12
Security Schemes for Smart Grid Communications over Public Networks

In this chapter, we focus on security schemes for smart grid communications over public networks that utility companies subscribe to. Public networks in the smart grid are distinguished from private networks by their independence from utilities. Our proposed security schemes can be applied by utilities even without full control of the communications network to add extra protection on top of existing security provided by network service providers.

12.1 Overview of the Proposed Security Schemes

12.1.1 Background and Motivation

With the introduction of cloud computing, some data must be transmitted through public networks (e.g. the Internet) in smart grid communications [181, 189, 190]. Although public cloud service providers have certain security mechanisms within the cloud, data exchange over the Internet still needs extra protection. We propose to apply identity‐based (ID‐based) security schemes [183185] to secure data transmission over the Internet. With the proposed security schemes, utility companies can have more security control. Moreover, the communication infrastructure in the smart grid can better handle large numbers of participants.

The foundation of an ID‐based security scheme is public‐key cryptography. Instead of generating keys randomly, an ID‐based security scheme utilizes the unique ID of each participant. By doing so, key management might be more convenient, since some of the keys can be computed locally or even ahead of time. Furthermore, privacy and authentication can still be provided to the participants. In the smart grid information and communication networks (ICT) framework, each component has a unique ID that can be applied to ID‐based security schemes. Specifically, the proposed ID‐based security scheme utilizes public key cryptography where the public key is computed mainly based on the ID of each participant together with an expiration indicator images. Public keys can be computed locally by any legitimate user in the domain. As a result, public keys and related domain secrets can be refreshed easily after each session. Key management is simplified by adopting the proposed ID‐based security scheme. With carefully chosen bilinear pairing operation and other system parameters, ID‐based security schemes can perform efficiently in smart grid communication systems.

Despite its simplicity, the proposed ID‐based based security scheme can provide security services such as confidentiality, data integrity, and non‐repudiation to the smart grid communications network. In this chapter, the proposed ID‐based security scheme is designed to achieve digital signature and encryption simultaneously; thus the proposed scheme is named ID‐based signcryption (IBSC). The IBSC scheme can be reduced to an ID‐based digital signature for those cases that do not require confidentiality. In order to enhance performance, the proposed IBSC is also modified for session key distribution instead of direct message encryption. In addition, the ID‐based schemes are also applied to achieve delegation of signing rights. With this feature, a utility control center may hand over its data control authority to another (or a few other) control center temporarily during routine maintenance, system failure, etc.

In our proposed ID‐based security, we adopt images instead of images for public key generation, where images is the expiration time of the current session. Once a session expires, all participants will update the corresponding secrets and parameters accordingly. When a participant leaves the system domain, secrets bared by this participant need to be revoked. By adopting images, if the public key generator (PKG) stops issuing secret keys to the participant that left, key revocation can be done automatically at the beginning of the next session. New messages will not be disclosed to old keys.

12.1.2 Applications of the Proposed Security Schemes in the Smart Grid

The proposed ID‐based security schemes can be applied to a variety of applications in the smart grid communication infrastructure. For communications between a utility's local control centers and a cloud control center, the proposed ID‐based security schemes may function as follows:

  • Encipherment and digital signature. The proposed security schemes can be applied directly to provide both confidentiality and non‐repudiation. For instance, preprocessed metering data sent from local control centers to a cloud control center is encrypted and signed to provide confidentiality and non‐repudiation. Information generated by big data analytics is also encrypted and signed before being sent from the cloud to local control centers.
  • Session key distribution. If symmetric ciphers are preferred in some applications in the smart grid communication infrastructure, the proposed identity‐based scheme can be applied to achieve secure session key distribution.
  • Signing rights delegation from a local control center to another one. If local control center images is subject to routine maintenance, it may delegate signing rights to another local control center (e.g. images). As shown in Figure 12.1, the private key generator (PKG) controlled by a utility has the authority to delegate signing rights from images to images. Alternatively, images can delegate signing rights to images locally without involving another entity for more efficient operation.
    Diagrammatic illustration depicting the signing rights delegation from a local center to another one.
    Figure 12.1 Signing rights delegation from images to images.
  • Signing rights delegation from one local control center to a group of others. The PKG can assign a group of local control centers as a group proxy to sign for images, as illustrated in Figure 12.2. In this case, no other local control center will take full responsibility for images.
Diagrammatic illustration depicting the signing rights delegation from one local center to a group of local control centers.

