Taxes & Accounting

A Lightweight Message Authentication Scheme for Smart Grid Communications

Description
Smart grid (SG) communication has recently received significant attentions to facilitate intelligent and distributed electric power transmission systems. However, communication trust and security issues still present practical concerns to the
Published
of 12
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
   A Lightweight Message Authentication Scheme for Smart GridCommunications© 2011 IEEE. Personal use of this material is permitted. Permission fromIEEE must be obtained for all other uses, in any current or future media,including reprinting/republishing this material for advertising orpromotional purposes, creating new collective works, for resale orredistribution to servers or lists, or reuse of any copyrighted component of this work in other works.This material is presented to ensure timely dissemination of scholarly andtechnical work. Copyright and all rights therein are retained by authors orby other copyright holders. All persons copying this information areexpected to adhere to the terms and constraints invoked by each author'scopyright. In most cases, these works may not be reposted without theexplicit permission of the copyright holder.Citation:Mostafa M. Fouda, Zubair Md. Fadlullah, Nei Kato, Rongxing Lu, and  Xuemin (Sherman) Shen, “A Lightweight Message Aut hentication Scheme for Smart Grid Communications,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 675 - 685, December 2011.URL:http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5983424   1 A Lightweight Message Authentication Scheme forSmart Grid Communications Mostafa M. Fouda, Member, IEEE, Zubair Md. Fadlullah, Member, IEEE, Nei Kato, Senior Member, IEEE, Rongxing Lu, Member, IEEE, and Xuemin (Sherman) Shen, Fellow, IEEE   Abstract —Smart Grid (SG) communication has recently re-ceived significant attentions to facilitate intelligent and dis-tributed electric power transmission systems. However, communi-cation trust and security issues still present practical concerns tothe deployment of SG. In this paper, to cope with these challeng-ing concerns, we propose a lightweight message authenticationscheme features as a basic yet crucial component for secure SGcommunication framework. Specifically, in the proposed scheme,the smart meters which are distributed at different hierarchicalnetworks of the SG can first achieve mutual authentication andestablish the shared session key with Diffie-Hellman exchangeprotocol. Then, with the shared session key between smart metersand hash-based authentication code technique, the subsequentmessages can be authenticated in a lightweight way. Detailedsecurity analysis shows that the proposed scheme can satisfythe desirable security requirements of SG communications. Inaddition, extensive simulations have also been conducted todemonstrate the effectiveness of the proposed scheme in termsof low latency and few signal message exchanges.  Index Terms —Smart Grid, Message authentication, Security. I. I NTRODUCTION Recently, Smart Grid (SG) is the buzz word, which hasattracted attentions from engineers and researchers in bothelectric power and communication sectors [1]–[5]. The con-cept of SG has appeared in recent literature in different flavors.Some referred to it as intelligent grid whereas some calledit the grid of the future. The objective of the SG conceptremains more or less the same, namely to provide end-usersor consumers with power in a more stable and reliable mannerthat the aging power-grids of today may not be able toprovide in the near future. In this vein, SG incorporates atwo-way communication between the provider and consumersof electric power. The two way communication indicates theability of SG to enable the end-users to express their powerrequirement demands to the utility provider. In SG, the usersare no longer passive players. Instead, they can undertakeactive roles to effectively minimize energy consumption bycommunicating back and forth with the provider. Numerousmachines including sensing devices, smart meters, and controlsystems are expected to be between the provider and end-users to facilitate this two-way communication system in SG. Part of the work has been presented in INFOCOM’11 Workshop SCNC[1].M. M. Fouda, Z. M. Fadlullah, and N. Kato are with the Graduate Schoolof Information Sciences, Tohoku University, Sendai, Japan e-mails: { mfouda,zubair, kato } @it.ecei.tohoku.ac.jpR. Lu and X. Shen are with Department of Electrical and ComputerEngineering, University of Waterloo, Waterloo, Canada e-mails: { rxlu,xshen } @bbcr.uwaterloo.ca