1

Efficient Encryption and Key Management in Advanced

Metering Infrastructure

Sahil Ganguly, Sambit Panda, Ashwanth C. Dhandapani, Gopalakrishnan Mallappan

Sahil.Ganguly@Colorado.edu, Sambit.Panda@Colorado.edu,

Ashwanth.Coimbatoredhandapani@Colorado.edu,

Gopalakrishnan.Mallappan@Colorado.edu

A capstone paper submitted as partial fulfillment of the requirements for the

degree of Masters in Interdisciplinary Telecommunications at the University of

Colorado, Boulder, 6 May 2011. Project directed by Prof. John Black.

1 Introduction

Advance Metering Infrastructure (AMI) is one of the basic functional blocks of the Smart

Grid. It is a system that supports two-way communications with customers and electric company

[7]. AMI comprises of components such as the AMI meter, AMI head-end, Meter Data

Management System (MDMS), the communication network, the access points, and the end-

points. The AMI systems make use of smart meters, and In-home displays to assist in the

determination of the usage pattern and make efficient allocation of resources wherever required.

However, increasing usage in Smart Grid services bear huge risks at various points and AMI is

one such area that can be exploited by launching malicious attacks that could threaten the

mission of the Smart Grid Services [2].

Customers on the other hand, do not want unauthorized people or marketing firms to

know the pattern of energy usage, billing or any other confidential information. In addition to the

existing connectivity between the customer site gateways and the utilities, the AMI systems also

have a communication channel between customers over the AMI network. Privacy must be

addressed on this network as critical information is transmitted across it.

1.1 Statement of the problem

The purpose of this paper is to identify an efficient encryption scheme and a viable key

management solution for AMI systems.

1.2 Scope

This paper deals with AMI architecture, and concerns the flow of data between the AMI

meters which are installed at customer sites and the Meter Data Management System (MDMS).

Below is a schematic of the AMI architecture showing all the key components (Fig.1). The parts

of the system that we are particularly concerned with, and are analyzing, are the Head End, the

Network communication devices, the AMI Meter and the Meter Data Management System

(boxes in gray in Fig.1).

2

Figure 1: Advanced Metering Infrastructure system layout [15]

AMI Meter: The AMI Meter is the smart meter which accumulates different usage data from

different meters installed in housing communities. These are manufactured by the utilities.

AMI Head End: This system manages the information flow between the AMI meter and the

external systems such as the MDMS and the AMI Management Systems. It also remotely

manages and implements firmware updates, configuration changes and provisioning functions.

AMI MDMS: The MDMS is responsible for aggregating, validating and permitting editing of

meter data. It stores the data before it is goes to the dedicated storage facilities.

AMI Network Communications Device: This is the network device which is responsible for

carrying all information exchanged by the operations center and the field devices.

We do not address issues related to smart grid communications as a whole because of the

varying needs of the system, but believe that the concepts we are applying here can be applied to

any system in general. We are also not doing cryptanalysis on the algorithms because that is out

of the scope of this paper. We are also concerned with the network elements in scope

communicating by wire-line instead of wireless.

1.3 Importance and prior work

The general security requirements for a data management system such as an AMI are

confidentiality, integrity, and availability. It is for this reason that the identification of the

appropriate encryption standards and authorization techniques play a significant role in

maintaining the confidentiality, and integrity of the information transmitted over the Internet [5].

