Upload
pradeep-kr
View
220
Download
0
Embed Size (px)
Citation preview
8/12/2019 EA_MTSP
1/32
Introduction
Traditional grid : In the Second Industrial Revolution to electricpower involved large, centralized power plants that feed power over an
electro-mechanical grid. In this producer-controlled model power flows
in one direction only. There is no two-way communication that allows
interactivity between end users and the grid.
8/12/2019 EA_MTSP
2/32
Cont
Smart Grid: In Third Industrial Revolution, a new concept emerged in how
electricity is managed. Under this model, the grid becomes less of a one-wayhighway and more of an integrated, interactive network. Many smaller powerplants are distributed throughout this network, including renewable energygeneration.
They are flexible in operations, responsive to consumers and capable of
integrating digital information technology to improve reliability, security,and efficiency of the electric grid.
Like so many other digital networks, the Smart Grid consists of three basicpieces:
1. Smart devices
2. Two-way communications
3. Advanced software
8/12/2019 EA_MTSP
3/32
Cont
Smart grid utilities alone cannot provide all electricity services, and thus
third-party service providers (SPs) are required to help in servicing utilities
and users for cutting commercial cost and providing high-quality services.
Smart grids have the capability to allow users to interact with their
electricity usage information via the Internet, although Internet
communications are generally insecure.
Furthermore, unlike electric utilities, third party SPs can include legitimate
businesses with agreements with energy users to assist them in better
managing energy consumption, but can also include adversaries seeking to
abuse data.
Hence, securing third-party service provisions is critical in smart grids.
Authentication is required to be done in the first step.
8/12/2019 EA_MTSP
4/32
Cont
He et al. provided an authentication scheme among the electric utility,
users and SPs. However, the authors do not differentiate carefully
between the utility and third-party SPs, thus their system model cannot
capture specific cyber security threats in the third-party service provision
in which multiple, probably malicious, third-party SPs exist.
We propose an efficient authentication scheme for multiple third-party
service providers in smart grids, named EA-MTSP. The main contributions
are paper as follows:
1. Model the third-party service provision in smart grids and distinguish carefully
between the utility SP and the third party ones.
2. A novel EA-MTSP scheme that achieves efficient authentication for multiple third partySPs and satisfy multiserver authentication, conditional anonymity, and other important
security requirements.
8/12/2019 EA_MTSP
5/32
RELATED WORKS
Fouda et al. [2] presented a message authentication scheme for smart gridcommunications where RSA algorithms and Diffie-Hellman key exchange protocols wereadopted. As we know, these cryptographic primitives are used in the certificate-basedsetting and thus it is necessary for certificates to be transmitted and verified. Hence,communication and computation are costly.
Nicanfar et al. [3] demonstrated a portable and lightweight mutual authentication
scheme between utilities and SMs, which used the design idea from an identity-basedauthentication mechanism for the mesh networks proposed by Boud guiga et al. [8].
Li et al. [5] proposed a new one-time signature algorithm an efficient multicastauthentication scheme in smart grids, which has short authentication delay and lowcomputation cost.
He et al. [7] first identified cyber security challenges on the service provision of smartgrids. Furthermore, they provided an authentication scheme among the utility, usersand SPs. In particular, their scheme can protect users identity privacy and provideaccountability based on the modified Boneh et al.sgroup signature algorithm [9]. Theydo not distinguish carefully between the utility SP and the Third-party ones, thus theirmodel cannot capture specific cyber security threats in the setting of multiple third-party SPs.
8/12/2019 EA_MTSP
6/32
System Model
The system model focuses on how to provide multiple secure third-party
services for users under the control of the utility in the smart grid
communication (Figure 1).
8/12/2019 EA_MTSP
7/32
Cont
The following assumptions are considered :
Single utility (UT)
m users Uifor I = 1m
N distributed third-party SPjfor j =1n.
For simplicity, we also assume that each SP provides only one service.
In Uis house, there are all kinds of smart appliances (SA) which form a
home area network (HAN).
SMi is assigned to HANi as its gateway, enabling an automated and two-
way communication between HANi and other entities in smart grids.