To facilitate this, Internet Protocol (IP)-based communicationtechnologies are considered to be the top-most choice forsetting up smart grid’s networks covering homes, buildings,and even larger neighborhoods. The choice of IP-based SGcommunication means that every smart meter and each of thesmart appliances (e.g., air-conditioners, heaters, dish-washers,television sets, and so forth) will have its own IP addressand will support standard Internet Engineering Task Force(IETF) protocols for remote management. However, existingIP-based communication networks, e.g., Internet, are likelyto be challenged by a huge volume of delay-sensitive dataand control information, and also a wide variety of maliciousattacks, such as replay, traffic analysis, and denial of service(DOS) attacks. Therefore, IP-based SG communications willalso be vulnerable to security threats. As a consequence, itis essential to properly design SG communication protocolsfor dealing with all possible security threats. In addition, notall the entities in SG are trusted. As in conventional IP-based communication networks, SG communication frame-work needs to verify whether the parties involved in communi-cation are the exact entities they appear to be. As a result, theSG communication framework should consider an adequateauthentication mechanism [6]–[16] so that malicious usersmay not be able to compromise the secrecy or privacy of theinformation exchanged between the provider and consumers.Current smart metering technologies (e.g., Advanced Me-tering Infrastructure or AMI) lead to privacy concerns be-cause they depend upon centralizing personal consumptioninformation of the consumers at their smart meters. Since2009, a legal ruling in Netherlands has made it mandatory toconsider privacy issues in case of using smart meters [17].Similarly, in the USA, NIST dictated that there should be“privacy for design” approach for SG communications [18].These privacy concerns may be addressed by adequatelyauthenticating the smart meters. However, such a solutionshould take into account the rather limited resources (i.e., lowmemory and computational capacity) on the smart meters. Asa consequence, any authentication mechanism for smart gridcommunication should be designed so that it does not puttoo much burden on the already constrained smart meteringresources. In other words, the SG communication requires thata secure authentication framework should minimally increasethe messages exchanged amongst the smart meters. In this pa-per, we propose a lightweight message authentication schemefor securing communication amongst various smart meters atdifferent points of the SG. Specifically, based on the Diffie-Hellman key establishment protocol and hash-based message  2 authentication code, the proposed scheme allows smart metersto make mutual authentication and achieve message authenti-cation in a lightweight way, i.e., it does not contribute to highlatency and exchange few signal messages during the messageauthentication phase.The remainder of this paper is organized as follows. Somerelevant research works are presented in Section II. Sec-tion III gives our considered SG communications systemmodel. In Section IV, the unique security requirements of SGcommunication are delineated. We then present our securityframework and describe a lightweight message authenticationscheme to secure communications amongst various SG entitiesin Section V. A detailed security analysis of the proposedauthentication scheme is provided in Section VI. Comparativeevaluation of our proposed scheme with an existing authen-tication mechanism for SG communication are presented inSection VII, followed by concluding remarks in Section VIII.II. R ELATED R ESEARCH W ORK From the IEEE P2030 SG standards, three task forces areformulated to carry out the smart grid agenda, namely powerengineering techology (task force 1), information technology(task force 2), and communication technology (task force 3),where information technology (task force 2) is related to dig-ital security of SG communications. In other words, this task force is responsible for designing system and communicationsprotection policies and procedures to fend off malicious attacksagainst SG [9]. However, the main shortcoming of thesepolicies consists in the broad and coarse design directions thatthey provide. A utility computer network security managementand authentication system for SG is proposed by Hamlyn et al. [10]. However, it is limited to the authentication betweenhost area electric power systems and electric circuits.In [11], power system communication and digital securityissues are taken into