Security and privacy in smart grid context : problems and solutions

In order to improve the power grid and provision the Smart Grid concept, one well-defined approach would be to utilize new information and communication technology. Live power consumption data in addition to the time base power consumption rate are essential requirements in this context. These communications are supposed to be bi-directional between consumers, providers and smart grid administrations (market, operators, etc.). However, one of the most essential requirements that should be preserved is to address communication security and privacy. There are many opportunities for adversaries to attack the smart grid system, even remotely anywhere in the world, that could result in costly issues and damages in the system, even jeopardize user privacy. In the first part of this thesis, we concentrate on improving the efficiency of security mechanism and present our tailored authentication and key management mechanisms. We propose two solutions, one for communications between home appliances and a home gateway (smart meter), while the second solution aims at communications between the home smart meter and an appropriate server located in the smart grid utility network.We then propose enhancements on key management by developing two key construction mechanisms based on the Password Authentication Key Exchange (PAKE) protocol. The first is a cluster-based group key mechanism between smart grid entities, e.g. consumers in a neighbourhood area network. The second enhancement is a multi-layer key mechanism motivated by controlling the home smart appliances using different smart grid controllers located in different layers of the controlling hierarchy network. The second part of the thesis concentrates on Privacy. In this part, we present a privacy mechanism based on enhanced network coding for communications between smart meters and utility servers via a mesh topology. Finally, we propose a privacy-aware security solution for mobile devices. For example, to support electric vehicles in buying and selling the power from and to the grid, or in case of the smart phones in the heterogeneous network (4G and/or 5G), to support handover between the access points.Applied Science, Faculty ofElectrical and Computer Engineering, Department ofGraduat

IEEE TRANSACTIONS ON SMART GRID 1 Multilayer Consensus ECC-Based Password Authenticated Key-Exchange (MCEPAK) Protocol for Smart Grid System

Abstract—This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/devices located inside a Home Area Network (HAN) by a set of controllers outside the HAN. The commands/packets initiated by the controllers in crisis cases should be delivered fast and immune from any interruption. The HAN controller, which acts as a gateway, should not cause any delay by decrypting and re-encrypting the packets, nor should it has any chance to modify them. Considering the required level of security and quality of service, we design our protocol with an Elliptic Curve Cryptography (ECC) approach. We improve and implement the Password Authenticated Key Exchange (PAKE) protocol in two steps. First, we propose an auxiliary mechanism that is an ECC version of PAKE, and then extend it to a multilayer consensus model. We reduce the number of hash functions to one, and utilize a primitive password shared between an appliance and HAN controller to construct four valid individual consensus and authenticated symmetric keys between the appliance and upstream controllers by exchanging only 12 packets. Security analysis presents that our protocol is resilient to various attacks. Furthermore, performance analysis shows that the delay caused by the security process is reduced by more than one half

PUF-based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Advanced Metering Infrastructure (AMI) provides two-way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols to provide the security of unicast and broadcast communications in AMI is an essential part of AMI design. The security of all existing cryptographic protocols are based on the assumption that secret information are stored in the non-volatile memory of each party. These information must be kept unknown to the adversary. Unfortunately, in an AMI network, the attackers can obtain some or all of the stored secret information from non-volatile memories by a great variety of inexpensive and fast side channel attacks. Especially, the smart meters which are located in physically insecure environments are more vulnerable to these attacks. Thus, all existing AKE and BA protocols are no longer secure against such attacks. In this paper, we investigate how to develop secure AKE and BA protocols with the presence of memory attack. As a solution, we propose to embed a Physical Unclonable Function (PUF) in each communicating party which generate the secret values as required without need to store them. By combining PUFs and two well-known and secure protocols, we propose a PUF-based Authenticated Key Exchange protocol (PUF-AKE) for unicast communications and a PUF-based Broadcast Authentication (PUF-BA) for broadcast communications. We show that our proposed protocols are memory leakage resilient. Also, we prove the security of them in a standard model. Performance analysis of both of the protocols show they are efficient for AMI applications. The proposed protocols can be easily implemented in AMI networks