A New Key Management Scheme for Home Area Network (HAN) In

A New Key Management Scheme for Home
Area Network (HAN) In Smart Grid
Bashar Alohali, Madjid Merabti, Kashif Kifayat
School of Computing and Mathematical Sciences,
Liverpool John Moores University, Liverpool, UK,
[email protected] {M.Merabti, [email protected]}
Abstract—Smart grid is an improvement of the existing power grid
that uses information and two-way communication throughout the
infrastructure. There are numerous domains, systems and devices
deployed in the smart grid. Each of these devices has its own
security challenges for cyber-attacks. In this context, Home area
network (HAN) is a type of local area network for smart grid.
Many components in a HAN interconnect through wireless and
other communication technologies thus, can introduce security
vulnerabilities in HAN. This makes security as a critical
requirement for the HAN. A cyber-attack on a HAN can result in
consumer fraud similarly it could also introduce a remote
penetration attack for more sophisticated attacks. The
contribution of this work is to present a novel key management
and authentication scheme to manage the security and reliability
of HAN on a smart grid. The key feature of the proposed
mechanism is the unique key assigned to each node in the group.
This unique key is shared only with the smart meter, and each
node sends encrypted data through a group controller node to the
smart meter without the need for decryption at any intermediate
point along the path. In the light of analysis phase our proposed
scheme has showed the improvement in resilience against replay
attack, data confidentiality and scalability.
Keywords- Key Management; Smart Grid; Cyber-attack; HAN
I.
INTRODUCTION
Smart grid is an improvement of current power system. It is
primarily characterised by a large consumer base and an
intelligent communications infrastructure to support and
control the infrastructure. The communication of smart grid
comprises of sensor devices that enable the automation,
monitoring and control to achieve efficiency and reliability, the
safety and security in the power grid. It enables the timely, safe
and secure adaptable information flow, needed to provide
power to the evolving digital economy [1]. The additional
characteristics of the smart grid are operations based on realtime data, two-way power flow and renewable power
generation. Smart grid communications infrastructure
interconnects the sensors based monitoring infrastructure to an
Industrial Control Systems (ICS) which monitor and control
parts of the smart grid. Supervisory Control and Data
Acquisition (SCADA) is a type of ICS that is made up of a
network of devices and control elements (computers) that
monitor and control processes. Typical communications
architecture for smart grid is heterogeneous network as shown
in figure 1. There are three tiers of communication in smart grid
including Home Area Network (HAN), Neighbourhood Area
ISBN: 978-1-902560-27-4 © 2014 PGNet
Network (NAN) and Wide Area Network (WAN). HAN is an
interconnected system of a smart meter, display devices,
lighting systems, micro-generation or solar panel and smart
devices such as smart vehicle, air conditioning, and so on. A
HAN uses wired or wireless technologies to communicate and
to confirm the interoperability of networked appliances and the
smart meter [2]. It enables the home resident to control power
consumption by using smart appliances and thermostats. HAN
is expected to provide an advantage to utility company and
home resident by managing demanding responses and
controlling of micro generation and the charging of smart
vehicles [2].
Despite so many benefits of a smart grid there are various
security challenges and issues exist such as access control,
identity management, connectivity and privacy. Therefore,
security of smart grid is a critical challenges faced by the
operators. For example in 2012, Telven, a main smart grid
software vendor owned by Schneider Electric, was hack [1]. In
addition, Stuxnet was discovered in 2010. It is an advanced and
sophisticated malware program that targets industrial control
systems. Industrial control systems targeted by Stuxnet are
reprogrammed to hide any changes made by a Stuxnet attack.
Security specialists have found that Stuxnet is able to control
the speed of motors, and is thus able to send nuclear centrifuges
out of control [3]. It is a modern weapon in the cyber war. Such
events can potentially cause wide-spread effects that might
impact nation-wide services. They will affect society overall
and to avoid, any disruption to communal life, it makes it
necessary that these systems be reliable and secure. Therefore,
security on the grid is one of critical requirement [4].
