Security Schemes for AMI Private Networks

In this chapter, a security protocol is proposed specifically for the advanced metering infrastructure (AMI) in the smart grid to address the security requirements. Although AMI does not cover all private networks in smart grid communications, security protocols for its comprehensive and complicated infrastructure can be extended to other private networks based on their different security requirements. The proposed security protocol will be illustrated in four parts, namely the initial authentication scheme, secure uplink transmission scheme, secure downlink transmission scheme, and domain secret update scheme.

11.1 Preliminaries

The proposed security schemes in this chapter are based on several network security concepts: for example, security services, security mechanisms, etc. To make the illustration clearer, we first present some basic background about network security in this section.

11.1.1 Security Services

Security services are provided in a system design to protect against possible security attacks. In a communication system, possible security services are described in Table 11.1

Table 11.1 Security services.

Security serviceDescription
Access controlControl access from authorized users to resources.
AuthenticationVerify the identities of entities.
ConfidentialityEnsure that information is accessible only to authorized entities.
Data integrityMaintain the accuracy and completeness of data.
Non‐repudiationProve the data origin.
AvailabilityMake information available to authorized entities when needed.

For a given communication system, whether to apply a security service depends on system requirements. The system may be most secure if all security services are applied. However, due to limited computational resources, it is impractical to implement all services.

11.1.2 Security Mechanisms

Security mechanisms are the tools to achieve security services in a communication system. Some major security mechanisms include encipherment, authentication, access control, digital signature, and data integrity.

Encipherment mechanisms mainly provide confidentiality. Encipherment algorithms include reversible and irreversible ones. Reversible encipherment algorithms are widely known as encryption algorithms, which are divided into symmetric and asymmetric ones.

  • A symmetric encryption is also known as private‐key encryption. It is an encryption algorithm that is based on a preshared secret key. Both communication entities can perform the same function, either encryption or decryption, using the same process. In this chapter, a symmetric encryption algorithm is denoted as images, where images is the preshared secret key and images is the input message. The decryption algorithm is denoted as images correspondingly.
  • An asymmetric encryption algorithm is also known as public‐key encryption. In an asymmetric algorithm, each communication entity has two keys, public and private respectively. The public keys are shared with the other communication entities, whereas the private keys are kept secret. A message encrypted with the public key must be decrypted by its paired private key. A message signed with the private key must be verified by its paired public key. Therefore, the two communication entities are not symmetric.
  • Irreversible encipherment algorithms are not used for encryption. Those algorithms may or may not depend on a key. They are mostly applied to other services, for example, data integrity and digital signatures.

Encipherment mechanisms are widely applied to achieve other security mechanisms.

Authentication mechanisms are applied to authentication services. Instead of specific algorithms, authentication mechanisms are mainly handshake protocols with messages created by other mechanisms using unique information provided by entities.

Access control mechanisms are applied to control access to services. Similar to authentication, many access control mechanisms use handshake protocols to determine and enforce the access rights of an entity depending on its authenticated identity.

Digital signature mechanisms are applied to non‐repudiation services and sometimes to data integrity. Most digital signature mechanisms are based on public‐key encryption algorithms, where the sender signs a message with the private key and the receiver verifies the signature with the sender's public key.

Data integrity mechanisms are applied to data integrity services. Irreversible encipherment algorithms are applied as data integrity mechanisms in most communication systems. For example, hash functions are data integrity mechanisms. In this chapter, a hash function is defined as images. Note that a hash function has no key, so any entity has the ability to generate and verify a hash code with a given message.

Note that security mechanisms are not a one‐to‐one match with security services. A security service may be provided by multiple security mechanisms, and a security mechanism may be applied to multiple security services.

11.1.3 Notations of the Keys Used in This Chapter

For simplicity, the notations of the keys used in the proposed security protocol of this section are listed in Table 11.2.

Table 11.2 Notations of the keys.

