![1 | P a g e
Authentication in smart grid
Introduction
Since the dawn of network security, authentication has played a vital role. Authentication can be
thought of as procedure or steps taken to determine with certainty that someone is in fact what
he/she is declaring to be. In case of networks not always humans need to be authenticated but
processes also. Processes are always in need of resources or engaged in sending/receiving sensitive
information. For such scenarios processes also needs to be authenticated. Former uses traditional
username password scheme or biometrics while latter uses schemes such as digital certificates and
public key infrastructure. Smart Grid (SG) signifies the junctions of traditional electricity grid with
digital technology to create a reliable and efficient electric grid. Smart Grid (SG) is a vast intricate
network consisting of millions of device interconnected. Such huge network implicitly inherits
certain security concerns and susceptibilities. authentication can be thought of as a most significant
aspect in such concerns. The paper describes three most recent developments in this field of
research.
Entity Authentication
Entity authentication follows the ideology of an entity, whether it is person or a device or a process,
entity should be authenticated as and when it accesses resources requiring authentication. Entity
authorization in SG is an important research topic [1], [2], [3]. There are some prominent features
that make entity authentication still a challenge. First, the intended use of SG will be ultimately to
aid in automated administration and supervision of energy devices and entities without human
involvement, in essence machines to machine authentication would be elementary form of
authentication. A strong and reliable scheme for the protection of a private key is needed to attain
desired guarantee of digital authorization in an unattended, entirely computerized environment.
Second, currently all present protocols [4], [5], [6] and [7] suffice security issues corresponding to
cyber domain, undermining SG is an cyber as well as physical domain which includes power
relays, substations, vehicle-to-grid [8], etc. In SG, many of the cyber domain instructions produces
effects on a physical domain such as command sent to disable a power relay. A new two-factor
cyber-physical authentication protocol is presented in [9] for Electric Vehicles (EV) in SG. It
focuses on both physical as well as cyber domain by following challenge-response authentication
paradigm where one party asks a "question" or "challenge" and another party is expected to provide](https://image.slidesharecdn.com/24f41d8a-9747-400a-a60b-3d5bf0a27127-150316153108-conversion-gate01/85/Paper1_Final-1-320.jpg)
![2 | P a g e
a valid "answer" or "response". Protocol in [9] uses two challenge approach where one challenge
is sent over cyber domain and other is sent over physical domain introducing two-factor cyber-
physical authentication. This protocol can easily be extended to any physical domain appliance
such as switches, trippers, etc. only hurdle is finding the appliance relevant "challenges". Main
problem that is solved by this protocol is substitution attack which is analogous to Man in the
Middle attack. Assumption made here is every EV has Intelligent Electronic Device (IED)- a token
to guarantee the identity of EV. Attacker would try to access an EV with a stolen IED. If only
physical level "challenge" was used then attacker would surely get stolen EV charged in contrast
to deny charging for stolen EV with help of stolen IED. But this attack would not work if two
challenge authentications is used as cyber challenge would fail, an example of cyber challenge
would be username password pair of the valid EV driver. Argument can be made that if there is a
way to overcome physical challenge than surely there exists a way to overcome cyber challenge
i.e. what if stolen but valid EID and valid user credentials are used to charge stolen EV? To
overcome such scenarios a new identity can be used which strictly depends on EID pre-installed
on EV and username-password combination. Thus, when attacker tries to impersonate as valid
user the combination of stolen EID and username password will not match resulting in denied
access of charging.
