Nothing Special   »   [go: up one dir, main page]

Next Article in Journal
Constrained Device Performance Benchmarking with the Implementation of Post-Quantum Cryptography
Previous Article in Journal
Auditable Anonymous Electronic Examination
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A Provably Secure Anonymous Authentication Protocol for Consumer and Service Provider Information Transmissions in Smart Grids

by
Zahraa Abdullah Ali
1,
Zaid Ameen Abduljabbar
1,*,
Hamid Ali Abed AL-Asadi
1,
Vincent Omollo Nyangaresi
2,3,
Iman Qays Abduljaleel
1 and
Abdulla J. Y. Aldarwish
1,4
1
Department of Computer Science, College of Education for Pure Sciences, University of Basrah, Basrah 61004, Iraq
2
Department of Computer Science and Software Engineering, Jaramogi Oginga Odinga University of Science and Technology, Bondo 40601, Kenya
3
Department of Applied Electronics, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai 600124, India
4
Department of Computer Science, Gujarat University, Ahmedabad 380009, India
*
Author to whom correspondence should be addressed.
Cryptography 2024, 8(2), 20; https://doi.org/10.3390/cryptography8020020
Submission received: 29 March 2024 / Revised: 4 May 2024 / Accepted: 7 May 2024 / Published: 9 May 2024
Figure 1
<p>Proposed network model.</p> ">
Figure 2
<p>System initialization and registration.</p> ">
Figure 3
<p>Authentication and key negotiation.</p> ">
Figure 4
<p>Computational complexities [<a href="#B1-cryptography-08-00020" class="html-bibr">1</a>,<a href="#B6-cryptography-08-00020" class="html-bibr">6</a>,<a href="#B10-cryptography-08-00020" class="html-bibr">10</a>,<a href="#B13-cryptography-08-00020" class="html-bibr">13</a>,<a href="#B22-cryptography-08-00020" class="html-bibr">22</a>,<a href="#B29-cryptography-08-00020" class="html-bibr">29</a>,<a href="#B31-cryptography-08-00020" class="html-bibr">31</a>,<a href="#B32-cryptography-08-00020" class="html-bibr">32</a>,<a href="#B33-cryptography-08-00020" class="html-bibr">33</a>,<a href="#B47-cryptography-08-00020" class="html-bibr">47</a>].</p> ">
Figure 5
<p>Communication complexities [<a href="#B1-cryptography-08-00020" class="html-bibr">1</a>,<a href="#B6-cryptography-08-00020" class="html-bibr">6</a>,<a href="#B10-cryptography-08-00020" class="html-bibr">10</a>,<a href="#B13-cryptography-08-00020" class="html-bibr">13</a>,<a href="#B22-cryptography-08-00020" class="html-bibr">22</a>,<a href="#B29-cryptography-08-00020" class="html-bibr">29</a>,<a href="#B31-cryptography-08-00020" class="html-bibr">31</a>,<a href="#B32-cryptography-08-00020" class="html-bibr">32</a>,<a href="#B33-cryptography-08-00020" class="html-bibr">33</a>,<a href="#B47-cryptography-08-00020" class="html-bibr">47</a>].</p> ">
Figure 6
<p>Storage complexities [<a href="#B1-cryptography-08-00020" class="html-bibr">1</a>,<a href="#B6-cryptography-08-00020" class="html-bibr">6</a>,<a href="#B10-cryptography-08-00020" class="html-bibr">10</a>,<a href="#B13-cryptography-08-00020" class="html-bibr">13</a>,<a href="#B22-cryptography-08-00020" class="html-bibr">22</a>,<a href="#B29-cryptography-08-00020" class="html-bibr">29</a>,<a href="#B31-cryptography-08-00020" class="html-bibr">31</a>,<a href="#B32-cryptography-08-00020" class="html-bibr">32</a>,<a href="#B33-cryptography-08-00020" class="html-bibr">33</a>,<a href="#B47-cryptography-08-00020" class="html-bibr">47</a>].</p> ">
Versions Notes

Abstract

:
Smart grids integrate information technology, decision support systems, communication networks, and sensing technologies. All these components cooperate to facilitate dynamic power adjustments based on received client consumption reports. Although this brings forth energy efficiency, the transmission of sensitive data over the public internet exposes these networks to numerous attacks. To this end, numerous security solutions have been presented recently. Most of these techniques deploy conventional cryptographic systems such as public key infrastructure, blockchains, and physically unclonable functions that have either performance or security issues. In this paper, a fairly efficient authentication scheme is developed and analyzed. Its formal security analysis is carried out using the Burrows–Abadi–Needham (BAN) logic, which shows that the session key negotiated is provably secure. We also execute a semantic security analysis of this protocol to demonstrate that it can resist typical smart grid attacks such as privileged insider, guessing, eavesdropping, and ephemeral secret leakages. Moreover, it has the lowest amount of computation costs and relatively lower communication overheads as well as storage costs.

1. Introduction

Smart grid (SG) networks incorporate information technology and energy grid so as to manage energy consumptions efficiently. This is normally accomplished by offering bi-directional communication for data exchanges between consumers and power producers [1]. In addition, an SG integrates intelligent sensing, contemporary communication networks, and novel systems that support decision making in conventional grid systems. These technologies enable the effectual distribution of power from the generating stations to the consumer terminals. As explained in [2], SG bi-directional communication is achieved through Advanced Metering Infrastructure (AMI). A typical AMI comprises concentrators, smart meters, and measurement data management systems. On the other hand, a typical SG is made up of control, sensing, and communication systems and actuators [3]. Whereas smart meters (SMs) perform sensing and communication, actuation and control are executed by service providers (SPs). Therefore, SMs are located at consumer premises, where they accurately measure power consumption and transmit these data over to the SP servers. Through effective real-time processing and analyses of consumer data, the generation and distribution of power is dynamically fine-tuned in accordance with user demands. This helps in enhancing the reliability of the power grid system [4].
In spite of the benefits discussed above, the public internet is utilized for the data exchange between the SMs and the SPs [5]. As such, the SG is exposed to security and privacy threats such as eavesdropping, forgery, denial of service (DoS), tampering, and ephemeral secret leakage (EPSL) [6,7]. In addition, the misuse of consumer power consumption reports can lead to privacy leaks. By sending forged and inaccurate data, the SG network can incur additional loads [8]. All these challenges can disrupt the communication process, leading to the degradation of the SG system’s performance [9]. As such, security violations and privacy leakages are major issues during smart grid design [10]. This can be attained by perfect data encryption, mutual authentication, as well as session key establishment. In addition, Authenticated Key Exchange (AKE) is crucial for the protection of transmitted data against tampering and interception [6].
The above concerns necessitate the designing of robust, privacy-preserving, secure, and lightweight protocols to safeguard the data exchanged among legitimate SG participants. Since an SG comprises numerous SMs, each SM must be authenticated prior to information exchange. This will help curb threats exampled by impersonation, SM capture, Man-in-the-Middle (MitM), packet replays, de-synchronization, and privileged insider [7]. Upon an effectual mutual authentication process, a common session key should be created between the SM and the SPs to encipher the exchanged data. In addition, data integrity should be upheld, while preventing non-repudiation and side-channeling through a power analysis [11]. Another major concern in an SG network is the limited capabilities of smart meters in terms of communication, energy, and computation. This puts some limitations on the implementation of conventional cryptographic techniques in SG networks. Therefore, ideal SG security approaches should strive to be lightweight in addition to fulfilling numerous security requirements.

1.1. Motivation

It has been shown that a myriad of protocols have been introduced in the smart grid network to preserve its security posture. However, these solutions are based on conventional cryptographic systems such blockchain, public key infrastructure, PUF, and bilinear pairings. All these techniques have many security, performance, or privacy issues and, hence, are not suitable for resource-incapacitated SG devices such as SMs. Attacks such as de-synchronization, impersonation, privacy leaks, replays, and DoS must be prevented, as they adversely interfere with the reliability of smart grids. As such, there is a need for an effective, efficient, and robust security scheme for SGs.

1.2. Threat Model

In this section, we model attacks against our scheme using the most popular Dolev–Yao (DY) and Canetti–Krawczyk models. In these threat models, attacker Ä is capable of the following actions, compromising the private keys belonging to smart meters and service providers:
  • Modifying and deleting the contents of intercepted messages;
  • Generating and forwarding bogus messages to unsuspecting entities;
  • Physically capturing and compromising network entities such as smart meters;
  • Retrieving sensitive security tokens stored in the smart meter’s memory;
  • Deploying extracted smart meter memory content to execute attacks;
  • Intercepting derived session keys and other session state parameters.

1.3. Security Requirements

In the face of numerous security threats and privacy leaks, an ideal authentication scheme for smart grid networks should fulfill the following requirements:
Mutual authentication: The identities of all the communicating parties should be reciprocally verified prior to exchanging any network data.
Key agreement: To preserve confidentiality and the integrity of the communication process, a session key should be set up to encrypt all exchanged messages.
Anonymity and untraceability: An attacker should be incapable of discerning the real identity of the communicating entities based on any captured network messages. Additionally, the attacker should be incapable of tracing the communicating parties using these intercepted messages.
Key security: The captured current session key should not facilitate the derivation of past and subsequent session keys.
Formal verification: The derived session key should be mathematically sound.
Resilience against: To offer sufficient security, an ideal authentication protocol needs to withstand attacks such as EPSL, de-synchronization, DoS, eavesdropping, privileged insider, guessing, spoofing, Known Session-Secret Temporary Information (KSSTI), ephemeral secret leakage, physical capture, impersonation, replay, MitM, and forgery.

