Smart Metering Architecture. To address security and privacy issues in smart metering networks, cryptography-based solutions play a significant role providing authentication, integrity and confidentiality of flow of information between the SM and utility SPs. Recently, several authentication and key agreement schemes have been proposed in SGs. In [5,6], the authors proposed a secure key management and key distribution scheme, respectively, in the SG network. The authors utilized the involvement of a trusted third party (TTP) during the key negotiation phase and symmetric key operations between the SM and SP. This feature may not be always efficient as it requires the TTP to be online and enlarges the attack scope. Moreover, these schemes do not offer anonymity and are vulnerable to man-in-the-middle (MITM) attacks and impersonation attacks. Considering public key infrastructure, Mahmood et al. and Mohammadali et al., proposed lightweight message authentication schemes for the SG in [7,8], respectively. In particular, Mahmood et al. [7] formally prove the resistance of the scheme in the CK security model. Unfortunately, both schemes do not provide anonymity of the SM’s credentials. In 2016, Tsai-Lo proposed the first anonymous key distribution scheme for SG communications [9]. The authors utilised an identity-based signature to achieve authentication and anonymity at low computational cost. Unfortunately, in [10], Xxxxx et al. reported that Tsai-Lo’s scheme provides weak security to the session key and that leads to many other security attacks. Then in [10], the authors proposed another authentication and session key agreement scheme for SGs. The authors asserted that their scheme required low computational cost and provided security of the session keys in the CK security model. However, in [11], Chen et al. claimed that the registration phase of the scheme proposed in [10] may be vulnerable and may lead to attacks. They also proposed a new scheme, with session key security in the CK security model, but with a different registration phase. In [12], another anonymous key agreement scheme was proposed, which is claimed to be resistant in the CK security model. This scheme does not use computing-intensive pairing operations and is limited to elliptic curve multiplications and additions. We will show that the schemes [10–12], claiming to be secure in the CK security model, do not satisfy this security feature. The advantage of resistance in the CK security model is that the scheme then also offers security attributes such as perfect forward secrecy, loss of information, known-key security, key-compromise impersonation, and unknown key-share, as proven in [13]. In addition, we also discuss their weakness with respect to resilience to denial of service (DoS). In [14], Xxxx-Xxxxxx proposed an authenticated key agreement scheme for securing SG networks in the CK security model. The authors utilized a physically unclonable function (PUF) and claimed that their scheme can provide robust security against MITM attacks, and offers resilience to DoS. However, the PUF uses a fuzzy extractor, which has limitations as reported in [15]. Consequently, most of the proposed schemes are either vulnerable to security attacks or require high computation costs at resource-constrained SMs.
Appears in 3 contracts
Samples: Key Agreement, Key Agreement, Key Agreement
Smart Metering Architecture. To address security and privacy issues in smart metering networks, cryptography-based solutions play a significant role providing authentication, integrity and confidentiality of flow of information between the SM and utility SPs. Recently, several authentication and key agreement schemes have been proposed in SGs. In [5,6], the authors proposed a secure key management and key distribution scheme, respectively, in the SG network. The authors utilized the involvement of a trusted third party (TTP) during the key negotiation phase and symmetric key operations between the SM and SP. This feature may not be always efficient as it requires the TTP to be online and enlarges the attack scope. Moreover, these schemes do not offer anonymity and are vulnerable to man-in-the-middle (MITM) attacks and impersonation attacks. Considering public key infrastructure, Mahmood Xxxxxxx et al. and Mohammadali Xxxxxxxxxxx et al., proposed lightweight message authentication schemes for the SG in [7,8], respectively. In particular, Mahmood Xxxxxxx et al. [7] formally prove the resistance of the scheme in the CK security model. Unfortunately, both schemes do not provide anonymity of the SM’s credentials. In 2016, TsaiXxxx-Lo Xx proposed the first anonymous key distribution scheme for SG communications [9]. The authors utilised an identity-based signature to achieve authentication and anonymity at low computational cost. Unfortunately, in [10], Xxxxx et al. reported that TsaiXxxx-Lo’s Xx’x scheme provides weak security to the session key and that leads to many other security attacks. Then in [10], the authors proposed another authentication and session key agreement scheme for SGs. The authors asserted that their scheme required low computational cost and provided security of the session keys in the CK security model. However, in [11], Chen Xxxx et al. claimed that the registration phase of the scheme proposed in [10] may be vulnerable and may lead to attacks. They also proposed a new scheme, with session key security in the CK security model, but with a different registration phase. In [12], another anonymous key agreement scheme was proposed, which is claimed to be resistant in the CK security model. This scheme does not use computing-intensive pairing operations and is limited to elliptic curve multiplications and additions. We will show that the schemes [10–12], claiming to be secure in the CK security model, do not satisfy this security feature. The advantage of resistance in the CK security model is that the scheme then also offers security attributes such as perfect forward secrecy, loss of information, known-key security, key-compromise impersonation, and unknown key-share, as proven in [13]. In addition, we also discuss their weakness with respect to resilience to denial of service (DoS). In [14], Xxxx-Xxxxxx proposed an authenticated key agreement scheme for securing SG networks in the CK security model. The authors utilized a physically unclonable function (PUF) and claimed that their scheme can provide robust security against MITM attacks, and offers resilience to DoS. However, the PUF uses a fuzzy extractor, which has limitations as reported in [15]. Consequently, most of the proposed schemes are either vulnerable to security attacks or require high computation costs at resource-constrained SMs.
Appears in 1 contract
Samples: Open Access License