Authentication between SG and Gateways
Gateways in SG are the system to which every smart appliance are connected on one end and it’s
another end is connected to Smart Meter (SM) which is installed by utility providers. If the
authentication between gateway and SM is not efficiently processed than an attacker can easily
perform Man In The Middle (MITM) attack which can lead to irregularity in power usage directly
affecting the pricing/billing for service usage or at worst attacker may send false control signals to
genuine gateway and cause blackout by shutting down all appliances. Protocol described in [10]
is an attempt to prevent such attacks. Here assumption made is that both gateway and SM uses
common connection architecture i.e. internet, landline, cell phone or Advanced Metering
Infrastructure (AMI). SG contains millions of devices, and each of them should be globally
connected. For this purpose, each device needs to be identified by a unique identifier which
depends on the communication architecture used, for example in the case of Internet IPv6 can be
used. For the current scenario let us assume internet is the communication architecture and each](https://image.slidesharecdn.com/24f41d8a-9747-400a-a60b-3d5bf0a27127-150316153108-conversion-gate01/85/Paper1_Final-2-320.jpg)
![3 | P a g e
device uses an IP as identifier. Initiation is done by gateway by sending an authorization request
message along with its IP, on receiving this message SM sends an acknowledge to sender gateway
and an authentication request with its ID and IP of sender to a trusted third party. On receiving the
acknowledge from SM gateway also send an authentication request with same data as SM to the
same trusted third party for mapping of SM's ID to a location. For appropriate mapping trusted
party can collaborate with ISP to provide location based on IP, ISP sends "True" if location of SM
matches location of a gateway otherwise "False" message to both SM and gateway. Connection is
only established if both SM and gateway receive "True" message. Here the trusted third party has
to make sure that a correct gateway is matched to correct SM.
Authentication between smart appliances and remote user
One of the most important feature supported by smart appliances connected to SG is that remote
control and monitoring by user who is not in Home Area Network (HAN). For example,
homeowner can control or monitor smart appliances such as smart bulb, cooling system or security
system while he/she is not present in his HAN. Such capability introduces great deal of security
vulnerability. MITM attacks are possible as attacker can impersonate as a homeowner and can
control every smart appliance which can result in irregularity in power consumption leading to
higher billing price or even blackouts. A user should be authenticated rigorously before giving him
the control of appliances. [11] describes such protocol which includes a remote user, device to
access remotely and an authentication server spanning in two phase. In primary phase, whenever
a new device is registered by the authentication server it creates an ID and shared secret key which
is stored in server's database and in device's memory securely. Also, remote user should have its
own ID and password authenticated by a server in advance. In second phase, mutual authentication
takes place between remote user and device as follows: user sends its ID, ID of the device and a
timestamp TS1 to the authentication server, authentication server then checks ID and password of
user and creates a secret key by applying one-way hash function on TS1 and password of user.
This secret key, ID of user and a session key KAB (includes secret key of remote device (B) and
user (A)) with a random key RS is used to create token for authentication purpose. This token is
then sent to remote user which creates a message authentication code (MAC) with a help this
token, a new timestamp TS2 and session key KAB and transmits to a home server of remote device.
On receiving this MAC, server knows the intended destination with a help of ID in the](https://image.slidesharecdn.com/24f41d8a-9747-400a-a60b-3d5bf0a27127-150316153108-conversion-gate01/85/Paper1_Final-3-320.jpg)
![4 | P a g e
authentication code and routes the MAC to device. Device decrypts the code with help of session
key KAB and secret value created during primary phase. Now [11] uses mutual authentication
scheme where device also sends a token to user and user needs to authenticate it. Thus, after
decrypting the message device creates a new message with same session key KAB and a random
number RS+1 created with help of random number RS in previous message. This new message is
then sent to user via home server, user decrypts the message with help of session key KAB and then
creates a secure channel and communicates over this channel. In case of attacker intercepts the
message from channel and masquerades as sender for receiver or as receiver for sender, attacks
such as data forging and alteration by the outside party (attacker, in this case) can be easily blocked
as they have no knowledge of the secret key used by sender and receiver.
Conclusion
Authentication problems in SG are far more diverse and difficult than in traditional network i.e.
internet. This is because of very high level of reliability, power device security and IT security, as
a result of this SG authentication requires new techniques. Attacks such cyber-physical attacks are
only possible in SG. The above mentioned three techniques adopted from [9], [10] and [11]
provides a radical approach to solving this problem of cyber-physical attacks and user privacy
attacks respectively and providing availability and confidentiality at the same time.](https://image.slidesharecdn.com/24f41d8a-9747-400a-a60b-3d5bf0a27127-150316153108-conversion-gate01/85/Paper1_Final-4-320.jpg)
![5 | P a g e
Works Cited
[1] Baumeister, T. 2011. "Adapting PKI for the smart grid." Proc. IEEE SmartGridComm 249–
254.