Figure 12.2 Signing rights delegation from images to a group of imagess.

12.2 Proposed ID‐Based Scheme

The core of the proposed solution is an IBSC scheme, which performs the functions of both digital signature and encryption simultaneously. The scheme can be further applied to achieve digital signature only or key distribution.

12.2.1 Preliminaries

The proposed ID‐based security scheme is based on a bilinear map. Let images and images be groups of prime order images. Let images be a generator of images. Let images. We say that images are bilinear map groups if images has the properties as follows:

  • Bilinearity. images for all images and all images.
  • Nondegeneracy. For any images, images for all images (indicated as images hereafter).
  • Computability. There is a polynomial time algorithm for computing images for all images.

12.2.2 Identity‐Based Signcryption

The proposed IBSC scheme comprises five algorithms: Setup, Keygen, Signcryption, Decryption, and Verification. Without loss of generality, the algorithms are described using the case where images (images) sends message images to images (images).

12.2.2.1 Setup

Setup is the algorithm used to initialize a domain's public parameters and set the public/private keys of the authentication server (AS). For simplicity, the AS and PKG are considered interchangeably in the discussion. In practice, they shall be deployed and maintained separately. In Setup, the PKG chooses groups images of prime order images, a generator images of images, a randomly chosen master key images, and a domain secret images. The PKG also chooses three cryptographic hash functions as follows:

images

The domain public parameters are

images

The public/private keys of the AS are images and images respectively.

12.2.2.2 Keygen

Keygen is the algorithm used to generate public and private keys for each entity in the system. For a given string images and a expiration time stamp images, the algorithm builds a public/private key pair images/images as follows:

  • Public key: images.
  • Private key: images.

For example, the keys for images are images and images. Note that images is converted into images and is concatenated to images in the illustration. Other processes can be taken for the same purpose; for example, images can also be XORed to images.

12.2.2.3 Signcryption

Keygen is the algorithm used to encrypt and sign (signcrypt) a message. To signcrypt a message images, sender images

  1. randomly picks images and computes
    images
  2. computes images and computes
    images
  3. computes images and images and then computes
    images
  4. computes images and encrypts the message
    images
  5. finally outputs a 4‐tuple images.

In the 4‐tuple, the cipher text is images and the digital signature is images.

12.2.2.4 Decryption

Decryption is the algorithm used to decrypt a cipher text images. Upon receiving images, receiver images decrypts images in the following steps:

  1. computes images;
  2. decrypts images.

12.2.2.5 Verification

Verification is the algorithm used to validate a digital signature images. Note that the original message images must be recovered before verification. A digital signature is verified by images in the following steps:

  1. computes images, and images;
  2. verifies if images.

From the illustration we can see that sender images encrypts the message with images so that confidentiality is provided. Sender images also signs the message with images so that non‐repudiation is provided. Data integrity is also provided with hash functions.

12.2.3 Consistency of the Proposed IBSC Scheme

We then verify the consistency of the proposed IBSC scheme, in particular, the algorithms Decryption and Verification. The original message images can be recovered with algorithm Decryption if and only if images. The consistency can be proved as follows:

(12.1)images

Therefore

(12.2)images

The consistency of algorithm Verification is proved as follows:

12.2.4 Identity‐Based Signature

As discussed earlier, not all messages need encryption in smart grid communications. Nonetheless, data integrity and non‐repudiation are still required for most messages. To simplify the computation of each node, the IBSC scheme may be reduced to an identity‐based signature (IBS) scheme for the purpose of digital signature only. The IBS scheme comprises four algorithms, Setup, Keygen, Signature, and Verification. The algorithms Setup and Keygen are the same as the ones in IBSC. The algorithms Signature and Verification are described in the following sections. For consistency, assume images sends images to images in the discussion.