1.4. Contributions

To address the security, performance, and privacy challenges discussed above, we make the following contributions in our paper.
  • We deploy shared keys and pseudo-identities to encipher the communication channel so as to enhance security and privacy preservation.
  • To protect against MitM and replay attacks, each entity computes the session keys for traffic protection.
  • We deploy BAN logic for the revelation of the probably secure nature of the negotiated session key.
An extensive comparative analysis shows that our protocol withstands the largest number of attacks. In addition, it incurs the lowest computation overheads and relatively lower storage and communication overheads.
The rest of this work is structured as follows: Section 2 discusses the related works in this domain, while our scheme is described in Section 3. On the other hand, Section 4 discusses the security analysis of this protocol, while Section 5 describes its evaluation in terms of performance. Finally, Section 6 presents the conclusions and gives some future research scopes.

2. Related Work

Smart grid security, privacy, and performance have attracted a lot of attention, leading to the introduction of many schemes. For instance, researchers in [10] have presented an identity-based technique, while the authors in [12,13] have developed elliptic curve cryptography (ECC)-based schemes. However, extensive ECC multiplication operations render the schemes in [12,13] inefficient [14]. Therefore, they are not ideal for deployment in computation-limited smart grid components. On the other hand, PUF-based schemes are developed in [15,16,17,18]. Although the protocol in [15] withstands modeling attacks, protocols based on PUF have stability issues [19]. In addition, the scheme in [18] offers smart meter physical security but is still vulnerable to EPSL attacks and cannot provide backward key secrecy [17]. To offer smart meter anonymity, a secure scheme is presented in [20]. However, this scheme fails to mutually authenticate the network entities and is prone to DoS attacks [21]. Although the scheme in [22] is anonymity-preserving, it cannot withstand ephemeral secret and session key leakage attacks [23]. In addition, its bilinear pairing operations result in extensive computation overheads [24], similar to the protocols in [23,25].
To reduce the computation overheads associated with bilinear pairings, a scheme based on elliptic curve cryptography is developed in [26]. However, this technique cannot offer anonymity [1] and is defenseless against ephemeral secret leakage attacks [27]. Additionally, it incurs high computation overheads during the generation of security tokens at the Trusted Authority (TA) [1]. On the same breadth, the technique introduced in [28] fails to offer untraceability and identity protection [29]. To deal with these challenges, an anonymous authentication protocol is introduced in [30]. Although identity protection is assured, this technique incurs high computation costs [6]. To offer efficiency in smart grids, lightweight authentication schemes are developed in [1,6,29,31,32,33,34]. However, the schemes in [6,31,32] have not been evaluated against de-synchronization attacks. Similarly, the protocol in [29] has not been evaluated against spoofing and guessing attacks. Although the schemes in [1,33] are resilient against de-synchronization attacks, they have not been evaluated against spoofing attacks. On the other hand, the scheme in [34] cannot withstand de-synchronization attacks [29].
To address the anonymity issues in some of the protocols above, a password-based security technique is introduced in [35]. However, this protocol has incorrect login and authentication phases [36]. Although the scheme in [37,38] overcomes this challenge, it is defenseless against de-synchronization threats. In addition, it fails to provide formal security verification and revocability. On the other hand, the usage of some fixed messages in each session in [39,40] renders said session vulnerable to traceability attacks. The protocol in [41] solves this issue by updating this message for each session. However, the service provider needs to buffer previous data for each SM so as to withstand de-synchronization attacks. Consequently, it incurs heavy storage costs especially in networks with massive SMs.
To enhance security in wireless networks, quantum computing technology has been adopted. For instance, based on quantum information engineering, a technique for local energy distribution to numerous remote nodes is presented in [42], while a verification scheme applicable in a quantum channel is developed in [43]. On the other hand, a blind quantum-based protocol is presented in [44], while a zero-knowledge proof is developed in [45]. However, comparative performance analyses have not been carried out in [42,43,44,45]. As explained in [46], blockchain technology can ensure privacy and security devoid of an authorized third party. As such, a blockchain-based protocol is presented in [47]. Although blockchain technology provides traceability, improved security, and immutability, it raises serious issues regarding transparency and privacy [48]. In addition, the blockchain-based protocol in [47] lacks evaluation against threats such as privileged insider and physical capture. To avert the misuse and malicious manipulation of battery equipment and data, a robust security scheme is presented in [49]. Although this technique protects against counterfeiting and possible software backdoors, its comparative security and performance evaluations are missing.
Based on the above discussions, it is clear that many schemes have been developed to address security and privacy issues in the smart grid environment. However, most of them still have challenges in terms of privacy, performance, or security. There is, therefore, a need for the development of novel protocols that can help alleviate these challenges.

3. The Proposed Protocol

The network model of our protocol comprises a utility service provider (USP), a trusted control server (TC), and a smart meter (SM), as evidenced in Figure 1. The TCS executes system initialization and generates the secret values for the SM and the USP during the registration phase.
The SM measures electricity usage on the client end and transmits power consumption reports to the USP over public channels. At the USP, these reports are processed and analyzed to facilitate decision making, which may include dynamic power adjustments. Table 1 describes the symbols used throughout this paper.
Our scheme executes five major steps, which encompass system setup, entity registration, mutual authentication, key negotiation, and parameter refresh phases. Algorithm 1 summarizes this protocol, and the sub-sections that follow give the details of these phases.
Algorithm 1 Secure and efficient authentication
Begin
#*****************System setup phase ********************#
(1)
Generate KTCS, IDTCS, IDSM & KSM
#*****************Registration phase ********************#
(2)
Generate R1 & derive PIDSM, then   R e g 1   TCS
(3)
Generate R2 & compute KTSM
(4)
Store{PIDSM, KTSM, R1}, publish PIDSM, then   R e g 2   SMi
(5)
Calculate A1, A2 & store {A1, A2, PIDSM}
(6)
Generate R3, select IDUSP & KUSP, then   Reg 3   TCS
(7)
Compute KUT & A3
(8)
Store {PIDUSP, A3, KUT}, then   R e g 4   USP
(9)
Calculate A4, A5, B1, B2 & B3
(10)
Store {A5, B1, B2, B3}
#***************** Authentication and key negotiation phase ***************#
(11)
Input {IDUSP, KUSP}, then compute R3, A4 & B1*
(12)
If B1*!= B1 then:
(13)
    Terminate session
(14)
Else:
(15)
    Generate R4, derive A3, KUT, B4, B5 & C1, then   Auth 1   TCS
(16)
     Retrive A3, KUT & derive (R4*||PIDSM*), C1*
(17)
     If C1*!= C1 then:
(18)
      Abort session
(19)
     Else:
(20)
       Generate R5 & Fetch KTSM, R1
(21)
      Derive C2, C3, C4 & C5, then   Auth 2   SMi
(22)
       Calculate R1, KTSM, C2* & C5
(23)
      If C5*!= C5 then:
(24)
        Stop session
(25)
      Else:
(26)
        Generate R6, derive (h(IDUSP||R4)||h (IDTCS||R5)), SKSU, D1 & D2, then   Auth 3   TCS
(27)
        Derive h (IDSM||R6) & D2*
(28)
        If D2*!= D2 then:
(29)
          Abort session
(30)
        Else:
(31)
          Derive SKSU, PIDUSP*, A3*, D3 & D4
(32)
         Store {PIDUSP, A3} with {PIDUSP*, A3*}, then Auth 4   USP
(33)
         Calculate PIDUSP*, ( h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*) & D4*
(34)
          If D4*!= D4 then:
(35)
            Stop session
(36)
          Else:
(37)
             Compute SKSU, A3*, B2* & B3*
(38)
             Substitute {B2, B3, PIDUSP} with {B2*, B3*, PIDUSP*}
(39)
             Derive D5
(40)
             If D5*!= D5 then:
(41)
              Terminate session
(42)
              Delete{PIDUSP, A3} from database
(43)
            Endif; Endif;
(44)
      Endif; Endif;
(45)
   Endif;
End

3.1. System Setup

In this phase, the TCS selects its master key as KTCS. This is followed by the generation of its unique identity IDTCS, the smart meter’s unique identity IDSM, as well as the private key of the smart meter, KSM, as shown in Figure 2.

3.2. Registration

In this particular phase, the smart meters are registered at the TCS before they are deployed in the actual field. In addition, the USP is also registered at the TCS prior to exchanging data with the smart meters. The following sub-sections describe this phase in more detail.

3.2.1. Smart Meter Registration

The subsequent three procedures are executed to register the smart meter SMi to the TCS. To accomplish this, secure communication channels are deployed.
Step 1: The SMi chooses a random nonce R1 to derive its pseudo-identity PIDSM = h (IDSM||R1). It then composes registration message Reg-1 = {PIDSM, R1} that is forwarded to the TCS over secure communication media, as shown in Figure 2.
Step 2: When it receives message Reg-1, the TCS selects a random nonce R2 that is deployed to compute the shared key KTSM = h (PIDSM||R1||R2). Next, the TCS stores {PIDSM, KTSM, R1} in its repository. Next, registration message Reg-2 = {KTSM} is constructed and forwarded to the SMi, as evidenced in Figure 2. Afterwards, the TCS publishes PIDSM.
Step 3: Upon receiving the message Reg-2, the smart meter SMi derives A1 = R1 h (IDSM||KSM) and A2 = KTSM h (R1||KSM). Thereafter, it stores {A1, A2, PIDSM} in its memory.