[2] Hasen Nicanfar, Paria Jokar, Konstantin Beznosov, Victor C. M. Leung. 2014. "Efficient
Authentication and Key Management Mechanisms for Smart Grid Communications."
IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2 629-640.
[3] Hongwei Li, Rongxing Lu, Liang Zhou, Bo Yang, Xuemin (Sherman) Shen. 2013. "An
Efficient Merkle-Tree-Based Authentication Scheme for Smart Grid." IEEE SYSTEMS
JOURNAL.
[4] H. Khurana, R. Bobba, T. Yardley, P. Agarwal, and E. Heine, “Design principles for power
grid cyber-infrastructure authentication protocols,” in Proc. HICSS, Jan. 2010, pp. 1–10.
[5] N. Kuntze, C. Rudolph, I. Bente, J. Vieweg, and J. von Helden, “Interoperable device
identification in smart-grid environments,” in Proc. IEEE PES Gener. Meet., Jul. 2011, pp.
1–7.
[6] S. Lakshminarayanan, “Authentication and authorization for smart grid application
interfaces,” in Proc. IEEE/PES PSCE, Mar. 2011, pp. 1–5
[7] A. J. Paverd and A. P. Martin, “Hardware security for device authentication in the smart
grid,” in Proc. SmartGridSec, vol. 7823, LNCS, J. Cuellar, Ed., 2013, pp. 72–84, Springer-
Verlag
[8] A. C-F. Chan and J. Zhou, “On smart grid cybersecurity standardization: Issues of
designing with NISTIR 7628,” IEEE Commun. Mag., vol. 51, no. 1, pp. 58–65, Jan. 2013.](https://image.slidesharecdn.com/24f41d8a-9747-400a-a60b-3d5bf0a27127-150316153108-conversion-gate01/85/Paper1_Final-5-320.jpg)
![6 | P a g e
[9] A. C-F. Chan and J. Zhou," Cyber–Physical Device Authentication for the Smart Grid
Electric Vehicle Ecosystem", IEEE journal on selected areas in communications, vol. 32,
no. 7, pp. 1059-1517, July 2014.
[10] Erman Ayday, and Sridhar Rajagopal, “Secure Device Authentication Mechanisms for
the Smart Grid-Enabled Home Area Networks”, 2013
[11] Do-Eun Cho, Sang-Soo Yeo, and Si-Jung Kim, “Authentication Method for Privacy
Protection in Smart Grid Environment”, Hindawi Publishing Corporation Journal of
Applied Mathematics Volume 2014, Article ID 280978,, July 2014](https://image.slidesharecdn.com/24f41d8a-9747-400a-a60b-3d5bf0a27127-150316153108-conversion-gate01/85/Paper1_Final-6-320.jpg)
Paper1_Final
- 1. 1 | P a g e Authentication in smart grid Introduction Since the dawn of network security, authentication has played a vital role. Authentication can be thought of as procedure or steps taken to determine with certainty that someone is in fact what he/she is declaring to be. In case of networks not always humans need to be authenticated but processes also. Processes are always in need of resources or engaged in sending/receiving sensitive information. For such scenarios processes also needs to be authenticated. Former uses traditional username password scheme or biometrics while latter uses schemes such as digital certificates and public key infrastructure. Smart Grid (SG) signifies the junctions of traditional electricity grid with digital technology to create a reliable and efficient electric grid. Smart Grid (SG) is a vast intricate network consisting of millions of device interconnected. Such huge network implicitly inherits certain security concerns and susceptibilities. authentication can be thought of as a most significant aspect in such concerns. The paper describes three most recent developments in this field of research. Entity Authentication Entity authentication follows the ideology of an entity, whether it is person or a device or a process, entity should be authenticated as and when it accesses resources requiring authentication. Entity authorization in SG is an important research topic [1], [2], [3]. There are some prominent features that make entity authentication still a challenge. First, the intended use of SG will be ultimately to aid in automated administration and supervision of energy devices and entities without human involvement, in essence machines to machine authentication would be elementary form of authentication. A strong and reliable scheme for the protection of a private key is needed to attain desired guarantee of digital authorization in an unattended, entirely computerized environment. Second, currently all present protocols [4], [5], [6] and [7] suffice security issues corresponding to cyber domain, undermining SG is an cyber as well as physical domain which includes power relays, substations, vehicle-to-grid [8], etc. In SG, many of the cyber domain instructions produces effects on a physical domain such as command sent to disable a power relay. A new two-factor cyber-physical authentication protocol is presented in [9] for Electric Vehicles (EV) in SG. It focuses on both physical as well as cyber domain by following challenge-response authentication paradigm where one party asks a "question" or "challenge" and another party is expected to provide