SMi can electronically record real-time data about electricity use, and is
usually resource-constrained, equipped typically with 16KB random access
memory, 120 KB flash memory, and 120 MHz CPU.
8/12/2019 EA_MTSP
8/32
Proposed System Model
The user and the third-party SP are both required to be registered to UT.
Uiregisters an account to UT for SMi.
SPj registers its service to UT.
Uican check the available services on UTs portal and subscribe the
necessary ones. By signing up its SA with SPj, Ui grants SPjrights tocommunicate with or control its SA.
Consequently, SPjmay have interfaces to SMito read electricity usage
data.
In addition, SPjmay also have interfaces to UT to get pricing or other
information.
In this way, it can make automated control of energy consumption more
efficiently.
8/12/2019 EA_MTSP
9/32
Communication Setting
HANi connects SAs to the gateway SMi, through which SAscommunicates with SPj.
HANi located usually in an apartment, with limited coverage, its
communication is considered to be a relatively inexpensive usingZigBee or WiFi.
The distances among SMi, SPj, and UT are far away, thuscommunications should be through wired links with high bandwidth
and low delay.
Many communication infrastructures are IP-based communicationsamong SMi, SPj and UT are through the Internet.
8/12/2019 EA_MTSP
10/32
Security Setting
We can assume that UT is trustworthy.
Unlike UT, third-party SPs can can also include adversaries seeking toabuse or misuse data.
For the sake of convenience, SMi is usually installed outside of the houseand thus adversaries might easily compromise it and further obtain storedsecret information.
SMi, SPj, and UT interact over the public Internet. Internet communicationis generally insecure owing to unauthorized interception, manipulation or
other threats.
Hence an efficient multiserver authentication scheme is critical for securethird-party service provisions in smart grids.
8/12/2019 EA_MTSP
11/32
Cont
For authentication, there exist two probable considerations:
a. If the service goes through the smart grid, it has to involve UT.There is no pass-through capability that allows Ui enter into anagreement with third parties.
b. Third parties can offer services directly to Ui via SMi, not through
UT.
8/12/2019 EA_MTSP
12/32
Cont
Consideration a is preferred for following reasons:
1. From the viewpoint of communication security, especially
considering easy-compromised SMi and probably malicious third
party SPs, UTs management can mitigate the damage as much as
possible, for example, by revocation of service permissions orupdate of secret keys stored in SMi .
2. Ui requires only one registration with UT. While in the latter, Ui
requires multiple registrations with different distributed SPs. This
is not only burdensome and inconvenient, but also adds significant
overhead of communication.
3. Distributing the users personal registration information in multiple
SPs would be very likely to create more privacy risks.
8/12/2019 EA_MTSP
13/32
8/12/2019 EA_MTSP
14/32
Security Requirement
For authentication of multiple third-party SPs in the smartgrid, we consider the following security requirements needingto be satisfied:
1. Multiserver authentication SAs in a usersHAN authenticate
themselves to different SPs to access subscribed servicessecurely.
2. Conditional anonymity the users identity is anonymous tothird-party SPs to protect privacy. However in case ofdispute, UT can reveal the usersreal identity.
3. Confidentiality, authenticity, integrity and freshness oftransmitted messages these are the same as commonauthentication schemes.
8/12/2019 EA_MTSP
15/32
Notations
8/12/2019 EA_MTSP
16/32
8/12/2019 EA_MTSP
17/32
Proposed System
The scheme consists of the following four
phases:
1. System initialization
2. Registration
3. Service subscription
4. Multiserver authentication.
8/12/2019 EA_MTSP
18/32
System Initialization
TA acts as a key generator centre to set up all parameters. Following steps
take place:
1. Given the security parameter , TA runs G() to generate a six-tuple (q,
P,G1,G2,GT, ).
2. TA chooses a random number s Zq*
, keeps it as the system master keysecretly, and computes PTA=sP.
3. TA chooses one secure symmetric encryption algorithm E(), for example,
AES, and two secure cryptographic hash functions H1: {0, 1}* G1 and
H2: G2 Zq*.
