Traditional grid : In the Second Industrial Revolution to electric
power involved large, centralized power plants that feed power over an electro-mechanical grid. In this producer-controlled model power flows in one direction only. There is no two-way communication that allows interactivity between end users and the grid.
Cont Smart Grid: In Third Industrial Revolution, a new concept emerged in how electricity is managed. Under this model, the grid becomes less of a one-way highway and more of an integrated, interactive network. Many smaller power plants are distributed throughout this network, including renewable energy generation. They are flexible in operations, responsive to consumers and capable of integrating digital information technology to improve reliability, security, and efficiency of the electric grid. Like so many other digital networks, the Smart Grid consists of three basic pieces: 1. Smart devices 2. Two-way communications 3. Advanced software
Cont Smart grid utilities alone cannot provide all electricity services, and thus third-party service providers (SPs) are required to help in servicing utilities and users for cutting commercial cost and providing high-quality services. Smart grids have the capability to allow users to interact with their electricity usage information via the Internet, although Internet communications are generally insecure. Furthermore, unlike electric utilities, third party SPs can include legitimate businesses with agreements with energy users to assist them in better managing energy consumption, but can also include adversaries seeking to abuse data. Hence, securing third-party service provisions is critical in smart grids. Authentication is required to be done in the first step. Cont He et al. provided an authentication scheme among the electric utility, users and SPs. However, the authors do not differentiate carefully between the utility and third-party SPs, thus their system model cannot capture specific cyber security threats in the third-party service provision in which multiple, probably malicious, third-party SPs exist. We propose an efficient authentication scheme for multiple third-party service providers in smart grids, named EA-MTSP. The main contributions are paper as follows: 1. Model the third-party service provision in smart grids and distinguish carefully between the utility SP and the third party ones. 2. A novel EA-MTSP scheme that achieves efficient authentication for multiple third party SPs and satisfy multiserver authentication, conditional anonymity, and other important security requirements. RELATED WORKS Fouda et al. [2] presented a message authentication scheme for smart grid communications where RSA algorithms and Diffie-Hellman key exchange protocols were adopted. As we know, these cryptographic primitives are used in the certificate-based setting and thus it is necessary for certificates to be transmitted and verified. Hence, communication and computation are costly. Nicanfar et al. [3] demonstrated a portable and lightweight mutual authentication scheme between utilities and SMs, which used the design idea from an identity-based authentication mechanism for the mesh networks proposed by Boud guiga et al. [8]. Li et al. [5] proposed a new one-time signature algorithm an efficient multicast authentication scheme in smart grids, which has short authentication delay and low computation cost. He et al. [7] first identified cyber security challenges on the service provision of smart grids. Furthermore, they provided an authentication scheme among the utility, users and SPs. In particular, their scheme can protect users identity privacy and provide accountability based on the modified Boneh et al.s group signature algorithm [9]. They do not distinguish carefully between the utility SP and the Third-party ones, thus their model cannot capture specific cyber security threats in the setting of multiple third- party SPs. System Model The system model focuses on how to provide multiple secure third-party services for users under the control of the utility in the smart grid communication (Figure 1). Cont The following assumptions are considered : Single utility (UT) m users U i for I = 1m N distributed third-party SP j for j =1n. For simplicity, we also assume that each SP provides only one service. In U i s house, there are all kinds of smart appliances (SA) which form a home area network (HAN). SM i is assigned to HAN i as its gateway, enabling an automated and two- way communication between HAN i and other entities in smart grids. SM i can electronically record real-time data about electricity use, and is usually resource-constrained, equipped typically with 16KB random access memory, 120 KB flash memory, and 120 MHz CPU. Proposed System Model The user and the third-party SP are both required to be registered to UT. U i registers an account to UT for SM i . SP j registers its service to UT. U i can check the available services on UTs portal and subscribe the necessary ones. By signing up its SA with SP j , Ui grants SP j rights to communicate with or control its SA. Consequently, SP j may have interfaces to SM i to read electricity usage data. In addition, SP j may also have interfaces to UT to get pricing or other information. In this way, it can make automated control of energy consumption more efficiently. Communication Setting HAN i connects SAs to the gateway SM i , through which SAs communicates with SP j .
HAN i located usually in an apartment, with limited coverage, its communication is considered to be a relatively inexpensive using ZigBee or WiFi.
The distances among SM i , SP j , and UT are far away, thus communications should be through wired links with high bandwidth and low delay.
Many communication infrastructures are IP-based communications among SM i , SP j and UT are through the Internet. Security Setting We can assume that UT is trustworthy.
Unlike UT, third-party SPs can can also include adversaries seeking to abuse or misuse data.
For the sake of convenience, SM i is usually installed outside of the house and thus adversaries might easily compromise it and further obtain stored secret information.
SM i , SP j , and UT interact over the public Internet. Internet communication is generally insecure owing to unauthorized interception, manipulation or other threats.