3.2.2. Utility Service Provider Registration

To register to the TCS, the USP needs to execute the following three procedures.
Step 1: The USP chooses its real identity IDUSP and secret key KUSP. Next, it generates a random nonce R3 that is used to calculate its pseudo-identity PIDUSP = h (IDUSP||R3). Thereafter, it constructs registration message Reg-3 = {PIDUSP}, which is transmitted to the TCS, as depicted in Figure 2.
Step 2: After receiving registration message Reg-3, the TCS calculates shared key KUT = h (PIDUSP||KTCS||R2) and A3 = h (PIDUSP||KUT). Next, it stores {PIDUSP, A3, KUT} in its database. Finally, registration message Reg-4 = {KUT, A3} is composed and sent to the USP.
Step 3: Upon receiving message Reg-4, the USP derives A4 = h (KUSP||R3), A5 = R3 h (IDUSP||KUSP), B1 = h (IDUSP||KUSP||R3||A4), B2 = A3 h (R3||A4), and B3 = KUT h (A3||A4). Next, it stores {A5, B1, B2, B3} in its database.

3.3. Authentication and Key Setup

To securely exchange power consumption reports and adjustment commands, the USP and SMi must first mutually validate one another. This is followed by the establishment of a session key for message protection over the public internet. The subsequent nine steps are utilized to accomplish these two processes.
Step 1: The USP operator supplies parameter set {IDUSP, KUSP}, after which values R3 = A5 h (IDUSP||KUSP), A4 = h (KUSP||R3), and B1* = h (IDUSP||KUSP||R3||A4) are computed. Next, it confirms if B1* ≟ B1 in a manner such that the communication session is aborted if these two parameters are not identical. Otherwise, the USP randomly generates nonce R4, which is used to derive A3 = B2 h (R3||A4), KUT = B3  h (A3||A4), B4 = h (PIDUSP||A3||KUT) (R4||PIDSM), B5 = h (IDUSP||R4) h (KUT||R4), and C1 = h (PIDUSP||A3||R4||PIDSM||KUT). At the end, message Auth-1 = {PIDUSP, B4, B5, C1} is constructed and transmitted to the TCS, as shown in Figure 3.
Step 2: After receiving message Auth-1, TCS retrieves A3 and KUT corresponding to PIDUSP and derives (R4*||PIDSM*) = B4 h (PIDUSP||A3||KUT) as well as C1* = h (PIDUSP||A3||R4*||PIDSM*||KUT). Thereafter, the TCS validates if C1* ≟ C1 such that the communication session is halted when this check flops. If not, the TCS fetches KTSM and R1 corresponding to PIDSM.
Step 3: The TCS randomly generates number R5, which is used to calculate C2 = h (R4||R5), C3 = h (PIDSM||KTSM||R1) C2, h (IDUSP||R4) = B5 h (KUT||R4), C4 = (h (IDUSP||R4)||h (IDTCS||R5)) h (KTSM||R1), and C5 = h (PIDUSP||C2||KTSM). Finally, message Auth-2 = {PIDUSP, C3, C4, C5} is composed and passed over to the SMi.
Step 4: After receiving Auth-2, SMi computes R1 = A1 h (IDSM||KSM), KTSM = A2 h (R1||KSM), C2* = h (PIDSM||KTSM||R1) C3, and C5 = h (PIDUSP||C2*||KTSM). Next, it confirms whether C5* ≟ C5 such that the communication session is abandoned upon validation flop. Otherwise, it chooses a random nonce R6 and calculates (h (IDUSP||R4)||h (IDTCS||R5)) = C4 h (KTSM||R1).
Step 5: The SMi derives session key SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6), D1 = h (PIDSM||KTSM||R1) h (IDSM||R6), and D2 = h (PIDUSP||PIDSM||C2*||h (IDSM||R6)||KTSM). Next, message Auth-3 = {D1, D2} is constructed and forwarded to the TCS.
Step 6: Upon receiving message Auth-3, the TCS calculates h (IDSM||R6) = D1 h (PIDSM||KTSM||R1) and D2* = h (PIDUSP||PIDSM||C2||h (IDSM||R6)||KTSM). Next, it checks if D2* ≟ D2 so that the authentication process is terminated upon verification failure. Otherwise, it computes session key SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6), new pseudo-identity PIDUSP* = h (PIDUSP||R4), A3* = h (PIDUSP*||KUT), D3 = h (A3||R4) ( h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*), and D4 = h (PIDUSP||R4||h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*||KUT). The TCS stores {PIDUSP, A3} with {PIDUSP*, A3*} in its database. At the end, authentication message Auth-4 = {D3, D4} is composed and sent over to the USP.
Step 7: Upon receiving Auth-4, the USP derives PIDUSP* = h (PIDUSP||R4), ( h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*) = D3 h (A3||R4), and D4* = h (PIDUSP||R4||h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*||KUT). It then confirms if D4* ≟ D4 such that the authentication is aborted when the verification flops. Otherwise, it derives session key SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6).
Step 8: The USP derives parameters A3* = h (PIDUSP*||KUT), B2* = A3* h (R3||A4), and B3* = KUT h (A3*||A4). Next, it replaces {B2, B3, PIDUSP} with {B2*, B3*, PIDUSP*} in its database. Finally, it derives D5 = h (SKSU||PIDUSP*) and transmits it towards the TCS for the subsequent session.
Step 9: After receiving D5, the TCS recomputes D5* = h (SKSU||PIDUSP*). Next, it confirms if D5*≟ D5 such that it terminates the session when this validation fails. Otherwise, it deletes parameter set {PIDUSP, A3} from its database.

3.4. Parameter Update

In this phase, the USP’s private key KUSP is updated using the following two steps.
Step 1: The operator supplies their unique identity IDUSP as well old secret key KUSPOld. This is followed by the derivation of parameter R3 = A5 h (IDUSP||KUSPOld), A4 = h (KUSPOld||R3), and B1* = h (IDUSP||KUSPOld||R3||A4). The USP checks if B1* ≟ B1 such that this authentication is halted when this check fails. Otherwise, the operator is prompted to input the new secret key KUSPNew.
Step 2: The USP derives A3 = B2 h (R3||A4), KUT = B3 h (A3||A4), A4New = h (KUSPNew||R3), A5New = R3 h (IDUSP||KUSPNew), B1New = h (IDUSP||KUSPNew||R3||A4New), B2New = A3 h (R3||A4New), and B3New = KUT h (A3||A4New). Lastly, it replaces parameter set {A5, B1, B2, B3} with its refreshed equivalents {A5New, B1New, B2New, B3New}.

4. Security Analysis

In most of the authentication protocols, both formal and informal security analyses are carried out. As such, we present these analyses in this section and provide further details in the sub-sections that follow.