Encryption standards are used by many applications on the Internet, but the requirements of

these applications may differ, which necessitates the application of a suitable encryption scheme

pertaining to the requirements of the application. Previously, there has been a lot of research that

went into the evaluation of the security issues for SCADA systems and smart grids on the whole,

but not specifically on AMI [3] [13] [16]. The IEEE 1901 group has been working on

standardizing high-speed power-line communication. The standard was published on 1 February,

2011 and they have chosen Advanced Encryption Standard (AES) with a 128 bit key length as

3

the standard encryption system [8]. Even though the functionality of these technologies and AMI

might be the same (they operate on different layers of the Smart Grid), a similar scheme cannot

be proposed without looking at the individual requirements of both systems. While the scope of

this paper is limited to the network components being connected by wired communications, we

also consider the Zigbee specification, which is a specification of a suite of high-level

communication protocols using low powered digital radios. Zigbee is an alternative to other

wireless personal area networks (WPAN) such as Bluetooth. The Zigbee Smart Energy Profile

defines device descriptions and standard practices for Demand Response and Load Management

“Smart Energy” applications needed in a Smart Energy based residential or light commercial

environment. They also consider using a variant of AES-CCM, called AES-CCM*, as the

standard encryption scheme and key management solution. [18]

The security aspects of an AMI system are similar to that of an IT system in most of the

cases, but AMI systems are still very new and there is a lot of scope for improvement because

most of the operational and functional parameters are still under testing. Security is a major

issue, which should not be neglected and applied at beginning to make it more effective rather

than having it at the end, which makes systems more prone to attack.

The scope of this paper is limited to AMIs. However, the results obtained can serve as a

guideline for applying encryption schemes to real-time or SCADA systems. As mentioned

earlier, interoperability plays a key role in building a smart grid infrastructure. This research can

be helpful to smart grid hardware developers, making interoperability across systems much

easier.

2 Methodology

Our research problem has been divided into three sub-problems. The primary concern of

this paper is to find the optimal algorithm to support AMI communications and the subsequent

key management solution used to manage and distribute the keys. However before we select the

algorithm, we need to select the number of algorithms we will be testing, which brings us to our

first sub-problem: Identifying the security concerns and requirements of the AMI.

To address security concerns on any platform, we need to begin with identifying what the

generic security requirements are. For this, we follow the conventional CIA triad of security:

Confidentiality, Integrity and Availability. We address the kinds of concerns each of the devices

in scope have with the CIA triad. Having identified the security concerns in AMIs, we move on

to addressing what security requirements it has, as these will be used to differentiate between

algorithms. By the end of this section, we will have found the factors on which we will base our

choice for an algorithm and thus, will be selecting what type/class of algorithms we will be

using.

The second sub-problem which follows is: which algorithm would suit our needs for the

AMI system best based on the requirements found in the previous section? Using the list of

algorithms from the previous section, we will test them by measuring their encryption and

decryption performances. During testing, we will be collecting data on the factors that were

chosen to be important in the last section. After we have the data, we can make a choice on

which algorithm will be better suited to AMI implementations.

4

Answering the first two sub-problems leads us to the third and final sub-problem: what

could be a viable key management solution to suit the needs of the system? To do this, we

consider the needs of the system and compare them with appropriate trust models. Having

selected a trust model, we suggest how the following three phases of key management [4] will be

handled: the pre-operational phase (key establishment and distribution), operational phase

(operational storage, key changes), and the post-operational phase (key and device de-

registration, key destruction).

3 Identifying AMI Security Concerns

3.1 Security concerns

We begin by looking at the requirements that an AMI system has, related to the three

generic security services: Confidentiality, Integrity and Availability, and how they affect our

research.

Confidentiality: AMI meters contain energy usage information and other personal details from

many customers and are thus a potential point of attack for unauthorized users. Hackers who are

able to access that data can not only manipulate it to benefit themselves, but can also cause harm

to someone else by analyzing and tampering with their energy usage. Since AMI systems can

also potentially connect customers to each other in addition to connecting to the utility, controls

need to be in place to prevent any kind of information leaking over to other customers [5].

Integrity: Since AMI systems enable two-way communications between the utilities and the

customers, data being sent both ways needs to be checked for integrity. The two possible

scenarios are a) if usage data from the customer to the utility is changed, it will result in

erroneous billing, and b) if control data from the utility to the customer meter is changed, it can

result in faults and major outages, which in turn can affect the data collection responsibilities of

the AMI. Because the AMI meters and connections are almost always going to be placed in plain

sight (wired connections, telephone lines), controls must be placed on them apart from the basic

prevention of physical access, to reduce the chances of data tampering. The AMI Head End and

MDMS are placed in a considerably secure environment, so access to it can and will be regulated

to reduce the risk factor of data tampering [5].