12.2.4.1 Signature

Signature is the algorithm in IBS used to sign a message by sender images. For a given message images, sender images signs it in the following steps:

  1. randomly picks images and computes
    images
  2. computes images and computes
    images
  3. finally outputs images.

12.2.4.2 Verification

Verification is the algorithm on the receiver side used to validate a digital signature. The receiver images verifies a digital signature images in the following steps:

  1. computes images and images;
  2. verifies if images.

This completes the description of the IBS scheme. The consistency has been is proven by Eq. (12.3).

12.2.5 Key Distribution and Symmetrical Cryptography

Although encryption is achieved in the IBSC scheme, some may still prefer symmetric ciphers for data encryption. Because the proposed identity‐based schemes are based on bilinear pairing (over elliptic curves) with large numbers, they are considerably slower compared to well‐established symmetric ciphers (e.g. advanced encryption standard). Therefore, the IBSC can be modified for session key distribution with symmetric ciphers (e.g. images) for the actual data encryption. In the modified IBSC, the algorithms Setup and Keygen are unchanged and generate domain public parameters. The algorithm Signcryption is modified to encrypt a message images with a secret key images as follows:

  1. Sender images randomly picks images and sets
    images
  2. computes images and computes
    images
  3. computes images and images, and computes
    images
  4. computes images and encrypts the message
    images
  5. encrypts images as images;
  6. finally outputs a 5‐tuple images.

The algorithm provides a digital signature in the same way that the original IBSC does. The consistency of the modified IBSC follows the original scheme.

12.3 Single Proxy Signing Rights Delegation

In some cases, the signing right of a specific local control center can be delegated to another local control center. A certificate is provided by the local control center itself or the PKG for signing right delegation.

12.3.1 Certificate Distribution by the Local Control Center

Let images be the certificate of signing right delegated by images to images. A simple example of such a certificate could be images, where images is the expiration time of images. A certificate can be valid for one message or for all messages before expiration of the certificate. The local control center images delegates images for a message images in the following steps:

  1. images randomly picks images and computes
    images
  2. computes images and computes
    images
  3. sets images.

Signing rights delegation is a 4‐tuple images. Once images receives the images, it verifies images if images. The consistency is shown in the following:

(12.4)images

12.3.2 Signing Rights Delegation by the PKG

Alternatively, the PKG is able to distribute a certificate images to images in the following steps:

  1. The PKG randomly picks images and computes
    images
  2. it finally outputs a 5‐tuple images.

The delegation images is verified by images if images. The consistency is shown in the following:

(12.5)images

12.3.3 Single Proxy Signature

With certificate images, images is ready to sign message images on behalf of images in the following steps:

  1. images randomly picks images and computes
    images
  2. it finally outputs a 5‐tuple images.

The proxy signature is images (note that images, images, and images are from images). A receiver verifies images by checking if the equation holds as follows:

images

The consistency is shown in the following,

(12.6)images

12.4 Group Proxy Signing Rights Delegation

The group proxy signing right of a local control center images is delegated by the PKG to a chosen group of local control centers (e.g. images for some images). Without loss of generality, assume a total number images local control centers are chosen as a group in the discussion.

12.4.1 Certificate Distribution

For each images in the group, the PKG generates a partial signing right certificate images and

  1. randomly picks images and computes
    images
  2. and finally outputs a 5‐tuple images.

Once images receives the images, it verifies the certificate by checking if images.

12.4.2 Partial Signature

With images, images can generate a partial signature for message images in the following steps:

  1. images randomly picks images and computes
    images
  2. finally outputs a 5‐tuple images.

12.4.3 Group Signature

After all the proxies have generated partial signatures, one of the local control centers is chosen as the gateway (e.g. images) and generates a group signature in the following steps:

  1. images computes
    images
  2. finally outputs images.