There are several methods for securing devices in a smart grid
against cyber-attacks including access control, host-based
intrusion detection and system hardening [1]. With the devices
being secured, it is required to ensure that the data transfer is
secure too. With the variety of device capabilities in a smart
grid (sensors to smart meters to servers), the data security
scheme is bound to vary across the network depending upon the
device capabilities (computing, storage and power resources) as
well as the security requirements. Since the HAN mostly uses
wireless communications and the communicating devices are
physically small with low resources, their security is a critical
issue in HAN. Added to this, device spoofing or message
modification by a man-in-the-middle can potentially disrupt the
operations of the smart grid. Therefore, security is of great
concern and the term security in this context implies the
physical device security, device authentication and data
security. This paper focuses on device authentication and data
security for the HAN where cryptography is seen as essential.
We intend to address key management in the HAN to provide a
secure data exchange within a smart grid.
We propose a new key management scheme for HAN in smart
grid. It uses group key management in order to address
scalability. We assign a unique key to each node in the group.
This unique key is shared only with the smart meter, and each
node sends encrypted data through group controller node to the
smart meter without the need for decryption at any intermediate
company server.
Problem definition: The generic security requirements in a
smart grid are confidentiality, integrity, (data) freshness, nonrepudiation and availability. These requirements should be
fulfilled over the available computing and storage resources of
the smart grid components. The smart grid is heterogeneous
network and has different network areas with different device
capabilities. Generally, these areas can be classified as Home,
Neighborhood and Wide-area. These require secure data
exchange between devices across these areas.
In HANs the smart meter and intelligent appliances are
actively managed, and provide new functionality that enables
consumers to interface with Home Energy Management
Systems (HEMS) which offer consumers information on how
to
manage
their
electric
usage.
The
Utility
company may deliver signals which can benefit a consumer to
decrease energy costs either by turning off appliances or reprogramming their time-of-the-day use or perform any similar
management of the HAN devices to increase the overall
efficiency of the smart grid.
The increasing integration of smart appliances with the
Internet of things (IoT) has made the entire HAN high-risk and
therefore security is a prominent issue. An addition to this risk
are the more recent wireless technologies such as 4G (LTE) and
protocol implementations of 6LoWPAN and ZigBee over IP.
The data generated by customers need to be kept private and
secure and there is the risk of breaching the customers privacy
and confidentiality.
Exploit of appliances on the HAN by malicious users leads to
eavesdropping, and launching of attacks could pose a security
risk in a residential area. For example, a malicious user may
attempt to destabilize the grid by delivering fake data or
commands to meters or other connected devices. Therefore,
device authentication is a primary requirement, followed by
securing data that transits the communication network.
Similarly, secure data storage is necessary on the devices such
as smart meters or group controllers, which collect/process data
from the appliances on the HAN. Data encryption is necessary
and to implement this function, an encryption key management
scheme that also addresses authentication is critical.
Smart grid is a meta-system and therefore, it is not practical
to propose a single key management scheme for the entire smart
grid network. The security scheme should be carefully chosen
to meet HAN component’s requirements, the interoperability
requirements of the smart grid and security requirements of
several systems in the smart grid [5]. The scheme should
address failures of nodes and their replacement and ensure that
such events do not leave the network vulnerable to attacks.
In this paper, we have proposed a new key management
scheme for HAN. Our work has the following contribution and
features: (1) A new key management scheme that is not merely
generic but sensitive to the practical security requirements for
the HAN. (2) Defines and discusses a new requirement and
challenges in key management for secure HAN
communications on smart grid; (3) A secure authentication
scheme for smart grid communications. (4)
Secure and
resistant against replay and capture, brute force, and other
attacks.
The rest of the paper is organized as follows. In section II we
present literature review for current key management and
authentication solutions for HANs. We then describe the
network model for a smart grid and HAN. Section IV details the
proposed key management for HAN. Section V analyzes the
security features of the proposed scheme.
II.
LITERATURE REVIEW
The literature reviewed is classified under two categories.
Literature specific to key management in HAN is presented in
one subsection and key management and authentication
schemes for inter smart grid networks are in a following
subsection.
A. Key management for HAN
The authors in [6] proposed a mutual authentication scheme
and key management protocol for a HAN. The proposed
solution allocates a Trusted Agent (TA) for each HAN and the
communication topology assumed to be mesh. Mutual
authentication between a HAN nodes and home TA uses a
public/private key pair technique based on identity (ID)-based
cryptography. Their proposal has two layers which are
public/private key pair as well as a symmetric key or secret
value. However, using public and private key between HAN
nodes and home TA in case of the home appliances with limited
resources will not be efficient and could cause significant
delays.
The authors in [7] proposed a session key exchange scheme
in a HAN to protect against replay attacks between home
appliances and the smart meter by using a freshness counter.