account as critical components of SG.It suggests that a number of digital security issues need tobe addressed for SG communication. For example, it waspointed out that combining SCADA/EMS (Supervisory Con-trol and Data Acquisition/Energy Management System) withinformation technology networks leads to significant securitythreats. In addition, this work indicated that broadband Internettechnologies may enable intruders to access smart meters andeven the central system by which they may collect meteringdata. Indeed, the metering data, along with price information,special offers, and so forth, may contain sensitive data of theclient which may lead to breach of privacy.Metke et al. indicated in [12] that SG deployments mustmeet stringent security requirements. For example, they con-sider that strong authentication techniques is a requisite forall users and devices within the SG. This may, however,raise to scalability issue. In other words, as the users anddevices in SG are expected to be quite large, the strongestauthentication schemes may not necessarily be the fastest ones.As a consequence, scalable key and trust management systems,tailored to the particular requirements of the utility providerand users, will be essential as far as SG communication isconcerned.Kursawe et al. present the need for secure aggregation of data collected from different smart meters [13]. They presentfour concrete protocols for securely aggregating smart metersdata readings, namely interactive protocols, Diffie-HellmanKey-exchange based protocol, Diffie-Hellman and Bilienar-map based protocol, and low-overhead protocol. Interest-ingly, the last three protocols rely upon the srcinal Diffie-Hellman key exchange protocol in its securest form or itsmore relaxed variants. The computation and communicationoverheads with the relaxed variants of Diffie-Hellman basedsecurity aggregation schemes on smart meters are verified tobe lower. However, this work does not consider smart metersauthentication, for which, we also can extend Diffie-Hellmanbased approaches.Three methods are compared in [14] for authenticatingdemand response messages in SG, namely Bins and Balls(BiBa), Hash to Obtain Random Subsets Extension (HORSE),and Elliptic Curve Digital Signature Algorithm (ECDSA).It is demonstrated that ECDSA offers higher security incontrast with BiBa and HORSE, at the expense of increasedcomputational complexity, particularly at the receiver-end. Inthis paper, by first providing a broad SG communicationsframework, we envision a secure and reliable framework com-prising a lightweight message authentication scheme, which iscustomized to the specific needs of SG.III. SG C OMMUNICATIONS S YSTEM M ODEL Fig. 1 shows our considered SG communication frame-work. The SG power transmission and distribution system isconsidered to be separated from the communication system.For the sake of clarity, the power Distribution Network (DN)is described briefly at first. The power, which is generatedat the power plant(s), is supplied to the consumers via twocomponents. The first component is the transmission substa-tion at/near the power plant. The second component com-prises a number of distribution substations. The transmissionsubstation delivers power from the power plant over highvoltage transmission lines (usually over 230 kilo volts) tothe distribution substations, which are located at differentregions. The distribution substations transform the electricpower into medium voltage level and then distribute it to thebuilding-feeders. The medium voltage level is converted bythe building-feeders into a lower level, usable by consumer-appliances.To explore the SG topology from communication point of view, the SG topology is divided into a number of hierarchicalnetworks. The transmission substation located at/near thepower plant, and the Control Centers (CCs) of the distributionsubstations are connected with one another in a meshednetwork. This mesh network is considered to be implementedover optical fiber technology. Optical fiber technology ischosen because ( i ) it is feasible for setting up this type of core meshed network, and ( ii ) it is the most capable broadbandtechnology for sustaining high volume of SG traffic with theleast possible communication latency.The communication framework for the lower distributionnetwork (i.e., from CCs onward) is divided into a num-ber of hierarchical networks comprising Neighborhood Area  3 Power plantTSSmartMeterHAN 1Typical apartmentNAN nCCn at DS n ZigbeeconnectionWiMaxconnectionOptical fiber connectionNAN GatewayHAN GatewayBAN GatewaySmart MetersCommunication Links BAN 1BAN 2BAN kWiMaxbasestationNAN 