- 2. 2 | P a g e a valid "answer" or "response". Protocol in [9] uses two challenge approach where one challenge is sent over cyber domain and other is sent over physical domain introducing two-factor cyber- physical authentication. This protocol can easily be extended to any physical domain appliance such as switches, trippers, etc. only hurdle is finding the appliance relevant "challenges". Main problem that is solved by this protocol is substitution attack which is analogous to Man in the Middle attack. Assumption made here is every EV has Intelligent Electronic Device (IED)- a token to guarantee the identity of EV. Attacker would try to access an EV with a stolen IED. If only physical level "challenge" was used then attacker would surely get stolen EV charged in contrast to deny charging for stolen EV with help of stolen IED. But this attack would not work if two challenge authentications is used as cyber challenge would fail, an example of cyber challenge would be username password pair of the valid EV driver. Argument can be made that if there is a way to overcome physical challenge than surely there exists a way to overcome cyber challenge i.e. what if stolen but valid EID and valid user credentials are used to charge stolen EV? To overcome such scenarios a new identity can be used which strictly depends on EID pre-installed on EV and username-password combination. Thus, when attacker tries to impersonate as valid user the combination of stolen EID and username password will not match resulting in denied access of charging. Authentication between SG and Gateways Gateways in SG are the system to which every smart appliance are connected on one end and it’s another end is connected to Smart Meter (SM) which is installed by utility providers. If the authentication between gateway and SM is not efficiently processed than an attacker can easily perform Man In The Middle (MITM) attack which can lead to irregularity in power usage directly affecting the pricing/billing for service usage or at worst attacker may send false control signals to genuine gateway and cause blackout by shutting down all appliances. Protocol described in [10] is an attempt to prevent such attacks. Here assumption made is that both gateway and SM uses common connection architecture i.e. internet, landline, cell phone or Advanced Metering Infrastructure (AMI). SG contains millions of devices, and each of them should be globally connected. For this purpose, each device needs to be identified by a unique identifier which depends on the communication architecture used, for example in the case of Internet IPv6 can be used. For the current scenario let us assume internet is the communication architecture and each
- 3. 3 | P a g e device uses an IP as identifier. Initiation is done by gateway by sending an authorization request message along with its IP, on receiving this message SM sends an acknowledge to sender gateway and an authentication request with its ID and IP of sender to a trusted third party. On receiving the acknowledge from SM gateway also send an authentication request with same data as SM to the same trusted third party for mapping of SM's ID to a location. For appropriate mapping trusted party can collaborate with ISP to provide location based on IP, ISP sends "True" if location of SM matches location of a gateway otherwise "False" message to both SM and gateway. Connection is only established if both SM and gateway receive "True" message. Here the trusted third party has to make sure that a correct gateway is matched to correct SM. Authentication between smart appliances and remote user One of the most important feature supported by smart appliances connected to SG is that remote control and monitoring by user who is not in Home Area Network (HAN). For example, homeowner can control or monitor smart appliances such as smart bulb, cooling system or security system while he/she is not present in his HAN. Such capability introduces great deal of security vulnerability. MITM attacks are possible as attacker can impersonate as a homeowner and can control every smart appliance which can result in irregularity in power consumption leading to higher billing price or even blackouts. A user should be authenticated rigorously before giving him the control of appliances. [11] describes such protocol which includes a remote user, device to access remotely and an authentication server spanning in