Using ID-Based Authentication and Key Agreement Mechanism for Securing Communication in Advanced Metering Infrastructure

Smart metering technology plays a key role in Advanced Metering Infrastructure (AMI) in Smart Grid (SG). Smart Meters (SM) measure Power Consumption Data (PCD) of household devices and send it to DSO (Distributed System Operator) for further processing. DSO utilizes PCD for different applications such as monthly billing, demand response and other applications related to power system operation and energy markets. Secure communication between SM and DSO is of paramount importance. Certificate-based authentication is a de facto mechanism in ensuring legitimacy of communicating parties. But it incurs more computational delay as it involves intensive processes such as certificate management, revocation, and verification. ID-based authentication eliminates the risks associated with certificate management. A key agreement protocol based on ID-based authentication mechanism is proposed and analyzed for computational performance. This paper analyzes and evaluates both authentication mechanisms: certificate and ID-based mechanism based on computational times for suitability in AMI network. The experimental results show that ID-based authentication and key agreement mechanism are suitable for securing communication in AMI network.


I. INTRODUCTION
Smart grid is considered as next generation power system. It performs real time monitoring, control and protection operations. In contrast to conventional power systems, smart grid allows bi-directional power flow in the grid. At the end user, customers participate in the grid through Advanced Metering Infrastructure (AMI) [1]. AMI enables automated collection of metering data. Smart meter (SM) plays a key role in AMI which communicates with Distributed System Operator (DSO) and performs a set of operations such as demand response, dynamic pricing and energy management [2], [3]. It also communicates with household equipment and collects Power Consumption Data (PCD) sends it to DSO. Secure communication among smart meter and DSO is very important. Compromising the communication may lead to several security attacks on the network such as side channel attacks, false data injection attack, Man-in-the-Middle (MITM) attack, Denial of Service attack, replay attack etc. [4]- [6]. Authors in [7], focused on securing the communication between AMI and household equipment in the Home Area Network (HAN) and discussed various attacks in HAN such as Impersonation, Man-In-The-Middle (MITM) attack, replay and desynchronization. The severity of attacks increases when PCD is sent to DSO through wide area network which hampers secure communication.
Authentication, data integrity, confidentiality, privacy, and availability are the security requirements for smart meter communication [8]. Authentication ensures that the communicating entities involved are legitimate. Data integrity ensures that data should not be tampered during data communication. Power consumption data reveals customers daily routines, availability at home. Confidentiality ensures that the data transmitted should not be legible. Privacy ensures that the identity of electricity users required to be safeguarded. Availability ensures the communication should be uninterrupted. Among the said security requirements, authentication is the primary one as its compromise leads to other security vulnerabilities. Many researchers focused on providing security at this front. Authors in [9], discussed the need for authenticating power reading signals to prevent impersonation attack and proposed the compressive sensing based statistical authentication technique using residual error of a received signal. Malicious devices may perform this kind of attacks due to wireless broadcast nature which may cause economic loss.
Many authentication techniques were studied in smart grid with respect to timing performances of cryptographic algorithms used in the mechanism to prevent the security attacks. A lightweight message authentication scheme is reported in [10]. The scheme establishes mutual authentication using TLS mechanism which results in sharing of a secret key. Based on the shared secret key, messages are authenticated using hash-based message authenticated code techniques. Authentication mechanism reported in [10] incurs more computational delay in the process of node authentication. The proposed certificate-based mechanism in TLS protocol is not suitable for resource constrained environment [11]. Authors in [12] described a key management protocol based on mutual authentication between smart meter and utility servers. However, the scheme resulted in increased overhead in the network. Authors in [13] proposed Merkletree based authentication in AMI to mitigate false injection attack and replay attack. But these techniques may not be suitable for smart meters with limited computing power and limited bandwidth.
Authors in [7] reported novel Identity (ID)-based key establishment authentication mechanism in AMI. ID-based authentication mechanism reduces the computational overhead by removing certificate-based mechanism. Furthermore, the overhead of managing certificates such as transmission and verification times is not present. Hence, assessment of ID-based authentication mechanism and key agreement protocol between SM and DSO becomes necessary. Different authors proposed key agreement protocol based on ID-based authentication. Author in [14] proposed ID-based key agreement protocol based on bilinear pairings. Authors in [15] encountered forward secrecy of the protocol and proposed SCK protocol. Efficient authentication and key management mechanisms in AMI is proposed in [16]. However, they did not evaluate the timing performances of their proposed schemes and do not present the comparative computational evaluation of authentication schemes. Authors in [17] presented computational time of their proposed scheme by implementing in a wireless sensor node MICAZ. More focus is given on key management instead of key agreement operation which is a crucial component in securing the communication.
In AMI, the SM are resource constrained in nature, hence computational burden of security mechanisms is very important. Further, the above works did not check the suitability of ID based authentication and key agreement protocol in resource constrained environment. To fill this knowledge gap, the present paper analyzes and evaluates the ID-based authentication and key agreement protocol by developing a test platform and compares it with traditional certificate-based authentication mechanism. A test-platform that is comprised of Raspberry PI terminal and a computer system is used to test the suitability of the authentication mechanism. Traditional certificate-based authentication mechanism in TLS protocol is implemented using OpenSSL library [18] and ID-based authentication and key agreement protocol is implemented using TinyEC python library [19]. ID-based authentication and key agreement protocol is realized using Elliptic Curve Cryptography (ECC). Computational times of vital operations in the considered authentication mechanism were captured. It is observed that ID-based authentication and key agreement protocol outperforms traditional certification-based authentication mechanism and well suitable for AMI environment.
The major contributions of the paper are as follows, 1) An ID based authentication mechanism and key agreement protocol is proposed and implemented. 2) Computational delays for the proposed mechanism are calculated by implementations on resource constraint platform. 3) Comparison of proposed authentication and key agreement mechanism with existing ID based and certificate-based mechanisms is presented. The rest of the paper is organized as follows: Section II outlines on smart grid communication along with AMI and describes the major parties involved. Section III illustrates about the certificate-based authentication mechanism. Section IV explains about ID-based authentication mechanism and key agreement protocol. Section V gives the implementation details and discussion on the results. Finally, conclusions are presented in section VI.

