outcomes or state changes in each step of Algorithm 2 are the various transient security parameters derived during the login, mutual authentication and session negotiation procedures.
E. Password change phase
This stage is triggered whenever the user password is compromised. It can also be triggered if the security policy advocates for periodic password change. The following 4 steps are executed during this phase. Algorithm 3 summarizes the password change phase.
Step 1: The user Ui inserts USC into its reader and imprints biometric data Bioi* on the special device. Afterwards, the smart card derives parameter RCi*and confirms whether h (RCi*)≟ ē = h(RCi). Here, the session is aborted if this verification flops. When this occurs, the user is prompted to re-enter correct values for the biometric data Bioi*.
Step 2: Provided that the validation in Step 1 is successful, the user has successfully passed the biometric confirmation process. Next, the Ui inputs UIDi and PWi upon which parameter A2* is derived.
Step 3: The USC validates the derived parameter A2* against A2 such that the password change request is turned down if these two parameters are disparate. At this juncture, the user is prompted to re-enter correct values for UIDi and PWi. However if they are equivalent, the USC permits Ui to input new password PWiNew.
Step 4: The USC derives security parameters A2New = h (UIDi||h(R2||PWiNew)||RCi*) and A3New = A3 ⊕ h(h(R2||PWi)||RCi*) ⊕ h(h(R2||PWiNew)||RCi*). Finally, the smart card substitutes security parameter set {A2, A3} with their refreshed counterparts {A2New, A3New}.
Algorithm 3. Password Change
Begin
Insert USC into the card reader and imprint Bioi*
Derive RCi*
IF h (RCi*)! = ē! = h(RCi) THEN:
Abort session
ELSE: Biometric authentication passed
Input UIDi and PWi
Derive A2*
IF A2* ! = A2THEN:
Reject password change request
ELSE: Permit Ui to input PWiNew
Derive A2New and A3New
Substitute {A2, A3} with {A2New, A3New}
ENDIF
ENDIF
End
Algorithm 3 is basically a summary of the Password Change Phase and hence all the validations and changes occurring are captured in step 1 to step 4 of this phase.
5. Security analysis
In this section, the most outstanding security characteristics offered by our scheme are both formally and semantically analyzed as described below.
A. Formal security analysis
To show that strong mutual authentication and common session keys negotiation are carried out among the Ui, SGSi and SMi, the Burrows-Abadi-Needham logic (BAN logic) is deployed. Table 2 presents the BAN logic notations deployed during this proof.
During the BAN logic analysis, the BAN logic rules in Table 3 are deployed.
For strong privacy and security enhancement in smart grids, the eight goals in Table 4 must be satisfied.
To proof the security goals in Table 4 above, the following initial state assumptions (ISA) are made.
To effectively execute the BAN logic proofs, the messages transmitted during the login, authentication and key negotiation phases are converted into idealized format as follows.
LogReq: Ui → SGSi: {A5, B2, B3, B4, B5}
Auth1: SGSi → SMi: {C1, C2, C3, C4}
Thereafter, using the above initial state assumptions, BAN logic rules and idealized messages, the above formulated security goals are proofed as follows.
Based on the idealized LogReq, SR is applied to yield BAN logic proof 1 (BP1)
Using the MMR and ISA6 on BP1, we get BP2
On the other hand, FPR, ISA1 and NVR are used in BP2 to yield BP3
Based on BP3, ISA6, ISA12 and JR, we obtain BP4
Applying the SKR on BP4 results in BP5
and hence G-5 is achieved.
On the other hand, ISA12 and NVR are utilized in BP5 to obtain BP6
effectively fulfilling G-6
However, applying SR to both idealized Auth1 and Auth3 results in BP7
Using ISA9 and the MMR on BP7 yields BP9
On the other hand, applying ISA4 and the MMR on BP8 results in BP10
Based on FPR, NVR, ISA2, ISA14 and BP9, we get BP11
However, according to FPR, NVR, BP10, ISA2 and ISA11, BP12 is obtained
According to JR, ISA11 and BP12, we obtain BP13
The application of the SKR on BP13 results in BP14
Therefore, G-1 is achieved.
Based on BP13 and ISA14, SKR is deployed to yield BP15
As such, G-2 is realized.
Conversely, SKR is applied on BP14 to yield BP16
This effectively attains G-3.
Similarly, the application of SKR on BP14, ISA5 and ISA11 results in BP17
This means that G-4 is realized.
Applying SR idealized to Auth2 results in BP18
Next, the MMR is utilized in ISA7 and BP18 to get BP19
Based on ISA3 and BP19, FPR and NVR are applied to get BP20
This is followed by the application of JR to ISA7, ISA13 and BP20 to obtain BP21
According to ISA8, the usage of SKR in BP21 yields BP22
effectively realizing G-7.
Finally, SKR is applied to ISA13, ISA15 and BP21 to get BP23
This attains G-8.
The BAN logic proofs executed above confirms the attainment of mutual AKA procedures among the smart grid entities. In addition, it affirms the negotiation of session keys ɸS = ɸU = ɸM between the Ui and SMi with the help of the SGSi.
B. Informal security analysis
In this sub-section, our scheme is shown to be robust under all the assumptions of the Dolev-Yao (DY) and Canetti- Krawczyk (CK) threat models. To accomplish this, the following lemmas are devised and proofed.
Lemma 1: Privileged insider and masquerading attacks are prevented.
Proof: The assumption made here is that highly privileged entities such as the smart grid server administrator is interested in obtaining the registration information for some particular users. Afterwards, an attempt is made to impersonate this particular user Ui. During Ui registration with the SGSi, registration request Reg1 = {UIDi, A1, Bioi} is transmitted. Suppose that adversary Å wants to recover user password PWi from A1, where A1 = h (R2||PWi). However, PWi is encapsulated in random nonce R2 before being one-way hashed. Mathematically, it is impossible to reverse the one-way hash function. As such, the recovery of PWi from A1 is not possible. Therefore, masquerading and privileged insider attacks are thwarted.
Lemma 2: This protocol is robust against replay and de-synchronization attacks
Proof: In this protocol, random parameters R3, ñ, R4 and R5 are incoporated in the exchanged messages. For instance, message LogReq, Auth1, Auth2 and Auth3 all incorporate random parameters. Here, LogReq = {A5, B2, B3, B4, B5}, Auth1 = {C1, C2, C3, C4}, Auth2 = {C5, D1}, Auth3 = {D2, D3, D4}, A5 = ñP, B2 = UIDi⊕B1, B1 = ñPK = ñPR1, B3 = A4⊕R3, B4 = h (UIDi||R3)⊕SMIDi, B5 = h (A4||SMIDi||B1||R3), SMIDi* = B4⊕h(UIDi*||R3*), SKS-SM* = h (SMIDi*||SGSMK), C1 = UIDi* ⊕ SKS-SM*, C2 = R4 ⊕ h(UIDi*||SKS-SM*), C3 = R4 ⊕ R3*, C4 = h (UIDi*||SMIDi*||SKS-SM*||R3*||R4), C5 = R5 ⊕ SKS-SM, D1 = h (SKS-SM||ɸM||R5), D2 = A4*⊕R4, D3 = R3*⊕R5* and D4 = h (UIDi*||ɸS||R4||R5*). Whereas R3 and ñ are generated by the user Ui, R4 is generated at the SGSi. On the other hand, random nonce R5 is generated at the SMi. These random parameters ensure the freshness of the exchanged messages during a given communication session. However, in most schemes replay attacks prevention involve timestamps. Unfortunately, attackers can easily mount de-synchronization attacks riding on the deployed timestamps. Since the proposed protocol is devoid of timestamps, de-synchronization attacks are not possible.
Lemma 3: Smart meter anonymity and untraceability are preserved.
Proof: During the login and authentication phases, messages LogReq, Auth1, Auth2 and Auth3 are exchanged. Here, LogReq = {A5, B2, B3, B4, B5}, Auth1 = {C1, C2, C3, C4}, Auth2 = {C5, D1}, Auth3 = {D2, D3, D4}, C1 = UIDi*⊕SKS-SM*,C2 = R4⊕h(UIDi*||SKS-SM*), C3 = R4⊕R3*, C4 = h (UIDi*||SMIDi*||SKS-SM*||R3*||R4), C5 = R5⊕SKS-SM, D1 = h (SKS-SM||ɸM||R5), D2 = A4*⊕R4, D3 = R3*⊕R5*, D4 = h (UIDi*||ɸS||R4||R5*), A5 = ñP, B2 = UIDi⊕B1, B1 = ñPK = ñPR1, B3 = A4⊕R3, B4 = h (UIDi||R3)⊕SMIDi and B5 = h (A4||SMIDi||B1||R3). Clearly, none of these messages carry the plain-text smart meter identity SMIDi*. Although parameter C4 contain SMIDi*, it is encapsulated in other security parameters before being enciphered using one-way hashing function h(.). Suppose that an attacker Å wants to recover SMIDi* from LogReq. However, this requires knowledge of the SGSi secret key R1 and master key SGSMK. The inclusion of random nonces in the exchanged messages ensures that these messages are dynamically changed after each communication session. As such, it is cumbersome for Å to trace diverse sessions initiated by particular smart meters.
Lemma 4: The entities mutually authenticate each other and negotiate session keys.
Proof: In this scheme, the SGSi is a trusted entity and serves to bridge the communication between Ui and SMi. The mutual authentication among these three communicating entities is both implicit and explicit. During the login procedures, Ui constructs and transmits login request message LogReq = {A5, B2, B3, B4, B5} to the SGSi. Upon receiving this message, the SGSi utilizes R1 to recover UIDi* = B2⊕B1*. Here, B1* = A5R1, B1 = ñPK = ñPR1 and B2 = UIDi⊕B1. It then confirms if UIDi* is in its database such that the login request is denied if it is not. To authenticate Ui, the SGSi re-computes A4*, R3*, SMIDi* and B5*. Here, A4* = h(UIDi*||SGSMK), R3* = B3⊕A4*, SMIDi* = B4⊕h(UIDi*||R3*) and B5* = h (A4*|| SMIDi*||B1*||R3*). This is followed by the confirmation of whether B5* ≟ B5 such that the session is aborted if these parameters are dissimilar. On the other hand, upon receiving authentication message Auth1 from the SGSi, SMi uses SKS-SM to re-compute parameters UIDi**, R4*, R3** and C4*. Here, UIDi** = C1⊕SKS-SM, R4* = h (UIDi**||SKS-SM)⊕ C2, R3** = R4*⊕C3 and C4* = h (UIDi**||SMIDi||SKS-SM||R3**||R4*). Thereafter, the SGSi is authenticated by checking whether C4* ≟ C4 such that the session is rejected if this validation flops. Similarly, upon receiving authentication message Auth2 = {C5, D1} from the SMi, the SGSi re-calculates parameter R5* using SKS-SM*. Next, it computes the session key ɸS = h (UIDi*||SMIDi*||R3*||R4||R5*) together with parameter D1* = h (SKS-SM*||ɸS||R5*). This is followed by the confirmation of whether D1* ≟ D1. Alternatively, after receiving authentication message Auth3 from SGSi, the user Ui re-computes parameters R4** and R5** before deriving session key ɸU together with security parameter D4*. Finally, Ui authenticates the SGSi by checking whether D4* ≟ D4. Clearly, all the three entities have successfully authenticated each other and derived session key for traffic enciphering.