4.1. Formal Security Analysis

To accomplish this analysis, BAN logic is deployed to show that USP and SMi authenticate each other based on fresh and reliable data. Essentially, this involves the verification of the origin, freshness, and legitimacy of the exchanged messages. The notations in Table 2 are used throughout this formal analysis.
The BAN logic postulates are described using a number of rules that are detailed in Table 3 below.
Next, we lay bare that our protocol offers protected mutual validation between the SMi and the USP. In our protocol, four messages are exchanged during the processes of entity verification and session key setup. These particular messages are idealized as follows:
Auth-1. USP → TCS: {PIDUSP, B4, B5, C1}
Idealized form: (PIDUSP, A3, R4 ) K U T
Auth-2. TCS→ SMi: {PIDUSP, C3, C4, C5}
Idealized form: (PIDUSP, h (IDUSP||R4), h (IDTCS||R5), PIDSM, R1 ) K TSM
Auth-3. SMi →TCS: {D1, D2}
Idealized form: (PIDUSP, PIDSM, h (IDUSP||R4), h (IDSM||R6) ) K TSM
Auth-4. TCS → USP: {D3, D4}
Idealized form: (A3, h (IDUSP||R4), h (IDTCS||R5), h (IDSM||R6) ) K UT
Using the BAN logic analytic procedures, our scheme should uphold the four security goals (GLs) below.
GL1: USP |   ( USP   S K S U   SM )
GL2: USP| ≡ SM |   ( USP   S K S U   SM )
GL3: SM |   ( USP   S K S U   SM )
GL4: SM| ≡ USP |   ( USP   S K S U   SM )
To ensure that the BAN logic analysis of our scheme is successfully executed, a number of initial state assumptions (ASi) are made as follows.
AS1: TCS |       ( USP   S K S U   TCS )
AS2: TCS |     # (R4)
AS3: SM |       ( TCS   K TSM   SM )
AS4: SM |     # (R5)
AS5: TCS |       ( TCS   K TSM   SM )
AS6: TCS |     # (R6)
AS7: USP |   ( USP   K UT   TCS )
AS8: USP |   # (R5)
AS9: USP| ≡ TCS | (USP     h   ( I D TCS | | R 5 ) | | h ( I D SM | | R 6 )     SM)
AS10: SM| ≡ TCS | (USP     h   ( I D USP | | R 4 ) | | h ( I D TCS | | R 5 )     SM)
AS11: USP| ≡ SM | ( USP   S K S U   SM )
AS12: SM| ≡ USP | ( USP   S K S U   SM )
Based on message Auth-1, we obtain BL1.
BL1: TCS (PIDUSP, A3, R4 ) K U T
Deploying BL1 and AS1 with MMR, BL2 is obtained.
BL2: TCS| ≡ USP| ~ (PIDUSP, A3, R4 ) K U T
Applying FR to BL2 and AS2 yields BL3.
BL3: TCS| ≡ # (PIDUSP, A3, R4 ) K U T
Using NVR on both BL2 and BL3, we obtain BL4.
BL4: TCS| ≡ USP   | (PIDUSP, A3, R4 ) K U T
From message Auth-2, we can obtain BL5.
BL5: SM (PIDUSP, h (IDUSP||R4), h (IDTCS||R5), PIDSM, R1 ) K TSM
The application of MMR on both BL5 and AS3 results in BL6.
BL6: SM| ≡ TCS | ~ (PIDUSP, h (IDUSP||R4), h (IDTCS||R5), PIDSM, R1 ) K TSM
To obtain BL7, FR is used on BL6 and AS4.
BL7: SM| ≡ # (PIDUSP, h (IDUSP||R4), h (IDTCS||R5), PIDSM, R1 ) K TSM
On the other hand, NVR is applied to both BL6 and BL7 to obtain BL8.
BL8: SM| ≡ TCS   |   (PIDUSP, h (IDUSP||R4), h (IDTCS||R5), PIDSM, R1 ) K TSM
Based on message Auth-3, we can obtain BL9.
BL9: TCS (PIDUSP, PIDSM, h (IDUSP||R4), h (IDSM||R6) ) K TSM
Applying MMR on BL9 and AS5 yields BL10.
BL10: TCS| ≡ SM | ~ (PIDUSP, PIDSM, h (IDUSP||R4), h (IDSM||R6) ) K TSM
Using FR on BL10 and AS6 results in BL11.
BL11: TCS| ≡ # (PIDUSP, PIDSM, h (IDUSP||R4), h (IDSM||R6) ) K TSM
On the other hand, NVR is used on both BL10 and BL11 to obtain BL12.
BL12: TCS| ≡ SM   |   (PIDUSP, PIDSM, h (IDUSP||R4), h (IDSM||R6) ) K TSM
From message Auth-4, we can obtain BL13.
BL13: USP (A3, h (IDUSP||R4), h (IDTCS||R5), h (IDSM||R6) ) K UT
The application of MMR on BL13 and AS7 yields BL14.
BL14: USP| ≡ TCS | ~ (A3, h (IDUSP||R4), h (IDTCS||R5), h (IDSM||R6) ) K UT
To obtain BL15, FR is used in both BL14 and AS8.
BL15: USP| ≡ # (A3, h (IDUSP||R4), h (IDTCS||R5), h (IDSM||R6) ) K UT
However, using NVR on BL14 and BL15 yields BL16.
BL16: USP| ≡ TCS   | (A3, h (IDUSP||R4), h (IDTCS||R5), h (IDSM||R6) ) K UT
Since the session key is SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6), BL17 can be obtained from BL12, BL16, and AS9.
BL17: USP| ≡ SM | ( USP   S K S U   SM ); hence, GL2 is obtained.
From BL4, BL8, and AS10, we obtain BL18.
BL18: SM| ≡ USP   | ( USP   S K S U   SM ); thus, GL4 is obtained.
Based on BL17 and AS11, we can obtain BL19.
BL19: USP   |   ( USP   S K S U   SM ), achieving GL1.
Using BL18 and AS12, we can obtain BL20.
BL20: SM   |   ( USP   S K S U   SM ), attaining GL3.
The effectual attainment of all the formulated security objectives implies that the USP, TCS, and SM have executed secure mutual authentication and can now proceed to exchange data.

4.2. Informal Security Analysis

In this sub-section, both the Dolev–Yao (DY) and Canetti–Krawczyk (CK) threat models are deployed to show the robustness of our protocol against typical smart grid attacks. Essentially, we make some assumptions about the attacker’s capabilities and then show how our protocol counters the attacker’s capabilities in both the DY and CK models. These attack capabilities are well articulated in [50].
Theorem 1.
Our scheme offers anonymity and untraceability.
Proof. 
Let us assume that an adversary Ä has eavesdropped on Auth-1 = {PIDUSP, B4, B5, C1}, Auth-2 = {PIDUSP, C3, C4, C5}, Auth-3 = {D1, D2}, and Auth-4 = {D3, D4}. Here, B4 = h (PIDUSP||A3||KUT) (R4||PIDSM), B5 = h (IDUSP||R4) h (KUT||R4), C1 = h (PIDUSP||A3||R4||PIDSM||KUT), C3 = h (PIDSM||KTSM||R1) C2, C4 = (h (IDUSP||R4)||h (IDTCS||R5)) h (KTSM||R1), C5 = h (PIDUSP||C2||KTSM), D1 = h (PIDSM||KTSM||R1) h (IDSM||R6), D2 = h (PIDUSP||PIDSM||C2*||h (IDSM||R6)||KTSM), D3 = h (A3||R4) ( h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*), and D4 = h (PIDUSP||R4||h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*||KUT). The goal is to obtain the real identities of the USP, TCS, and SMi that can facilitate the tracking of these entities. Evidently, these identities are encapsulated in other parameters (such as nonces R1, R4, R5, and R6) before being hashed. Towards the end of each session, secret parameter PIDUSP is updated as PIDUSP* = h (PIDUSP||R4). As such, all the messages are dynamic for each session. □
Theorem 2.
Spoofing and impersonation attacks are thwarted.
Proof. 
The main objective of these attacks is to spoof exchanged messages so as to masquerade oneself as a legitimate network entity. The following three cases demonstrate the resilience of our scheme against these threats. □
Case 1: Suppose that Ä wants to impersonate the USP through the interception of message Auth-1 = {PIDUSP, B4, B5, C1} sent from the USP towards the TCS over public channels. Here, B4 = h (PIDUSP||A3||KUT) (R4||PIDSM), B5 = h (IDUSP||R4) h (KUT||R4), and C1 = h (PIDUSP||A3||R4||PIDSM||KUT). However, Ä is unable to derive these parameters without knowledge of USP’s real identity (IDUSP), the shared key between USP and TCS (KUT), and random nonce R4, among other values.
Case 2: Let us assume that Ä has intercepted messages Auth-2 = {PIDUSP, C3, C4, C5} and Auth-4 = {D3, D4} transmitted from the TCS towards the SMi and TCS, respectively. Here, C3 = h (PIDSM||KTSM||R1) C2, C4 = (h (IDUSP||R4)||h (IDTCS||R5)) h (KTSM||R1), C5 = h (PIDUSP||C2||KTSM), D1 = h (PIDSM||KTSM||R1) h (IDSM||R6), and D2 = h (PIDUSP||PIDSM||C2*||h (IDSM||R6)||KTSM). Afterwards, an attempt is made to construct bogus messages {PIDUSPb, C3b, C4b, C5b} and {D3 b, D4 b}. However, without TCS’ real identity (IDTCS), random nonces (R1, R4, R5, and R6), and shared key KTSM, among other parameters, the derivation of these messages flops.
Case 3: Suppose that Ä has captured message Auth-3 = {D1, D2} sent from SMi towards TCS over public channels. Here, D1 = h (PIDSM||KTSM||R1) h (IDSM||R6) and D2 = h (PIDUSP||PIDSM||C2*||h (IDSM||R6)||KTSM). Similar to Case 2 above, Ä cannot construct valid message Auth-3 without knowledge of SMi’s real identity (IDSM), shared key (KTSM), and random nonces (R1 and R6).
Theorem 3.
Strong mutual entity verification is executed.
Proof. 
In the proposed approach, all the network parties mutually authenticate one another. For instance, upon receiving message Auth-1 = {PIDUSP, B4, B5, C1} from the USP, the TCS computes C1* = h (PIDUSP||A3||R4*||PIDSM*||KUT) and validates USP by checking if C1* ≟ C1. Conversely, upon receiving Auth-2 = {PIDUSP, C3, C4, C5} from the TCS, the SMi computes C5 = h (PIDUSP||C2*||KTSM) and verifies the TCS by confirming whether C5* ≟ C. Similarly, the TCS receives message Auth-3 = {D1, D2} from SMi, derives D2* = h (PIDUSP||PIDSM||C2||h (IDSM||R6)||KTSM), and authenticates SMi by checking if D2* ≟ D2. In contrast, the USP obtains message Auth-4 = {D3, D4} from the TCS, computes D4* = h (PIDUSP||R4||h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*||KUT), and validates the TCS by confirming if D4* ≟ D4. □
Theorem 4.
The communicating entities negotiate session keys.
Proof. 
In our protocol, the TCS, SMi, and USP autonomously calculate the session key SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6). For instance, after receiving message Auth-2 from the TCS, the SMi computes the session key as SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6), together with parameters D1 and D2. However, upon receiving Auth-3 from the SMi, the TCS computes the session key as SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6), together with values PIDUSP*, A3*, D3, and D4. Similarly, the USP receives message Auth-4 from the TCS and computes the session key as SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6), together with values A3*, B2*, and B3*. □
Theorem 5.
Our scheme can withstand forgery and eavesdropping attacks.
Proof. 
Let us assume that adversary Ä wants to forge session key SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6). Evidently, Ä must have access to identities IDUSP, IDTCS, and IDSM. In addition, random nonces R4, R5, and R6 must be obtained by Ä. However, these identities and nonces cannot be obtained by eavesdropping messages Auth-1 = {PIDUSP, B4, B5, C1}, Auth-2 = {PIDUSP, C3, C4, C5}, Auth-3 = {D1, D2}, and Auth-4 = {D3, D4} exchanged over public channels. Let us assume that Ä has captured long-term secret keys KTCS, KUT, KTSM, and KSM. However, none of these keys is incorporated in the negotiated session key SKSU. As such, the session keys derived in our protocol are secured. □
Theorem 6.
MitM and replay attacks are thwarted.
Proof. 
Suppose that Ä has the ability of intercepting and modifying authentication messages Auth-1 = {PIDUSP, B4, B5, C1}, Auth-2 = {PIDUSP, C3, C4, C5}, Auth-3 = {D1, D2}, and Auth-4 = {D3, D4} exchanged over insecure public channels. Here, B4 = h (PIDUSP||A3||KUT) (R4||PIDSM), B5 = h (IDUSP||R4) h (KUT||R4), C1 = h (PIDUSP||A3||R4||PIDSM||KUT), C3 = h (PIDSM||KTSM||R1) C2, C4 = (h(IDUSP||R4)||h (IDTCS||R5)) h (KTSM||R1), C5 = h (PIDUSP||C2||KTSM), D1 = h (PIDSM||KTSM||R1) h (IDSM||R6), D2 = h (PIDUSP||PIDSM||C2*||h (IDSM||R6)||KTSM), D3 = h (A3||R4) ( h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*), and D4 = h (PIDUSP||R4||h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*||KUT). It is clear that all these messages incorporate random nonces such as R1, R4, R5, and R6. In addition, any successful modification of these messages requires knowledge of identities (IDUSP, IDTCS, IDSM) and shared keys (KUT, KTSM), all of which are unavailable to Ä. □
Theorem 7.
Privileged insider attacks are effectively prevented.
Proof. 
Let us assume that some privileged insider Ä has accessed USP’s pseudo-identity (PIDUSP) during the registration phase. In addition, Ä has access to {A5, B1, B2, B3} stored in the USP’s database. With all these parameters, Ä makes some attempts in deriving session key SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6). However, Ä does not know real identities (IDUSP, IDTCS, IDSM) and random nonces (R4, R5, R6). Therefore, this attack will fail. □
Theorem 8.
The proposed scheme can resist de-synchronization and backdoor-based DoS attacks.
Proof. 
The objective of these threats is to alter and block exchanged messages so as to interfere with future mutual verification processes among the USP, TCS, and SMi. This can be occasioned by some SG and SM firmware-containing backdoors. Suppose that Ä wants to de-synchronize the next authentication session by modifying Auth-1, Auth-2, and Auth-3. However, Theorem 6 demonstrates the difficulty in modifying these messages devoid of random nonces, real identities, and shared keys. Let us assume that Ä wants to block all the transmitted messages so as to interfere with the synchronization procedures among the USP, TCS, and SMi. To achieve this, USP’s pseudo-identity PIDUSP, incorporated in all four authentication messages, is utilized. However, in Step 7 above, our scheme refreshes this parameter as PIDUSP* = h (PIDUSP||R4) and includes it in parameters D3 = h (A3||R4) ( h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*) and D4 = h (PIDUSP||R4||h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*||KUT). Thereafter, authentication message Auth-4 = {D3, D4} is relayed to the USP. Provided that PIDUSP*is valid, it then passes the D4* ≟ D4 check. Otherwise message Auth-4 is rejected at the USP. Upon the successful verification of PIDUSP*, the USP derives and sends D5 = h (SKSU||PIDUSP*) to the TCS for further validation through the D5* ≟ D5 check. It is only after the successful verification of PIDUSP* that TCS deletes parameter set {PIDUSP, A3} from its database. Otherwise, the TCS continues to store these two values to stay in sync with the USP. □
Theorem 9.
Offline guessing attacks are resisted.
Proof. 
The assumption made in these attacks is that Ä is able to obtain {A5, B1, B2, B3} from the USP’s database. Here, A3 = h (PIDUSP||KUT), A4 = h (KUSP||R3), A5 = R3 h (IDUSP||KUSP), B1 = h (IDUSP||KUSP||R3||A4), B2 = A3 h (R3||A4), and B3 = KUT h (A3||A4). It is clear that these messages are encapsulated with random nonce, IDUSP, and KUSP. In accordance with Theorem 5, Ä cannot easily ascertain identity IDUSP and random nonces. Since KUSP is the USP’s private key, it is not available to Ä and cannot be eavesdropped over public channels. □
Theorem 10.
Our scheme is robust against KSSTI and ephemeral secret leakage attacks.
Proof. 
The purpose of this attack is to enable adversary Ä to access session-specific tokens such as nonces R1, R2, R3, R4, R5, and R6. Thereafter, Ä attempts some KSSTI under the CK-adversarial model. This might include an attempt to derive the session key SKSU = h (h (IDUSP||R4)||h (IDTCS||R5)||h (IDSM||R6). However, even with these ephemerals, Ä cannot derive SKSU. This is because the real identities of the SMi, TCS, and USP (IDUSP, IDTCS, IDSM) are required. Based on Theorem 5, Ä cannot easily ascertain these identities, and, hence, this attack flops. □
Theorem 11.
The proposed protocol can withstand physical attacks.
Proof. 
The assumption made here is that adversary Ä has physically obtained the SMi upon which the stored values {A1, A2, PIDSM} in its memory are extracted via a power analysis. Here, A1 = R1 h (IDSM||KSM), A2 = KTSM h (R1||KSM), and PIDSM = h (IDSM||R1). The next objective is to ascertain SMi’s identity (IDSM), shared key (KTSM), and SM’s private key (KSM). However, these values are masked with random nonces before being hashed. Since reversing the one-way hashing function is computationally cumbersome, our scheme is robust against physical attacks. □

