Efficient Authentication Scheme For Multiple Third

Published Date: 02 Nov 2017

Haomiao Yang, Hongwei Li

School of Computer Science & Engineering

University of Electronic Science and Technology of China

Chengdu, China

[email protected]

Hyunsung Kim

Department of Cyber Security

Kyungil University

Kyunbuk, Republic of Korea

[email protected]

Abstractâ€"With the evolution of traditional power grids into smart grids, utilities alone cannot yet provide all electricity services and thus third-party service providers (SPs) are required to help in service provision. Therefore, it is critical to secure third-party service provision in smart grids. Especially, authentication is required to be done in the first place. However, authentication for multiple third-party SPs has not been well studied in smart grids. In this paper, we model the third-party service provision in smart grids for the first time which can capture specific cyber security threats with the existence of multiple third-party SPs. Furthermore, we propose an efficient authentication scheme for multiple third-party SPs. Security analysis shows that our scheme can achieve multi-server authentication, conditional anonymity, etc. Performance evaluation demonstrates that our scheme is well suited for smart meters (SMs) with limited resources, and the user only requires one registration for multiple SPs thus it has low communication overhead.

Keywordsâ€"smart grid; secure service provision; third parties; authentication; anonymity

Introduction

With the development of Internet communications and renewable energies [1], traditional aging power grids are transforming into decentralized and digitized smart grids over a number of years, which are flexible in operations, responsive to users, and capable of integrating digital information technology to improve reliability, security, and efficiency of electric grids.

However in traditional power systems, utilities operate as regulated monopolies, which play almost only role in managing electricity supplying to users, from power generation, transmission and distribution, and retail sales. With the evolution of electric grids, in order to provide the promised functionality of smart grids, utilities alone cannot yet provide all electricity services, and thus third-party are required to help in benefiting utilities and users for cutting commercial cost and providing high-quality services.

Although third-party increase the effectiveness and functionality of smart grids, these third parties can also introduce new cyber security threats to smart grids. Firstly, with the involvement of third-party, secure communications are carried on not only between utilities and users, possibly between utilities and third parties, and between users and third parties. Moreover, smart grids should have the capability to allow users to interact with their electricity usage information via the Internet, although Internet communications are generally unsecure. Furthermore, unlike electric utilities, third-party can include legitimate businesses with agreements with energy users to assist them in better managing energy consumption, but can also include criminals seeking to abuse or misuse data. As a result, to secure third-party services provision is critical in smart grids. Especially, authentication is required to be done in the first step for secure third-party service provision.

Despite its importance, authentication for third-party has not been well studied in smart grids due to the complexity of smart grid communications [2-5]. Although most recently, He et al. [6] first provided an authentication scheme among the electric utility, users, and , it does not differentiate carefully between the utility (also as one ) and the third-party , thus their system model cannot capture specific cyber security threats in third-party service provision in which multiple probably-malicious third-party exist.

In this paper, we propose an Efficient Authentication scheme for Multiple Third-party Service Providers in smart grids, named EA-MTSP. Especially, we outline the main contributions of this paper as follows.

Firstly, we model the third-party service provision in smart grids for the first time. Especially, we distinguish carefully between the utility and the third-party ones, thus our model can capture specific cyber security threats in the setting of multiple third-party .

Secondly, we propose the novel EA-MTSP scheme that achieves efficient authentication for multiple third-party . The security analysis demonstrates that EA-MTSP can achieve multi-server authentication, conditional anonymity, etc. The performance evaluation shows that the scheme is computationally efficient for typical with limited resources, and the user only requires one registration for multiple thus it has low communication overhead.

The remainder of the paper is organized as follows. We present related works in Section II. In Section III, we formalize models and security requirements. In Section IV, we define notations and review bilinear pairing. Then, we propose EA-MTSP scheme in Section V, followed by security analysis and performance evaluation in Section VI and Section VII, respectively. Finally, we draw our conclusions in Section VIII.

Related Works

To secure communications of smart grids, authentication is required to be done in the first step [2-5]. With the involvement of in the smart grid, new security and privacy concerns are introduced considering the increase of system complexity, thus some researchers [6] have already considered secure service provision in smart grid communications. We review the works as below.

