Masters Of Engineering In Internetworking

Published Date: 02 Nov 2017

INWK 6800

Seminar Topic

Mar 7th, 2013

- Pranavkumar Rajpara (B00584961)

Smart Grid security and key management

(Final report)

By

Pranavkumar K. Rajpara

Submitted in partial fulfilment of the requirements for the degree of

MASTER OF ENGINEERING

Major Subject: Internetworking

At

DALHOUSIE UNIVERSITY

Halifax, Nova Scotia

March, 2013

© Copyright by Pranavkumar K. Rajpara, 2013

Dalhousie University

Faculty of Engineering

Internetworking

The undersigned hereby certify that they have read and award a pass in INWK 6800 for the course entitled "Seminar topic" by Pranavkumar K. Rajpara in partial fulfilment of the requirements for the degree of Master of Engineering.

___________________________

INTERNETWORKING PROGRAM

AUTHORITY TO DISTRIBUTE REPORT

Title:

Seminar topic

(Final Seminar Report)

The Internetworking Program may make available or authorise others to make available individual photo/microfilm or soft copies of this report without restrictions after 7th March, 2013.

The author attests that permission has been obtained for the use of any copyrighted material appearing in this report (other than brief excerpts requiring only proper acknowledgement in scholarly writing) and that all such use is clearly acknowledged.

Full Name of Author: Pranavkumar K. Rajpara

Signature of Author: _________________________

Date: 7th March, 2013

Abbreviations

WAMS

Wide Area Measurement System

TSV

Tunable signing and verification

HORS

Hash to Obtain random subsets

PMU

Phasor measurement unit

PDC

Phasor data concentrator

WAN

Wide Area Network

TV-OTS

Time-Valid one time system

TV-HORS

Time-Valid Hash to Obtain random subsets

SIPS

System integrity protection scheme

MTSS

Multiple-time signature scheme

Contents

Abstract—

Next Generation Electric grid will operate and communicate by really complex networks of computer and communication system. Security of electric grid is necessary. If it will compromised by malicious adversary, It will cause serious damage to the system like power failure, destruction of equipment. Implementation of Smart Grid system required deployment of many technologies like developed sensors, metering technology. A wide-area measurement system (WAMS) is developed to provide a time-synchronized view of the electricity over the large geographical area. WAMS key management is used to communicate WAMS. It is a complex key management scheme provides strong set of security, which derived from NIST’s security level rating. Here, we focus on WAMS key management for that we need to understand the architecture of the wide-area measurement of the system. WAMS key management gives security to both unicast and multicast communication. Security related to unicast, WAMS key management has industry standard security protocol. Security related to multicast, authentication is required. There are two multicast authentication available for power grid TV-HORS and tunable signing and verification. Afterwards, TV-HORS is chosen to implement in wide-area measurement system.

Introduction

The Current electric grid is one of the greatest engineering achievements of the 20th century. However, with time goes on, this technology is outdated and cant able to handle the load of current communication. This reason force to transform this electric grid in to Smart grid. The Smart Grid is, according to IEEE standers "The combination of Electric power, communication and information technology for an improved power infrastructure which provides ongoing information about end user applications".

One of the main reasons to introduce this technology is to prevent cascading failures like 14th, August 2003 North America blackout, 23rd, September 2003 Denmark and southern Sweden blackout and days later on 28th, September most of the Italy in darkness which affect more than 50 million peoples. (http://www.fglongatt.org/Archivos/Archivos/SP_II/pwrs_05_blackout.pdf) In all of the cases, Blackout occurs because they have non-real time data or lack of real time data to work with. Thus, it is difficult to find out the reason of failure. These events force to think about the importance of awareness of energy management of system. By this enhanced awareness, we can improve operation planning, utilize the use of equipment and energy resources and stabilize the system.

The wide-area measurement system provides this type of network. The wide-area measurement system is basically high speed network of phasor measurement units like Amplitude, frequency and phase of voltage and current. By this measurement, we can track the state of grid. There are many governmental and commercial starts to develop technologies related to wide-area measurement system. The North America has series of published specification but lack of key management system, those are vulnerable. The International Electro technical Commission specify Group domain of interpretation and IPsec for secure multicast communication of phasore measurements. After all, Group domain of interpretation and IPsec combination is vulnerable if group key is compromised. Finally, we need some complex key management scheme for wide-area measurement system and WAMS key management scheme is proposed.