Availability: Availability in an IT system is one of the most important security requirements.

Because AMI meters are what the utilities will depend upon to collect energy usage data, they

need to be available when the utilities want to obtain the usage data. Physical access is difficult

to control, thus the response times between the meters and the utilities needs to be fast to

accommodate fast recovery in case of a failure. The AMI head end is again, less prone to

availability issues because of its placement in a controlled environment, but equipment failure

must be addressed quickly. The AMI network has multiple points of failure due to the fact that it

uses existing communication technologies, which lends it a sufficient amount of reliability [5].

3.2 Security Constraints and Requirements

After analyzing the above security concerns, we postulate the following constraints and

requirements which are related to data in the AMI system:

5

1. Throughput constraints: Because the AMI network will use public cellular services in

some parts, the bandwidth is a major constraint on the system. Thus the encryption

scheme that will be selected will have to have a very low overhead in order to contribute

as less as possible to the size of the traffic traversing the network.

2. Speed/processing constraints: AMI meters are majorly based on low-power low-cost

architectures, such as ARM processors. Thus any encryption scheme will have to be

efficient with the process of encryption and decryption, in order to utilize very low

amounts of processing power from the under-powered AMI meters.

3. Cost constraints: Because AMI meters need to be deployed on a mass-scale, meters need

to be cost-effective. Thus the encryption algorithm selected should be a readily available

and easily implemented scheme compatible with varied platforms to reduce the cost of

developing individual encryption schemes across different platforms.

4. Security requirement: While this is a very implicit requirement, not considering it is a

folly. The encryption scheme selected should be a well-tested algorithm with a very high-

grade of security.

3.3 Analysis of requirements

Before we begin the analysis of system needs, we need to talk about the algorithms we

will be applying these parameters to.

There are two types of encryption algorithms: Symmetric and Asymmetric. Symmetric

key algorithms are based on the concept that a single key is used to encrypt and decrypt the

information. Symmetric key algorithms also require an initial key exchange where the key is

distributed to the recipient(s). Asymmetric key algorithms are based on the concept that the

sender encrypts the information with his/her private key, and then anybody can decrypt the

information using a public key, which is freely available. No initial key exchange is required for

these algorithms. The following table is a summary of the features of both types of algorithms.

Table 1: Types of Encryption Algorithms

Symmetric Asymmetric

Uses a single key for encryption/decryption Used different keys for encryption/decryption

Easier to setup More complex to set up

Fast processing Slower processing

Keeping in mind our requirements, we choose symmetric key algorithms because of the

advantages it offers in the ease of setup, speed of processing, and wide acceptance. Symmetric-

key algorithms are of two types: Stream and Block ciphers. The following table shows their

comparison.

Table 2: Types of Symmetric-key Algorithms

Stream ciphers Block ciphers

Encrypt/Decrypt one bit at a time Encrypt/Decrypt blocks of bits at a time

Key is constantly changing Fixed key

Prone to certain types of attacks Relatively less susceptible to attacks

6

Considering our requirements, we choose block ciphers as the class of algorithms we will

be testing because of the advantages of a fixed key and their resistance to common attacks. We

choose the following three algorithms for comparative analysis because of their wide availability

and secure cryptanalysis results: Advanced Encryption Standard (AES), Blowfish and

Twofish. More information on the algorithms can be found in Appendix A.