Hence an efficient multiserver authentication scheme is critical for secure third-party service provisions in smart grids. Cont For authentication, there exist two probable considerations: a. If the service goes through the smart grid, it has to involve UT. There is no pass-through capability that allows Ui enter into an agreement with third parties. b. Third parties can offer services directly to Ui via SMi, not through UT. Cont Consideration a is preferred for following reasons: 1. From the viewpoint of communication security, especially considering easy-compromised SMi and probably malicious third party SPs, UTs management can mitigate the damage as much as possible, for example, by revocation of service permissions or update of secret keys stored in SM i . 2. U i requires only one registration with UT. While in the latter, U i
requires multiple registrations with different distributed SPs. This is not only burdensome and inconvenient, but also adds significant overhead of communication. 3. Distributing the users personal registration information in multiple SPs would be very likely to create more privacy risks. Cont In addition, the involvement of multiple third-party SPs would still raise other privacy challenges as follows: 1. The introduction of third-party SPs significantly expands the amount of data available in more granular form, which results in greater privacy concerns. 2. Third party SPs can determine the users personal behaviour pattern by used appliances, and also perform real-time remote surveillance. 3. It is difficult to ensure that third-party SPs access to electricity usage data is being used solely in accordance with the agreement. 4. The users data should be protected from SPs non-grid commercial uses. Trusted authority (TA) is necessary to establish the initial trust relationship. Security Requirement For authentication of multiple third-party SPs in the smart grid, we consider the following security requirements needing to be satisfied: 1. Multiserver authentication SAs in a users HAN authenticate themselves to different SPs to access subscribed services securely. 2. Conditional anonymity the users identity is anonymous to third-party SPs to protect privacy. However in case of dispute, UT can reveal the users real identity. 3. Confidentiality, authenticity, integrity and freshness of transmitted messages these are the same as common authentication schemes. Notations Relationships of different keys There are two groups of hierarchical levels of keys in our scheme. 1. Based on the master key s of TA 2. Based on the master key s1 of UT. Level-1 keys can be generated from the master keys by the extraction algorithm as in Boneh and Franklin [14] Level-2 keys can be generated by the key agreement protocol as in Chen and Kudla [15]. Proposed System The scheme consists of the following four phases: 1. System initialization 2. Registration 3. Service subscription 4. Multiserver authentication. System Initialization TA acts as a key generator centre to set up all parameters. Following steps take place: 1. Given the security parameter , TA runs G() to generate a six-tuple (q, P,G1,G2,GT, ). 2. TA chooses a random number s Z q * , keeps it as the system master key secretly, and computes P TA =sP. 3. TA chooses one secure symmetric encryption algorithm E(), for example, AES, and two secure cryptographic hash functions H 1 : {0, 1} * G 1 and H 2 : G 2 Z q * . 4. Finally, the public parameters are published as {fq, P, G 1 , G 2 ,G T , , H 1 , H 2 , P TA, ,E()}-------------- (1) Cont TA computes the private keys for UT, U i , and SP j as SK UT =sH 1 (UT), SK Ui
=sH 1 (U i ), and SK SPj = sH 1 (SP j ), respectively.
Then, TA sends these private keys to UT, U i , and SP j through secure channels, respectively.
UT also chooses s 1 Z q * randomly as its own master key and publishes its own public parameter P UT = s1 P.
With the master key s 1 , the entities in UT domain can establish the authenticated communications. Cont For two clients with identities, A and B with the private keys SK A and SK B
respectively, the shared key K A-B is given by using non-interactive identity- based key agreement protocol [15] as
K A-B = H 2 ((SK A =H 1 (B))) = H 2 ((H 1 (A),H 1 (B)) S )-------------------------(2) = H 2 ((H 1 (A),SK B )
Therefore, after TA grants UT, U i and SP j the private keys given by SK UT , SK Ui
and SK SPj respectively, a session key K UT-Ui can be established between UT and U i and also a session key K UT-SPj can be establish between UT and SP j
by the non-interactive key agreement as in Equation (2). Registration This phase includes registrations for SM usage permission and SP service permission. Registration of SM usage permission Perm SMi
Step1: When U i registers SM i to UT, U i forms a message M i =U i ||UT||TS||SM i , encrypts it with K Ui-UT as C i = E KUi=UT (M i ), and sends {U i ,UT, TS, C i } to UT.
Step 2: Upon the receipt of {U i ,UT, TS, C i } , UT decrypts C i with the shared key K UT-Ui to recover M i , checks freshness, authenticity and integrity of M i , and checks validity of U i and SM i . If they hold, UT computes SM usage permission as Perm SMi =s 1 H 1 (Sm i ).
Cont Step 3: UT forms M i = U i ||UT||TS|| Perm SMi encrypts it as C i =E KUT-Ui (M i ), and sends {UT, U i , TS, C i } to U i .
Step 4: After receiving {UT, U i , TS, C i } , U i decrypts C i to recover M i and checks freshness, authenticity and integrity of M i . If they hold, U i stores Perm SMi in SM i . Here, Perm SMi can be used to establish a shared key K UT-SMi between SM i and UT.