II. SMART GRID AND ADVANCED METERING INFRASTRUCTURE (AMI)
Smart grid allows two-way communication between the grid entities for efficient operation of the grid. It manages different kinds of processes from generation to delivering to endusers. Electrical energy is generated from different sources and this bulk amount of energy is transmitted to distribution substations through transmission lines. Finally, energy is delivered to individuals through distribution substations. Transmission of energy is monitored by Transmission System Operator (TSO) and distribution of energy through substations are monitored by Distributed System Operator (DSO). Figure 1 shows the conceptual model of smart grid processes.
Smart grid also integrates Electric Vehicles (EVs) through Vehicle to Grid (V2G) communication [20]. It can also perform different tasks such as energy management, demand response and energy trading through AMI. AMI allows communication between smart meters and DSO for various operations related to energy transactions and management. Smart meter is connected to DSO through a hierarchical network structure which consists of Neighbourhood Area Network (NAN), Wide Area Network (WAN) and Control Center. Smart Meter collects PCD and send to DSO through the hierarchy. Multiple entities analyze data for real time grid monitoring and energy management. But this communication should be between the two legitimate entities, any security attack such as Man In The Middle (MITM), may lead to severe issues and economic loss.
Among the security requirements, authentication is an essential cornerstone in securing the communication [21]. Just compromising this requirement in AMI network is a gateway to a plethora of security attacks. Fig. 2 illustrates VOLUME 8, 2020   MITM attack between SM and DSO while SM is sending PCD to DSO. After gaining credentials of both SM and DSO, a hacker in the network can modify messages sent between these two entities. Fig. 3 illustrates attack on confidentiality. Once a hacker is able to view the information, he can derive conclusions about the personal amount and time of household device use as well as the house owner's availability at home. This is definitely a privacy issue for to owner of the house. Fig. 4 illustrates a data integrity attack in AMI. Here, hacker is able to modify the PCD and send hacked data to DSO which may lead to false analysis results.

III. CERTIFICATE-BASED AUTHENTICATION SCHEME FOR SECURING COMMUNICATION IN AMI
Certificate based mechanism using Public Key Infrastructure (PKI) ensures authentication and eliminates many security attacks. A Certificate based on X.509 format [22] binds a communicating party's public key with its identity. Fig. 5 describes different fields of X.509 formats for SM and DSO. It is issued by a trusted third party called Certificate Authority (CA). CA also verifies the authenticity of certificates [23] and maintains revocation list which consists of invalid certificates.    6 illustrates the mutual authentication process accomplished during Transport Layer Security (TLS) handshake mechanism to ensure end to end security. SM initiates communication by sending cryptographic information to DSO. Cryptographic information includes set of cipher-suites [24] to be supported by both parties in the subsequent communication. DSO selects a cipher-suite and send response which also includes its certificate. Certificate is in X.509 format as shown in Fig.6. DSO also sends certificate request which requires SM to send its own certificate in the next step. SM receives the response and verifies the DSO's certificate through Certificate Authority (CA). If the certificate is valid, then SM sends an encrypted secret key along with its certificate to DSO. DSO receives the secret key and verifies the validity of certificate through CA. Once the received SM's certificate is validated by CA, DSO sends the final message which includes encrypted secret key. Finally, SM acknowledges the DSO's final message.
The mechanisms of certificate signing, and verification are illustrated in Fig. 7 and Fig. 8, respectively. In Fig.4, SM send a Certificate Signing Request (CSR) to CA. CSR  consists of X.509 certificate which consists of different fields of identifying SM such as name, public key, Issuer name, validity of the certificate, digital signature field etc. The different X.509 certificate fields except digital signature field is treated as Identification fields as shown in Fig. 6. CA receives CSR and generates a digital signature (sig) by encrypting a hash value (h) with CA's private key (CAPrK) which is a result of hash function (H) that takes X.509 certificate fields (SMID) as input. X.509 certificate with added digital signature (sig) is called as signed certificate. The signed certificate is issued by CA to SM. The process of getting signed certificate for DSO is performed in a similar manner.
The verification of SM's certificate by DSO is done as shown in Figure 8. In step 4 of Fig.4, SM sends its singed certificate to DSO for verification. DSO generates a new hash value (h ) by taking SMID as input using hash function (H). Further, it verifies the signed certificate by decrypting the digital signature (sig) using CA's Public Key (CAPK). The result value (h) of decryption is compared with h'. If both h and h' are same, then the signed certificate is valid, otherwise it is invalid. While this mechanism provides necessary security, it has many drawbacks such as increased computational and communication overhead, management of certificates and maintenance of a revocation list [23].