To begin, Fouda et al. [2] presented a message authentication scheme for smart grid communications where RSA algorithms and Diffie-Hellman key exchange protocols were adopted. As we know, these cryptographic primitives are used in the certificate-based setting and thus it is necessary for certificates to be transmitted and verified. Hence, communication and computation are costly.

Compared with the certificate-based schemes, identity-based ones have merits of portability and lightweight. Hence, Nicanfar et al. [3] demonstrated a mutual authentication scheme between utilities and , which used the design idea from an identity-based authentication mechanism for the mesh networks proposed by Boudguiga et al. [7]. In addition, an identity-based signcryption scheme was exhibited for providing a zero-configuration authentication solution for end-to-end secure communications in smart grids [4].

Additionally, based on a new one-time signature algorithm, Li et al. [5] proposed an efficient multicast authentication scheme in smart grids, which has short authentication delay and low computation cost. Their multicast authentication scheme could be useful in many smart grid applications, for example, demand-response, wide area protection, in-substation protection and so on. However, their scheme could not support if service provision applications are concerned.

Recently, He et al. [6] first identified cyber security challenges on service provision of smart grids. Furthermore, they provided an authentication scheme among the utility, users, and . Specifically, their scheme can protect users’ identity privacy and provide accountability based on the modified Boneh et al.’s group signature algorithm [8]. However, He et al. do not distinguish carefully between the utility and the third-party ones, thus their model cannot capture specific cyber security threats in the setting of multiple third-party .

In this paper, we will design an efficient authentication scheme for multiple third-party in smart grids. Compared with He et al.’ scheme, our scheme is more applicable to service provision of smart grids in which multiple probably-malicious third-party exist.

model and Security requirements

In this section, we formalize the system model and identify the security requirements.

System Model

In this subsection, we will formalize the system model, which mainly focuses on how to provide multiple secure third-party services for users under the control of the utility in the smart grid communication (Fig. 1).

Without loss of generality, assume that there are single utility, users for , and distributed third-party for . For simplicity, also assume that each provides only one service.

In ’s house, there are all kinds of smart appliances which form a Home Area Network. is assigned to as its gateway, enabling an automated and two-way communication between and other entities of smart grids. can electronically record real-time data about electricity use, and is usually resource-constrained, equipped typically with KB random access memory, KB flash memory, and MHz [9].

Electricity Flow

Information Flow

TA Flow

HANi

SMi

Ui

UT

SPj

TA

Power Generator

Internet

System model

In our system model, users and third-party are required to be registered to . On one hand, has an account with for . On the other hand, registers its service on ’s portal, by which can check available services and subscribe necessary ones. By signing up its with , grants certain rights to communicate with or control its . Consequently, may have interfaces to to read electricity usage data or to to get pricing or other information to make automated control of energy consumption more efficiently.

Communication Setting

connects to the gateway , by which can communicate with . Since represents a home and locates in an apartment, with limited coverage, its communication is considered to be relatively inexpensive wireless solution, e.g., or . On the other side, the distances amongst , , and are far away, thus communications should be through wired links or any other links with high bandwidth and low delay. Since much of communication infrastructures are IP-based, smart grids have the capability to allow entities to interact via Internet. Therefore, in our communication setting, communications amongst , , and are through Internet.

Security Setting

In the security setting, we can assume that is trustworthy. Unlike , third-party can include legitimate businesses with agreements with energy users to assist them in better managing energy consumption, but can also include criminals seeking to abuse or misuse data. Even for the legal third parties, the electricity consumption data may be of interest, since such information is extremely sensitive and coveted by many companies, which may use it to improve their business. On the other hand, for the sake of convenience, is usually installed outside of the house and thus adversaries might easily compromise it and further get stored secret information. In addition, , , and can interact over the public Internet. As we know, Internet communication is generally unsecure due to unauthorized interception, manipulation, or other threats, especially for the existence of multiple distributed third-party . Consequently, an efficient multi-server authentication scheme is critical for secure third-party services provision in smart grids.

For the authentication, there exist two considerations: (i) if the service goes “through” the smart grid, it has to involve . There is no pass-through capability that allows enter into an agreement with third parties. (ii) Third parties can offer services directly to via , not by . As noted above, we prefer the former based on the following reasons. From the point of communication security, especially considering easy-compromised and probably-malicious third-party, ’s management can mitigate the damage as possible as it can, e.g., by revocation of service permissions or update of secret keys stored in . On the other aspect, in the former, is required only one registration with , while in the latter multiple ones with different distributed which not only is burdensome and inconvenient, but also adds significant overhead of communication. Furthermore, distributing the user’s personal registration information in multiple would be very likely to create more privacy risks. Fig. 2 shows the comparison of secure communication procedures between one registration and multiple ones.