Registration of SP service permission Perm SPj
Similarly, SP j registers its service to UT and then gets the service permission as Perm SPj =s 1 H 1 (SP j ). After registration, UT refreshes the available service list on its portal for user subscription. Service Subscription Step 1: SM i subscribes SP j s service for one SA, SM i chooses a pseudonym PID ij and a subscription period d ij for the SA; forms M i = SM i ||UT || TS || SP j || PID ij || d ij , encrypts it as C i =E KSMi-UT (M i ), and sends {SM i , UT, TS, C i } to UT.
Step 2: After receiving {SM i , UT, TS, C i } decrypts C i to recover M i , checks freshness, authenticity and integrity of M i , and checks validity of M i , SP j , PID ij and d ij . If they hold, UT establishes a contract between PID ij and SP j , in which SM i grants SP j rights to manage the corresponding SA, and computes PID ij s subscription key as K PIDij = s 1 H 1 (PID ij ).
Step 3: UT forms M i = UT|| SM i ||TS||K PIDij , encrypts it as C i = E KUT-SMi (M i ), and sen ds {UT,Sm i, TS, C i } to SM i .
Step 4: Upon the receipt of {UT, SM i , TS, C i }, SM i decrypts C i to recover M i
and checks freshness, authenticity and integrity of M i . If they hold, SM i forwards K PIDij to the corresponding SA.
At the same time, UT sends concerned subscription message to SP j
Step 3: UT forms M j =UT||SP j ||TS||PID ij ||d ij , encrypts it as C j = E K UT-SPj
(M j ), and sends {UT, SP j TS, C j } to SP j .
Step 4: After receiving {UT, SP j ,TS, C j }, SP j decrypts C j to recover M j and checks freshness, authenticity and integrity of M j . If they hold, SP j stores (PID ij , d ij ) in SP j s subscriber list to verify the service access later. Multiserver Authentication A service contract is established between SP j and one SA with the pseudo- identity PID ij . To access the subscribed service, PID ij and SP j could authenticate mutually by the contract key K PID ij -SP j .
This key can be established by the non-interactive key agreement as in Equation (2), using SP j s Perm SP j and PID ij s K PID ij , which both are already granted by UT upon the master secret key s 1 .
If SM i subscribes multiple services, say, SP j1 and SP j2 , the multiserver authentications follow the same procedure as the above. As a result, in the following, with the contract keys, SAs and multiple SPs can communicate in an authenticated manner. Security Analysis We analyse the security of the proposed scheme to verify whether the following 3 requirements have been satisfied.
1. Multiserver Authentication 2. Conditional Anonymity 3. Confidentiality, Authenticity, Integrity and Freshness of Transmitted Messages Multiserver Authentication
In EPAA, we consider authentication of multiple SPs, that is, SAs in a users HAN authenticate themselves to different SPs to access the subscribed services securely.
For simplicity, we assume that in one HAN, one SA accesses service from only one SP, which provides only one service. Multiserver context two attacks In the multiserver context, we consider two attacks: 1. Collusion : Two or more SPs collude to attack a SA, with which these SPs have no contract, to get the SAs real identity or to eavesdrop communication content between SA and its corresponding SP thereby violating privacy and confidentiality. Here corresponding refers to the contract established between the SA and the SP.
1. Competition : In our environment, there is a possibility of commercial competition among SPs. For example, SP 1 can impersonate its competitive SP 2 in order to interact with SP 2 s subscriber, say SP 2 . From the interaction, SP 1 can discover the competitors commercial secret. This commercial secret may help SP 1 with improving its service quality which is vital to win the competition.
Resist attacks EPAA can both resist them as below: 1. Resistance against collusion attack : We consider the identity privacy of SAs. For EPAA, SAs interact with their corresponding SPs only using pseudonyms {PID i1, PID i2 ,..}. These pseudonyms are chosen randomly thus independent of each other and also independent of the users real identity U i . Hence, even if all SPs collude, still they cannot infer the aimed SAs real identity. We consider the communication confidentiality of SAs. The communications between PID ij and SP j are encrypted with the contract key K PID ij -SP j established by K PID ij and Perm SPj as in Equation (2). However even by collusion, other SPs cannot get K PID ij of the aimed SA and Perm SPj of the corresponding SP. Therefore, communication confidentiality can be achieved. Cont 2. Resistance against competition attack If SP 1 wants to impersonate its competitive SP 2 to communicate with SP 2 , it needs to know SP 2 s service permission Perm SP 2 . As we know, Perm SP 1 =s 1 SP 1 and Perm SP 2 = s 1 SP 1 . Hence, it is infeasible to get Perm SP 2 from Perm SP 1 owing to the difficulty of the discrete logarithm problem. Conditional Annonimity In service subscription phase when a service contract is established between SP j and PID ij , which grants SP j rights to manage PID ij .
PID ij is one pseudonym of the SA in the contract, which is only applicable and limited in the contract transactions, and outside of HAN i , no one, including SP j , knows the real identity of the corresponding U i . Thus, only UT knows the relationship between a pseudonym and U i s real identity.
In case of dispute, UT can identify the corresponding U i s real identity or link two transactions initiated by the same SA and thus revoke the anonymity of U i . Confidentiality, Authenticity, Integrity and Freshness of Transmitted Messages