Their solution provides a protection mechanism against replay
attacks by using handshaking, nonces and self-generating
timestamps.
B. Key management and authentication protocols for smart
grid
The authors in [4], propose a protocol that provides secure
unicast, multicast, and broadcast communications in a smart
grid network. This protocol applies a binary tree approach that
supports these three kinds of secure communications. It reduces
the computation overhead and protects communication in
unicast, multicast, and broadcast scenario. However, the effect
is unknown when one or more nodes leave or join the session.
The communications overhead is also unknown. Dapeng et al.
[8] analyse the requirements of key management for smart grid
and propose a key management scheme for use in smart grid
that meets these requirements.
missing piece to realizing the unified key management
framework vision. This part needs further analysis. These
proposals do not specifically address the needs or requirements
of the HAN. While the security schemes proposed are
sufficiently generic for the context of smart grid, there is a lack
of sharp focus on the security requirements and the capabilities
(storage, processing and energy) of the appliances on the HAN.
III.
NETWORK MODEL
This section describes the HAN in smart grid system
architecture, describes two classification groups and
communication scenario, and threat model.
Figure:1 Smart grid communcation network architecure
The scheme is based on asymmetric cryptography and uses
Needham-Schroeder authentication protocol. They test and
verify the scheme by launching a man-in-the-middle attack, and
a replay attack which are successfully detected and rejected by
their scheme. They also address the issue of additional
vulnerabilities on session keys and communication. The main
advantage of this scheme is high security, scalability, faulttolerance, and accessibility. The scheme requires the use of a
PKI as well as third party trusted anchors. This increases the
infrastructure requirements for security deployment. Hasen et
al. [9] propose a key management protocol for data
communication between the utility server and customers smart
meters. The model is mainly between home smart meter and a
security associate in utility, which covers unicast and multicast
communications. The protocol improves the network overhead
caused by security key management control packets, and at the
same time it is secure enough in order to prevent known
malicious attacks. However, the authentication method between
the smart meter (SM) and appliances inside of the Home Area
Network (HAN) has not been addressed. Subir et al. [10]
propose a unified key management mechanism (UKMF) that
can generate ciphering keys for multiple protocols of multiple
communication layers from a single peer entity authentication
procedure. The unified key management mechanism is suitable
for smart grid use cases, especially for smart metering, where
smart meters are assumed to be low-cost wireless devices for
which repeated peer entity authentication attempts for each
protocol can be contributed to increased system overhead. The
proposed mechanism is flexible in that peer entity
authentication can be treated as either network access
authentication or application-level authentication. However,
the mechanism has established that information discovery for
bootstrap application ciphering is an important and as yet
A. Network Architecture
In general, a HAN connects the smart devices across the home
with a smart meter. The HAN components can communicate
using technologies such as Zigbee, wired or wireless Ethernet,
or Bluetooth. There are two ways to interface the home
depending on the countries where it is implemented. One way
is through smart meter as the interface to network operation
center and other actors. The other way is to interface with
WAN and NAN directly by using a separate control and
aggregation node [2].
The HAN components are divided into two groups based on
[11]. Group one comprises appliances that require two way
communications such as smart electric vehicle, air conditioning
(AC) and solar panel. Group two comprises home appliances
that require one way communication such as smart TV, lighting
system and charger. An example of group one is a solar panel
that requires two way communications to provide unneeded
power to utility company also, AC is expected to receive a
signal from utility provider to reduce energy intensity during
off-peak hours. However, group two members need only one
way communication to send the electricity consumption data.
The devices in Group two have higher resources capabilities
compared to those in Group one.
B. Attacks model
The major attacks on HANs are briefly described below:
Replay attack: The attacker re-sends authenticated registered
messages in order to cause unnecessary packet processing on
the node so that the node loses energy or causes a delay. This
attack can occur if message packet or a digital signature does
not contain a timestamp.
ࡿࡹ࢔,ࢍ
ࡳࡴ
ࡳࡸ
ࡰ࢏,ࡸ
ࡰ࢏,ࡸ
ࡰ࢏,ࡸ
ࡰ࢏,ࡴ
ࡰ࢏,ࡴ
ࡰ࢏,ࡴ
Figure:2 Network structure
IV.
NOTATIONS AND ASSUMPTIONS
Before we begin to describe our scheme, we explain the
notations and assumptions used in this paper.
