12.1.1 Background and Motivation

With the introduction of cloud computing, some data must be transmitted through public networks (e.g. the Internet) in smart grid communications [181, 189, 190]. Although public cloud service providers have certain security mechanisms within the cloud, data exchange over the Internet still needs extra protection. We propose to apply identity‐based (ID‐based) security schemes [183–185] to secure data transmission over the Internet. With the proposed security schemes, utility companies can have more security control. Moreover, the communication infrastructure in the smart grid can better handle large numbers of participants.

The foundation of an ID‐based security scheme is public‐key cryptography. Instead of generating keys randomly, an ID‐based security scheme utilizes the unique ID of each participant. By doing so, key management might be more convenient, since some of the keys can be computed locally or even ahead of time. Furthermore, privacy and authentication can still be provided to the participants. In the smart grid information and communication networks (ICT) framework, each component has a unique ID that can be applied to ID‐based security schemes. Specifically, the proposed ID‐based security scheme utilizes public key cryptography where the public key is computed mainly based on the ID of each participant together with an expiration indicator . Public keys can be computed locally by any legitimate user in the domain. As a result, public keys and related domain secrets can be refreshed easily after each session. Key management is simplified by adopting the proposed ID‐based security scheme. With carefully chosen bilinear pairing operation and other system parameters, ID‐based security schemes can perform efficiently in smart grid communication systems.

Despite its simplicity, the proposed ID‐based based security scheme can provide security services such as confidentiality, data integrity, and non‐repudiation to the smart grid communications network. In this chapter, the proposed ID‐based security scheme is designed to achieve digital signature and encryption simultaneously; thus the proposed scheme is named ID‐based signcryption (IBSC). The IBSC scheme can be reduced to an ID‐based digital signature for those cases that do not require confidentiality. In order to enhance performance, the proposed IBSC is also modified for session key distribution instead of direct message encryption. In addition, the ID‐based schemes are also applied to achieve delegation of signing rights. With this feature, a utility control center may hand over its data control authority to another (or a few other) control center temporarily during routine maintenance, system failure, etc.

In our proposed ID‐based security, we adopt instead of for public key generation, where is the expiration time of the current session. Once a session expires, all participants will update the corresponding secrets and parameters accordingly. When a participant leaves the system domain, secrets bared by this participant need to be revoked. By adopting , if the public key generator (PKG) stops issuing secret keys to the participant that left, key revocation can be done automatically at the beginning of the next session. New messages will not be disclosed to old keys.

12.1.2 Applications of the Proposed Security Schemes in the Smart Grid

The proposed ID‐based security schemes can be applied to a variety of applications in the smart grid communication infrastructure. For communications between a utility's local control centers and a cloud control center, the proposed ID‐based security schemes may function as follows:

• Encipherment and digital signature. The proposed security schemes can be applied directly to provide both confidentiality and non‐repudiation. For instance, preprocessed metering data sent from local control centers to a cloud control center is encrypted and signed to provide confidentiality and non‐repudiation. Information generated by big data analytics is also encrypted and signed before being sent from the cloud to local control centers.
• Session key distribution. If symmetric ciphers are preferred in some applications in the smart grid communication infrastructure, the proposed identity‐based scheme can be applied to achieve secure session key distribution.
• Signing rights delegation from a local control center to another one. If local control center is subject to routine maintenance, it may delegate signing rights to another local control center (e.g. ). As shown in Figure 12.1, the private key generator (PKG) controlled by a utility has the authority to delegate signing rights from to . Alternatively, can delegate signing rights to locally without involving another entity for more efficient operation.

  

• Signing rights delegation from one local control center to a group of others. The PKG can assign a group of local control centers as a group proxy to sign for , as illustrated in Figure 12.2. In this case, no other local control center will take full responsibility for .

12.2.1 Preliminaries

The proposed ID‐based security scheme is based on a bilinear map. Let and be groups of prime order . Let be a generator of . Let . We say that are bilinear map groups if has the properties as follows:

• Bilinearity. for all and all .
• Nondegeneracy. For any , for all (indicated as hereafter).
• Computability. There is a polynomial time algorithm for computing for all .

12.2.2 Identity‐Based Signcryption

The proposed IBSC scheme comprises five algorithms: Setup, Keygen, Signcryption, Decryption, and Verification. Without loss of generality, the algorithms are described using the case where () sends message to ().