Besides, the involvement of multiple third-party would still raise other privacy challenges as follows. On one hand, the introduction of third-party significantly expands the amount of data available in more granular form, which results in much more privacy concerns. For example, research shows that analyzing 15-minute interval aggregation of household energy consumption data can by itself pinpoint the use of most major home appliances [10-11]. Hence, third-party can determine the user’s personal behavior pattern by used appliances, and also perform real-time remote surveillance. On the other hand, it is difficult to assure that third-party access to electricity usage data is being used solely for the purpose according to the agreement. The user’s data should be protected from ’ non-grid commercial uses. In the following, we adopt the technique based on pseudonyms from the prying eyes of .

Utility

Users

Third-party SPs

Information Type

Registration

Subscription

Service

Utility

Users

Third-party SPs

Information Type

Registration

Subscription

Service

a) multiple registrations b) one registration

Secure communication procedure among the utility, SPs, and users.

In addition, a trusted authority is necessary to establish the initial trust relationship. For instance, the law authority (e.g., local police office) can act as to issue credentials securely for entities in smart grids.

Security Requirements

As analyzed above, for authentication of multiple third-party in smart grids, we consider the following security requirements needed to be satisfied:

Multi-server authentication: in a user’s authenticate themselves to different to access subscribed services securely.

Conditional anonymity: The identity of the user is anonymous to third-party to protect privacy. However if disputed, the utility can reveal the user’s real identity.

Confidentiality, authenticity, integrity and freshness of transmitted messages: These are the same as common authentication schemes.

Preliminaries

In this section, we introduce the notations (Table I) and definition used throughout the remainder of this paper.

Notations

Notations

Notation

Meaning

,

Master keys of and , respectively

Private key of

Private key of the user

Private key of the third-party

/

Session key between and

/

Session key between and

,

Registration message and usage permission of , respectively

,

Registration message and service permission of , respectively

, ,

Pseudonym, subscription period and subscription key, respectively, in a contract between of and

/

Contract key between and .

,

Validity period for and , respectively

Current timestamp

||

Concatenation operator

Fig. 3 demonstrates the relationships between the different keys in Table I, which will be discussed in the following Section V. Here we only mention simply that there are two groups of hierarchical keys in our scheme. One is based on the master key of and the other is based on the master key of . Furthermore, the level-1 keys can be generated from the master keys by the extraction algorithm as in [16] and the level-2 keys can be generated by the key agreement protocol as in [13]. Note that in our scheme, ’s and ’s are not the same as the common consideration [2-5], but rather belong to the two different key groups respectively. This is due to the involvement of the third-party .

level-1

level-2

Relationships of the different keys in Table I

Bilinear maps

We briefly review bilinear maps by following the notations in [12]. Let and be two additive groups, and be a multiplicative group of the same prime order . Let be a generator of , be a generator of , and be an efficiently computable isomorphism from to, with . An admissible bilinear map is a map with the following properties: (1) Bilinear: for all , and , ; (2) Non-degenerate: . (3) can be computed efficiently.

Note that for simplicity one can set . However in our scheme, we set to take advantage of certain families of elliptic curves to obtain more efficient implementation. Interested readers are referred to [12] for further description.

Definition 1. An asymmetric bilinear parameter generator is a probabilistic algorithm that takes a security parameter as input, and outputs a 6-tuple where is a -bit prime number, , and are three cyclic groups of order with , is a generator of , and is an admissible bilinear map.

Proposed scheme

In this section, we propose an authentication scheme for multiple third-party in smart grids. The scheme consists of the following four phases: system initialization, registration, service subscription, and multi-server authentication.