1CC1 at   DS112mNAN 2CC2 at DS 2 Fig. 1. Considered SG communications framework. Network (NAN), Building Area Network (BAN), and HomeArea Network (HAN). For the sake of simplicity, let everydistribution substation cover only one neighborhood area.There are n DSs covering n neighborhoods or NANs. Each of these NANs comprises a number of BANs. For example, the NAN  1 in Fig. 1 consists of  k BANs, each of which is assigneda number of HANs, i.e., several apartment-based networks.Also, there are smart meters deployed in the SG architectureenabling an automated, two-way communication between theutility provider and consumers. Each smart meter has twointerfaces - one interface is for reading power and the otherone acts as a communication gateway. Throughout this paper,we refer to the smart meters used in NAN, BAN, and HAN asNAN GW (GateWay), BAN GW, and HAN GW, respectively.Through these smart meters/GWs, the consumers are able todetermine their currently consumed electric power and decideto change their consumption level by running/shutting downcertain appliances. A smart meter comprising MSP430F471xxmicrocontroller should be able to operate as a typical HANGW [19]. The memory size of the HAN GW is up to 8KBRandom Access Memory (RAM) and 120KB flash memory.The key integrated peripherals of the HAN GW includea 16MHz CPU, 3/6/7 16-bit Analog to Digital Converters(ADCs) and Programmable Gain Amplifiers (PGAs), 160-segment Liquid Crystal Display (LCD), Real Time Clock (RTC), and 32x32 hardware multiplier for easy energy mea-surement computations. For the BAN GWs, smart meteringequipments having ten times more capability than the HANGWs are considered because industrial standards have notyet released fully functional BAN GWs. In other words, foreach BAN GW, a smart meter with 160MHz CPU, 128KBRAM, and 1MB flash memory is considered. Similar lack of industrial specimen for NAN GWs led us to assume NANGW configuration through a PC with the Intel Core i7 CPUand RAM of 6GB. It is worth mentioning that the differencein these smart metering specifications are attributed to thefact that the consumers on the lower spectrum of the SGhierarchical networks are expected to encounter significantlylower traffic and have budget constraints (i.e., how much theordinary consumers are willing to pay for their smart meters)while the NAN GW at the CC can easily accommodate oneor more high-spec PC(s) for dealing with significantly hugeamount of data srcinating from a substantial number of usersin the neighborhood.Next, we describe the SG communications framework fol-lowed by the SG communications packet structure. For clarity,SG communication at HANs is delineated at first. Also, it isworth noting that based upon the existing standards of SG,IP-based communications networking is preferred which per-mits virtually effortless inter-connections with HANs, BANs,NANs, CCs, and the transmission substation.  A. SG Communication Networks1) Home Area Network - HAN at the consumer-end: Within the considered SG, a HAN portrays the subsystemin the lowest end of the hierarchical spectrum, i.e., at theconsumer-end. The HAN enables consumers to efficiently  4 manage their on-demand power requirements and consumptionlevels. Let us refer to HAN  1 in Fig. 1. HAN  1 connects thesmart appliances (e.g., television, washing machine, oven, andso forth having their unique IP addresses within that smartapartment) to a HANGW  1 . HANGW  1 , the smart meterassigned to the HAN, is responsible for communicating withBANGW1. Smart Energy Profile (SEP) Version 1.5 over IEEE802.15.4 ZigBee radio communications is considered to beHAN communication protocol. The reason behind opting forZigBee instead of other wireless solutions (e.g., IEEE 802.11(WiFi) and Bluetooth) is due to its low power requirementsas well as simple network configuration and managementprovisions citeFFKTI11. The fact that ZigBee provides areasonable communication range of 10 to 100 meters whilemaintaining significantly low power requirement (1 to 100mW) and cost presents itself as a feasible communicationtechnology in the HAN level. 