A. Notations
TABLE I summarizes of the notations used in this protocol.
D
Smart device
The number of smart devices inside home, i = [1 … N]
i
‫ܪ‬
‫ܮ‬
‫ܦ‬ு,௜
‫ܦ‬௅,௜
‫ܩ‬஽ಹ
‫ܩ‬஽ಽ
‫ீܭ‬ವ
ಹ
.஽ಹ,೔
‫ܩܭܯ‬஽ಹ
ܵ‫ܯ‬௡,௚
‫ܭ‬௦௠,஽ಹ,೔
‫ܭ‬௦௠,஽ಽ,೔
‫ܭ‬௦௠,ீವ
ಹ
‫ܭ‬௦௠,ீವ
ಽ
‫ீܭ‬ವ
ಽ
.஽ಽ,೔
ܶܵ஽ಹ,೔
ܶܵ஽ಽ,೔
Unique group of smart devices inside home, which have
high resources capacities devices and the data exchange, is
bidirectional.
Unique group of smart devices inside home, which have
low resources capacities devices and the data exchange, is
one way.
Unique identity for a smart device in group‫ܪ‬.
Unique identity for a smart device in group‫ܮ‬.
A home group controller node in group‫ܪ‬.
A home group controller node in group ‫ܮ‬.
A unique symmetric key shared between the group
controller ‫ܩ‬஽ಹ and the smart devices ‫ܦ‬ு,௜ in the group ‫ܪ‬
generated by using the master key ‫ܩܭܯ‬஽ಹ and devices
‫ܦ‬ு,௜
A symmetric master key for group controller ‫ܩ‬஽ೕ
A unique ID of a smart meter
A unique symmetric key shared between smart meter
ܵ‫ܯ‬௡,௚ and the smart devices ‫ܦ‬ு,௜ .
A unique symmetric key shared between smart meter
ܵ‫ܯ‬௡,௚ and the smart devices‫ܦ‬௅,௜ .
A unique symmetric key shared between smart meter
ܵ‫ܯ‬௡,௚ and the home group controller node in group ‫ܪ‬
A unique symmetric key shared between smart meter
ܵ‫ܯ‬௡,௚ and the home group controller node in group ‫ܮ‬
A unique symmetric key shared between the group
controller ‫ܩ‬஽ಽ and the smart devices ‫ܦ‬௅,௜ in the ‫ ܮ‬group
A time stamp of node ‫ܦ‬ு,௜
A time stamp of node ‫ܦ‬௅,௜
Table 1: Notations for the Group Key Management Protocol in
HAN
B.
Assumptions
The following assumptions are made in the proposed scheme
1. We do not consider device to device ‫ܦ‬ு,௜ to ‫ܦ‬ு,௜ or
‫ܦ‬௅,௜ to ‫ܦ‬௅,௜ communication
2. The smart device‫ܦ‬ு,௜ , ‫ܦ‬௅,௜ and group controller use
unicast communication.
3. The home group controllers ‫ܩ‬஽ಹ and ‫ܩ‬஽ಽ are trusted
devices.
4. All smart meters ܵ‫ܯ‬௡,௚ are registered on the group
controller is ‫ܩ‬஽ಹ and ‫ܩ‬஽ಽ .
5. The HAN interconnected as a tree with the devices as
leaf nodes.
6. An adversary could eavesdrop on all traffic or replay
messages.
7. Smart meter ܵ‫ܯ‬௡,௚ is tamper-resistant.
8. Time stamps are used for data freshness checking. The
time is not synchronized across the devices on the
HAN, but the time stamps are verified to ensure they
are incremental and periodic. This requires that the
devices that verify the data for authentication and/or
freshness store the time stamp of the previously
received data.
C. Proposal Overview
Group Key Management scheme for HAN has a set of
features that address secure data transfers across the smart
home. To achieve confidentiality between end-to-end
communications, symmetric-key cryptography is employed
where a unique key is assigned to each smart device. Data are
collected from smart devices in an encrypted form and sent to
smart meter. The scheme manages the key distribution and
generation across nodes of the network and exchanges these
keys securely when necessary. Consequently, the secure data
transfers are consistent and resilient to changes in the network.
V.
A GROUP KEY MANAGEMENT SCHEME FOR HAN
The operation of the scheme requires that the devices
participating in the scheme be configured before deployment.