System initialization

As mentioned above, we need to issue credentials for entities in domain to establish authenticated communication. Here, we assume conveniently that the law authority (e.g., local police office) plays the role of .

acts as a Key Generator Center to set up all parameters. First, given the security parameter , runs to generate a 6-tuple. Next, chooses a random , keeps it as the system master key secretly and computes . Then, chooses one secure symmetric encryption algorithm, e.g., , and two secure cryptographic hash functions and . Finally, the public parameters are published as

(1)

Also, issues private keys for , , and in smart grids, respectively:

For non-interactive identity-based key agreement protocol, any two clients of the same central authority can compute a shared key using only the identity of the other participant and their own private key without pre-communication [13]. For two clients with identities, and , the shared key is given by

grants these private keys via secure channels, and and (rsp. ) through and (rsp. ) can establish the shared session key (rsp. ) by non-interactive key agreement as (3).

In addition, may also choose randomly as its own master key and publishes its own public parameter . With the master key , the entities in domain can establish the authenticated communications.

Registration

This phase includes registrations for usage permission and service permission.

usage permission registration

registers an account to for as follows:

Step-1: forms a message , encrypts it with as , and sends to .

Step-2: Upon the receipt of, first decrypts with the shared key to recover . Then checks freshness, authenticity and integrity of . Further, checks validity of , and . If they are successful, grants a usage permission:

(4)

Step-3: forms a message and encrypts it with as

(5)

Then, sends to .

Step-4: After receiving , first decrypts withto recover. Then, checks freshness, authenticity and integrity of . If they hold, stores in , which can be used to establish a shared session key between and .

service permission registration

In the similar way with usage permission registration, registers its service to and gets the service permission:

(6)

After registration, publishes the available service list on its portal for users to select.

Service subscription

subscribes the needed service to by following the steps below:

Step-1: Whenever would like to subscribe ’s service for certain , chooses a pseudonym and a subscription period for the forms , encrypts it as , and sends to .

Step-2: After receiving , first decrypts to recover . Then checks freshness, authenticity and integrity of . Further, checks validity of ,, and . If they are successful, establishes a contract between and , in which grants certain rights to manage , and calculates ’s subscription key:

(7)

Step-3: forms , encrypts it as , and sends to .

Step-4: Upon the receipt of , first decrypts to recover . Then, checks freshness, authenticity and integrity of . If they hold, forwards to the corresponding .

At the same time, sends a corresponding message to :

Step-3’: forms , encrypts it as , and sends to .

Step-4’: After receiving , first decrypts to recover . Then, checks freshness, authenticity and integrity of . If they hold, stores in ’s subscriber list to verify the service access later.

Multi-server authentication

As noticed above, a service contract is established between certain with pseudo-identity and. To access the subscribed service, and could authenticate mutually by the contract key. This key can be established with the non-interactive key agreement as (3), using service permission and subscription key , which both are granted by upon the master secret key [13]. Also in general, if subscribes multiple services, say, and , the multi-server authentication is similar to the above.

Security analysis

In this section, we analyze the security of the proposed scheme to verify whether the requirements mentioned in Section III have been satisfied.

Multi-server authentication

In our scheme, we consider authentications of multiple third-party , i.e., in a user’s authenticate themselves to different to access subscribed services securely. Without loss of generality, we assume that in one , one accesses service from only one , and one provides only one service.

In the multi-server context, there are two types of attacks as described below.

Collusion: Two or more collude to attack a particular of which they have no contract with to get the ’s real identity or to eavesdrop communication content between and its corresponding thereby violating privacy and confidentiality. Here “corresponding” means the established contract between the and the .

Competition: In our environment, it is possible to have a scenario of competition for more subscribers among s. For example, impersonates its competitive in order to interact with ’s subscriber, say . From the interaction, can discover the competitor’s commercial secret. This commercial secret is the one that helps to improve its service quality which eventually assist in winning the competition.

Our multi-server authentication scheme can both resist the above two attacks as explained below.

Resistance to collusion attack: First, we consider identity privacy of in. According to our multi-server authentication scheme, interact with their corresponding only using pseudonyms. These pseudonyms are chosen randomly thus independent of each other and also independent from the user’s identity . As a result, even if all collude, still they cannot infer the aimed ’s real identity. Next, we consider communication confidentiality of . The communications between and are encrypted with the contract key established by and according to (3). However even by collusion, other cannot get of the aimed and of the corresponding . Hence, communication confidentiality can be achieved.

Resistance to competition attack: If wants to impersonate its competitive to communicate with , it needs to know ’s service permission . As we know, and . Hence, it is infeasible to get from due to the hardness of the discrete logarithm problem.