The WAMS key management gives security to both, unicast communication and multicast communication. Security related to unicast communication achieved by WAMS components using industrial-standard security protocols. Security related to multicast communication needed authentication. Multicast authentication is based on Multiple-time signature schemes. There are many multicast authentication schemes developed for smart grid communication, from that HORS is basic and TVHORS and Tunable signing and verification (TSV) are two latest developed authentication schemes. Afterwards, advance version of Tunable signing and verification purpose which called TSV+. Finally, we made comparison between HORS vs TSV and TSV+ vs TV-HORS and it shows that TV-HORS really efficient in the aspects of signing and verification so finally, they choose TV-HORS as a part of WAMS key management system.

In the following chapter 2, we gave overview of smart grid architecture, which gave understanding of how smart grid security implemented in geographically.

Then I present chapter 3 of overview of wide area measurement system, which gave understanding of how it is working and so on.

In chapter 4, I present unicast authentication system which use public key infrastructure. I gave detail information about public key infrastructure.

Chapter 5 contains multicast authentication. There are many multicast authentication schemes are developed until now. From that I describe here HORS, basic Multicast Authenticate scheme and TSV and TV-HORS, latest developed multicast system.

Finally, chapter 6 gives conclusion of this report.

Architecture of Smart Grid

Figure 2. [7]

High-level overview of the smart grid architecture provide in Figure 2.1. Here, we can see that production company supply energy to consumers or distribution network via transmission lines. The smart grid is coordinate and utilizes different generation and production companies. Generation plants can be fixed and mobiles depend on by which they produce the energy. We can see in figure that Networking operating center manage many transmission substations. The generated electricity transmits from different source of energy to distribution networks via different high voltage power lines. At last, many distribution topologies deliver electricity to home users, residential area, metropolitan area and manufacturing factory.

There are two communication networks of subpart of the smart grid [7], the Home area network and the neighborhood area network. These networks used for data communication between user and production management to utilize. There are three components of Home area networks. First, the smart devise in home that provides information for energy efficiency management and demand response. Second, the smart meter that assembles data from smart devices in home and applies some action depending on the information it collect from the smart grid. Third, Home area network gateway, which is link between Home area network and Neighborhood area network. These also can be hardware equipment. However, Neighborhood area network connects multiple home area networks to the source of energy or Production Company.

Overview of the wide-area measurement system

A wide area measurement system is widely used in power systems which consist of advance measurement technology and utilize the technologies of digital signal processing and global position system. It is also contain information tools and large operation infrastructure which understand and manage rapidly increasingly complex behavior of large power system. The real-time data provided by wide-area measurement system provide helpful information to observe the power system.

There are four component of wide-area measurement system.[6]

Phasor measurement units (PMU)

Phasor data concentrator (PDC)

Wide area networks (WAN)

Real-time database and data archive

Figure 3. [6]

Figure 3.1 shows all four layer of generic architecture of the wide-area measurement system. The phasor measurement unit measure current and voltage phasor which are high precisely time stamped with internal clock and global positioning system at 10-30 frames/sec. The phasor measurement unit transfer measured data to phasor data concentrator in layer 2 via wide area network. The phasor data concentrator forwards the data collected by phasor measurement unit to application data buffer in layer 3, for observation. The Application data buffer observes the data for errors, synchronization and losses. Afterward, forward the data to layer 4. Real time database and data archive held in layer 4 responsible for collecting the data and store for post analysis. There some other application also held in layer for like real-time wide area monitoring control and protection applications.

There are four type of messages used in communication.

Data

Configuration

Command

Header

Following are the exchange between clients and PMU/PDC[5]

The client sends request command frame to PMU/PDC for human readable description information

Header frame are sends in reply of client’s request

The client request command frame to PMU/PDC for configuration frame

Configuration frame are send by PMU/PDC

The client request command frame to PMU/PDC for data

Client start receiving data frame and it didn’t stop until client request

From above messages we can see that it seems like unicast messages but Phasor measurement unit have to multicast measured data to different consumers and phasor data concentrator to achieve communication redundancy. Phasor data concentrator at same hierarchical level also needs to share data with each other through multicast in stream. This is not only place where we needed multicast. To perform System integrity protection scheme (SIPS) analysis, load shedding analysis and performance monitoring, PDU and PDC need multicast. SIPS are distributed application that installed to maintain integrity of electric energy [6]. It uses information from different station bus or substation to distribute in power system. SIPS is responsible to stop cascading failure [6]. Figure 3.2 stated the overview operation of SIPS.

Figure 3. [6]

System integrity protection schemes (SIPS) invoke action to trigger the Phasor Measurement Unit in the network to starts measurement of phasor data when SIPS action is begins. SIPS send first trigger to Phasor data concentrator and then Phasor data concentrator send trigger to all other phasor measurement units connected to it. Afterwards, Phasor measurement unit’s multicast special messages to trigger data capture by station bus.

We can say from this observation that Phasor measurement unit and Phasre data concentrator need to support, unicast and multicast. The International Electro technical Commission specify Group domain of interpretation to secure group keys which used as a secure key in IPsec communication protocol and IPsec for secure multicast using that group keys. Afterwards, they find out that Group domain of interpretation doesn’t support authentication with in group members and IPsec also depend on the shared group key for encrypt the data though shared key can be abused or stolen from members. In following sections, we are going to see how authentication provides to unicast and multicast communication.

Unicast authentication

Objective of unicast security

To describe authentication of unicast, first we collect all of the requirement to achieve unicast security. Following are objectives [3].

Phasor measurement unit has to authentic the clients and vice versa.

Phasor data concentrator has to authenticate clients and vice versa.

Phasor measurement unit and Phasor data concentrator has to authenticate each other.

Application data buffer and Phasor data concentrator has to authenticate each other.

Application data buffer also have to authenticate Phasor measurement unit so someone can’t falsify the phasor data concentrator and inject some bad data.

Finally, application data buffer and energy management system have to authenticate each other.

Energy management system doesn’t have to authenticate phasor measurement unit and phasor data concentrator.

Unicast Key management system

WAMS key management provide key establishment and maintain communication using that. Key management is the process where shared key provide to many devices or client so they can use that key for subsequent cryptography. WAMS key management use Public key infrastructure, asymmetric cryptography for unicast key management. Public key infrastructure is efficient and scalable but it is computationally expensive because it is use one key pair par client or device.

Public key infrastructure is a cryptographic technique to communicate in public network like internet in secure way with client or devices’ digital signature. Public key infrastructure create, store and verify the digital signature which is used by client and devices to identify themselves to other. Digital signatures stored in public key infrastructure map public key to entities and verify whenever other ask for it.

A Public key infrastructure contain

A certificate authority which issues the digital certificates and act as a third party trusted user so that other client can verify that certificate by using certificate authorities’ public key.

A registration authority which verify the client or device who requested information of certificate authorities.

A central station where all the keys and digital certificates are stored.

A management system which manage central station

The certificate authorities issues client’s certificate digitally with its own private key, so other users can check validity of certificate by using certificate authorities’ public key. Validity of certificate depends on validity of that public key. If certificate authorities are third party except client, devices or system than it called registration authorities which assure the correctness of digital certificates and also act as certificate authorities, some times.

Public key infrastructure process:

Below Figure 4.1 describe all the process of public key infrastructure.

Figure 4. [8]

There are two processes about certificate.[8]

Issuing a Certificate

Authentication of certificate

Issuing a Certificate

User send certificate signing request to register authority to check their certificate and sign from certificate authorities.

Register authorities check that certificate and if it is valid than give that to certificate authorities to sign.

Certificate authorities sign that user’s certificate by their privet key and send it to user.

Authentication of certificate

When user wants to authenticate its self to other, it sends certificate issued by certificate authorities to other.

Other users send that certificate to validation authorities where there are all record of valid certificates.

Validation authority verified certificate and reply validity of certificate to other user who requested verification of certificate.

Time line diagram of public key infrastructure authentication process

From below Figure 4.2, we can see all the procedure describe above.

Figure 4. [8]

A certificate authority can vouch for other certificates authority and so on. It is called certificate hierarchy. The trusted certificate authority is the root of that hierarchy. WAMS key management follows x.509 public key infrastructure for policy requirement. Every device is pre-configure with public/private key pair and intrusion detection system continuously monitor the whole system and to validity if device and intrusion detection. If it find outs that some devices are not trusted devices than it cancel certificate of that device from certificate validation list and broadcast that information to whole network so no one gets connected to that device through invalid certificate.

A Diffi-Hellman algorithm used to make secure channel between two devices. For key exchange, they probably use internet key exchange protocol for IPsec or transport layer security. To achieve confidentiality, messages are encrypted with block cipher techniques like triple data encryption standers or for more security, advance encryption standers recommended because it has bigger key length and more security. Messages authenticate by authentication code. Cipher based message authentication code is recommended for authentication code because it can give more security in variable length message. Techniques like cipher block chaining message authentication code is also good for this purpose but they are not useful with variable length messages.

All of Phasor measurement units are pre-configure with all the information which required establishing connection to Phasor data concentrator and Application data buffer. Phasor data concentrators have pre-configured information to establish connection with Application data buffer and application data buffer also has pre-configured information to establish connection with energy management system. PMU send measured data to PDC through secure establish channel. [5] PDC verify authentication code for every farm. After verification, if it is successful than PDC generate own authentication code and append to the measure data, send by PMU. PDC establish secure channel to ADB and send that frame through that secure channel. Now, ADB has to authenticate to both, PMU and PDC. [5] It verifies authentication code, generated from PMU and authentication code, generated from PDC. After verification, if it is successful, than ADB generate own authentication code, remove all of previous authentication code and send that authentication code with data to EMS through secure establish channel. EMS verifies the authentication code and accepts it on the successful verification.

Multicast authentication

Objective to multicast security

To describe multicast authentication system, First we collect all the requirement to achieve multicast security. Following are objectives [3].

Multicast message coming from phasor measurement unit have to authenticate.

Multicast message coming from phasor data concentrator have to authenticate.

There are two types of multicast messages

One-time multicast messages

Stream multicast messages.

One-time multicast messages

One-time multicast authentication achieve by conventional digital scheme like digital signature algorithm

Stream multicast messages

Stream multicast authentication required multicast authenticate scheme. Multicast authenticate scheme are based on signature scheme. There are two types of signature schemes.

Unlimited-time signature scheme

Multiple-time signature scheme

Unlimited-time signature scheme

Unlimited-time signature can be achieved by conventional digital signature. These algorithms can generate as many as you want digital signature using one private key. The only problem with this scheme is that it required high computation and memory to store digital signature. It generate signature and append this signature to every multicast messages. It is simple compare to others. Though all of the packets have to collect to generate signature and verify, it is not suitable for real time environment of WAMS.

Multiple-time signature scheme

Multiple-time signature schemes are generate signature using public/private key pair for fixed number of packets. They generate signature with more number of bits and lower security but it have low computational cost and low memory required than Unlimited-time signature scheme. There are many component required in multiple-time signature scheme like public/private key pairs, non-invertible or one way mathematical function, indexing function which gives private key to generate signature and mapping functions like private key to signature mapping and signature to public key mapping.

There are two important component required to construct Multicast authentication system from Multiple-time signature scheme.

One-way chain

Clock synchronization

One-way chain

If we use same private/public key to sign all of the packets, than signatures allow adversary to find private keys. There is one way to solve this problem. We can use one key pair to sign only fixed number of signature. To sign stream multicast messages, we have to generate continuously new public/private key to sign stream of unlimited length of messages. Suppose Ai is a one way chain, where Ai=Hash (Ai+1) and i= integer number. Hash is one way mathematical function. We divide message in epoch so we use each key public/private pair per epoch mean we can use Ai as a private key for the ith epoch and any Aj where j<i can be used as a public key. Suppose there are tuple of l elements than l one-way chains are needed.

There are two types of chaining [6]

Uniform chain traversal

Non-uniform chain traversal

Uniform chain traversal

Figure 5. [6]

From Figure 5.1, we can see how uniform chain traversal work. If we used shaded square as a private key and any one public key from first column of triangle than in second epoch of uniform chain traversal we used any one private key from the column of circle. Any one from shaded square and remaining triangle from other rows can be selected as a public key for second epoch.

Non-uniform chain traversal

Figure 5. [6]

From Figure 5.2, we can see how Non-uniform chain traversal work. If we used shaded square as a private key and any one public key from the first column of triangle than in second epoch of Non-uniform chain traversal we used any one private key from first circle of the column of circle and square which are not used as a private key previously. Any one from shaded square and remaining triangle from other rows can be selected as a public key for second epoch.

Attacker can capture enough number of packets to reconstruct whole column of expire private key or we can say that attacker can reconstruct first epoch’s private key. Because of this reason, it is necessary to keep secret private key by

Dividing message in epochs period

Keeping track of public/private key of every epoch

Providing clock synchronizing between clients or sender and receiver

There is an advantage of non-uniform chain traversal. In non-uniform chain traversal, current public and private keys are adjacent so verification of signature cost is less than uniform chain traversal.

If we compare traversals with security than uniform chain is more secure can non-uniform security. Because by blocking private key message at receiver, attacker can be man in middle and loss the track of current private key.

We can conclude from this that uniform chain traversal is more secure with high verification cost.

Clock synchronization [6]

Clock synchronization is necessary for security of multiple-time signature scheme. Losses of synchronization in non-uniform chain traversal can loos of current private key so we cannot use time as a reference. Client release information about private key with every signatures, but if attacker block that messages at receiver than receiver may be lose the track of active private key. After collecting enough messages, attacker can forge any message to receiver. Finally, it is fact that uniform chain traverser is more secure but it is over look because of high signature verification cost.

Multicasts authenticate systems

Now, we will describe one basic and two latest design multicasts authenticate system which is more secure and scalable.

Hash to obtain random subsets(HORS) [11], [1], [2], [6]

Time valid hash to obtain random subsets (TV-HORS) [1]

Tunable signing and verification (TSV) [2]

Multicast authentication systems are advance version of Hash to obtain random subsets authentication system. First, we discuss about algorithms of HORS, weakness of HORS and so on.

Hash to obtain random subsets (HORS)

HORS use One-way mathematical function or Hash function which is very strong I cryptographically. Hash function use to map with each message to any element of element set. The whole algorithm is follow[11]

Key Generation: Generate t random l-bit strings (s1, s2, ..., st), to be used as a private key Kpriv. The corresponding public key is then computed as Kpub = (v1, v2, ..., vt), where vi = f(si) and f is a one-way function.

Signing: To sign a message m, let h = Hash (m), where H is a hash function. Split h into k substrings h1, h2... hk of log2 t bits each. Interpret each hj as an integer ij . The signature of m is (si1, si2, ..., sik ).

Verification: To verify a signature (s′1, s′2... s′k) over the message m, compute h = Hash (m). Split h into k substrings h1, h2, ..., hk of log2 t bits each. Interpret each hj as an integer ij and check if f(s′j) = vij holds.

From above algorithm, we can see that HORS only need one Hash function. It improves signature verification cost than BiBa authentication scheme with same size of signatures.

Figure 5. [6]

Above Figure 5.3 shows operation of the signature scheme HORS which follow all the steps for HORS algorithm describe in previous page.

Figure 5. [2]

Above Figure 5.4 describe the example of forgery in ideal case and HORS case. Here for k=3, sender have valid signature for m and attacker wants to forge a signature for message m’. We can clearly see that there are more scenarios in HORS attacker can easily to find out signature for m’ but if we didn’t provide enough time to attacker to find out signature, HORS is good authenticate system with less computational cost.

There some weakness when it is implemented on smart grid.

Public key size used by HORS is very large so it increased storage overhead at receiver side.

Another problem is that it cannot be implemented using one-way chain based authentication system so distribution of public key is major issue.

Signature size of HORS is also too large for wide area network. According to standers it has a 130 byte long signature which is way more than data frame size.

Time valid hash to obtain random subsets (TV-HORS)

TV-HORS is implemented base on time valid one-time system (TV-OTS). For better understanding, first we understand about model description of TV-OTS.

Description of TV-OTS model

Suppose sender ‘S’ and receiver ‘R’ are synchronize with each other and sender’s and receiver’s starting time are ts0 and tr0 respectively. S determined signature period before starting sending any message. S can send messages and signature with in signature period. Whenever S starts sending message, it noted that time as a ts0. It uses some one-time system authentication code to sign first l bits of message digest.

Figure 5. [1]

When R receives that message, it noted that time as tr0 and decide its upper bound time tr. Then, the longest time signature to be in the transportation medium could be tr-ts0. Form that, we can say that least time attacker has to find another message with same signature (Tadv) is less than tr-ts0. Receiver check this condition on the arrival of any message, if condition didn’t satisfied, it discard the message because it may be inject by attacker. We can see whole scenario in Figure5.5. As Tadv increase respect to size of message digest bits l, we can increase number of bits l to make sure that attacker never find out message with same signature.

There are some weaknesses of TV-OTS which force to implement new design.

We show that TV-OTS didn’t compromise the security, but TV-OTS didn’t flexible with some applications.

TV-OTS required loose time synchronization but smart grid is critical time synchronization.

TV-HORS algorithm

The basic idea based behind TV-HORS is first to make HORS time-valid signature schema and then apply one-way chain to apply multiple public\private key pair to authenticate large number or stream messages. As we describe in one-chain, TV-HORS divide messages in to number of epochs and each epoch has different private keys. Each epoch can signature maximum V number of packets to ensure security then it have to change the epoch to change the key.

Figure 5. [1]

Following are few steps to construct scheme which are also shown in figure 5.6. [1]

Initial preparation: In this period, Sender ‘S’ and Receiver ‘R’ are synchronize their time. S finds out best epoch period and upper bound time or Tadv time. S and R also finalize maximal transition rate, it called λm. It measured in number of packets send per second. According to our idea of scheme length of epoch (TΔ) must be less than V/λm. Then S determine the time period of transmission session (Tφ). From that, we can derive total number of epochs P= Tφ/ TΔ. S make salt chain Kj with legth of P+1, starting from 0 to P. From salt chain, S make N light chains s(i,j) where i = [1,N], j = [0,P] and s(i,j) = Hkj(si,j+1). Element compose by light chains are called Signature Authentication Generation Element (SAGE). In each epoch i, any one salt ki and one SAGE like s(any,i) are active. After some time when second epoch becomes active, next row in salt become active and first all are expire. Sender S attached signature with messages by using active SAGEs and send message to receiver. Message contain following information : k0, s(any,0), TΔ, ts0 and P. Initialization process have to be done again also if sender want to create new session with same receiver. [1]

Authentication provide by message signing : suppose we want to sign message M. first compute m= Hash (a||M||Kb) where b is the epoch number. Afterwards, sender splits m in to t subparts like m1,m2….,mt where length of string is log2N. Then, sender send packet contain {a, M, b, Kb, s(iu, b) where u = [1,t]} [1]

Authentication validate by verifying messages: After receiving packets, Receiver noted received packet time tr and also estimate sender’s highest bound time tr + epsilon. Afterwards R computes tsc and then checks tr + epsilon – tsc is greater than Tadv. If it is, Receiver discard message because it may be inject by attacker. If it is not, Receiver accept the message and computes m’=Hash (a||M||kb) like sender did. Then it splits m’ in to string of subpart with length of log2N like s1’,s2’…,st’. now suppose each su’ = iu’ for 0 to N integer. Now, Receiver has to check current SAGEs and salt are valid or not. If they are not valid, receiver discard the message, otherwise Receiver update its latest verified SAGEs and salt. At this point authentication is done, so it is safe to forward message to application layer.[1]

Tunable signing and verification (TSV)

Tuning signing and verification is combination of Heavy signing Light verification (HSLV) and Light signing Heavy verification (LSHV). HSLV and LSHV both have some weaknesses with some factors like in HSLV signing cost may be too much high if one variable if high and in LSHV verification cost is very high compare to others. Finally, they combine each one’s best feature and implemented TSV. TSV divide element in different group and it make groups on the base of the position of signatures. Whole group are verified at a same time and they sorted in decreasing order. Thus, verification process is done like HSLV and signing process done like LSHV.

TSV need one-way chain function to derive signature. First we describe how one-way function work special for TSV.

Let assume that, all the privet keys and public keys are as same as shown in Figure 5.7a and signature m required s(5,1) and s(4,2) key pairs. Then after making signature, chain list look like shown in Figure 5.7b. we can observe that if s(4,2) is expose than s(5,2) is also expose so both key have to exclude from next state.

Figure 5. [2]

Now, Assume K elements are divided in to g groups like G1,G2..,Gg. Vector ni, i =[1, G] shows the size of group of vector G, mean size group G1 = n1 and so on. Gqi is the group which contain ith element of the signature. all of the element of group Ga are verified by Wa+1, Where W is a one-way function invocations. Here, vector Wi, i = [1, g] measured verification cost of scheme.

Algorithms for TSV [2]

Key Generation :Create t random l-bit strings, different from each other like s1, s2, ..., st. Create a one-way chain for each si with length of w + 1, i.e., si → f(si) → ... → f^w(si). The private key (Kpriv) represent by the t chain. The public key (Kpub) represent by vi = f^w+1(si) where i = [0,t].