Keys for symmetric algorithms
imagesPreshared secret key for node images
imagesActive secret key for node images
imagesSession key between images and images
Keys for asymmetric algorithms
imagesPublic key for node images
imagesPrivate key for node images
imagesPublic key for the authentication server
imagesPrivate key for the authentication server

11.2 Initial Authentication

11.2.1 An Overview of the Proposed Authentication Process

In this section, we present the initial authentication of the security scheme. The security scheme is proposed mainly for the wireless networks in the AMI. Security in the backbone network can be achieved using existing mechanisms and protocols controlled by utilities. Nodes in the wireless networks mainly include data aggregate points (DAPs) and smart meters. DAP Authentication Process

Before joining the AMI, a DAP must be authenticated through the initialization process [167]. Assume that utilities have full control of their private networks; thus an authentication server (AS) is managed by utilities on their side. The initial authentication is based on a trusted AS. Generally speaking, if a node is closer to the AS, it will be authenticated before those that are farther away due to multihop networks. Therefore, before a smart meter joins the AMI, the gateway DAPs and normal DAPs are initialized by the AS. Note that gateway DAPs are initialized before normal DAPs since they have direct communication to the concentrator. For simplicity, gateway DAPs are not specified in the rest of the discussion.

DAPs are divided into two groups: one active and the other uninitialized. An active node is a node that has been authenticated by the AS to join the AMI communication system and is functioning normally. An uninitialized node can be one of the following four types:

  • A newly installed node
  • A node that has recovered from a malfunction
  • A node updated with new preshared keys
  • A node reinstalled to another location

The authentication process for uninitialized nodes is carried by existing active nodes and the AS. For example, as illustrated in Figure 11.1, DAP images is uninitialized, while its neighboring DAPs images, images and images are active. To join the AMI, images initiates the authentication process by broadcasting a request to all of its active neighbors, which will relay the request to the AS through established secure links.

Diagrammatic illustration of the initial authentication process for DAP n1 .

Figure 11.1 Initial authentication process for DAP images.

After the authentication process is performed by the AS, images will receive reply messages from the AS through its active neighbors. The reply messages are different from each other, since they consist of authentication confirmation as well as information to establish secure links between images and each of its active neighbors. In summary, the initial authentication process accomplishes the following three tasks:

  • images is authenticated to become an active node and join the AMI
  • images establishes a secure connection to the AS through one of its active neighbors that has the shortest distance to the AS
  • images establishes backup secure connections to the AS through the rest of its active neighbors Smart Meter Authentication Process

After all DAPs have been initialized by the AS, a neighborhood‐area network is formed in the AMI. Smart meters will then be initialized through active DAPs. Unlike DAPs, smart meters do not have many neighbor nodes because of two reasons. First, smart meters have a limited transmission range. They are unlikely to have a direct connection with more than one DAP. Second, it is not a good idea to let smart meters communicate with each other, since their data contains much private information and smart meters are easier to access than DAPs.

An overview of the initialization process for a smart meter is shown in Figure 11.2. An uninitialized smart meter sends a request to an active DAP, and the DAP will relay the request to the AS through a secure communication link. Once the authentication process is approved by the AS, a reply is sent to the smart meter through the active DAP.

Diagrammatic illustration showing the overview of the initial authentication process for a smart meter.

Figure 11.2 Initial authentication process for a smart meter.

11.2.2 The Authentication Handshake Protocol

Without loss of generality, the authentication handshake protocol is presented according to the example given in Figure 11.1, where images is the uninitialized node. One of its active neighbor images is chosen to illustrate the detailed initialization process. The initialization processes through active neighbors images and images are similar.

In practice, the active neighboring node images may not have a direct connection to the AS. Instead, there may be a secure link established between images and the AS. Therefore, we focus on images, images, and the AS in the process. Note that other active nodes in the same secure link do not store useful information from the process. The initialization process achieves three mutual authentications.

  • Authentication between images and the AS: This mutual authentication is straightforward, since the AS will only allow legitimate nodes to join the AMI and the nodes will also trust only the AS.
  • Authentication between images and the AS: This mutual authentication is intended to ensure that images is active and is trusted to relay the request from images.
  • Authentication between images and images: This mutual authentication between images and images is to help establish further secure communications from images to images.