Conditional anonymity

First, we recall the service subscription phase when a service contract is established between and , which grants certain right to manage . Note that is one pseudonym of certain in the contract, which is applicable only limited in the contract transactions, and outside of , anyone including do not know the corresponding or . Thus, only knows the relationship between a pseudonym and ’s real identity. On the other hand, if disputed, can identify the corresponding’s real identity or link two transactions initiated by the same and discover the anonymity.

Confidentiality, authenticity, integrity and freshness of transmitted messages

We take the transmission of message in (5) as an illustration to describe the above security properties.

Firstly, the session key is shared only between and , according to (3). Therefore, only can decrypt to recover , since is a secure encryption algorithm, such as . As a result, we can provide the confidentiality of . On the other hand, if the adversary forges or modifies , can detect the malicious operations by cross-checking with the decrypted value from . Consequently, the authenticity and integrity of can be achieved. Finally, by checking the timestamp , we can ensure the freshness of and thus resist the replay attack.

Finally, we present the comparison results of security level in Table II. It can be seen that our scheme achieves additional multi-server authentication compared with the scheme in [6].

Functionality comparisons among related authentication schemes

Security Property

[2-3]

[6]

EA-MTSP

Authenticity and Integrity

√

√

√

Conditional Anonymity

√

√

Multi-server Authentication

√

Performance evalation

In this section, we evaluate the performance of EA-MTSP scheme on computation cost and communication overhead.

Regarding the computation cost, we focus on the performance analysis in since they are generally resource-constrained while are considered as powerful servers. We simulate the main cryptographic operations for in our scheme. Firstly, experiments were conducted on ARMv7 rev2 microprocessor (a single core) with adjustable frequencies and memory 367M RAM to study the execution time. Then, we use MIRACL cryptographic library (version 5.6.1) [14] to implement these operations, where for -128 security, R-ate pairing on Barreto-Naehrig curve (embedding degree 𝑘 =12) with 1-2-4-12 tower of extensions is used [15]. Note that our scheme works with type-3 pairings which are much more efficient in practice than type-1 pairings. The performances of these operations are summarized in Table III where we denote the average execution time of a pairing operation, an elliptic curve scalar multiplication on the group , and a complex map-to-point hash function [16] by ,, and , respectively. Other operations are negligible while comparing with the related operation mentioned above.

The estimation of computation time for EA-MTSP

Operating Freq. (MHz)

(ms)

(ms)

(ms)

100

1,144.5160

92.4148

148.7054

200

565.1266

44.5630

64.1722

400

263.1178

21.5168

30.9264

800

129.0504

10.0965

15.0710

1,440

72.1900

6.3856

8.2387

As shown in Table III, for the typical setting of , the main cryptographic operations in our scheme are efficient. Hence, our scheme is well suited for with limited resources.

Considering the communication overhead, we evaluate the transmission overhead of the user registrations in EA-MTSP and the scheme in [6]. In EA-MTSP, the user registers to the utility only once, while in [6] the user registers many times due to multiple third-party as shown in Fig. 2.

For one registration, firstly sends the request message to , where . If we choose the symmetric algorithm -128 as , and set as 80-bit length, the message size is 208 bits. Similarly, the size of the response message from is also 208 bits. As a result, the size of transmitted messages for one registration is 416 bits.

Fig. 4 plots the communication overhead for different number of . In EA-MTSP, because of one registration, the number doesn’t affect the communication overhead, while in the multiple registrations [6], the communication overhead increases with the increased number of .

Comparison of communication overhead

Conclusions

In this paper, we modeled the third-party service provision in smart grids for the first time which captured specific cyber security threats in the setting of multiple third-party SPs. Then, we proposed an efficient authentication scheme for multiple third-party SPs. Security analysis shows that our scheme can achieve multi-server authentication, conditional anonymity, etc. Performance evaluation demonstrates that our scheme is well suited for SMs with limited resources. In the future work, we will explore other challenging security issues in secure service provision in smart grids, such as the inside attacks launched by malicious users.

Acknowledgment

This work is supported by the National Natural Science Foundation of China under Grants U1233108 and 61103207, the 2011 Korea-China Young Scientist Exchange Program, the Fundamental Research Funds for Chinese Central Universities under Grant ZYGX2011J059, and the National Research Foundation of Korea Grant funded by the Korea Government (MEST) (NRF-2010-0021575).