5. Performance Evaluations

Storage, computation, supported security, and privacy features, as well as communication complexities are most often utilized as metrics to evaluate authentication protocols. As such, we deploy such metrics in our comparative performance evaluations as detailed below.

5.1. Computation Overheads

During the mutual verification and key setup phase, our scheme executes only one-way hashing (TH) operations. Specifically, 7TH and 16TH operations are executed on the smart meter and utility service provider sides, respectively. The time complexities of the diverse cryptographic functions in the smart meter are computed on a 1 GB RAM, 1.2 GHz CPU, Quad-core Raspberry Pi-3, while the USP cryptographic primitives are computed on an 8 GB RAM, Core i7-6700 laptop equipped with a 3.40 GHz CPU. Under these two environments, the execution durations are presented in Table 4.
Using the execution durations in Table 4 as a basis, the total computation complexity of our scheme is 2.805 ms. Table 5 details the derivation and comparison of the computation complexities of other peer approaches.
As demonstrated in Figure 4, the technique in [22] has the longest execution time of 237.381 ms. This can be explained by the computationally extensive bilinear pairings in [22]. This is followed by the protocols in [6], [31], [32], [1], [13], [47], [10], [29], and [33] respectively. Conversely, our protocol incurs the least computation complexities.
Even though the approach in [33] has a relatively lower execution time, it cannot withstand guessing, KSSTI, eavesdropping, ephemeral secret leakage, spoofing, and physical capture attacks. In the SG environment, the majority of components does not have a high computation power; hence, our protocol is the most suitable for deployment.

5.2. Communication Overheads

In our scheme, messages Auth-1, Auth-2, Auth-3, and Auth-4 are exchanged during the verification and key setup phase. The specific details of these messages are as follows.
Auth-1 = {PIDUSP, B4, B5, C1}
Auth-2 = {PIDUSP, C3, C4, C5}
Auth-3 = {D1, D2}
Auth-4 = {D3, D4}
Here, PIDUSP = h (IDUSP||R3), B4 = h (PIDUSP||A3||KUT) (R4||PIDSM), B5 = h (IDUSP||R4) h (KUT||R4), C1 = h (PIDUSP||A3||R4||PIDSM||KUT), C3 = h (PIDSM||KTSM||R1) C2, C4 = (h (IDUSP||R4)||h (IDTCS||R5)) h (KTSM||R1), C5 = h (PIDUSP||C2||KTSM), D1 = h(PIDSM||KTSM||R1) h (IDSM||R6), D2 = h (PIDUSP||PIDSM||C2*||h (IDSM||R6)||KTSM), D3 = h (A3||R4) ( h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*), and D4 = h (PIDUSP||R4||h (IDTCS||R5)||h (IDSM||R6)||PIDUSP*||KUT).
Using the values in [23,33,39], the hashing, symmetric encryption, point multiplication, timestamps, and symmetric decryption output lengths are 160 bits, 128 bits, 320 bits, 32 bits, and 128 bits, correspondingly. As such, Auth-1 = 160 + 160 + 160 + 160 = 640 bits; Auth-2 = {160 + 160 + 160 + 160} = 640 bits; Auth-3 = {160 + 160} = 320 bits; and Auth-4 = {160 + 160} = 320 bits. Consequently, the overall communication complexity of our technique is 1920 bits. Table 6 presents the comparative analysis of the incurred communication complexities of our protocol together with those of its peer approaches.
As evidenced in Figure 5, the technique in [6] exhibits the largest communication overheads of 2816 bits. This is followed by the protocols in [32], our proposed scheme, [33], [1], [10], [31], [13], [47], [22], and [29], in this order. Even though the technique in [29] incurs the lowest communication overheads, its design does not consider guessing, eavesdropping, and spoofing attacks. Similarly, the security scheme in [22] is defenseless against privileged insider, de-synchronization, DoS, guessing, spoofing, KSSTI, eavesdropping, EPSL, physical capture, and forgery attacks. In the same breadth, the protocol in [47] is not analyzed against attacks such as de-synchronization, privileged insider, DoS, guessing, eavesdropping, physical capture, ephemeral secret leakage, spoofing, replay, and forgery. In addition, it does not offer anonymity. On its part, the approach in [13] fails to provide session key agreement and mutual authentication. In addition, it is not analyzed against de-synchronization, DoS, privileged insider, guessing, KSSTI, eavesdropping, spoofing, and forgery attacks. Concerning the protocol in [33], it is defenseless against guessing, KSSTI, eavesdropping, EPSL, spoofing, and physical capture attacks. Likewise, the protocol in [1] cannot withstand privileged insider, physical capture, guessing, KSSTI, eavesdropping, spoofing, and forgery attacks. Regarding the protocol in [10], it cannot protect against DoS, spoofing, privileged insider, guessing, KSSTI, eavesdropping, EPSL, physical capture, and forgery.
In addition, it cannot offer entity untraceability and anonymity. Finally, the scheme in [31] is not robust against spoofing, de-synchronization, DoS, privileged insider, guessing, eavesdropping, ESPL, and forgery attacks. Evidently, our protocol provides a good balance between security and communication complexity.

