Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia.
School of Computer Science and Informatics, De Montfort University, Leicester LE1 9BH, UK.
Sensors (Basel). 2020 Mar 12;20(6):1581. doi: 10.3390/s20061581.
In a smart grid system, the utility server collects data from various smart grid devices. These data play an important role in the energy distribution and balancing between the energy providers and energy consumers. However, these data are prone to tampering attacks by an attacker, while traversing from the smart grid devices to the utility servers, which may result in energy disruption or imbalance. Thus, an authentication is mandatory to efficiently authenticate the devices and the utility servers and avoid tampering attacks. To this end, a group authentication algorithm is proposed for preserving demand-response security in a smart grid. The proposed mechanism also provides a fine-grained access control feature where the utility server can only access a limited number of smart grid devices. The initial authentication between the utility server and smart grid device in a group involves a single public key operation, while the subsequent authentications with the same device or other devices in the same group do not need a public key operation. This reduces the overall computation and communication overheads and takes less time to successfully establish a secret session key, which is used to exchange sensitive information over an unsecured wireless channel. The resilience of the proposed algorithm is tested against various attacks using formal and informal security analysis.
在智能电网系统中,公用事业服务器从各种智能电网设备中收集数据。这些数据在能源提供商和能源消费者之间的能源分配和平衡中起着重要作用。然而,这些数据在从智能电网设备传输到公用事业服务器时,容易受到攻击者的篡改攻击,这可能导致能源中断或失衡。因此,需要进行身份验证以有效地对设备和公用事业服务器进行身份验证,并避免篡改攻击。为此,提出了一种组身份验证算法,用于保护智能电网中的需求响应安全。所提出的机制还提供了细粒度的访问控制功能,其中公用事业服务器只能访问有限数量的智能电网设备。组内公用事业服务器和智能电网设备之间的初始身份验证涉及单个公钥操作,而与同一设备或同一组中的其他设备的后续身份验证不需要公钥操作。这减少了总体计算和通信开销,并花费更少的时间成功建立秘密会话密钥,该密钥用于在不安全的无线信道上交换敏感信息。使用正式和非正式的安全分析测试了所提出算法对各种攻击的弹性。