Lemma 5: User untraceability and anonymity are upheld.
Proof: The goal of this security property is to conceal the user’s real identity from possible adversaries. This effectively helps foster high privacy in sensitive application domains such as in smart grids where captured consumption reports can aid attackers to discern the status of home occupancy. In our scheme, the user’s real identity is never sent in plain-text in any of the exchanged messages. The parameters B2 = UIDi⊕B1 and C1 = UIDi*⊕SKS-SM* encapsulate UIDi in login message LogReq = {A5, B2, B3, B4, B5} and authentication message Auth1 = {C1, C2, C3, C4}. Using master key R1, the SGSi can to re-compute B1* = A5R1 = ñPR1 and UIDi* = B2⊕B1*. On the other hand, on receiving Auth1 from the SGSi, the SMi utilizes secret key SKS-SM to re-compute this identity as UIDi** = C1⊕SKS-SM. Therefore, without knowledge of R1 and SKS-SM adversary Å is unable to recover user identity from the exchanged messages. To uphold untraceability, Å should be unable to trace diverse sessions initiated by a particular user based on the captured exchanged messages. To accomplish this, random nonces R3 and ñ are generated by Ui for each of these communication sessions. As such, the login message LogReq = {A5, B2, B3, B4, B5} is different for each session. Here, A5 = ñP,B1 = ñPK, B2 = UIDi⊕B1, B3 = A4⊕R3, B4 = h (UIDi||R3)⊕SMIDi and B5 = h (A4||SMIDi||B1||R3).
Lemma 6: This protocol protects against smart card loss attacks.
Proof: The objective of this adversary is to deploy side-channeling techniques such as power analysis to discern the tokens buffered in the smart card. In the proposed protocol, the USC holds parameter set {ē, f (.), ū, A2, A3, PK, R2}. Here, ē = h (RCi), ū = RCi⊕Bioi, A2 = h (UIDi||A1||RCi), A1 = h (R2||PWi) and A3 = h (UIDi||SGSMK)⊕h (h (R2||PWi)||RCi). On the other hand, RCi is the code-phrase chosen by the SGSi. Similarly, R2 is the random nonce generated by the user Ui. The assumption made is that adversary Å has stolen the USC and is interested in recovering user identity UIDi and password PWi. To retrieve both UIDi and PWi from A2, Å must be in possession of RCi and be able to reverse the one-way hashing function h(.). Similarly, any successful recovery of UIDi and PWi from A3 requires reversing h(.) and knowledge of RCi and smart grid server master key SGSMK. Owing to unavailability of both RCi and SGSMK coupled with the difficulty of reversing h(.) implies the resilience of these attacks.
Lemma 7: This scheme is resilience against forgery attacks.
Proof: The goal of this attack is to deploy intercepted messages exchanged over public channels to discern security parameters belonging to the communicating entities. Thereafter, attempts are made to falsify messages such that they appear to emanate from valid entities. Suppose that an adversary Å is interested in falsifying login request message LogReq = {A5, B2, B3, B4, B5}. To achieve this, Å needs to recover user identity UIDi and parameter A4 = A3⊕h (h(R2||PWi||RCi*). However, based on Lemma 5, UIDi cannot be recovered from the publicly exchanged messages. On the other hand, the adversary needs password PWi, R2 and RCi* to correctly re-compute A4. Suppose that Å has access to the user’s smart card USC. However, based on Lemma 6, the adversary is unable to falsify the user using the security tokens in the USC. On the other hand, any successful falsification of the SGSi messages calls for the knowledge of private key R1 and master key SGSMK. Since these parameters cannot be eavesdropped over the public channel, this attack fails. Similarly, Å cannot falsify SMi messages devoid of secret key SKS-SM, where SKS-SM* = h (SMIDi*||SGSMK).
Lemma 8: KSSTI attack is prevented in this protocol.
Proof: To prevent this attack, all the three communicating entities negotiate session keys ɸU = ɸS = ɸM that are derived using random nonces R3, R4 and R5 as well identities UIDi and SMIDi. Here, ɸM = h (UIDi**||SMIDi||R3**||R4*||R5), ɸS = h (UIDi*||SMIDi*||R3*||R4||R5*) and ɸU = h (UIDi||SMIDi||R3||R4**||R5**). Based on Lemma 3 and Lemma 5 adversary Å is unable to recover UIDi and SMIDi from the exchanged messages Auth1, Auth2 and Auth3. Suppose that Å has access to the random nonces R3, R4 and R5. The next objective is to derive the session keys using these nonces. However, devoid of the knowledge of user identity UIDi and smart meter identity SMIDi, this derivation flops.
Lemma 9: This scheme is robust against guessing attacks.
Proof: The thwarting of invalid logins is critical for prevention of unnecessary computation and communication overheads. To this end, fuzzy commitment technique is deployed to validate the biometric information imprinted by Ui. In the login phase, the user has to insert USC into its reader and imprint biometric Bioi*on some special device. Afterwards, the smart card derives parameter . To validate the imprinted Bioi*, it checks whether h (RCi*) ≟ ē = h (RCi). It is only after successful biometric verification that Ui can proceed to input UIDi and PWi. Essentially, biometric, identity and password validation must be successful before Ui can be allowed access to the smart grid systems. As such, it is difficult for the adversary Å to correctly guess all these three security parameters so as to gain access.