5.3. Storage Overheads

In our scheme, value sets {A5, B1, B2, B3} and {A1, A2, PIDSM} are stored in the USP database and smart meter memory, respectively. Here, A5 = B1 = B2 = B3 = A1 = A2 = PIDSM = 160 bits. Consequently, the cumulative storage complexity in our scheme is 1120 bits, or 140 bytes. Table 7 shows the derivation of the storage complexities of our scheme as well as those ones of its peers.
The specific details of the various parameters stored in the related schemes are described in Table 8.
As revealed in Figure 6, the approach in [22] incurs the highest storage complexity of 6112 bits. This is followed by the protocols in [1], [47], [13], [31], [10], the proposed scheme, [29], [6], [32], and [33] respectively. The high storage cost in [22] is due to the numerous security tokens that have to be stored in the end devices.
Although the protocols in [6,29,32,33] have slightly lower storage complexities compared to our scheme, they are susceptible to numerous threats, as shown in Table 9. Since smart devices such as SMs in the grid system have limited storage, our scheme is ideal for implementation in this environment.

5.4. Supported Functionalities

The protocol developed in this paper offers a wide range of salient security and privacy features and is robust against several attacks. Table 9 provides a comparative evaluation of the security characteristics of our scheme as well as its resilience to attacks.
As revealed in Table 9, the scheme in [6] supports only six features and, hence, is the least secure. This is followed by the protocol in [47], which supports seven features. In contrast, the schemes in [10,13,22] support eight features and, hence, have been rated third. This is followed by the protocols in [32], [31], [1], [33], and [29], which offer support for 9, 10, 11, 11, and 15 characteristics, correspondingly.
Conversely, our scheme supports all 18 security and privacy features. Using the 15 features provided in [29] as a basis, our scheme offers a 20% improvement in smart grid networks’ security posture.

6. Conclusions

The consumer consumption report and power adjustments data exchanged between SMs and SPs are exposed to many privacy and security threats. This is due to the utilization of insecure communication channels for the message communication procedures. Such attacks include ephemeral secret leakage, denial of service, eavesdropping, tampering, and forgery. To address this challenge, many security solutions have been developed recently. Nevertheless, the majority of these solutions has been shown to be inefficient or have some susceptibilities that render them inappropriate for smart meters. In this paper, a security protocol that is provably secure has been developed. It has also been demonstrated to be resilient against attacks such as privileged insider, de-synchronization, DoS, guessing, KSSTI, eavesdropping, EPSL, spoofing, physical capture, impersonation, replay, MitM, and forgery. In addition, it provides security functionalities such as anonymity, strong authentication, session key agreement, session key security, and untraceability. In terms of performance, it incurs the least computational costs and relatively lower storage and communication costs. Future work will feature the development of novel approaches that can further reduce the incurred storage and communication overheads.

Author Contributions

All the authors have contributed equally to this article. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

The raw data supporting the conclusions of this article will be made available by the authors upon request.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Baghestani, S.H.; Moazami, F.; Tahavori, M. Lightweight authenticated key agreement for smart metering in smart grid. IEEE Syst. J. 2022, 16, 4983–4991. [Google Scholar] [CrossRef]
  2. Sun, C.-C.; Hahn, A.; Liu, C.-C. Cyber security of a power grid: State-of-the-art. Int. J. Electr. Power Energy Syst. 2018, 99, 45–56. [Google Scholar] [CrossRef]
  3. Salem, F.M.; Ibrahim, E.; Elghandour, O. A lightweight authenticated key establishment scheme for secure smart grid communications. Int. J. Saf. Secur. Eng. 2020, 10, 549–558. [Google Scholar] [CrossRef]
  4. Numan, M.; Baig, M.F.; Yousif, M. Reliability evaluation of energy storage systems combined with other grid flexibility options: A review. J. Energy Storage 2023, 63, 107022. [Google Scholar] [CrossRef]
  5. Nyangaresi, V.O.; Abduljabbar, Z.A.; Al Sibahee, M.A.; Abood, E.W.; Abduljaleel, I.Q. Dynamic ephemeral and session key generation protocol for next generation smart grids. In Proceedings of the International Conference on Ad Hoc Networks, Virtual Event, 6–7 December 2021; pp. 188–204. [Google Scholar] [CrossRef]
  6. Xia, Z.; Liu, T.; Wang, J.; Chen, S. A secure and efficient authenticated key exchange scheme for smart grid. Heliyon 2023, 9, e17240. [Google Scholar] [CrossRef]
  7. Huseinović, A.; Mrdović, S.; Bicakci, K.; Uludag, S. A survey of denial-of-service attacks and solutions in the smart grid. IEEE Access 2020, 8, 177447–177470. [Google Scholar] [CrossRef]
  8. Zhu, L.; Li, M.; Zhang, Z.; Xu, C.; Zhang, R.; Du, X.; Guizani, N. Privacy-preserving authentication and data aggregation for fog-based smart grid. IEEE Commun. Mag. 2019, 57, 80–85. [Google Scholar] [CrossRef]
  9. Kumar, P.; Lin, Y.; Bai, G.; Paverd, A.; Dong, J.S.; Martin, A. Smart grid metering networks: A survey on security, privacy and open research issues. IEEE Commun. Surv. Tutor. 2019, 21, 2886–2927. [Google Scholar] [CrossRef]
  10. Mohammadali, A.; Haghighi, M.S.; Tadayon, M.H.; Mohammadi-Nodooshan, A. A novel identity-based key establishment method for advanced metering infrastructure in smart grid. IEEE Trans. Smart Grid 2016, 9, 2834–2842. [Google Scholar] [CrossRef]
  11. Tanveer, M.; Ahmad, M.; Khalifa, H.S.; Alkhayyat, A.; Abd El-Latif, A.A. A new anonymous authentication framework for secure smart grids applications. J. Inf. Secur. Appl. 2022, 71, 103336. [Google Scholar] [CrossRef]
  12. Abbasinezhad-Mood, D.; Nikooghadam, M. An anonymous ECC-based self-certified key distribution scheme for the smart grid. IEEE Trans. Ind. Electron. 2018, 65, 7996–8004. [Google Scholar] [CrossRef]
  13. Kumar, N.; Aujla, G.S.; Das, A.K.; Conti, M. ECCAuth: A secure authentication protocol for demand response management in a smart grid system. IEEE Trans. Ind. Inform. 2019, 15, 6572–6582. [Google Scholar] [CrossRef]
  14. Zhang, L.; Zhu, Y.; Ren, W.; Wang, Y.; Choo, K.-K.R.; Xiong, N.N. An energy-efficient authentication scheme based on Chebyshev chaotic map for smart grid environments. IEEE Internet Things J. 2021, 8, 17120–17130. [Google Scholar] [CrossRef]
  15. Gope, P.; Sikdar, B. A privacy-aware reconfigurable authenticated key exchange scheme for secure communication in smart grids. IEEE Trans. Smart Grid 2021, 12, 5335–5348. [Google Scholar] [CrossRef]
  16. Kaveh, M.; Mosavi, M.R. A lightweight mutual authentication for smart grid neighborhood area network communications based on physically unclonable function. IEEE Syst. J. 2020, 14, 4535–4544. [Google Scholar] [CrossRef]
  17. Tahavori, M.; Moazami, F. Lightweight and secure PUF-based authenticated key agreement scheme for smart grid. Peer-To-Peer Netw. Appl. 2020, 13, 1616–1628. [Google Scholar] [CrossRef]
  18. Gope, P.; Sikdar, B. Privacy-aware authenticated key agreement scheme for secure smart grid communication. IEEE Trans. Smart Grid 2018, 10, 3953–3962. [Google Scholar] [CrossRef]
  19. Nyangaresi, V.O.; Petrovic, N. Efficient PUF based authentication protocol for internet of drones. In Proceedings of the 2021 International Telecommunications Conference (ITC-Egypt), Alexandria, Egypt, 13–15 July 2021; pp. 1–4. [Google Scholar] [CrossRef]
  20. Li, X.; Wu, F.; Kumari, S.; Xu, L.; Sangaiah, A.K.; Choo, K.-K.R. A provably secure and anonymous message authentication scheme for smart grids. J. Parallel Distrib. Comput. 2019, 132, 242–249. [Google Scholar] [CrossRef]
  21. Wu, L.; Wang, J.; Zeadally, S.; He, D. Anonymous and efficient message authentication scheme for smart grid. Secur. Commun. Netw. 2019, 2019, 4836016. [Google Scholar] [CrossRef]
  22. Tsai, J.-L.; Lo, N.-W. Secure anonymous key distribution scheme for smart grid. IEEE Trans. Smart Grid 2015, 7, 906–914. [Google Scholar] [CrossRef]
  23. Odelu, V.; Das, A.K.; Wazid, M.; Conti, M. Provably secure authenticated key agreement scheme for smart grid. IEEE Trans. Smart Grid 2016, 9, 1900–1910. [Google Scholar] [CrossRef]
  24. Abduljabbar, Z.A.; Nyangaresi, V.O.; Jasim, H.M.; Ma, J.; Hussain, M.A.; Hussien, Z.A.; Aldarwish, A.J. Elliptic curve cryptography-based scheme for secure signaling and data exchanges in precision agriculture. Sustainability 2023, 15, 10264. [Google Scholar] [CrossRef]
  25. Deng, L.; Gao, R. Certificateless two-party authenticated key agreement scheme for smart grid. Inf. Sci. 2021, 543, 143–156. [Google Scholar] [CrossRef]
  26. Mahmood, K.; Chaudhry, S.A.; Naqvi, H.; Kumari, S.; Li, X.; Sangaiah, A.K. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Gener. Comput. Syst. 2018, 81, 557–565. [Google Scholar] [CrossRef]
  27. Abbasinezhad-Mood, D.; Nikooghadam, M. Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications. Future Gener. Comput. Syst. 2018, 84, 47–57. [Google Scholar] [CrossRef]
  28. Banerjee, S.; Odelu, V.; Das, A.K.; Chattopadhyay, S.; Park, Y. An efficient, anonymous and robust authentication scheme for smart home environments. Sensors 2020, 20, 1215. [Google Scholar] [CrossRef] [PubMed]
  29. Tanveer, M.; Alasmary, H. LACP-SG: Lightweight authentication protocol for smart grids. Sensors 2023, 23, 2309. [Google Scholar] [CrossRef] [PubMed]
  30. Srinivas, J.; Das, A.K.; Li, X.; Khan, M.K.; Jo, M. Designing anonymous signature-based authenticated key exchange scheme for Internet of Things-enabled smart grid systems. IEEE Trans. Ind. Inform. 2020, 17, 4425–4436. [Google Scholar] [CrossRef]
  31. Chaudhry, S.A.; Yahya, K.; Garg, S.; Kaddoum, G.; Hassan, M.M.; Zikria, Y.B. LAS-SG: An elliptic curve-based lightweight authentication scheme for smart grid environments. IEEE Trans. Ind. Inform. 2022, 19, 1504–1511. [Google Scholar] [CrossRef]
  32. Taqi, S.A.M.; Jalili, S. LSPA-SGs: A lightweight and secure protocol for authentication and key agreement based Elliptic Curve Cryptography in smart grids. Energy Rep. 2022, 8, 153–164. [Google Scholar] [CrossRef]
  33. Chen, C.; Guo, H.; Wu, Y.; Shen, B.; Ding, M.; Liu, J. A Lightweight Authentication and Key Agreement Protocol for IoT-Enabled Smart Grid System. Sensors 2023, 23, 3991. [Google Scholar] [CrossRef] [PubMed]
  34. Abdi Nasib Far, H.; Bayat, M.; Kumar Das, A.; Fotouhi, M.; Pournaghi, S.M.; Doostari, M.-A. LAPTAS: Lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT. Wirel. Netw. 2021, 27, 1389–1412. [Google Scholar] [CrossRef]
  35. Khan, A.A.; Kumar, V.; Ahmad, M.; Rana, S.; Mishra, D. PALK: Password-based anonymous lightweight key agreement framework for smart grid. Int. J. Electr. Power Energy Syst. 2020, 121, 106121. [Google Scholar] [CrossRef]
  36. Chaudhry, S.A. Correcting “PALK: Password-based anonymous lightweight key agreement framework for smart grid”. Int. J. Electr. Power Energy Syst. 2021, 125, 106529. [Google Scholar] [CrossRef]
  37. Wazid, M.; Das, A.K.; Kumar, N.; Alazab, M. Designing Authenticated Key Management Scheme in 6G-Enabled Network in a Box Deployed for Industrial Applications. IEEE Trans. Ind. Inform. 2021, 17, 7174–7184. [Google Scholar] [CrossRef]
  38. Nyangaresi, V.O.; Abduljabbar, Z.A.; Abduljabbar, Z.A. Authentication and Key Agreement Protocol for Secure Traffic Signaling in 5G Networks. In Proceedings of the IEEE 2nd International Conference on Signal, Control and Communication (SCC), Hammamet, Tunisia, 20–22 December 2021; pp. 188–193. [Google Scholar] [CrossRef]
  39. Esfahani, A.; Mantas, G.; Matischek, R.; Saghezchi, F.B.; Rodriguez, J.; Bicaku, A.; Maksuti, S.; Tauber, M.G.; Schmittner, C.; Bastos, J. A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment. IEEE Internet Things J. 2019, 6, 288–296. [Google Scholar] [CrossRef]
  40. Nyangaresi, V.O.; Abood, E.W.; Abduljabbar, Z.A.; Al Sibahe, M.A. Energy Efficient WSN Sink-Cloud Server Authentication Protocol. In Proceedings of the 5th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India, 22–23 October 2021; pp. 1–6. [Google Scholar] [CrossRef]
  41. Zhang, L.; Zhao, L.; Yin, S.; Chi, C.-H.; Liu, R.; Zhang, Y. A lightweight authentication scheme with privacy protection for smart grid communications. Future Gener. Comput. Syst. 2019, 100, 770–778. [Google Scholar] [CrossRef]
  42. Ikeda, K. Long-range quantum energy teleportation and distribution on a hyperbolic quantum network. IET Quantum Commun. 2023, 1–8. [Google Scholar] [CrossRef]
  43. Ikeda, K.; Lowe, A. Quantum protocol for decision making and verifying truthfulness among N-quantum parties: Solution and extension of the quantum coin flipping game. IET Quantum Commun. 2023, 4, 218–227. [Google Scholar] [CrossRef]
  44. Broadbent, A.; Fitzsimons, J.; Kashefi, E. Universal blind quantum computation. In Proceedings of the 2009 50th Annual IEEE Symposium on Foundations of Computer Science, Atlanta, GA, USA, 25–27 October 2009; pp. 517–526. [Google Scholar] [CrossRef]
  45. Hiroka, T.; Morimae, T.; Nishimaki, R.; Yamakawa, T. Certified everlasting zero-knowledge proof for QMA. In Annual International Cryptology Conference; Springer Nature: Cham, Switzerland, 2022; pp. 239–268. [Google Scholar] [CrossRef]
  46. Ikeda, K. Security and privacy of blockchain and quantum computation. In Advances in Computers; Elsevier: Amsterdam, The Netherlands, 2018; Volume 111, pp. 199–228. [Google Scholar] [CrossRef]
  47. Park, K.; Lee, J.; Das, A.K.; Park, Y. BPPS: Blockchain-enabled privacy-preserving scheme for demand-response management in smart grid environments. IEEE Trans. Dependable Secur. Comput. 2022, 20, 1719–1729. [Google Scholar] [CrossRef]
  48. Zhou, L.; Diro, A.; Saini, A.; Kaisar, S.; Hiep, P.C. Leveraging zero knowledge proofs for blockchain-based identity sharing: A survey of advancements, challenges and opportunities. J. Inf. Secur. Appl. 2024, 80, 103678. [Google Scholar] [CrossRef]
  49. Crocetti, L.; Di Rienzo, R.; Verani, A.; Baronti, F.; Roncella, R.; Saletti, R. A novel and robust security approach for authentication, integrity, and confidentiality of Lithium-ion Battery Management Systems. In Proceedings of the 2023 IEEE 3rd International Conference on Industrial Electronics for Sustainable Energy Systems (IESES), Shanghai, China, 26–28 July 2023; pp. 1–6. [Google Scholar] [CrossRef]
  50. Al Sibahee, M.A.; Nyangaresi, V.O.; Ma, J.; Abduljabbar, Z.A. Stochastic Security Ephemeral Generation Protocol for 5G Enabled Internet of Things. In International Conference on Internet of Things as a Service; Springer: Cham, Switzerland, 2022; pp. 3–18. [Google Scholar] [CrossRef]
Figure 1. Proposed network model.
Figure 1. Proposed network model.
Cryptography 08 00020 g001
Figure 2. System initialization and registration.
Figure 2. System initialization and registration.
Cryptography 08 00020 g002
Figure 3. Authentication and key negotiation.
Figure 3. Authentication and key negotiation.
Cryptography 08 00020 g003
Figure 4. Computational complexities [1,6,10,13,22,29,31,32,33,47].
Figure 4. Computational complexities [1,6,10,13,22,29,31,32,33,47].
Cryptography 08 00020 g004
Figure 5. Communication complexities [1,6,10,13,22,29,31,32,33,47].
Figure 5. Communication complexities [1,6,10,13,22,29,31,32,33,47].
Cryptography 08 00020 g005
Figure 6. Storage complexities [1,6,10,13,22,29,31,32,33,47].
Figure 6. Storage complexities [1,6,10,13,22,29,31,32,33,47].
Cryptography 08 00020 g006
Table 1. Notations.
Table 1. Notations.
SymbolDescriptions
TCSTrusted control server
SMiith smart meter
USPUtility service provider
KTCSMaster key of the TCS
IDTCSUnique identifier of the TCS
IDSMUnique identifier of the SMi
KSMSMi’s private key
RiRandom nonce i
PIDSMSM’s pseudo-identity
KTSMShared key between TCS and SM
IDUSPUnique identity of the USP
KUSPUSP’s private key
PIDUSPUSP’s pseudo-identity
KUTShared key between USP and TCS
SKSUSession key between SMi and USP
h (.)Hashing function
||Concatenation operation
XOR operation
Table 2. BAN logic notations.
Table 2. BAN logic notations.
NotationDetails
RSecret key
A |   XEntity A believes statement X
A| ~ XEntity A once said statement X
<X>MX is combined with M
A X Entity A sees statement X
A X Entity A has jurisdiction over X
# (X)Message X is fresh
(X)RMessage X is hashed using key R
(X, M)X or M is part of formula (X, M)
A       R     B Entities A and B share secret key R
{X}RMessage X is enciphered using key R
A     R         BR is only known to A and B
Table 3. BAN logic rules.
Table 3. BAN logic rules.
RuleDetails
A | A R B , A { X } R A | B | ~ X Message Meaning Rule (MMR)
A | # ( X ) , A | B | ~ X A | B | X Nonce Verification Rule (NVR)
A | B | ( X , M ) A | B | X Believe Rule (BR)
A | B X , A | B | X A | X Jurisdiction Rule (JR)
A | # ( X ) A | # ( X , M ) Freshness rule (FR)
Table 4. Execution durations.
Table 4. Execution durations.
SchemeCosts (ms)
SMUSP
Bilinear pairing operations, TBP95.721009.52800
ECC point addition, TECA0.134000.00700
One-way hash function, TH0.345000.03900
ECC point multiplication, TPM2.700000.70500
Symmetric encryption, TSE0.410000.00460
Symmetric decryption, TSD0.410000.00460
Esch256 one-way hash function, THE0.330000.03200
Physically unclonable function, TPUF0.00049-
Counter-mode encryption with authentication tag, TCO0.349000.04100
Bio-metric key generation and reproduction, TREP2.700000.70500
Modular exponential, TE30.79200.31200
Scalar multiplication, TSM2.700000.70500
Table 5. Computation complexities.
Table 5. Computation complexities.
SchemeSMUSPTotal (ms)
Baghestani et al. [1]5TH + 2TPM11TH + 2TPM17TH + 4TPM ≈ 8.964
Xia et al. [6]19TPM17TPM10TH + 8TPM ≈ 63.285
Mohammadali et al. [10]3TH + 2TPM4TH + 3TPM7TH + 5TPM ≈ 8.706
Kumar et al. [13]5TH + 2TPM6TH + 2TPM11TH + 4TPM ≈ 8.769
Tsai & Lo [22]5TH + 4TPM + TE2TBP + 3TPM + TE + 5TH2TBP + 7TPM + 2TE + 10TH ≈ 237.381
Tanveer & Alasmary [29]2THE + 2TCO + TREP + TPUF5THE + 2TCO7THE + 4TCO + TREP + TPUF ≈ 4.300
Chaudhry et al. [31]4TH + 2TSE + 3TPM6TH + 2TSE + 4TPM10TH + 4TSE + 7TPM ≈ 13.363
Taqi & Jalili [32]4TH + TSE + TSD + 3TPM3TH + TSE + TSD + 3TPM7TH + 2TSE + 2TSD + 6TPM ≈ 12.5412
Chen et al. [33]7TH + TSD9TH + 2TSE + TSD16TH + 2TSE + 2TSD ≈ 3.1898
Park et al. [47]5TH + 2TSM6TH + 2TSM11TH + 4TSM ≈ 8.769
Proposed7TH16TH16TH + 7TH ≈ 3.0390
Table 6. Communication complexities.
Table 6. Communication complexities.
SchemeMessages ExchangedTotal (Bits)
Baghestani et al. [1] SM   864   USP       832 SM1696
Xia et al. [6] SM   1664   USP       1152     SM2816
Mohammadali et al. [10] SM   768   USP       608     SM       160     USP1536
Kumar et al. [13] SM   512   USP       672     SM       192     USP1376
Tsai & Lo [22] SM   480   USP       480     SM       320     USP1280
Tanveer & Alasmary [29] USP   544   TCS 662 SM1206
Chaudhry et al. [31] SM   768   USP 768 SM1536
Taqi & Jalili [32] SM   512   USP 896 SM 576   USP1984
Chen et al. [33] SM   864 USP 704 SM   160   USP   160   SM1888
Park et al. [47] SM   512   USP 672 SM 192 USP1376
Proposed USP   640   TCS 640 SM 320 TCS 320 USP1920
Table 7. Storage overheads.
Table 7. Storage overheads.
SchemeStored ParametersTotal (Bits)
Baghestani et al. [1]SM: {H1, H2, n, E, P, FP, SMsj, xj, yj}
USP: {SMIDj,Mk}
2432
Xia et al. [6]SM: {xS, R2}
USP: {xC}
896
Mohammadali et al. [10]SM: {SM, RM, yM, rM}
USP: {yAHE, rAHE}
1600
Kumar et al. [13]SM: {RIDi, TCi, h (·),Ep (a, b),G}
USP: {RIDj, TCj, {RIDi |i = 1, 2, …, l}, h (·),Ep (a, b),G}
2240
Tsai & Lo [22]SM: {G1, G2, P, e,H, H1, H2, H3, H4, q, Ppub, g}
USP: {G1, G2, P, e, H, H1, H2, H3, H4, q, Ppub, g}, Kj, H1 (SIDj)P + Ppub
6112
Tanveer & Alasmary [29]SM: {CHSMi, TIDSMi, RNr, HD}
USP: {SIDi, Bi, RNr}
1056
Chaudhry et al. [31]SM: {E, P, Fp, n, SMprj, σj, idSTj, STj, H (.), SMIDj, Pidstj}
USP: {Mk}
2176
Taqi & Jalili [32]SM: {ai, Ai}
USP: {aj, Aj}
896
Chen et al. [33]SM: {IDi, N1, Xi}
USP: {Si}
832
Park et al. [47]SM: {PIDi, LSSMi, H, E(a, b), G}
USP: {PCUIDj, H, E(a,b), G, PIDi=1…l}
2240
ProposedSM: {A1, A2, PIDSM}
USP: {A5, B1, B2, B3}
1120
Table 8. Details of stored parameters.
Table 8. Details of stored parameters.
SymbolDetails
xS, SMsj, SMprj, SMSM’s private keys
RM,SM’s public key
R2Keying parameter based on smart meter’s public key
xC, KjUSP’s private keys
H1, H2, H, H (..), h (.), H1, H2, H3, H4One-way hash functions
n, E, PElliptic curve E and a point P of order n
FPFinite field
xj, yj, Xi, LSSMi, σj, STj, Ai, Aj, SIDi, Bi, yM, yAHE, gDerived intermediary parameters
SMIDj, IDi, SMIDjSM’s unique identity
idSTjUnique identifier for SM
SIDjUSP’s unique identity
MkMaster key
N1, ai, aj, RNr, rM, rAHERandom numbers
SiSM’s unique identification stored in the table
PIDi, Pidstj, TIDSMi, RIDiPseudo-identities for SM
PCUIDj, RIDjPseudo-identities for USP
TCiSM’s temporal credential
TCjUSP’s temporal credential
E(a, b), G, Ep (a, b)Elliptic curve with base point G.
P, G1, G2Generator of G1, cyclic additive group, and cyclic multiplicative group, respectively
qPrime order of G1 and G2
ePairing operation
PpubPublic key of the trust anchor
CHSMiRegistration authority (RA) challenge parameter
HDHelper data
Table 9. Supported functionalities.
Table 9. Supported functionalities.
[10][13][22][29][6][1][31][32][33][47]Proposed
Functionality
Session key agreement×
Anonymity and untraceability×××
Key security
Mutual authentication×
Formal verification×
Resilience against
De-synchronization ××××××
Backdoor-based DoS××××××
Privileged insider××××××××
Guessing×××××××××
KSSTI×××××××
Eavesdropping××××××××××
Ephemeral secret leakage×××××××
Spoofing ××××××××××
Physical capture××××××
Impersonation ×
Replay ×
MitM×
Forgery×××××××××
√ Feature supported; × Feature not supported or not considered.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Ali, Z.A.; Abduljabbar, Z.A.; AL-Asadi, H.A.A.; Nyangaresi, V.O.; Abduljaleel, I.Q.; Aldarwish, A.J.Y. A Provably Secure Anonymous Authentication Protocol for Consumer and Service Provider Information Transmissions in Smart Grids. Cryptography 2024, 8, 20. https://doi.org/10.3390/cryptography8020020