4. Finally, the public parameters are published as{fq, P, G1, G2,GT, , H1, H2, PTA,,E()}-------------- (1)
8/12/2019 EA_MTSP
19/32
Cont
TA computes the private keys for UT, Ui, and SPj as SKUT =sH1 (UT), SKUi
=sH1(Ui), and SKSPj = sH1(SPj), respectively.
Then, TA sends these private keys to UT, Ui, and SPj through secure
channels, respectively.
UT also chooses s1Zq*randomly as its own master key and publishes its
own public parameter PUT=s1P.
With the master key s1, the entities in UT domain can establish theauthenticated communications.
8/12/2019 EA_MTSP
20/32
Cont
For two clients with identities, A and B with the private keys SKAand SKB
respectively, the shared key KA-B is given by using non-interactive identity-
based key agreement protocol [15] as
KA-B= H2((SKA=H1(B)))= H2((H1(A),H1(B))
S)-------------------------(2)
= H2((H1(A),SKB)
Therefore, after TA grants UT, Ui and SPjthe private keys given by SKUT, SKUi
and SKSPj respectively, a session key KUT-Uican be established between UTand Ui and also a session key KUT-SPjcan be establish between UT and SPj
by the non-interactive key agreement as in Equation (2).
8/12/2019 EA_MTSP
21/32
Registration
This phase includes registrations for SM usage permission and SP service
permission.
Registration of SM usage permission PermSMi
Step1: When Ui
registers SMi
to UT, Ui
forms a message Mi
=Ui
||UT||TS||SMi
,
encrypts it with KUi-UT as Ci= EKUi=UT(Mi), and sends {Ui,UT, TS, Ci} to UT.
Step 2: Upon the receipt of {Ui,UT, TS, Ci} , UT decrypts Ciwith the shared key
KUT-Uito recover Mi, checks freshness, authenticity and integrity of Mi, and
checks validity of Ui and SMi. If they hold, UT computes SM usagepermission as PermSMi =s1H1(Smi).
8/12/2019 EA_MTSP
22/32
Cont
Step 3: UT forms Mi = Ui||UT||TS|| PermSMi encrypts it as Ci =EKUT-Ui(Mi),and sends {UT, Ui, TS, Ci}to Ui.
Step 4: After receiving {UT, Ui, TS, Ci} , Uidecrypts Cito recover Miand
checks freshness, authenticity and integrity of Mi. If they hold, Ui storesPermSMiin SMi. Here, PermSMi can be used to establish a shared key KUT-SMibetween SMiand UT.
Registration of SP service permission PermSPj
Similarly, SPj registers its service to UT and then gets the service
permission as PermSPj =s1H1(SPj). After registration, UT refreshes the
available service list on its portal for user subscription.
8/12/2019 EA_MTSP
23/32
Service Subscription
Step 1: SMisubscribes SPjsservice for one SA, SMi chooses a pseudonym
PIDijand a subscription period dijfor the SA; forms Mi= SMi ||UT || TS ||
SPj|| PIDij|| dij, encrypts it as Ci=EKSMi-UT(Mi), and sends {SMi, UT, TS, Ci}
to UT.
Step 2: After receiving {SMi, UT, TS, Ci} decrypts Cito recover Mi, checks
freshness, authenticity and integrity of Mi, and checks validity of Mi, SPj,
PIDijand dij. If they hold, UT establishes a contract between PIDij and SPj, in
which SMi grants SPj rights to manage the corresponding SA, and
computes PIDijssubscription key as K PIDij= s1H1(PIDij).
Step 3: UT forms Mi= UT|| SMi ||TS||K PIDij , encrypts it as Ci= EKUT-SMi(Mi),and sen ds {UT,Smi,TS, Ci} to SMi.
8/12/2019 EA_MTSP
24/32
Step 4: Upon the receipt of {UT, SMi ,TS, Ci},SMi decrypts Cito recover Mi
and checks freshness, authenticity and integrity of Mi. If they hold, SMiforwards KPIDijto the corresponding SA.