Each legitimate node, whether uninitialized or active, has a preshared secret key (i.e. images for node images) with the AS. Besides, an active secret key is assigned to each active node (e.g. key images) for node images, mainly for uplink data traffic encryption. This active secret key is also used by the AS to verify if this node is active or not. Similar to images, images is known only to images and the AS. In order to establish a secure connection from images to the AS after the authentication process, an active secret key images must be generated by the AS and assigned to images during the initialization process. Note that images does not carry images before initialization process; only images is known to images. Moreover, although the active nodes relay messages from the AS to images, the keys are not disclosed to those intermediate nodes.

The authentication handshake protocol is initiated from the uninitialized node images. The entire process includes six handshakes among images, images, and the AS, as shown in Figure 11.3. The 6 messages exchanged during the process are described as follows:

  1. images. To initiate the process, images sends images to the AS through images. In message images, images is a cryptographic hash function, ‘images’ is an XOR function, and images is a time stamp. The authentication is achieved by images, since with given images and images, the AS is the only entity other than images able to compute images.
  2. images. Once images receives the request message images, it generates images and sends the new message to the AS. In images, images is a symmetric encryption function with key images. In particular, the active key for images is applied to the encryption. Another time stamp images is generated at images and included in images together with its own identity images. Then, images encrypts the entire message with images. The encryption protects images from being disclosed to other active nodes in the secure link. An identity verification code images is generated at images. The extra information generated at images is used for the AS to authenticate images as an active node and validates the freshness of the message.
  3. images. Once the AS receives images, it authenticates images by decrypting images using images. Time stamp images is verified by comparing a computed images to the received value. Then, the AS authenticates images by computing images. Once images is authenticated, the AS generates a message images for images. In images, images is the initial vector for further uplink transmission, and images is the active key for images. images is the public key of the AS for downlink transmission security protocols. Moreover, images is the generating parameter for public‐key cryptography in the communication domain. Parameter images can be a set of parameters depending on the chosen public‐key cryptographic schemes. For example, images can be two primes numbers if RSA [187] is applied and have more parameters if identity‐based cryptography [188, 184, 185] is applied. Nonetheless, images remains the same in the communication domain. Although the AS generates images, it does not generate public/private keys for each node. It is better to keep the nodes as independent as possible from other nodes and the AS. Unique information for images is encrypted with the preshared secret key images, that is, images. Moreover, in images, images is for integrity validation. Note that images is also part of the input for images to authenticate images through the AS. Then the AS generates another time stamp images (it is possible that images) and images. Finally, the message sent back to images is images.
  4. images. Once message images reaches images, images first reveals images by decrypting the message and verifies data integrity by computing images. At this point, images has authenticated images from the AS. Then, images forwards images to images together with the public key images. A time stamp images is generated at images for message freshness. Hash value images is computed for data integrity of message images.
  5. images. Once images receives images, it reveals images, images, images, and images by decrypting images. After verifying the integrity of the received information, images successfully authenticates images. Then images generates a pair of public/private keys based on a given public domain secret images. The public key images is encrypted with the public key of images so that images, where images is the encryption function of the adopted public key cryptography. A time stamp images is generated, and images is computed at images to provide data integrity for message images.
  6. images. After exchanging public keys images and images, active nodes images and images can find a way to generate the session key images for further communication. Session key images is shared only between images and images. It is refreshed frequently.
Schematic illustration of the detailed initial authentication process through one active neighbor.

Figure 11.3 Detailed initial authentication process through one active neighbor.

After the six handshakes, images is fully initialized, and it joins AMI communications through images. The initial authentication processes through other active neighbors (i.e. images and images in this example) are similar. In particular, the AS sends back the same images, images, images, and images. Note that the preshared secret key images is unique, depending on active neighbor identity images. Nonetheless, in the final handshake, images will send the same images to its active neighboring node images encrypted with images, images in this example. By doing so, images shares the same public key to all of its active neighbors. Therefore, images is able to join the uplink transmission through any of the active neighbors. In other words, both operating and backup secure communication channels are established through the initial authentication process.