This is termed as the pre-deployment phase. The activities in
the pre-deployment phase are first illustrated. Then, it is
followed by an explanation of the communication and
authentication between the nodes within a group and their group
controller and the group controllers and the smart meter.
A. Pre-deployment Phase
The pre-deployment phase concerns the security
configuration of the nodes of the HAN, prior to their
functioning on the network. First, we present the steps for the
pre-deployment of the two HAN groups comprising of the high
resource devices ‫ܦ‬௜,ு and the low resource devices ‫ܦ‬௜,௅ as well
as their respective group controllers‫ܩ‬஽ಹ , ‫ܩ‬஽ಽ and the smart
meterܵ‫ܯ‬௡,௚ .
1. Assign unique ID to each smart device ‫ܦ‬௜,ு and ‫ܦ‬௜,௅
2. Assign a unique master key ‫ܩܭܯ‬஽ಹ to group
controller‫ܩ‬஽ಹ . This master key is used to generate a
shared key between ‫ܩ‬஽ಹ and its devices
3. Yield and store a unique key ‫ீܭ‬ವ ,஽ಹ,೔ by using the
ಹ
4.
5.
6.
master key ‫ܩܭܯ‬஽ಹ and node ID ‫ܦ‬ு,௜ on ‫ܦ‬ு,௜
Assign a unique key ‫ ܦܩܭ‬.‫ ܦ‬to group controller
‫ܮ‬
‫ܮ‬,݅
‫ܩ‬஽ಽ and share it with‫ܦ‬௅,௜ .
Assign unique key ‫ܭ‬௦௠,஽ಹ,೔ to every smart devices ‫ܦ‬ு,௜
shared between ܵ‫ܯ‬௡,௚ and‫ܦ‬ு,௜ .
Assign unique key ‫ܭ‬௦௠,஽ಽ,೔ to every smart devices ‫ܦ‬௅,௜
shared between ܵ‫ܯ‬௡,௚ and‫ܦ‬௅,௜ .
1) The ‫ ܪ‬Group
Each device ‫ܦ‬ு,௜ that is connected to the smart meter
ܵ‫ܯ‬௡,௚ will require storing unique key ‫ܭ‬௦௠,஽ಹ,೔ shared with
smart meterܵ‫ܯ‬௡,௚ . The home group controller ‫ܩ‬஽ಹ stores the its
master key ‫ܩܭܯ‬஽ಹ and symmetric key ‫ܭ‬௦௠,ீವ
ಹ
Pre-deployment for groups ࡴ and ࡸ Devices: Group controller and devices which are group
members
Outcome: Assign unique IDs to each device, organize them
into two groups, assign a group controller to each group, a
smart meter to the groups and initialize the devices with the
shared keys.
Step 1: Formation of the groups ‫ ܪ‬and ࡸ
Identify the group controllers ‫ܩ‬஽ಹ and ‫ܩ‬஽ಽ
Formation of the group H with smart devices ‫ܦ‬ு,௜
Assign a unique ID for each smart device ‫ܦ‬ு,௜
Formation of the smart meter ܵ‫ܯ‬௡,௚
Assign a unique ID for each smart devises ܵ‫ܯ‬௡,௚
Step 2: Assign master group key and unique key for each
device in the Group ‫ܪ‬
If node= ‫ܩ‬஽ಹ
‫ܭ‬௦௠,ீವ // assign group controller unique key
ಹ
‫ܭ‬௦௠,஽ಹ,೔ // assign ‫ܦ‬ு,௜ unique key
End if
Figure 3: Pre-deployment steps for an H group
2) The ‫ ܮ‬Group
Each device ‫ܦ‬௅,௜ that communicates with the smart meter
ܵ‫ܯ‬௡,௚ will store two unique keys ‫ܭ‬௦௠,஽ಽ,೔ shared with smart
meter ܵ‫ܯ‬௡,௚ and ‫ீܭ‬ವ .஽ಽ,೔ shared with its group controller. ‫ܩ‬஽ಽ
ಽ
stores two keys, a symmetric key ‫ܭ‬௦௠,ீವ which is used to
ಽ
encrypt data for secure communication between home group
and smart meters and ‫ீܭ‬ವ .஽ಽ,೔ which is used for authenticating
ಽ
the device at the group controller ‫ܩ‬஽ಽ .
B. Communication phase
In this section, we explain the communication (data transfers
not relating to key management) phase for home area network.
1) The ‫ ܪ‬Group
The smart devices ‫ܦ‬ு,௜ exchange data bi-directionally with
the smart meter. ‫ܦ‬ு,௜ encrypts its data and time stamp sent to
the smart meter encrypted using the shared symmetric key
‫ܭ‬௦௠,஽ಹ,೔ as
‫ܧ‬௄ೞ೘,ವ ቀ‫ܽݐܽܦ‬, ܶܵ஽ಹ,೔ ቁ.
ಹ,೔
‫ܦ‬ு,௜
then
uses
‫ீܭ‬ವ .஽ಹ,೔ to generate a message authentication code (MAC),
ಹ
‫ܥܣܯ‬.஽ಹ,೔ that will be verified by ‫ܩ‬஽ಹ to authenticate ‫ܦ‬ு,௜ . The
encrypted data destined for the smart meter and the MAC are
sent to ‫ܩ‬஽ಹ as ‫ܧ‬௄ೞ೘,ವ ቀ‫ܽݐܽܦ‬, ܶܵ஽ಹ,೔ ቁ, ‫ܥܣܯ‬.஽ಹ,೔ ). After
ಹ,೔
validating the MAC value, ‫ܩ‬஽ಹ -encrypts the encrypted data
destined to the smart meter , using the symmetric key ‫ܭ‬௦௠,ீವ as
ಹ
‫ܧ‬௄ೞ೘,ಸ (‫ܧ‬௄ೞ೘,ವ (‫ܽݐܽܦ‬, ܶܵ஽ಹ,೔ ) ). Upon receiving this
ವಹ
ಹ,೔
data, ܵ‫ܯ‬௡,௚ decrypts the message it receives from the home
group controller node ‫ܩ‬஽ಹ , using the symmetric key ‫ܭ‬௦௠,ீವ
ಹ
and further decrypts the message to retrieve the data and time
stamp sent by ‫ܦ‬ு,௜ . The data from the ‫ܦ‬ு,௜ will be available in
an unencrypted form in the memory of the smart meter ܵ‫ܯ‬௡,௚ .
This is of concern from a security perspective.
2) The ‫ ܮ‬Group
These devices communicate one way; they send data to the
smart meter. ‫ܦ‬௅,௜ uses steps similar to the other group to send
data to the smart meter.
‫ܦ‬௅,௜ encrypts its data as
‫ܧ‬௄ೞ೘,ವ (‫ܽݐܽܦ‬, ܶܵ஽ಽ,೔ ). The encypted data destined for the
ಽ,೔
smart meter is encrypted again, with the time stamp, using the
key ‫ீܭ‬ವ
ಽ
.஽ಽ,೔
as ‫ܧ‬௄ಸ
ವಽ .ವಽ,೔
(‫ܧ‬௄ೞ೘,ವ
ಽ,೔
ቀ‫ܽݐܽܦ‬, ܶܵ஽ಽ,೔ ቁ, ܶܵ஽ಽ,೔ ).
Upon receiving this, ‫ܩ‬஽ಽ validates the source by decrypting the
data and verifying the time stamp. It then encrypts the data
destined for the smart meter using the shared key between
‫ܩ‬஽ಽ and ܵ‫ܯ‬௡,௚ , ‫ܭ‬௦௠,ீವ as ‫ܧ‬௄ೞ೘,ಸ (‫ܧ‬௄ೞ೘,ವ (‫ܽݐܽܦ‬, ܶܵ஽ಽ,೔ ) ).
ಹ
ವಽ
ಽ,೔
The smart meter retrieves the original data by decrypting the
data using ‫ீܭ‬ವ .஽ಽ,೔ and ‫ܭ‬௦௠,ீವ . At ‫ܩ‬஽ಽ and ܵ‫ܯ‬௡,௚ , the source
ಽ
ಹ
of the data is considered successfully authenticated if the data
is successfully decrypted using the shared key of the source.
The time stamps are used to verify the data freshness.
C. Forward and backward secrecy
In a devices group with active smart devices ‫ܦ‬ு,௜ ‫ܦ‬௅,௜ where
a node may join or leave during the lifetime of the group, two
security considerations arise.
Backward secrecy: A new smart device ‫ܦ‬ு,௜ ‫ܦ‬௅,௜ must not
have permission to access any data that is communicated before
it joins the session.
Forward secrecy: In a case where a smart device ‫ܦ‬ு,௜ ‫ܦ‬௅,௜
leaves the group, it must not have permission to access any
future data.