two phase. In primary phase, whenever a new device is registered by the authentication server it creates an ID and shared secret key which is stored in server's database and in device's memory securely. Also, remote user should have its own ID and password authenticated by a server in advance. In second phase, mutual authentication takes place between remote user and device as follows: user sends its ID, ID of the device and a timestamp TS1 to the authentication server, authentication server then checks ID and password of user and creates a secret key by applying one-way hash function on TS1 and password of user. This secret key, ID of user and a session key KAB (includes secret key of remote device (B) and user (A)) with a random key RS is used to create token for authentication purpose. This token is then sent to remote user which creates a message authentication code (MAC) with a help this token, a new timestamp TS2 and session key KAB and transmits to a home server of remote device. On receiving this MAC, server knows the intended destination with a help of ID in the
- 4. 4 | P a g e authentication code and routes the MAC to device. Device decrypts the code with help of session key KAB and secret value created during primary phase. Now [11] uses mutual authentication scheme where device also sends a token to user and user needs to authenticate it. Thus, after decrypting the message device creates a new message with same session key KAB and a random number RS+1 created with help of random number RS in previous message. This new message is then sent to user via home server, user decrypts the message with help of session key KAB and then creates a secure channel and communicates over this channel. In case of attacker intercepts the message from channel and masquerades as sender for receiver or as receiver for sender, attacks such as data forging and alteration by the outside party (attacker, in this case) can be easily blocked as they have no knowledge of the secret key used by sender and receiver. Conclusion Authentication problems in SG are far more diverse and difficult than in traditional network i.e. internet. This is because of very high level of reliability, power device security and IT security, as a result of this SG authentication requires new techniques. Attacks such cyber-physical attacks are only possible in SG. The above mentioned three techniques adopted from [9], [10] and [11] provides a radical approach to solving this problem of cyber-physical attacks and user privacy attacks respectively and providing availability and confidentiality at the same time.
- 5. 5 | P a g e Works Cited [1] Baumeister, T. 2011. "Adapting PKI for the smart grid." Proc. IEEE SmartGridComm 249– 254. [2] Hasen Nicanfar, Paria Jokar, Konstantin Beznosov, Victor C. M. Leung. 2014. "Efficient Authentication and Key Management Mechanisms for Smart Grid Communications." IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2 629-640. [3] Hongwei Li, Rongxing Lu, Liang Zhou, Bo Yang, Xuemin (Sherman) Shen. 2013. "An Efficient Merkle-Tree-Based Authentication Scheme for Smart Grid." IEEE SYSTEMS JOURNAL. [4] H. Khurana, R. Bobba, T. Yardley, P. Agarwal, and E. Heine, “Design principles for power grid cyber-infrastructure authentication protocols,” in Proc. HICSS, Jan. 2010, pp. 1–10. [5] N. Kuntze, C. Rudolph, I. Bente, J. Vieweg, and J. von Helden, “Interoperable device identification in smart-grid environments,” in Proc. IEEE PES Gener. Meet., Jul. 2011, pp. 1–7. [6] S. Lakshminarayanan, “Authentication and authorization for smart grid application interfaces,” in Proc. IEEE/PES PSCE, Mar. 2011, pp. 1–5 [7] A. J. Paverd and A. P. Martin, “Hardware security for device authentication in the smart grid,” in Proc. SmartGridSec, vol. 7823, LNCS, J. Cuellar, Ed., 2013, pp. 72–84, Springer- Verlag [8] A. C-F. Chan and J. Zhou, “On smart grid cybersecurity standardization: Issues of designing with NISTIR 7628,” IEEE Commun. Mag., vol. 51, no. 1, pp. 58–65, Jan. 2013.
- 6. 6 | P a g e [9] A. C-F. Chan and J. Zhou," Cyber–Physical Device Authentication for the Smart Grid Electric Vehicle Ecosystem", IEEE journal on selected areas in communications, vol. 32, no. 7, pp. 1059-1517, July 2014. [10] Erman Ayday, and Sridhar Rajagopal, “Secure Device Authentication Mechanisms for the Smart Grid-Enabled Home Area Networks”, 2013 [11] Do-Eun Cho, Sang-Soo Yeo, and Si-Jung Kim, “Authentication Method for Privacy Protection in Smart Grid Environment”, Hindawi Publishing Corporation Journal of Applied Mathematics Volume 2014, Article ID 280978,, July 2014