At the same time, UT sends concerned subscription message to SPj
Step 3: UT forms Mj =UT||SPj||TS||PIDij||dij, encrypts it as Cj= EKUT-SPj
(Mj), and sends {UT, SPjTS, Cj} to SPj.
Step 4: After receiving {UT, SPj,TS, Cj}, SPj decrypts Cjtorecover Mj andchecks freshness, authenticity and integrity of Mj. If they hold, SPj stores
(PIDij, dij) in SPjssubscriber list to verify the service access later.
8/12/2019 EA_MTSP
25/32
Multiserver Authentication
A service contract is established between SPjand one SA with the pseudo-
identity PIDij. To access the subscribed service, PIDij and SPj could
authenticate mutually by the contract key K PIDij-SPj.
This key can be established by the non-interactive key agreement as inEquation (2), using SPjs PermSPj and PIDijs KPIDij, which both are already
granted by UT upon the master secret key s1.
If SMi subscribes multiple services, say, SPj1 and SPj2 , the multiserver
authentications follow the same procedure as the above. As a result, inthe following, with the contract keys, SAs and multiple SPs can
communicate in an authenticated manner.
8/12/2019 EA_MTSP
26/32
8/12/2019 EA_MTSP
27/32
Multiserver Authentication
In EPAA, we consider authentication of multiple SPs, that is,
SAs in a usersHAN authenticate themselves to different SPs
to access the subscribed services securely.
For simplicity, we assume that in one HAN, one SA accesses
service from only one SP, which provides only one service.
8/12/2019 EA_MTSP
28/32
Multiserver context two attacks
In the multiserver context, we consider two attacks:
1. Collusion: Two or more SPs collude to attack a SA, with which these SPs
have no contract, to get the SAs real identity or to eavesdrop
communication content between SA and its corresponding SP thereby
violating privacy and confidentiality. Here corresponding refers to thecontract established between the SA and the SP.
1. Competition : In our environment, there is a possibility of commercial
competition among SPs. For example, SP1 can impersonate its
competitive SP2 in order to interact with SP2 ssubscriber, say SP2 . Fromthe interaction, SP1can discover the competitors commercial secret.
This commercial secret may help SP1with improving its service quality
which is vital to win the competition.
8/12/2019 EA_MTSP
29/32
Resist attacks
EPAA can both resist them as below:
1. Resistance against collusion attack :
We consider the identity privacy of SAs. For EPAA, SAs interact with their
corresponding SPs only using pseudonyms {PIDi1,PIDi2,..}. These
pseudonyms are chosen randomly thus independent of each other and
also independent of the users real identity Ui. Hence, even if all SPs
collude, still they cannot infer the aimed SAsreal identity.
We consider the communication confidentiality of SAs. The
communications between PIDijand SPj are encrypted with the contract key
K PIDij-SPj established by KPIDij and PermSPj as in Equation (2). However even
by collusion, other SPs cannot get KPIDij of the aimed SA and PermSPj of the
corresponding SP. Therefore, communication confidentiality can be
achieved.
8/12/2019 EA_MTSP
30/32
Cont
2. Resistance against competition attack
If SP1 wants to impersonate its competitive SP2 to
communicate with SP2 , it needs to know SP2s service
permission PermSP2
. As we know, PermSP1
=s1
SP1
and
Perm SP2= s1SP1. Hence, it is infeasible to get Perm SP2 from
Perm SP1 owing to the difficulty of the discrete logarithm
problem.
8/12/2019 EA_MTSP
31/32
Conditional Annonimity
In service subscription phase when a service contract is established
between SPj and PIDij, which grants SPj rights to manage PIDij.
PIDij is one pseudonym of the SA in the contract, which is only applicable
and limited in the contract transactions, and outside of HANi, no one,including SPj , knows the real identity of the corresponding Ui. Thus, only
UT knows the relationship between a pseudonym and Uisreal identity.
In case of dispute, UT can identify the corresponding U isreal identity or
link two transactions initiated by the same SA and thus revoke theanonymity of Ui.
8/12/2019 EA_MTSP
32/32
Confidentiality, Authenticity, Integrity and
Freshness of Transmitted Messages