VI.
PERFORMANCE AND EVALUATION
We have proposed an efficient key management scheme for
the HAN in a smart grid. The scheme can be applied to HANs
that require highly secure communication, thus maximizing
network lifetime, scalability, availability, and confidentiality
between appliances to smart meter communications. The
scheme can address security in smart grid associated issues, in
particular through secure communication. In this session we
discuss and analyze the effectiveness of scheme in terms of
security, and energy consumption.
A.
Security Analysis
The proposed scheme is evaluated against the following
security characteristics - resilience against node capture,
forward and backward secrecy, resilience against replication
attacks, secure data aggregation.
1) Resilience against replication attacks
An attacker could replay old messages that have been
obtained from previous communication. However, in our
scheme time stamps are sent along with the data and each of the
receiving entities verify them against the previously received
time stamps which are stored on the devices.. The time stamp is
used as a session token which is expected by the receiver with
a reasonable tolerance in value when checked against the
periodicity of data expected. Each of ‫ܦ‬ு,௜ and ‫ܦ‬௅,௜ encrypts a
time stamp with the data, which is sent from the appliances to
the smart meterܵ‫ܯ‬௡,௚ .
2) Resilience against Sybil attacks
On Sybil attack, a malicious node introduces multiple fake
identities to group controller node ‫ܩ‬஽ಹ and ‫ܩ‬஽ಽ in the HAN for
illegitimate purpose. Our scheme provides an authentication to
confirm that one node cannot pretend to be other, for example
when a node ‫ܦ‬ு,௜ sends data to group controller‫ܩ‬஽ಹ , it must
compute a MAC on the data sent. The MAC is computed using
the shared key between ‫ܦ‬ு,௜ and ‫ܩ‬஽ಹ no adversary node can
pretend to be the node X. Furthermore, each node in HAN has
unique ID and its keys bound to its ID. If the compromised node
uses a different ID from the stored ID inܵ‫ܯ‬௡,௚ , it doesn’t hold
the valid keys related with fake ID.
3) Resistance to man-in-the-middle (MITM) attack
Messages exchanged between smart meters ܵ‫ܯ‬௡,௚ and ‫ܦ‬ு,௜
are crucial in a HAN. The data generated by the devices are
encrypted using the key shared with the smart meter. It is
forwarded to the smart meter via the group controllers without
being decrypted at the group controllers. An attacker will
therefore not have access to the data on the network in a direct
form, except at the two end points. In addition to the encryption,
the group controller authenticates the node either by verifying
the MAC (Group H) or by being able to decrypt the contents
and verify the time stamp (Group L), both of which are
encrypted. So, an attacker will require guess two keys to be able
to access the data sent by an end device. Thus the confidentiality
of the data is achieved.
4) Scalability
An increase in the HAN size should not affect the overall
performance. We use group key management mechanisms to
address the scalability of the HAN. The HAN is divided into
different groups of homogenous devices (such as ‫ ܪ‬and ‫ )ܮ‬and
corresponding group controllers such as ( ‫ܩ‬஽ಹ and‫ܩ‬஽ಽ ) with
distributed management tasks, to make the HAN scalable and
efficient. The scheme uses only symmetric keys unlike [6, 7] in
which they apply public/private keys management and session
keys.
demand response and smart meter effectively. The HAN is an
important component of the smart grid, both because of
consumption as well as the micro-generation that contributes to
the grid. The monitoring and management of HANs is one of
the key elements of managing demand response. These
functions require to be carried out in a secure manner.
We propose a novel key management scheme for HAN that
takes into account the different types of devices on the HAN,
their capabilities, the scalability of the HAN and the energy
consumption. The scheme is simple to implement, energy
efficient and flexible.