The detailed process for smart meter initialization is the same as DAP initialization. The only difference is that, there is one process only because of the single active DAP a smart meter is connected to. The illustration is not repeated here.

11.2.3 Security Analysis

The security of the proposed authentication process is described in terms of each security service, including confidentiality, data integrity, non‐repudiation, and availability. Note that the security services mentioned here are just those for the authentication process, not for the overall security protocol.

  • Confidentiality. Confidentiality of the authentication request is not necessary; therefore, it is not provided via specific mechanisms. Much information is transmitted in clear text. Note that the initial authentication request is protected with confidentiality once it reaches an active node in the AMI.
  • Data integrity. All the messages (except for images) are provided a hash value specifically for an integrity check. Moreover, the input is not the original message, which can easily be captured by an eavesdropper. The input is the XORed messages of the useful information, which cannot be captured or forged. Therefore, the messages in this protocol is cannot be forged. Moreover, with time stamps being applied in each message, a replay attack is unlikely to succeed in the process. The detailed process of images is not given in this protocol, because the real application may vary based on different public key cryptographic schemes. With a given public key cryptographic scheme, data integrity can be provided in a similar way for session key images in images.
  • Non‐repudiation. The initialization process does not use a digital signature for sender authentication except for images. However, secret preshared keys are applied for message encryption. With the sender and the receiver being the only entities that can encrypt and decrypt the message, non‐repudiation is achieved for all messages (except for images) with symmetric encryption. Non‐repudiation of images is indeed provided by a digital signature.
  • Availability. Availability of the process is guaranteed as long as the AMI has a wireless connection. The proposed authentication process has enhanced availability through the participation of all active nodes that are neighbors of an uninitialized one.

11.3 Proposed Security Protocol in Uplink Transmissions

In the uplink transmission, data from each node is aggregated in a chain topology and is finally delivered to the service provider (assuming that the AS and the service provider share the same entity). As discussed before, data confidentiality and data integrity are critical requirements for metering data, since any mistakes may cause inefficient grid operation. Sender authentication or non‐repudiation may be considered in certain situations if there are enough computational resources. To achieve all these requirements, we propose the following security protocol for data aggregation in uplink transmission.

11.3.1 Single‐Traffic Uplink Encryption

We first present the uplink encryption process for a single‐traffic transmission. The following description is based on the illustration shown in Figure 11.4. Suppose the single‐traffic transmission follows a path with images nodes in the order of images.

Schematic illustration of the data aggregation process in an uplink transmission.

Figure 11.4 Data aggregation process in an uplink transmission.

As the first one of the aggregation, images mixes its raw data images with images as images. It then encrypts the intermediate message with the active secret key images as follows:


A hash value is generated as images, where images is a hashed message authentication code function that provides data integrity. The notation with images is to distinguish the hash function from the one applied to the initialization process, since different hash functions can be used in authentication and uplink encryption. The hash value is attached to the cipher text as follows:


Finally, images encrypts the entire message with images as follows:


The next node images first decrypts the incoming data with the session key as follows:


Then images mixes its raw data images with images and generates cipher text images as follows:


A hash value is generated as images and attached to the cipher text. The message from images is aggregated to the current message as follows:


Finally, images encrypts the entire message with images as follows:


Any intermediate node images performs the same process as images by replacing indexes images with images respectively. The final message reaching the AS (or utilities) from node images is images.

11.3.2 Multiple‐Traffic Uplink Encryption

A node may receive multiple items of data traffic in the AMI communications network. In this case, the intermediate shall process all incoming traffic and generate a single item for the next node. The example shown in Figure 11.5 is used to illustrate the multiple‐traffic uplink encryption process. Suppose an intermediate node images has two incoming items in traffic from nodes images and images respectively; images chooses one of them randomly, for example, message images from node images. Node images processes images by following the single‐traffic uplink encryption as illustrated in the previous subsection and generates a cipher text as follows:


A hash value images is generated based on the cipher text. The other message images from node images is decrypted at node images to reveal images. The disclosed images is flagged such that images and attached to the cipher text images. The generated message images at node images is as follows:


The message sent from images to the next node is computed as follows:


If there are more items in incoming traffic, they will be processed as images at node images.