12.2.2.1 Setup

Setup is the algorithm used to initialize a domain's public parameters and set the public/private keys of the authentication server (AS). For simplicity, the AS and PKG are considered interchangeably in the discussion. In practice, they shall be deployed and maintained separately. In Setup, the PKG chooses groups of prime order , a generator of , a randomly chosen master key , and a domain secret . The PKG also chooses three cryptographic hash functions as follows:

The domain public parameters are

The public/private keys of the AS are and respectively.

12.2.3 Consistency of the Proposed IBSC Scheme

We then verify the consistency of the proposed IBSC scheme, in particular, the algorithms Decryption and Verification. The original message can be recovered with algorithm Decryption if and only if . The consistency can be proved as follows:

(12.1)

Therefore

(12.2)

The consistency of algorithm Verification is proved as follows:

(12.3)

12.2.4 Identity‐Based Signature

As discussed earlier, not all messages need encryption in smart grid communications. Nonetheless, data integrity and non‐repudiation are still required for most messages. To simplify the computation of each node, the IBSC scheme may be reduced to an identity‐based signature (IBS) scheme for the purpose of digital signature only. The IBS scheme comprises four algorithms, Setup, Keygen, Signature, and Verification. The algorithms Setup and Keygen are the same as the ones in IBSC. The algorithms Signature and Verification are described in the following sections. For consistency, assume sends to in the discussion.

12.2.5 Key Distribution and Symmetrical Cryptography

Although encryption is achieved in the IBSC scheme, some may still prefer symmetric ciphers for data encryption. Because the proposed identity‐based schemes are based on bilinear pairing (over elliptic curves) with large numbers, they are considerably slower compared to well‐established symmetric ciphers (e.g. advanced encryption standard). Therefore, the IBSC can be modified for session key distribution with symmetric ciphers (e.g. ) for the actual data encryption. In the modified IBSC, the algorithms Setup and Keygen are unchanged and generate domain public parameters. The algorithm Signcryption is modified to encrypt a message with a secret key as follows:

1. Sender randomly picks and sets
   
2. computes and computes
   
3. computes and , and computes
   
4. computes and encrypts the message
   
5. encrypts as ;
6. finally outputs a 5‐tuple .

The algorithm provides a digital signature in the same way that the original IBSC does. The consistency of the modified IBSC follows the original scheme.

12.3.1 Certificate Distribution by the Local Control Center

Let be the certificate of signing right delegated by to . A simple example of such a certificate could be , where is the expiration time of . A certificate can be valid for one message or for all messages before expiration of the certificate. The local control center delegates for a message in the following steps:

1. randomly picks and computes
   
2. computes and computes
   
3. sets .

Signing rights delegation is a 4‐tuple . Once receives the , it verifies if . The consistency is shown in the following:

(12.4)

12.3.2 Signing Rights Delegation by the PKG

Alternatively, the PKG is able to distribute a certificate to in the following steps:

1. The PKG randomly picks and computes
   
2. it finally outputs a 5‐tuple .

The delegation is verified by if . The consistency is shown in the following:

(12.5)

12.3.3 Single Proxy Signature

With certificate , is ready to sign message on behalf of in the following steps:

1. randomly picks and computes
   
2. it finally outputs a 5‐tuple .

The proxy signature is (note that , , and are from ). A receiver verifies by checking if the equation holds as follows:

The consistency is shown in the following,

(12.6)

12.4.1 Certificate Distribution

For each in the group, the PKG generates a partial signing right certificate and

1. randomly picks and computes
   
2. and finally outputs a 5‐tuple .

Once receives the , it verifies the certificate by checking if .

12.4.2 Partial Signature

With , can generate a partial signature for message in the following steps:

1. randomly picks and computes
   
2. finally outputs a 5‐tuple .

12.4.3 Group Signature

After all the proxies have generated partial signatures, one of the local control centers is chosen as the gateway (e.g. ) and generates a group signature in the following steps:

1. computes
   
2. finally outputs .

A receiver verifies the group signature by checking if the equation holds as follows:

The consistency can be verified such that

12.5.1 Assumptions for Security Analysis

The security of the IBSC and IBS schemes is based on the following computational problems [184, 185, 188]:

• Computational Diffie‐Hellman (CDH) problem. Given and , for all compute in polynomial time.
• Bilinear Diffie‐Hellman (BDH) problem. Given and , for all compute in polynomial time.

Without loss of generality, time stamp is considered part of the identity in the analysis later. To make the illustration clearer, the proposed IBSC scheme is separated into an identity‐based encryption scheme and identity‐based signature for security analysis. Moreover, all random values are picked uniformly unless otherwise specified.