4 Performance Analysis of Encryption Algorithms

For the purpose of our study, we have written code in C++ to implement the three

encryption algorithms. The Crypto++ library was used in designing the code [17]. We ran the

code to encrypt and then subsequently decrypt a data block of 4096000 bytes. We measured the

encryption and the decryption times for the algorithms, although because both were very similar,

only the encryption times are mentioned here. All algorithms were run in CBC (Cipher Block

Chaining) mode because two blocks of plaintext never encrypt to the same cipher-text in this

mode, thus further reducing the chances of any breach of security. The system used for the

analysis was a Core 2 Duo x64 @ 2.4 GHz with 3 GB RAM. The following table lists the data

we have gathered for the algorithms that we were testing:

Table 3: Performance of algorithms

Algorithm Block Size

(bits)

Key Length

(bits)

Run-time

(milliseconds)

Speed

(Mbps)

AES 128

128 35 111.6

192 41 95.2

256 44 88.7

Blowfish 64

128 78 50.1

192 88 44.4

256 90 43.4

Twofish 128

128 73 53.5

192 77 50.7

256 80 48.8

From the data that we have gathered (Table 3), we see that AES on the whole is more

efficient. AES encrypts data between 88-112 Mbps whereas both Blowfish and Twofish are

much lesser than that. The key length does not matter much because as of now, a 128 bit key for

AES is still computationally very difficult to crack [9]. AES can also be implemented on a wide

range of platforms efficiently, thus making it an intelligent choice [1] [14]. If in the future need

arises for better security, the key length can be increased.

5 A Viable Key Management Solution

Cryptography is used to protect information from being disclosed or from unauthorized

access. As discussed in the previous sections, we encrypt data with keys so that anyone capturing

data on the line cannot access information meant to be private. This approach however assumes

that both the sender and the receiver have the respective keys they need to encrypt or decrypt the

data. The initial setup of the keys and the distribution of keys are parts of the key management.

Key management, in general, includes the planning and preparations made in a cryptographic

system design for the initialization, exchange, storage, use and replacement of keys.

7

The easiest approach to solving this problem is to provision the units with individual

symmetric keys. This is very inconvenient considering the number of meters that will be

provisioned and requires coordination of keying and installing. The approach we consider is to

employ a trust model. There can be many different types, but we will discuss about the two

which fit our requirements: Diffie-Hellman secret key exchange, and Kerberos key distribution

scheme (more information in Appendix B). There are two more popular trust models, PGP Web

of Trust and Certificate Authorities, but they are more suited to public key algorithms [6].

5.1 Trust Models

5.1.1 Diffie-Hellman (DH) secret key exchange (SKE):

The DH SKE method allows the two entities to have no existing knowledge of each other

to jointly establish a secret key. The process of the key establishment is given below in Figure 2.

Figure 2: Diffie-Hellman Secret Key Exchange [11]

At the end of the process, both Alice and Bob have a common secret key that they can

use to encrypt their data. This process is easy to set up, and the entities can use the established

key for a long time. This method also involves low number of messages on the line with

relatively low amount of data. But because of the allowance of the two entities to not have any

prior information about each other, there is a glaring security issue in this approach. If in a

security system where the two entities do not know any information that the adversary does not

know, the system cannot be secure.

If an eavesdropper (Drake) is listening (passive adversary) on the communication channel

between Bob and Alice. The values of p, g, A, and B are passed in clear-text on the channel,

which means that Drake has to only guess the values of ‘a’ and ‘b’ to recover the secret key.

Another scenario is a man-in-the-middle attack. Imagine Drake can now inject data onto the line

as well (active adversary). All he now needs to do is initiate two separate DH processes with

both Alice and Bob. Thus he can pretend to Alice that he is Bob and vice versa. This scenario is

an even easier method to compromise the system.

5.1.2 Kerberos key distribution scheme

8

Kerberos is a system which was based on the three party model first mentioned by

Needham and Schroeder [12]. Kerberos employs a client/server architecture where instead of

hosts creating the keys themselves, they authenticate themselves to the server and get the key

from the server. The Kerberos Server/Key Distribution Center (KDC) knows and stores all the

keys of the hosts. Hosts are divided into realms, or simply just a portion of the hosts. The major

advantage of this model is that hosts can be added or removed easily. Only the KDC needs to be

configured with the key of the host, no other hosts in the network need to be configured. Figure 3

below shows how Kerberos works.

Figure 3: Kerberos Architecture [6]

Although using Kerberos as a trust model gives us a much bigger advantage than when

using DH, it also introduces its own limitations. For example, Kerberos assumes each host in the

network is trusted. But it still has a single point of failure, i.e. the KDC. Also, for a system to be

fully compatible with Kerberos, the applications have to be kerberized (their source code needs

to be changed to make appropriate calls to Kerberos libraries).

5.2 Comparing AMI key management with other systems

Before we make a selection on which trust model we can use in AMI systems, it is

important to compare it to other systems, in order to see if we can draw parallels from them. In

our research, we found that the Supervisory Control and Data Acquisition (SCADA), which is

another part of the Smart Grid, system’s functionality closely resembles that of AMI. Figure 4

shows a simplified version of the SCADA architecture.

9

Figure 4: Simplified SCADA architecture [10]

In SCADA communications, the master station controls the Remote Terminal Units

(RTU), which in turn sends signals to control power generation and distribution. Even though

AMI and SCADA operate on different functions (data acquisition instead of supervisory

control), the flow of data between the master station and the RTUs closely resembles that of

AMI Meters and AMI Head End or the MDMS. In [10], they compare different key management

solutions for SCADA networks, and for symmetric key algorithms, they suggest using either a

point-to-point or a client/server based trust model, which are the models which we are

considering. Thus irrespective of which model is chosen, we can apply them on a larger scale

throughout the system, resulting in better interoperability.

We have also considered the implementation of AMI systems using Zigbee enabled

devices for a starting point for key management, as the Zigbee Smart Energy Profile, has an

elaborate scheme for key management [18]. They specify schemes for both symmetric and

asymmetric key management protocols, but because asymmetric key exchange protocols are

generally computationally intensive, they are not considered here. The Symmetric-Key Key

Exchange protocol provides techniques for symmetric key exchange between two entities.

However, instead of using a third-party trust model (Kerberos), they initiate trust between the

two entities by using a Master Key, which can be pre-installed or based on user-entered data.

5.3 Comparing the trust models

In this section, we compare the two trust models using the system needs mentioned in

section 4.2. We also consider some other needs, based on the recommendations provided by

NIST in [4], as given below:

Long key life: NIST recommends that in no case should the crypto-period of a key used in the

system be more than 2 years, so the trust model should allow a long key-life.

Authentication: We add authentication between clients as a need because it adds an extra layer of

security to the process and any system is incomplete without it.

Table 4: Comparison of trust models

Needs Diffie-Hellman Kerberos

Key life-span Better

Low resource/bandwidth utilization Better

10

Authentication (Key, Client) Better

Overhead for establishment Better

Cost of the system Better

If we are using Table 4 just to count which model is better in terms of the number of

boxes it checks, the Diffie-Hellman key exchange is better. But DH does not have any

authentication, and this is a very important need. Thus we would select Kerberos as the trust

model for exchange of keys. Kerberos however does not initialize keys. This is where a hybrid

system involving DH for the key initialization with NIST approved Random Number Generators

(RNG) and Kerberos for key exchange and storage would come handy. Having this data, we now

make recommendations on how the three phases of key management should be handled:

Table 5: Phases of key management

Phase Trust Model used

Pre-operational Key establishment Diffie-Hellman

Distribution of keys Kerberos

Operational Operational storage Kerberos

Key changes Kerberos

Post-operational Key and device de-registration Kerberos

Key destruction Kerberos

6 Conclusion

AMI systems, while being a part of the smart grid, have unique requirements [5]. The

importance of keeping the AMI systems secure and available being really high, secure methods

of encrypting data and efficient ways of maintaining the security must be used. In this paper, we

have seen that the AES standard of encryption will lend good strength to the system without

compromising on the performance. The key length is suggested to be kept at 128 bits because as

of now, AES-128 has not been compromised with any side-channel or related-key attack, let

alone a brute force attack. The AES standard is also flexible enough to increase the length of the

key, if needed. Key management is another problem that we looked at, and proposing a hybrid

solution of the Diffie-Hellman algorithm and Kerberos key exchange, which takes the best parts

of two trust models seems like the best fit for a system with such varied needs. Both models are

widely used and can be used in other smart grid technologies as well.

References:

[1] C. Sanchez-Avila and R. Sanchez-Reillol, “The Rijndael block cipher: A comparison with DES,” in Proceedings

of IEEE 35th

International Carnahan Conference on Security Technology, London, UK, Oct. 16-19, 2001.

[2] D.G. Hart, “Using AMI to realize the Smart Grid,” in Proceedings of the Conference on Power and Energy

Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, Pittsburgh, PA, July 20-24, 2008.

11

[3] D. Wei, Y. Lu, M. Jafari, P. Skare, & K. Rohde, “An Integrated Security System of Protecting Smart Grid

against Cyber Attacks” in Proceedings of IEEE Innovative Smart Grid Technologies, Gaithersburg, MD, January

19-21, 2010.

[4] E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, “Recommendation for Key Management – Part 1:

General”, April 5, 2011.

http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

[5] F.M. Cleveland, “Cyber security issues for Advanced Metering Infrastructure (AMI),” in Proceedings of the

conference on Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the

21st Century, Pittsburgh, PA, July 20-24, 2008.

[6] G.C. Kessler, “An Overview of Cryptography”, Gary Kessler Associates, April 5, 2011.

http://www.garykessler.net/library/crypto.html

[7] I. Yang, N. Jung and Y. Kim, “Status of Advanced Metering Infrastructure development in Korea”, in

Proceedings of Transmission & Distribution Conference & Exposition, Daejeon, South Korea, Oct. 26-30, 2009.

[8] IEEE 1901 Working Group, “IEEE standard for broadband over power line networks: medium access control

and physical layer specifications”, December 30, 2010.

http://ieeexplore.ieee.org/servlet/opac?punumber=5678770

[9] J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, and D. Whiting, “Improved Cryptanalysis of Rijndael”,

Fast Software Encryption, pp. 213–230, 2000.

[10] L. Piètre-Cambacédès and P. Sitbon, “Cryptographic Key Management for SCADA Systems, Issues and

Perspectives”, Communications Magazine, vol. 32, pp. 33-38.

[11] M. Deru, “RSA and Diffie-Hellman explained”, Author’s personal website, April 5, 2011. http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-minutes.htm

[12] R. M. Needham and M. D. Schroeder, “Using encryption for authentication in large networks of computers”,

Communications of the ACM, vol. 21, pp. 993-999, 1978.

[13] S. Hong and M. Lee, “Challenges and direction toward secure communication in the SCADA system” in Proceedings of IEEE Communications Networks and Service Research Conference, Montreal, Canada, May 11-14,

2010.

[14] K. Atasu, L. Breveglieri, and M. Macchetti, “Efficient AES Implementations for ARM Based Platforms” in

Proceedings of the 2004 ACM symposium on Applied computing, Nicosia, Cyprus, March, 2004.

[15] The Advanced Security Acceleration Project “Security Profile For Advanced Metering Infrastructure,” Open

SG Users Group, April 5, 2011.

http://osgug.ucaiug.org/utilisec/amisec/Shared Documents/AMI Security Profile (ASAP-SG)/AMI Security Profile - v1_0.pdf

[16] T. Matsumoto, T. Kobayashi, S. Katayama, K. Fukushima & L. Sekiguchi, “Information theoretic approach to

authentication codes for power system communications” in Proceedings of IEEE Transmission and Distribution

Conference and Exposition, New Orleans, LA, April 19-22, 2010. pp. 1-7.