Lemma 10: This protocol can withstand MitM attacks
Proof: The objective of adversary here is to intercept the transmitted messages, change them before forwarding them to the unsuspicious destination terminals. In the proposed protocol, 4 messages are exchanged during the login and AKA procedures. The four messages include LogReq = {A5, B2, B3, B4, B5}, Auth1 = {C1, C2, C3, C4}, Auth2 = {C5, D1} and Auth3 = {D2, D3, D4}. Here, A5 = ñP, B2 = UIDi⊕B1, B1 = ñPK, B3 = A4⊕R3, B4 = h (UIDi||R3)⊕SMIDi, B5 = h (A4||SMIDi||B1||R3), C1 = UIDi*⊕SKS-SM*,C2 = R4⊕h(UIDi*||SKS-SM*), C3 = R4⊕R3*, C4 = h (UIDi*||SMIDi*||SKS-SM*||R3*||R4), C5 = R5⊕SKS-SM, ɸM = h (UIDi**||SMIDi||R3**||R4*||R5), D1 = h (SKS-SM||ɸM||R5), D2 = A4*⊕R4, D3 = R3*⊕R5* and D4 = h (UIDi*||ɸS||R4||R5*). Suppose that an attacker Å wants to construct bogus messages LogReqÅ, Auth1Å, Auth2Å and Auth3Å. However, this requires correct guessing of the random nonces R3, ñ, R4 and R5. In addition Å needs to have knowledge of user identity UIDi, smart meter identity SMIDi, secret key SKS-SM as well as session key ɸM. Based on Lemma 3 and Lemma 5, UIDi and SMIDi cannot be eavesdropped by Å. By Lemma 2, nonces R3, ñ, R4 and R5 are stochastic and hence cannot be correctly derived by the adversary. On the other hand, Lemma 8 illustrates the difficulty of deriving session keys ɸM, ɸU and ɸS. All these coupled with the challenges of obtaining secret key SKS-SM proofs that our protocol can withstand these attacks.
Lemma 11: This protocol is robust against physical capture attacks
Proof: Suppose that an adversary Å has gained physical access to the smart meter SMi. The next goal is to retrieve the parameters stored in SMi so as to derive the session keyn ɸM = h (UIDi**||SMIDi||R3**||R4*||R5). To derive any valid ɸM, Å needs to compute UIDi** = C1⊕SKS-SM and random nonces R3** = R4*⊕C3, R4* = h (UIDi**||SKS-SM)⊕ C2 and R5. Here, C1 = UIDi*⊕SKS-SM*, C2 = R4⊕h(UIDi*||SKS-SM*), C3 = R4⊕R3*, R3* = B3⊕A4*, B3 = A4⊕R3, A4 = A3⊕h (h(R2||PWi||RCi*), A3 = h (UIDi||SGSMK)⊕h (A1||RCi), A1 = h (R2||PWi) and random code-phrase RCi ∈ CS. During the registration phase, parameter set {SMIDi, SKS-SM} is privately stored in SMi’s memory. Although the attacker has access to SMIDi and SKS-SM, it is computationally infeasible to simultaneously and correctly guess random nonces deployed in ɸM. In addition, Å requires user password PWi. However, based on Lemma 1, the adversary is unable to obtain this password and hence this protocol is resilient against smart meter physical capture attacks.
Lemma 12: This scheme can withstand spoofing attacks
Proof: The aim of the attacker here is to attempt to present security parameters belonging to other legitimate entities for the authentication process. During the login and AKA procedures, the SGSi authenticates Ui by checking whether B5* ≟ B5. On the other hand, the SMi authenticates SGSi by confirming if C4* ≟ C4. Similarly, the SGSi validates SMi by checking if D1* ≟ D1. Finally, the Ui authenticates SGSi through the confirmation of whether D4* ≟ D4. Here, B5 = h (A4||SMIDi||B1||R3), B5* = h (A4*||SMIDi*||B1*||R3*), C4 = h (UIDi*||SMIDi*||SKS-SM*||R3*||R4), C4* = h (UIDi**||SMIDi||SKS-SM||R3**||R4*), D1 = h (SKS-SM||ɸM||R5), D1* = h (SKS-SM*||ɸS||R5*), D4 = h (UIDi*||ɸS||R4||R5*) and D4* = h (UIDi||ɸU||R4**||R5**). It is evident that devoid of correct SMIDi, UIDi, SKS-SM*, ɸM, ɸU and random nonces, authentication using spoofed parameters will fail.
6. Performance evaluation
Computation, storage, supported security features and communication complexities are the most predominant parameters for appraising the performance of security schemes. As such, these four metrics are utilized in this section to appraise the developed scheme.
A. Computation complexity
In most of the authentication and key negotiation process, executions times for map to point hash (TMH), symmetric encryption or decryption (TED), one-way hashing operations (TH), Hash-based Message Authentication Code (THMAC), ECC point multiplications (TEM), modular exponentiation (TE), ECC point addition (TEA), pseudo-random function (TPF) and bilinear operation (TBP) are considered. Using the values in [25, 55, 58], Table 5 gives the execution times of these cryptographic primitives.