Schematic illustration of the multiflow data aggregation process.

Figure 11.5 Multiflow data aggregation process.

11.3.3 Decryption Process in Uplink Transmissions

Once the AS receives the aggregated data, it starts the decryption process of the data. For example, as shown in Figure 11.6, the AS first authenticates the incoming node, for example, node images, by decrypting the receiving data with the preshared public key images as follows:


and reveals images, images and images. The AS then verifies the data integrity by computing the hash value images. As shown in Figure 11.7, if the hash value matches the one disclosed from the decryption, then data integrity is validated. If a hash value cannot be validated, then the data integrity of that message is violated, and the message is discarded. Once data integrity is validated, the AS continue the data recovery process by decrypting images as follows:


With images already disclosed, images from node images can be recovered. After that, the AS continues the recovery process with images. Note that the AS does not verify senders other than images; thus images is processed using the same process used to process images. To recover images, the AS maintains synchronization of the initial vector images.

Schematic illustration of data recovery process in uplink transmission.

Figure 11.6 Data recovery process in uplink transmission.

Schematic illustration of data integrity check in uplink transmission.

Figure 11.7 Data integrity check in uplink transmission.

If the message includes data from multiple incoming traffic streams, the AS extracts the messages between flags images and images and continues to recover the data by following the same process discussed before for images. The AS may process multiple incoming messages in parallel, as they are not mixed together.

11.3.4 Security Analysis

Confidentiality, data integrity, and non‐repudiation are the security services to be provided in the uplink transmission encryption protocol.

  • Confidentiality. Confidentiality is achieved in two steps. First, the raw data images from node images is mixed with the incoming data from the previous node, that is, images. The first node achieves this step by mixing its data with the initial vector given by the AS. In addition, the mixed data is encrypted with the active key images.
  • Data integrity. The data integrity of each message is provided by a hash value generated from that message. The message images from of images is cannot be forged unless its active key images is compromised.
  • Non‐repudiation. Non‐repudiation is provided in two aspects. Within one‐hop transmission, a message images is encrypted by the preshared secret key images that is known only to nodes images and images. Thus non‐repudiation is provided to sender images. At the AS, messages images for all nodes are encrypted with their active key images; thus sender authentication is provided.

11.4 Proposed Security Protocol in Downlink Transmissions

The downlink transmission involves control messages from the service provider to the nodes. Most of the control messages (e.g. price and tariff information) are for all the smart meters in the neighborhood. For those messages, confidentiality may not be as important as it is for the uplink transmission data. Nonetheless, data integrity is important. Message manipulation would alter demand response in the smart grid and in the end result in grid inefficiency. Moreover, non‐repudiation is critical for such control messages so that the customers can trust the sender. Some control messages are one‐to‐one, such as on‐off switch commands for participating customers' air conditioners. Confidentiality must be provided to those messages in addition to data integrity and non‐repudiation.

11.4.1 Broadcast Control Message Encryption

Encryption for a broadcast control message (e.g. images) is illustrated in Figure 11.8. A time stamp images is appended to the message, and a hash value is generated as images, where images is a cryptographic hash function. The hash value is signed by the AS using its private key, such that images, where images is an encryption function using public key cryptography. The broadcast message to each node includes the original control message, time stamp, and the digital signature, such that,

Schematic illustration showing the encryption of broadcast control message MB.

Figure 11.8 Encryption of broadcast control message images.