A receiver verifies the group signature images by checking if the equation holds as follows:

images

The consistency can be verified such that

images

12.5 Security Analysis of the Proposed Schemes

12.5.1 Assumptions for Security Analysis

The security of the IBSC and IBS schemes is based on the following computational problems [184, 185, 188]:

  • Computational Diffie‐Hellman (CDH) problem. Given images and images, for all images compute images in polynomial time.
  • Bilinear Diffie‐Hellman (BDH) problem. Given images and images, for all images compute images in polynomial time.

Without loss of generality, time stamp images is considered part of the identity images in the analysis later. To make the illustration clearer, the proposed IBSC scheme is separated into an identity‐based encryption scheme and identity‐based signature for security analysis. Moreover, all random values are picked uniformly unless otherwise specified.

12.5.2 Identity‐Based Encryption Security

12.5.2.1 Security Model

Definition 1 Semantic security for identity‐based encryption (IBE) schemes [188]. If no probabilistic polynomial time adversary has a nonnegligible advantage in this game:

  1. The challenger runs the setup algorithm to generate the system's parameters and sends them to the adversary.
  2. The adversary images performs a series of queries:
    • Key extraction queries. images produces an identity ID and receives the private key images.
    • Challenge. After a polynomial number of queries, images outputs two equal‐length plaintexts images and images and a public key ID on which it wishes to be challenged (ID has not appeared in private key queries). The challenger picks a random bit images and encrypts images according to the IBE scheme.
    • More key extraction queries. images issues more key extraction queries. The challenger responds as before.

Finally, the adversary images outputs a guess images, images wins the game if images.

12.5.2.2 Security Analysis

12.5.3 Identity‐Based Signature Security

12.5.3.1 Security Models

Definition 2 Strongly existentially unforgeable identity‐based signature scheme under chosen‐message attacks [184]. If no probabilistic polynomial time adversary has a nonnegligible advantage in this game:

  1. The challenger runs the setup algorithm to generate the system's parameters and sends them to the adversary.
  2. The adversary images performs a series of queries:
    • Key extraction queries. images produces an identity images and receives the private key images.
    • Signature queries images produces a message images and an identity images and receives a signature on images that was generated by the signature oracle using the private key corresponding to the identity images (i.e. images).
    • After a polynomial number of queries, images produces a tuple images made of an identity images, whose corresponding private key was never asked during stage 2, and a message signature pair images such that images was not returned by the signature oracle on the input images during stage 2 for the identity images.

images wins the game if the forged signature can be verified when the verification algorithms run on the tuple images. The forger's advantage is defined to be its probability of producing a forgery taken over the number of coin‐flipping of the challenger and images.

12.5.3.2 Security Analysis

12.6 Performance Analysis of the Proposed Schemes

In this section, we evaluate the performance of the proposed schemes.

12.6.1 Computational Complexity of the Proposed Schemes

Performance of the proposed schemes is based on the number of operations and the efficiency of each type of operations. Table 12.1 lists the number of operations of each algorithm in the proposed security scheme. Among them, images indicates standard multiplication in images. Since addition in images and XOR are simple and efficient operations, they are not listed in the table.

Table 12.1 Computational complexity.

# of images# of images# of images# of images# of images
Signcrypt15121
Decrypt10001
Sign03100
Verify31110

Hash functions can be computed efficiently in general. In practice, images and images are easy to find. However, it is hard to build images. In the analysis, we relax images into two steps as follows:

  1. images;
  2. images.

In step 1, images is a finite set, and images is an encoding function which is computable. Note that after the relaxation, the public key for a given images and images is calculated as images. In the proposed IBSC scheme, public keys can be computed at the beginning of each session and cached for the entire session. Therefore, the relaxation of images does not introduce more computational cost in reality. Because of that, performance of the IBSC and IBS schemes will be considered efficient if bilinear pairing images and multiplication in images can be computed efficiently. Since the Weil pairing can be performed efficiently using Miller's algorithm [191], the bilinear map images can be performed efficiently as well.

12.6.2 Choosing Bilinear Paring Functions

To analyze the performance of the IBSC scheme, we apply two bilinear pairing functions, modified Weil pairing and Tate pairing, over supersingular elliptic curve images.

We first construct images. Let images be a prime number such that images and images for some prime images and positive integer images. Then images is the subgroup of order images of images. The CDH problem is hard in the group images [188, 192]. However, it is worth mentioning that the decisional Diffie‐Hellman (DDH) problem is an easy one for bilinear map images. This is because with given images, images, we can easily check if images by comparing images with images.

The Weil pairing images has the properties of bilinearity and computability; however, it does not have nondegeneracy. Therefore, we adopt a modified Weil pairing images such that images, where images is an automorphism on the group of points of supersingular elliptic curve images, that is, images, where images is a primitive cube root of unity in images. Thus, images. The bilinear map images is calculated as a Weil pairing with an additional standard multiplication on the curve images. According to [188], images is believed to satisfy the BDH problem. However, computing the discrete logarithm in images is sufficient for computing the discrete logarithm in images. Therefore, in order to make it sufficiently hard in practice, images needs to be at least 512 bits long.

12.6.3 Numerical Results

We evaluate the proposed identity‐based schemes with modified Weil pairing images using Mathematica 10.0 on a computer equipped with an Intel Core i5‐2400 images GHz and 12 GB RAM. We first show the computational cost of each operation. Since images, images, and images do not have much difference in computational time and the added encoding function images is more efficient than images, the hash functions are excluded from the performance analysis.

Table 12.2 Computational time for each operation.

Bilinear pairing imagesStandard multiplication
images bitsimages bitsimages bitsimages bits
7.44 ms13.25 ms6.43 ms12.29 ms

First, we evaluate the computational time for the bilinear pairing images. Two sets of evaluation are given, that is, for images bits and images bits. Each evaluation is the average value from images calculations. With images bits, one images takes about 7.44 ms. With images bits, one images takes about 13.25 ms. We then evaluate the computational time of standard multiplication over images (i.e. images). The computational time of images mainly depends on the size of images (assuming images bits). The computational time of each evaluation is averaged from images calculations. With images bits, a standard multiplication operation takes about images ms. Note that in the proposed IBSC, images is the output of some hash functions; therefore, images usually is 256 bits or 512 bits, where the computation is efficient. The evaluation results are summarized in Table 12.2.

Table 12.3 Computational time of each algorithm.

images bimages bimages bimages b
images bimages bimages bimages b
Signcrypt39.59 ms68.89 ms45.4 ms74.7 ms
Decrypt 7.44 ms 7.44 ms13.25 ms13.25 ms
Sign19.29 ms36.87 ms19.29 ms36.87 ms
Verify28.75 ms34.61 ms46.18 ms52.04 ms

Based on the evaluations we have for each operation, we then show the total operational time for each algorithm. In practice, public keys are computed once and cached for the entire session. The computational time of each algorithm is listed in Table 12.3 ( where “b” stands for “bits”). It is shown that the proposed IBSC performs efficiently for delay‐tolerant and even near real‐time data transmission, for example, metering data transmission. However, for real‐time monitoring data, such as PMU data, the identity‐based schemes alone may not be a good solution. Without sufficient computational resources, faster security protocols and schemes are recommended, for instance, traditional symmetric ciphers. The proposed IBSC can be applied for initial authentication and key distribution of the chosen symmetric ciphers.

12.7 Conclusion

In this chapter, we proposed an ID‐based signcryption security scheme for smart grid communications over public networks. The proposed IBSC scheme performs simultaneously the functions of encryption and digital signature. Therefore, confidentiality, non‐repudiation, and data integrity are provided in a single calculation. The proposed IBSC scheme was also reduced to a ID‐based digital signature scheme if confidentiality is not required for some messages. To further enhance the performance, symmetric ciphers were introduced to the IBSC. In addition, delegation of signing rights from one local control center to another (or a few) local control center was achieved by the proposed identity‐based schemes. The security of the proposed IBSC was studied. The numerical results showed that the proposed IBSC scheme is able to perform efficiently with security guarantee in the cyber‐physical system of the smart grid.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
44.220.62.183