In the process of executing login and AKA procedures, the Ui carries out 2 ECC point multiplications (TEM) and 8 one-way hashing operations (TH). On the other hand, the SGSi carries out 1 TEM operation and 9 TH operations. However, the SMi executes only 4TH operations. As such, the execution time at the Ui is 4.4704 ms while this value is 2.2467 ms at the SGSi. On the other hand, the computation complexity at the SMi is only 0.0092 ms. Therefore, the total computation cost is 6.7263 ms. However, considering only the SMi and SGSi residing on the utility control, the overall computation complexity is 2.2559 ms. Table 6 gives the comparison of the obtained computation cost against other state of the art protocols.
As illustrated in Fig 4, the scheme in [63] incurs the highest computation costs while the proposed protocol has the least computation overheads. Although the scheme in [56] has the second lowest computation complexity, it cannot provide authentication between two entities of the smart grid.
In addition, its design fails to consider forgery, smart card loss, guessing and de-synchronization attacks. Further, it cannot provide both user untraceability and anonymity.
B. Communication complexity
During the AKA phase, messages, Auth1, Auth2 and Auth3 are exchanged. Here, Auth1 = {C1, C2, C3, C4}, Auth2 = {C5, D1}, Auth3 = {D2, D3, D4}, C1 = UIDi*⊕SKS-SM*,C2 = R4⊕h(UIDi*||SKS-SM*), C3 = R4⊕R3*, C4 = h (UIDi*||SMIDi*||SKS-SM*||R3*||R4), C5 = R5⊕SKS-SM, D1 = h (SKS-SM||ɸM||R5), D2 = A4*⊕R4, D3 = R3*⊕R5* and D4 = h (UIDi*||ɸS||R4||R5*). Based on the values in [58, 71], SHA-1, ECC points, random nonce, identities and public or private keys are 160 bits, 320 bits, 160 bits, 64 bits and 160 bits respectively. As such, the length of Auth1, Auth2 and Auth3 are 640 bits, 320 bits and 480 bits respectively. Therefore, the cumulative bandwidth requirement is 1440 bits. The data of our experiments based on [72] data set. Table 7 presents the communication complexities comparisons with other schemes.
As illustrated in Fig 5, the scheme developed in [63] incurs the highest communication overheads while the scheme in [53] requires the least. Conversely, our scheme incurs the fourth lowest communication costs after the schemes in [25, 43, 53] respectively. However, each of these security approaches has some setbacks that render them unsuitable for deployment in smart grid environment. For instance, the scheme in [53] does not consider replay, privileged insider and masquerading and attacks in its design. On the other hand, the protocol in [25] cannot withstand ephemeral secret leakage and impersonation attacks.
Similarly, the approach in [43] can support only one smart meter and hence has scalability issues. In addition, its architecture does not consider smart card loss, forgery, mutual authentication, guessing, de-synchronization, user untraceability and anonymity.
C. Space complexities
To derive the space complexity of our scheme, we consider the length of the parameters that have to be stored in the smart meter devices. During the registration phase, security parameter set {SMIDi, SKS-SM} is privately stored in the memory of the SMi. Therefore, using the values in [58, 71], the space complexity at the SMi and Ui is 320 bits. Table 8 offers the space comparisons with other related protocols.
As illustrated in Fig 6, the scheme in [25], incurs the highest space complexity while the approach in [53] exhibits the lowest. Conversely, the proposed protocol requires the second lowest space overheads of only 320 bits. However, it has already been noted that the protocol in [53] does not consider replay, masquerading and privileged insider attacks in its design. Evidently, all the schemes that perform slightly better than the proposed protocol have numerous performance, security and performance challenges. For example, the protocol in [56] has the lowest computation complexity but relatively higher communication and storage overheads. On the other hand, the technique in [53] incurs the least storage and communication costs but has relatively higher computation costs.
D. Security features
To effectively appraise the developed protocol, its security goals and features are compared with those ones offered by other related state of the art protocols. Table 9 gives a summary of this comparison. It is evident from Table 9 that only our protocol that provides all the thirteen security characteristics. This is followed by the scheme in [54] which offers only 8 features. Next are the protocols in [25, 37, 56, 61, 62] which provide only 7 features each. The schemes in [43, 57] follow with 6 features each, while the approaches in [53, 63] offer only 3 features each. Therefore, although our scheme incurs slightly higher storage and communication costs, it is the most secure. Conversely, the scheme in [53] exhibits least communication and storage costs but is the most insecure among all the protocols. Consequently, the proposed protocol offers the best trade-off between performance and security. Therefore, it is the most ideal for deployment in high sensitive and resource-limited smart grid environment.
7. Conclusion
The smart grids offer efficiency in the management of demand responses in power systems. However, the exchange of consumption data over the open public channels implies that these messages are susceptible to a myriad of privacy and security violations. As such, previous researches have seen the introduction of numerous smart grid protection schemes. Unfortunately, many vulnerabilities have been discovered in these protocols that can be exploited to compromise smart grids. In addition, some of the current security solutions incur extensive storage, communication and computation complexities that limit their deployment in resource-constrained smart grid devices. To remedy some of these challenges, an efficient and provably secure protocol is introduced in this paper. The semantic security analysis has demonstrated its robustness under all the assumptions in the Dolev-Yao and Canetti- Krawczyk threat models. In addition, formal security analysis using the BAN logic has shown the attainment of strong mutual authentication and establishment of session keys among the smart grid entities. In terms of performance, it is shown to incur the lowest execution time, and relatively lower communication and space complexities compared with other related protocols. It is therefore applicable in resource-constrained smart grid environment where sensitive and private messages are exchanged. Future work in this domain will involve the analysis of this scheme using additional metrics that were not incorporated in the current work.