Signing : suppose we want to sign message M. First, derive m = H(M|c), c start with 0 and act as a counter. Divide m in to k substrings with the size of log2N and called mi where I = [0, k]. Interpreted each mi in to ij. All of this ij are different from each other. The ij which are in same groups have to be sorted in the decreasing order. If not, than increment counter value c by 1 and repeat process from signing. Finally, we should get signature in this form {c, f^(w-wq1)(si1),……, f^(w−wqk)(sik )}

Verification : Now, we have signature like (c′, (s′1, s′2, ..., s′k)) for message m. to verify signature we have to derive m like we did in signing. Then, divide m in to k substring and interpreted as ij. Now we have to check three conditions.

All ij must be different from each other.

The ij which are in same group must be sorted in decreasing order.

At last, check f(wqj+1) (s′j) = vij. It must be true for all j.

Figure 5. [6]

From above Figure 5.8, we can see that how signature are generated in TSV. This is figure show all the step of algorithm which we describe above.

Figure 5. [2]

TSV protocol needs two vectors ni and wi where i = [1,g]. TSV is representing in this pattern TSV (g,n,w). We can see this representation in above Figure 5.9.

TSV has one weakness which is about security because it uses non-uniform chain traversal. To solve this, TSV + version come out which is enhance TSV with two aspects.

TSV+ use Uniform chain traversal

TSV+ support multiple signature with in epoch which TSV doesn’t

Comparison between different Multicast authenticate system

TSV vs HORS

To computer TSV and HORS we used demand and response application’s result. Following table describe result from Demand and Response application , with same security level, 80 bits and same Bandwidth cost, k = 13

Table [2]

Scheme

Public key size

Signing cost

Verification cost

Key Generation

HORS

10 KB

1

14

1024

TSV( C = 6)

1.28 KB

1.8*10^6

20

384

TSV( C = 7)

1.28 KB

9.2*10^5

21

384

TSV( C = 8)

1.28 KB

4.6*10^5

22

384

TSV( C = 9)

1.28 KB

2.3*10^5

23

512

TSV( C = 10)

1.28 KB

1.2*10^5

24

512

TV-HORS vs TSV+

To compare TV-HORS and TSV+, we take many factors in consideration. First we compare with regard to length of bits and then we compare with regard to cost of signing and cost of verification. Following section compare results of TV-HORS and TSV+. We use some common parameters to develop charts.

Common Parameters

Hash length ( Lh) = 80, t = 1024,

Number of signature generated per epoch ( r) = 1

TV-HORS: Ktv-hors = 13

TSV+: Ktsv+ = 8, w = 1

The labels for TSV+ are written in this form "TSV+g,(n1,n2…ng)"

Signature length in bits

From following figure 5.10, we can say that TV-HORS needed more signature length then TSV+.TSV+ has same signature length with any group length.

Figure 5. [6]

Sighing cost

Following figure 5.11 compare the signing cost between TV-HORs and TSV+. If we assume the signing cost for TV-HORS is 1 then compare to this signing cost of TSV is differed, depending on number of groups and other factors.

Figure 5. [6]

Verification cost

Following figure compare the verification cost. We can see that TV-HORS have low verification cost compare to any group partner of TSV+.

Figure 5. [6]

Finally, from all of above comparison we can observer that TSV+ use low signature size with expense of high signing cost and high verification cost compare to TV-HORS. The best scenario for TSV+ is TSV+2,(44) which also use 600 time high signing cost and 2 times high verification cost. From this observation, we can say that TV-HORS is best authentication scheme until now.

Conclusion

In nut shell, we can said that by providing real time Phasor measurement data to anywhere in wide smart grid network with Wide area measurement system, we can reduces blackouts which is one of the major situation in the world. For secure transmission of measured data, between clients and servers, we discuss the WAMS key management system.

From NIST’s security level of impact, we discuss objective required to achieve security in WAMS key management systems. For security objective required in unicast transmission, solved by industry stander protocols in WAMS key management system. For security objective required in multicast transmission, we discuss many authenticate scheme like HORS, TV-HOR, TSV and new version of TSV+. From all of this, TV-HORs provide lowest signing cost and verification cost with little high signature length. Thus, TV-HORS is best choice to implement in smart grid for multicast authenticate.