REFERENCES
[1]
Figure 4: Energy consumption during communication phase
5) Energy Consumption
The proposed scheme uses only symmetric keys therefore, it
is economical on both storage as well as energy consumption
unlike [6, 7]. In terms of storage, each device in Group L stores
a maximum of two keys and a node ID whereas a device in
Group H stores a maximum of three keys and a node ID. The
energy consumption, based on the number of bits transmitted
on the network; also it is significantly low since the encryption
overheads are low. For example, using AES for encryption with
a block cipher of 16, a data sample 16 bits long, when encrypted
remains 16 bits long; a data sample 24 bits long, when
encrypted is 32 bits long. The encryption overhead, therefore,
is a maximum of 15 bits, for any input data size. Authentication
functions give a fixed signature size (typically 128 bits or 8
bytes long) regardless of the input size. Therefore, when the
signature is sent along with the encrypted data, the total number
of bits transmitted increases and hence the energy consumption
is higher. The energy per bit transmitted is calculated assuming
a data rate of 250 Kbps and an active state current of 15 mA at
3.3V.For a Group L device ‫ܦ‬௅,௜ the data sample size is 16 bits
(2 bytes), the node ID is 16 bits and the time stamp is 16 bits,
totaling to 48 bits (6 bytes) of data. Similarly, for a Group H
device ‫ܦ‬ு௜ , the data size is 16 bits, the node ID is 16 bits, the
time stamp is 16 bits and the message authentication code is 160
bits, totaling to 208 bits (26 bytes). Note that the byte count
increases by 20 bytes with authentication. AES is used for
encryption and SHA-2 is used for authentication. With
authentication turned on, the energy consumption is markedly
higher than when only encryption is used. The Group L is
assumed to have twenty five devices and Group H is assumed
to have ten devices. The devices send data every ten minutes
via the own group controllers. The group controllers receive
data from the devices, decrypt them, encrypt them using the
shared key of the smart meter and forward the data to the smart
meter. A set of data from both the groups forwarded by the
group controller to the smart meter is referred to as a cycle.
Figure 4 shows that energy of the group controller for group L
lasts around 4300 cycles and that of group H lasts for 4000
cycles. ‫ܦ‬௅,௜ and ‫ܦ‬ு,௜ last far beyond 4300 cycles (4300 cycles at
600 secs per cycle implies 30 days.). However, the energy
consumed by ‫ܦ‬ு,௜ is more than that consumed by‫ܦ‬௅,௜ .
VII. CONCLUSION
An important characteristic of the smart grid is the associated
communications infrastructure and the ability to manage
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
E. D. Knapp and R. Samani, Applied Cyber Security and the Smart
Grid: Implementing Security Controls into the Modern Power
Infrastructure: Elsevier Science, 2013.
J. Ekanayake, N. Jenkins, K. Liyanage, J. Wu, and A. Yokoyama,
Smart Grid: Technology and Applications: Wiley, 2012.
M. B. Line, I. A. Tondel, and M. G. Jaatun, "Cyber security
challenges in Smart Grids," in Innovative Smart Grid Technologies
(ISGT Europe), 2011 2nd IEEE PES International Conference and
Exhibition on, 2011, pp. 1-8.
J.-Y. Kim and H.-K. Choi, "An efficient and versatile key
management protocol for secure smart grid communications," in
Wireless Communications and Networking Conference (WCNC),
2012 IEEE, 2012, pp. 1823-1828.
W. Wang and Z. Lu, "Survey Cyber security in the Smart Grid:
Survey and challenges," Comput. Netw., vol. 57, pp. 1344-1371,
2013.
H. Nicanfar, P. Jokar, and V. C. M. Leung, "Efficient authentication
and key management for the Home Area Network," in
Communications (ICC), 2012 IEEE International Conference on,
2012, pp. 878-882.
G. A. Tizazu, H. R. Hussen, and K. Ki-Hyung, "Secure session key
exchange scheme for Smart Grid Home Area Networks," in ICT
Convergence (ICTC), 2013 International Conference on, 2013, pp.
1116-1120.
W. Dapeng and Z. Chi, "Fault-Tolerant and Scalable Key
Management for Smart Grid," Smart Grid, IEEE Transactions on,
vol. 2, pp. 375-381, 2011.
H. Nicanfar, P. Jokar, and V. C. M. Leung, "Smart grid
authentication and key management for unicast and multicast
communications," in Innovative Smart Grid Technologies Asia
(ISGT), 2011 IEEE PES, 2011, pp. 1-8.
S. Das, Y. Ohba, M. Kanda, D. Famolari, and S. K. Das, "A key
management framework for AMI networks in smart grid,"
Communications Magazine, IEEE, vol. 50, pp. 30-37, 2012.
V. Namboodiri, V. Aravinthan, S. N. Mohapatra, B. Karimi, and W.
Jewell, "Toward a Secure Wireless-Based Home Area Network for
Metering in Smart Grids," Systems Journal, IEEE, vol. PP, pp. 1-12,
2013.

Download Report