References
- 1. Yu S, Park K, Lee J, Park Y, Park Y, Lee S, et al. Privacy-preserving lightweight authentication protocol for demand response management in smart grid environment. Applied Sciences. 2020;10(5); 1758:1758–1784.
- 2. Mrabet ZE, Kaabouch N, Ghazi HE, Ghazi HE. Cyber-security in smart grid: Survey and challenges. Computers & Electrical Engineering. 2018; 67:469–482.
- 3. Shaukat N, Ali SM, Mehmood CA, Khan B, Jawad M, Farid U, et al. A survey on consumers empowerment, communication technologies, and renewable generation penetration within Smart Grid. Renewable and Sustainable Energy Reviews. 2018; 81:1453–75.
- 4.
Nyangaresi VO, Abduljabbar ZA, Refish SHA, Al Sibahee MA, Abood EW, Lu S. Anonymous key agreement and mutual authentication protocol for smart grids. In International Conference on Cognitive Radio Oriented Wireless Networks, International Wireless Internet Conference: Springer International Publishing; 2022: 325–340.
- 5. Faheem M, Shah SBH, Butt RA, Raza B, Anwar M, Ashraf MW, et al. Smart grid communication and information technologies in the perspective of Industry 4.0: Opportunities and challenges. Computer Science Review. 2018;30:1–30.
- 6. Vijayakumar P, Azees M, Kozlov SA, Rodrigues JJ. An anonymous batch authentication and key exchange protocols for 6G enabled VANETs. IEEE Transactions on Intelligent Transportation Systems. 2021; 23(2), 1630–1638.
- 7. Dehalwar V, Kolhe ML, Deoli S, Jhariya MK. Blockchain-based trust management and authentication of devices in smart grid. Cleaner Engineering and Technology. 2022;8(100481):100481.
- 8.
McLaughlin K, Friedberg I, Kang B, Maynard P, Sezer S, McWilliams G. Secure communications in smart grid: Networking and protocols. In: Smart Grid Security. Elsevier; 2015. p. 113–148.
- 9. Eder-Neuhauser P, Zseby T, Fabini J, Vormayr G. Cyber attack models for smart grid environments. Sustainable Energy, Grids and Networks. 2017; 12:10–29.
- 10. Peng C, Sun H, Yang M, Wang Y-L. A survey on security communication and control for smart grids under malicious cyber attacks. IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2019;49(8):1554–69.
- 11.
Nyangaresi VO, Abduljabbar ZA, Al Sibahee MA, Abood EW, Abduljaleel IQ. Dynamic ephemeral and session key generation protocol for next generation smart grids. In: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Cham: Springer International Publishing; 2022. p. 188–204.
- 12.
Dehalwar V, Kalam A, Kolhe ML, Zayegh A. Review of detection, assessment and mitigation of security risk in smart grid. In: 2017 2nd International Conference on Power and Renewable Energy (ICPRE). IEEE; 2017: 1077–1081.
- 13. Tian Y, Tan H, Shen J, Pandi V, Gupta BB, Arya V. Efficient identity-based multi-copy data sharing auditing scheme with decentralized trust management. Information Sciences. 2023; 644, 119255: 1–15.
- 14. Yu S, Park K. ISG-SLAS: Secure and lightweight authentication and key agreement scheme for industrial smart grid using fuzzy extractor. Journal of Systems Architecture. 2022;131(102698); 102698:1–11.
- 15. Park K., Lee J., Das A K, Park Y. BPPS: Blockchain-Enabled Privacy-Preserving Scheme for Demand-Response Management in Smart Grid Environments. IEEE Transactions on Dependable and Secure Computing.2022: 1–12.
- 16. Nghia Le T, Chin W-L, Chen H-H. Standardization and security for smart grid communications based on cognitive radio technologies—A comprehensive survey. IEEE Communications Surveys & Tutorials. 2017;19(1):423–445.
- 17. Gunduz MZ, Das R. Cyber-security on smart grid: Threats and potential solutions. Computer networks. 2020;169(107094); 107094:1–17.
- 18. Nyangaresi VO. Lightweight anonymous authentication protocol for resource-constrained smart home devices based on elliptic curve cryptography. Journal of Systems Architecture. 2022;133(102763); 102763:1–11.
- 19.
L’Amrani H, Berroukech BE, El Bouzekri El Idrissi Y, Ajhoun R. Identity management systems: Laws of identity for models7 evaluation. In: 2016 4th IEEE International Colloquium on Information Science and Technology (CiSt). IEEE; 2016: 736–740.
- 20.
Nuss M, Puchta A, Kunz M. Towards blockchain-based identity and access management for internet of things in enterprises. In: Trust, Privacy and Security in Digital Business. Cham: Springer International Publishing; 2018. p. 167–181.
- 21.
Li KC, Chen X, Susilo W. Advances in Cyber Security: Principles, Techniques, and Applications. New York, NY, USA: Springer; 2019.
- 22. Xu Z, He D, Vijayakumar P, Gupta B, Shen J. (2021). Certificateless public auditing scheme with data privacy and dynamics in group user model of cloud-assisted medical WSNs. IEEE Journal of Biomedical and Health Informatics. 2021; 27(5): 2334–2344.
- 23. Moghadam MF, Nikooghadam M, Mohajerzadeh AH, Movali B. A lightweight key management protocol for secure communication in smart grids. Electric Power Systems Research. 2020;178(106024); 106024:1–8.