At the receiver side, the original information (i.e. images and images) is in clear text. The digital signature is decrypted using the public‐key of the AS by performing images, where images is a decryption function using public key cryptography. The decrypted information is the hash value. The receiver shall compute the hash value at its side and compare the result with the decrypted value to verify data integrity. If the hash value is valid, then non‐repudiation is also validated. If the integrity check is not passed, the receiver will request a retransmission from the AS through its secure uplink transmission tunnel. This rarely happens unless the message is not legitimate. Because each node will receive multiple copies of the control message from all of its active neighbors, if one of the messages is valid, then a retransmission will not be necessary.

11.4.2 One‐to‐One Control Message Encryption

Encryption for a one‐to‐one control message (e.g. images) is illustrated in Figure 11.9. The message is XORed to a time stamp images and encrypted using the active key images. A hash value of the encrypted data is generated and signed. Finally, the encrypted data, time stamp, and the digital signature are aggregated together as message images such that


Unlike images, images is sent through all of its active neighbors of images only, as illustrated in Figure 11.10. A few copies of the information would increase the reliability of transmissions.

Schematic illustration showing the encryption for a one-to-one control message in an authentication server.

Figure 11.9 Encryption of control message images for images.

Diagrammatic illustration depicting the example of control message sent through all of its active neighbors by an authentication server.

Figure 11.10 Example of control message images to images.

11.4.3 Security Analysis

Security services provided to broadcast messages and one‐to‐one messages in downlink transmissions are slightly different.

  • Confidentiality. For downlink broadcast messages, confidentiality is not provided. For one‐to‐one messages to a specific node (e.g. images), confidentiality is provided by encrypting the message with the active key images.
  • Integrity. Both the broadcast and unicast control messages are cannot be forged, since the corresponding hash values are signed by the AS using its private key.
  • Non‐repudiation. Since the hash value of each control message is signed by the AS, the control message is protected against repudiation.

11.5 Domain Secrets Update

In order to keep the AMI secure in the long run, domain secrets need to be refreshed frequently, for example, daily or hourly depending on requirements.

11.5.1 AS Public/Private Keys Update

For the AS, its public and private keys need to be refreshed. After the AS generates a new pair of public/private keys (i.e. images/images), it transmits the public key to all the active nodes using the encryption scheme for broadcasting, such that


The update of images is for all the active nodes in the same time slot. In the mean time, separate control messages signed by images and images will be sent so that the downlink transmissions are not interrupted.

11.5.2 Active Secret Key Update

For an active node (e.g. images), its active secret key images needs to be refreshed. To do so, the AS picks a new active secret key images for images, and sends it as one‐to‐one message to images, such that


However, it is not necessary to refresh the active secret keys for all the nodes at the same time. The AS can do a batch at a time when the network is not heavily loaded, for example, after midnight. Moreover, as mentioned before, the session key (e.g. images) between two active nodes (images and images) needs to be refreshed more frequently. To do so, images and images simply run the sixth step from the initialization process again.

11.5.3 Preshared Secret Key Update

The preshared key of a node is not refreshed as frequently as the other keys since it is used much less frequently. Therefore, the preshared key can last longer before it wears out. However, it is reasonable to refresh the preshared key in some cases, for example, if a DAP is compromised and recovered, if a DAP is redeployed to another NAN, or if a house has been sold and thus its smart meter has a new owner. An on‐site firmware update will be recommended in this case. A customer can also request a firmware update and then load it to his/her smart meter. Automatic updates can also be achieved. For example, if DAP images needs a preshared key update, the AS picks a new images, and sends it to images, such that


It is also reasonable to encrypt this message with images if images has been compromised. However, if both images and images are compromised, then a physical update will be inevitable.

11.6 Summary

In this chapter, we proposed a security protocol for the AMI in the smart grid. In order to meet various security requirements for asymmetric communication in the AMI, the proposed security protocol consists of initial authentication scheme, independent security schemes for uplink and downlink transmissions, and a domain secret update scheme. The security scheme for uplink transmissions provides confidentiality and data integrity to metering data and other monitoring data. The security scheme for downlink transmissions provides data integrity and non‐repudiation for controlling data and pricing/tariff information. Future work may be conducted to extend the proposed network security protocol so that cloud computing and various external information sources can be involved in the modern control of the smart grid.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.