AMA Style

Ali ZA, Abduljabbar ZA, AL-Asadi HAA, Nyangaresi VO, Abduljaleel IQ, Aldarwish AJY. A Provably Secure Anonymous Authentication Protocol for Consumer and Service Provider Information Transmissions in Smart Grids. Cryptography. 2024; 8(2):20. https://doi.org/10.3390/cryptography8020020

Chicago/Turabian Style

Ali, Zahraa Abdullah, Zaid Ameen Abduljabbar, Hamid Ali Abed AL-Asadi, Vincent Omollo Nyangaresi, Iman Qays Abduljaleel, and Abdulla J. Y. Aldarwish. 2024. "A Provably Secure Anonymous Authentication Protocol for Consumer and Service Provider Information Transmissions in Smart Grids" Cryptography 8, no. 2: 20. https://doi.org/10.3390/cryptography8020020

APA Style

Ali, Z. A., Abduljabbar, Z. A., AL-Asadi, H. A. A., Nyangaresi, V. O., Abduljaleel, I. Q., & Aldarwish, A. J. Y. (2024). A Provably Secure Anonymous Authentication Protocol for Consumer and Service Provider Information Transmissions in Smart Grids. Cryptography, 8(2), 20. https://doi.org/10.3390/cryptography8020020

Article Metrics

Back to TopTop