- 24. Khan AA, Kumar V, Ahmad M, Gupta BB, Ahmad M, Abd El-Latif AA. A secure and efficient key agreement framework for critical energy infrastructure using mobile device. Telecommunication Systems. 2021;78(4):539–557.
- 25. Mahmood K, Li X, Chaudhry SA, Naqvi H, Kumari S, Sangaiah AK, et al. Pairing based anonymous and secure key agreement protocol for smart grid edge computing infrastructure. Future Generation Computer Systems. 2018;88:491–500.
- 26.
Liang X-C, Wu T-Y, Lee Y-Q, Chen C-M, Yeh J-H. Cryptanalysis of a pairing-based anonymous key agreement scheme for smart grid. In: Advances in Intelligent Information Hiding and Multimedia Signal Processing. Singapore: Springer Singapore; 2020:125–131.
- 27. Abbasinezhad-Mood D, Nikooghadam M. An anonymous ECC-based self-certified key distribution scheme for the smart grid. IEEE Transactions on Industrial Electronics. 2018;65(10):7996–8004.
- 28. Braeken A, Kumar P, Martin A. Efficient and provably secure key agreement for modern smart metering communications. Energies. 2018;11(10); 2662:1–18.
- 29. Tsai J-L, Lo N-W. Secure anonymous key distribution scheme for smart grid. IEEE transactions on smart grid. 2015;7(2):906–914.
- 30. Odelu V, Das AK, Wazid M, Conti M. Provably secure authenticated key agreement scheme for smart grid. IEEE Transactions on Smart Grid. 2016;9(3): 1900–1910.
- 31. Hasan MK, Alkhalifah A, Islam S, Babiker NBM, Habib AKMA, Aman AHM, et al. Blockchain technology on smart grid, energy trading, and big data: Security issues, challenges, and recommendations. Wireless Communications and Mobile Computing. 2022; 2022:1–26.
- 32. Ammar M, Russello G, Crispo B. Internet of Things: A survey on the security of IoT frameworks. Journal of Information Security and Applications. 2018; 38:8–27.
- 33.
Kim SM, Lee T, Kim S, Park LW, Park S. Security issues on Smart Grid and blockchain-based secure smart energy management system. In MATEC Web of Conferences. 2019; 260:01001, EDP Sciences.
- 34. Nyangaresi VO. A formally validated authentication algorithm for secure message forwarding in smart home networks. SN Computer Science. 2022;3(5):1–16.
- 35. Xue K, Zhu B, Yang Q, Wei DSL, Guizani M. An efficient and robust data aggregation scheme without a trusted authority for smart grid. IEEE Internet of Things Journal. 2020;7(3):1949–1959.
- 36. Saxena N, Choi BJ, Lu R. Authentication and authorization scheme for various user roles and devices in smart grid. IEEE transactions on Information forensics and security. 2016;11(5):907–921.
- 37. Mohammadali A, Sayad Haghighi M, Tadayon MH, Mohammadi-Nodooshan A. A novel identity-based key establishment method for advanced metering infrastructure in smart grid. IEEE Transactions on Smart Grid. 2018;9(4):2834–2842.
- 38. Mahmood K, Arshad J, Chaudhry SA, Kumari S. An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure: An enhanced anonymous identity-based key agreement protocol for smart grid advanced metering infrastructure. International Journal of Communication Systems. 2019;32(16);e4137:1–16.
- 39. He D, Wang H, Khan MK, Wang L. Lightweight anonymous key distribution scheme for smart grid using elliptic curve cryptography.IET Communications. 2016;10(14):1795–1802.
- 40. Safkhani M, Kumari S, Shojafar M, Kumar S. An authentication and key agreement scheme for smart grid. Peer-to-Peer Networking and Applications. 2022;15(3):1595–1616.
- 41. Gope P, Sharma PK, Sikdar B. An ultra-lightweight data-aggregation scheme with deep learning security for smart grid. IEEE Wireless Communications. 2022;29(2):30–36.
- 42. Mall P, Amin R, Das AK, Leung MT, Choo K-KR. PUF-based authentication and key agreement protocols for IoT, WSNs, and smart grids: A comprehensive survey. IEEE Internet of Things Journal. 2022;9(11):8205–8228.
- 43. Kumar N, Aujla GS, Das AK, Conti M. ECCAuth: A secure authentication protocol for demand response management in a smart grid system. IEEE Transactions on Industrial Informatics. 2019;15(12):6572–6582.
- 44.
Chaudhry SA, Yahya K, Al-Turjman F. Correctness of an authentication scheme for managing demand response in smart grid. In: Smart Grid in IoT-Enabled Spaces. CRC Press; 2020:223–231.
- 45. Chen Y, Martínez J-F, Castillejo P, López L. An anonymous authentication and key establish scheme for smart grid: FAuth. Energies. 2017;10(9);1354:1–23.
- 46. Abbasinezhad-Mood D, Nikooghadam M. Design and extensive hardware performance analysis of an efficient pairwise key generation scheme for Smart Grid. International Journal of Communication Systems. 2018;31(5);e3507:1–27.
- 47. Khan AA, Kumar V, Ahmad M, Rana S, Mishra D. PALK: Password-based anonymous lightweight key agreement framework for smart grid. International Journal of Electrical Power & Energy Systems. 2020;121(106121); 106121:1–12.
- 48. Chaudhry SA. Correcting “PALK: Password-based anonymous lightweight key agreement framework for smart grid”. International Journal of Electrical Power & Energy Systems.2020;125(106529): 1–6.
- 49. Khan AA, Kumar V, Ahmad M. An elliptic curve cryptography based mutual authentication scheme for smart grid communications using biometric approach. Journal of King Saud University-Computer and Information Sciences. 2022;34(3):698–705.