2) Building Area Network - BAN at the building-feeder: To be consistent with practical observation whereby a typicalbuilding consists of a number of apartments/homes, in ourconsidered SG topology, a typical BAN comprises a number of HANs. The smart metering equipment installed at the building-feeder, referred to as the BAN GW, can be used to monitorthe power need and usage of the residents of that building. Forfacilitating BAN-HANs communication, conventional WiFimay appear to be an attractive choice at a first glance due toits popularity amongst in-home users in recent time. However,let us consider the scenario of a BAN covering a large numberof households (e.g., a hundred or more). In such a scenario,the longest distance from a particular apartment to the BANnode may be hundreds of meters. Because WiFi technologymay cover up to a hundred meters, it may not be adequate forthis type of scenario. Therefore, WiMAX may be employedto cover more areas to facilitate the communication betweena BAN and its covered HANs. 1 3) Neighborhood Area Network - NAN at the ControlCenter: NAN exists on the upper end of the SG commu-nications network hierarchy. A NAN represents a locality ora particular region (e.g., a ward within a city). Through aNAN GW, the utility provider is able to monitor how muchpower is being distributed to a particular neighborhood by thecorresponding distribution substation. For facilitating NAN-BANs communication, WiMax or other relevant broadbandwireless technologies may be adopted. To this end, one ormore WiMAX base stations are located in every NAN. Notethat the WiMAX framework used for SG communicationsshould be separate from the existing ones used for providingother services, e.g., Internet. This provision is necessary forpreventing network congestion and avoiding possible securitythreats, which are already present in the existing Internet.  B. Adopted Packet Structure for SG Communications Fig. 2 shows an overview of SG communication packetstructure from industry-oriented smart meter specificationsin [20]. In addition to the raw message, each packet also 1 It is worth noting that 3G, and other modes of wireless broadbandcommunications may be alternative solutions to WiMax. includes three headers, namely the message header, TCP/IPheader, and security header. The message header containsmeter ID MAC address, equipment status, and the Type of Message (ToM). As shown in Fig. 2, there are nine ToMs thatthe HAN GW can send to the BAN GW, and the function andsize of each ToM are also described.IV. P ROBLEM S TATEMENT Securing SG communication depends on two importantrequirements [21], namely communication latency and largevolume of messages in SG. If the CC misses any input froma HAN smart meter, this may affect the decision taken bythe CC that may be important. Table I provides the powerrequirements of different equipments in a typical HAN. Inorder to avoid any potential emergency situation, which mayoccur at any time, the SG communication system needs tobe able to handle the message delivery to the CC via theBAN and NAN GWs with the minimum delay possible. Thepower requirements of the HAN devices given in Table I aresent to the respective BAN by meter periodic data read (i.e.,ToM#2). The size of each raw periodic request message is32 bytes. With the mandatory headers, the packet size canbe roughly (50+32=) 82 bytes. In addition, there are TCP/IPheaders and optional security headers if any security protocolis used. If congestion occurs at the BAN GW, the packet maybe delayed to be sent to the NAN GW and CC. Furthermore, itmay also be dropped if the RAM and the on-chip flash of theBAN GW are full due to ( i ) multiple messages arriving fromdifferent HANs at the same time, and ( ii ) limited processingcapability of the BAN GWs. If this is the case, the BANGW may request the HAN GW to retransmit the requiredpackets. This also contributes to the increased communicationlatency. In practice, the SG communication latency should bein the order of a few milliseconds [21], [22], yet it is hard toachieve in large scale SGs. As a result, how to minimize thecommunication latency becomes one of research focuses. TABLE IP OWER REQUIREMENTS OF DIFFERENT APPLIANCES IN A TYPICAL HAN. Electrical appliance Power requirement (KW/hr) Air conditioner 1Refrigerator 0.2Microwave oven 0.1Light bulbs 0.05Personal computer 0.2 Hauser et al. [21] further suggest that the SG communica-tion network should be able to accommodate more messagessimultaneously without any major impact on communicationlatency. The large volume of messages in SG communicationwill affect the bandwidth required. Let us consider a modelwhere a CC, connected with 10,000 feeders (and BAN GWs),serves 100,000 customers. Assuming that each HAN GWgenerates a message every second to the BAN GW [23] ina typically power-intensive period (e.g., during a hot summerday when many consumers want to simultaneously switch ontheir air-conditioners), the total number of generated messagesper second is 100,000. The BAN GWs also generate messagesto each other and also to the CC through the NAN GW. If the
Search
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks