PUF-BASED SOLUTIONS FOR SECURE COMMUNICATIONS IN ADVANCED METERING INFRASTRUCTURE (AMI)

Advanced Metering Infrastructure (AMI) provides two-way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols to provide the security of unicast and broadcast communications in AMI is an essential part of AMI design. The security of all existing cryptographic protocols are based on the assumption that secret information are stored in the non-volatile memory of each party. These information must be kept unknown to the adversary. Unfortunately, in an AMI network, the attackers can obtain some or all of the stored secret information from non-volatile memories by a great variety of inexpensive and fast side channel attacks. Especially, the smart meters which are located in physically insecure environments are more vulnerable to these attacks. Thus, all existing AKE and BA protocols are no longer secure against such attacks. In this paper, we investigate how to develop secure AKE and BA protocols with the presence of memory attack. As a solution, we propose to embed a Physical Unclonable Function (PUF) in each communicating party which generate the secret values as required without need to store them. By combining PUFs and two well-known and secure protocols, we propose a PUF-based Authenticated Key Exchange protocol (PUF-AKE) for unicast communications and a PUF-based Broadcast Authentication (PUF-BA) for broadcast communications. We show that our proposed protocols are memory leakage resilient. Also, we prove the security of them in a standard model. Performance analysis of both of the protocols show they are efficient for AMI applications. The proposed protocols can be easily implemented in AMI networks

Privacy-preserving power usage control in smart grids

The smart grid (SG) has been emerging as the next-generation intelligent power grid system because of its ability to efficiently monitor, predicate, and control energy generation, transmission, and consumption by analyzing users\u27 real-time electricity information. Consider a situation in which the utility company would like to smartly protect against a power outage. To do so, the company can determine a threshold for a neighborhood. Whenever the total power usage from the neighborhood exceeds the threshold, some or all of the households need to reduce their energy consumption to avoid the possibility of a power outage. This problem is referred to as threshold-based power usage control (TPUC) in the literature. In order to solve the TPUC problem, the utility company is required to periodically collect the power usage data of households. However, it has been well documented that these power usage data can reveal consumers\u27 daily activities and violate personal privacy. To avoid the privacy concerns, privacy-preserving power usage control (P-PUC) protocols are proposed under two strategies: adjustment based on maximum power usage and adjustment based on individual power usage. These protocols allow a utility company to manage power consumption effectively and at the same time, preserve the privacy of all involved parties. Furthermore, the practical value of the proposed protocols is empirically shown through various experiments --Abstract, page iii

IEEE TRANSACTIONS ON SMART GRID 1 Multilayer Consensus ECC-Based Password Authenticated Key-Exchange (MCEPAK) Protocol for Smart Grid System

Abstract—This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/devices located inside a Home Area Network (HAN) by a set of controllers outside the HAN. The commands/packets initiated by the controllers in crisis cases should be delivered fast and immune from any interruption. The HAN controller, which acts as a gateway, should not cause any delay by decrypting and re-encrypting the packets, nor should it has any chance to modify them. Considering the required level of security and quality of service, we design our protocol with an Elliptic Curve Cryptography (ECC) approach. We improve and implement the Password Authenticated Key Exchange (PAKE) protocol in two steps. First, we propose an auxiliary mechanism that is an ECC version of PAKE, and then extend it to a multilayer consensus model. We reduce the number of hash functions to one, and utilize a primitive password shared between an appliance and HAN controller to construct four valid individual consensus and authenticated symmetric keys between the appliance and upstream controllers by exchanging only 12 packets. Security analysis presents that our protocol is resilient to various attacks. Furthermore, performance analysis shows that the delay caused by the security process is reduced by more than one half