- 50. Chaudhry SA, Yahya K, Garg S, Kaddoum G, Hassan MM, Zikria YB. LAS-SG: An elliptic curve-based lightweight authentication scheme for smart grid environments. IEEE Transactions on Industrial Informatics. 2023;19(2):1504–11.
- 51. Wazid M, Das AK, Kumar N, Rodrigues JJPC. Secure three-factor user authentication scheme for renewable-energy-based smart grid environment. IEEE Transactions on Industrial Informatics. 2017;13(6):3144–3153.
- 52. Grover HS, Adarsh , Kumar D. Cryptanalysis and improvement of a three-factor user authentication scheme for smart grid environment. Journal of Reliable Intelligent Environments. 2020;6(4):249–260.
- 53.
Nyangaresi VO. Masked symmetric key encrypted verification codes for secure authentication in smart grid networks. In: 2022 4th Global Power, Energy and Communication Conference (GPECOM). IEEE; 2022: 427–432.
- 54. Kumar P, Gurtov A, Sain M, Martin A, Ha PH. Lightweight authentication and key agreement for smart metering in smart energy networks. IEEE Transactions on Smart Grid. 2019;10(4):4349–4359.
- 55. Zhang L, Zhao L, Yin S, Chi C-H, Liu R, Zhang Y. A lightweight authentication scheme with privacy protection for smart grid communications. Future generation computer systems. 2019; 100:770–778.
- 56. Challa S, Das AK, Gope P, Kumar N, Wu F, Vasilakos AV. Design and analysis of authenticated key agreement scheme in cloud-assisted cyber–physical systems. Future Generation Computer Systems. 2020; 108:1267–1286.
- 57. Chaudhry SA, Shon T, Al-Turjman F, Alsharif MH. Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems. Computer Communications. 2020; 153:527–537.
- 58. Chaudhry SA, Alhakami H, Baz A, Al-Turjman F. Securing demand response management: A certificate-based access control in smart grid edge computing infrastructure. IEEE Access. 2020; 8:101235–101243.
- 59. Abdallah A, Shen XS. A lightweight lattice-based homomorphic privacy-preserving data aggregation scheme for smart grid. IEEE Transactions on Smart Grid. 2018;9(1):396–405.
- 60. Sui Z, de Meer H. An efficient signcryption protocol for hop-by-hop data aggregations in smart grids. IEEE Journal on Selected Areas in Communications. 2020;38(1):132–140.
- 61. Mahmood K, Chaudhry SA, Naqvi H, Kumari S, Li X, Sangaiah AK. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Generation Computer Systems. 2018; 81:557–565.
- 62. Taqi SAM, Jalili S. LSPA-SGs: A lightweight and secure protocol for authentication and key agreement based Elliptic Curve Cryptography in smart grids. Energy Reports. 2022; 8:153–164.
- 63. Xia Z, Liu T, Wang J, Chen S. A secure and efficient authenticated key exchange scheme for smart grid. Heliyon. 2023;9(7);e17240:1–12. pmid:37415946
- 64. Vinoth R, Deborah LJ, Vijayakumar P, Gupta B.B. An anonymous pre-authentication and post-authentication scheme assisted by cloud for medical IoT environments. IEEE Transactions on Network Science and Engineering, 2022; 9(5): 3633–3642.
- 65. Aziz I T, Jin H, Abdulqadder IH, Hussien ZA, Abduljabbar Z A, Flaih F M. A lightweight scheme to authenticate and secure the communication in smart grids. Applied Sciences, 2018; 8(9): 1508–1520.
- 66. Tan H, Zheng W, Vijayakumar P. Secure and Efficient Authenticated Key Management Scheme for UAV-Assisted Infrastructure-Less IoVs. IEEE Transactions on Intelligent Transportation Systems, 2023; 24(6): 6389–6400.
- 67.
Zhou, Y, Li, L, Obaidat, MS, Liu, Y, Vijayakumar, P, Hsiao, K.F. RAKI: A Robust ECC Based Three-party Authentication and Key Agreement Scheme for Medical IoT. In GLOBECOM 2022–2022 IEEE Global Communications Conference, 2022; (pp. 1175–1180). IEEE.
- 68. Vinoth R, Deborah LJ, Vijayakumar P, Kumar N. Secure multifactor authenticated key agreement scheme for industrial IoT. IEEE Internet of Things Journal, 2020; 8(5): 3801–3811.
- 69. Umran SM, Lu S, Abduljabbar ZA. Tang X. (2023). A Blockchain-Based Architecture for Securing Industrial IoTs Data in Electric Smart Grid. Computers, Materials & Continua, 2023; 74(3): 5389–5416.
- 70.
Nyangaresi, VO, Ibrahim, A, Abduljabbar, ZA, Hussain, MA, Al Sibahee, MA, Hussien, Z A, et al. (2021, December). Provably secure session key agreement protocol for unmanned aerial vehicles packet exchanges. In 2021 International Conference on Electrical, Computer and Energy Technologies, (ICECET), 2021; (pp. 1–6). IEEE.
- 71.
Nyangaresi VO, Affane Moundounga AR. Secure data exchange scheme for smart grids. In: 2021 IEEE 6th International Forum on Research and Technology for Society and Industry (RTSI). IEEE; 2021: 312–316.
- 72.
https://worldourdotblog.wordpress.com/2024/01/04/low-complexity-smart-grid-security-protocol-based-on-elliptic-curve-cryptography-biometrics-and-hamming-distance/