12.5.2 Identity‐Based Encryption Security

12.5.3 Identity‐Based Signature Security

12.6.1 Computational Complexity of the Proposed Schemes

Performance of the proposed schemes is based on the number of operations and the efficiency of each type of operations. Table 12.1 lists the number of operations of each algorithm in the proposed security scheme. Among them, indicates standard multiplication in . Since addition in and XOR are simple and efficient operations, they are not listed in the table.

	# of	# of	# of	# of	# of
Signcrypt	1	5	1	2	1
Decrypt	1	0	0	0	1
Sign	0	3	1	0	0
Verify	3	1	1	1	0

Hash functions can be computed efficiently in general. In practice, and are easy to find. However, it is hard to build . In the analysis, we relax into two steps as follows:

1. ;
2. .

In step 1, is a finite set, and is an encoding function which is computable. Note that after the relaxation, the public key for a given and is calculated as . In the proposed IBSC scheme, public keys can be computed at the beginning of each session and cached for the entire session. Therefore, the relaxation of does not introduce more computational cost in reality. Because of that, performance of the IBSC and IBS schemes will be considered efficient if bilinear pairing and multiplication in can be computed efficiently. Since the Weil pairing can be performed efficiently using Miller's algorithm [191], the bilinear map can be performed efficiently as well.

12.6.2 Choosing Bilinear Paring Functions

To analyze the performance of the IBSC scheme, we apply two bilinear pairing functions, modified Weil pairing and Tate pairing, over supersingular elliptic curve .

We first construct . Let be a prime number such that and for some prime and positive integer . Then is the subgroup of order of . The CDH problem is hard in the group [188, 192]. However, it is worth mentioning that the decisional Diffie‐Hellman (DDH) problem is an easy one for bilinear map . This is because with given , , we can easily check if by comparing with .

The Weil pairing has the properties of bilinearity and computability; however, it does not have nondegeneracy. Therefore, we adopt a modified Weil pairing such that , where is an automorphism on the group of points of supersingular elliptic curve , that is, , where is a primitive cube root of unity in . Thus, . The bilinear map is calculated as a Weil pairing with an additional standard multiplication on the curve . According to [188], is believed to satisfy the BDH problem. However, computing the discrete logarithm in is sufficient for computing the discrete logarithm in . Therefore, in order to make it sufficiently hard in practice, needs to be at least 512 bits long.

12.6.3 Numerical Results

We evaluate the proposed identity‐based schemes with modified Weil pairing using Mathematica 10.0 on a computer equipped with an Intel Core i5‐2400 GHz and 12 GB RAM. We first show the computational cost of each operation. Since , , and do not have much difference in computational time and the added encoding function is more efficient than , the hash functions are excluded from the performance analysis.

Bilinear pairing		Standard multiplication
bits	bits	bits	bits
7.44 ms	13.25 ms	6.43 ms	12.29 ms

First, we evaluate the computational time for the bilinear pairing . Two sets of evaluation are given, that is, for bits and bits. Each evaluation is the average value from calculations. With bits, one takes about 7.44 ms. With bits, one takes about 13.25 ms. We then evaluate the computational time of standard multiplication over (i.e. ). The computational time of mainly depends on the size of (assuming bits). The computational time of each evaluation is averaged from calculations. With bits, a standard multiplication operation takes about ms. Note that in the proposed IBSC, is the output of some hash functions; therefore, usually is 256 bits or 512 bits, where the computation is efficient. The evaluation results are summarized in Table 12.2.

	b	b	b	b
	b	b	b	b
Signcrypt	39.59 ms	68.89 ms	45.4 ms	74.7 ms
Decrypt	7.44 ms	7.44 ms	13.25 ms	13.25 ms
Sign	19.29 ms	36.87 ms	19.29 ms	36.87 ms
Verify	28.75 ms	34.61 ms	46.18 ms	52.04 ms

Based on the evaluations we have for each operation, we then show the total operational time for each algorithm. In practice, public keys are computed once and cached for the entire session. The computational time of each algorithm is listed in Table 12.3 ( where “b” stands for “bits”). It is shown that the proposed IBSC performs efficiently for delay‐tolerant and even near real‐time data transmission, for example, metering data transmission. However, for real‐time monitoring data, such as PMU data, the identity‐based schemes alone may not be a good solution. Without sufficient computational resources, faster security protocols and schemes are recommended, for instance, traditional symmetric ciphers. The proposed IBSC can be applied for initial authentication and key distribution of the chosen symmetric ciphers.