[17] W. Dai, “Crypto++ Library 5.6.1”, April 5, 2011.

http://www.cryptopp.com/

[18] Zigbee Alliance, “Zigbee smart energy profile specification”, May 1, 2011.

http://collaborate.nist.gov/twiki-sggrid/pub/SmartGrid/ZigbeeSEPforCustomerInformation/075356r15ZB_SE_PTG-

SE_Profile_Specification.pdf

12

Appendix A: Algorithms being used

Advanced Encryption Standard: DES was the most common symmetric algorithm used up

until a decade ago. That is when NIST decided to develop a new and secure cryptosystem for

U.S. government applications. In 2001, the AES standard was formally adopted by NIST. AES is

a block cipher which uses a symmetric key algorithm called Rijndael. It supports variable block

and key length, but FIPS PUB 197 describes AES to have a 128 bit block size with a

128/192/256 bit key length.

Blowfish: Blowfish was invented by Bruce Schneier to replace DES. It was optimized for 32-bit

processors with large data caches. It is a symmetric algorithm with a 64 bit block size and a key

length which can vary from 32 to 448 bits.

Twofish: Twofish was designed by team led by Bruce Schneier, and was well-suited for large

microprocessors and dedicated hardware. It is a symmetric algorithm with a 128 bit block size

and a 128/192/256 bit key length.

Appendix B: Trust Models

Diffie-Hellman Secret Key Exchange:

Diffie-Hellman (DH) was one of the first key exchange algorithms proposed. If there are

two users Alice and Bob wanting to create a joint key (private) for encrypting their data, the DH

secret key exchange (SKE) protocol lets them do that. The process of the DH SKE works in the

following way (Fig. 2):

Step 1: Alice and Bob agree on a prime number ‘p’ and a generator ‘g’ which is less than p. The

number ‘g’ also has to be primitive with respect to ‘p’. Both exchange these numbers.

Step 2: Alice selects a number ‘a’ while Bob selects a number ‘b’. Alice computes ‘A’ from

equation (1) while Bob computes ‘B’ from equation (2). They exchange the values ‘A’ and ‘B’.

� = ����� (1)

= ����� (2)

Step 3: Alice derives the secret key from equation (3) while Bob derives the secret key from

equation (4).

� = ���� (3)

� = ����� (4)

Thus at the end of the process, both Alice and Bob have the secret key that they can use

to encrypt data.

Kerberos:

Kerberos was developed by MIT for protecting data on Project Athena, which was a joint

project between MIT, IBM and Digital Equipment Corporation. It employs a client-server model,

13

where the client is the entity which requests the server (running Kerberos) for the keys with

which it can talk to other clients. Kerberos works on mutual authentication, i.e. both the client

and the server authenticate themselves to each other.

A typical Kerberos setup is shown in Fig. 3. The network has a KDC running an

Authentication Server (AS) and a Ticket Granting Server (TGS). When a client, which is running

Kerberos software, wants to connect to another client/server (in AMI communications, this might

be an AMI Meter wanting to connect to the AMI Head End or the MDMS), the following

process is followed:

Step 1: The client authenticates itself with the AS and gets a TGS session key and a Ticket

Grating Ticket (TGT). With these two, the client can now talk to the TGS on the KDC.

Step 2: The client now talks with the TGS and supplies the TGS session key and the TGT

obtained in the last step. It asks the TGS for the other client’s key (in this case, the Application

Server) so that it can communicate with it. The TGS gives the client an Application Session Key

(ASK) and an encrypted form of the Application Server’s private key.

Step 3: Thus now, the client can both authenticate itself as well as prove its identity to the

application server by supplying it with the ticket, the ASK and the encrypted key. The

application server now replies to the client to authenticate itself with the client, after which the

client and the application server can commence any form of data exchange.

Thus at the end of that process, the client has the key necessary to encrypt or decrypt data

that it needs to send or receive from the other client (application server).