IV. ID-BASED AUTHENTICATION SCHEME FOR SECURING COMMUNICATION IN AMI
To get rid of the pitfalls of certificate-based mechanism, ID-based authentication techniques are proposed in the literature [25]. In this approach, unlike its certificate-based counterpart, authentication between SM and DSO does not depend on trusted third party which generates valid certificates, performs verification of certificates, and maintains revocation information. Fig. 9 Illustrates the basic ID based key generation scheme discussed in [25].
In the ID-based authentication scheme, the management overhead of certificates is eliminated by a Key Generation Center (KGC). Public and private key pairs are not randomly generated by communicating devices. The Secret Key (SK) of a device is generated by KGC using its name or IP address as public key along with a master key (m) known only to KGC. Then, SK is securely transmitted to the communicating device. SMs have limited computing power; hence the generation of SK is delegated to KGC. KGC can be implemented either in DSO or as a third-party entity. Figure 9 shows secret key generation for SM and DSO by KGC. SM send its Identification (SM: {ID}) as its public key to KGC. Generally, IP address or SM name is taken as public key of SM. KGC computes corresponding secret key (d SM ) for SM. The same process is accomplished between DSO and KGC.
Private keys are computed by KGC not by SMs or devices with low computational capacities. If a communicating device like SM can compute its private key from corresponding public key, then it also be capable of generating private keys of other devices with their public keys. This reduces the security provided the ID based scheme. Therefore, only KGC can generate the secret key and it maintains privileged information that can be used to generate the secret keys of the devices. Once the secret keys are generated by KGC, different cryptographic operations such as encryption, decryption, signing and verification operations can be accomplished to achieve further security requirements such as confidentiality and Integrity.
For example, to achieve message integrity, SM sends PCD by signing with its secret key (SMSK) and encrypts the result by using the public key (DSOID) of DSO. SM sends the encrypted message to DSO by incorporating its own Identity Information (SMID). After receiving the message, DSO decrypts the message using secret key (DSOSK). The decrypted message is verified by the public key (SMID) of SM.
The security of the ID-based mechanism depends on the underlying cryptographic algorithms used in key generation, signing, verification, encryption, and decryption operations. Furthermore, it also depends on privileged information (m) being kept by KGC. The security of the proposed ID-based authentication depends on the intractability of finding master key (m) when a hacker is able to get the key pairs (SM ID , d SM ) or (DSO ID , d DSO ). Unfortunately, RSA based authentication is not suitable for ID-based mechanism [26]. Elliptic Curve Cryptography proved to be efficient with respect to providing more security than RSA [26].
ID based authentication is based on elliptic curve cryptography with bilinear pairing operations. Bilinear map on elliptic curve is defined as follows, Bilinear Map: A pairing is a bilinear mapê : G 1 × G 2 → G r between three given groups G 1, G 2 and G r of exponent q. Paring has three properties such as Bilinear, Non-degenerate and Computable.
Once, ID-based authentication is accomplished through KGC, key agreement between the communicating parties is essential to establish secure communication. Key agreement based on elliptic curve cryptography and Bilinear Diffie-Hellman play key role in exchange of shared key securely among SM and DSO.

A. ID-BASED AUTHENTICATION KEY AGREEMENT PROTOCOL
The proposed ID-based authentication key agreement protocol has three phases: 1) Setup, 2) Key generation and 3) Key agreement.
Among the three phases, master key of KGC and cryptographic hash functions are chosen in setup phase. Private keys of corresponding public keys of the devices are computed in key generation phase. Finally, in the last phase, key agreement among SM and DSO is accomplished.

B. SETUP PHASE
An elliptic curve is defined in finite field F p . Let group of points E[q] of order q on elliptic curve. Then generate a set of pairing parameters of required size. Select a random value m ∈ Z * q as the master key and compute R = mP 2 . Select two cryptographic hash functions H 1 , The first two phases are called as authentication phase and the third phase is key agreement phase. Fig. 10 illustrates the above phases.

V. IMPLEMENTATION RESULTS
In order to evaluate the performances of certificate based authentication scheme and the proposed ID based authentication and key agreement scheme, a realistic scenario of SM and DSO communication over a WAN is considered. The SM and DSO communication in this scenario is adopted from [3]. Figure 11 illustrate the communication between SM and DSO through WAN. It consists of SM connected to household devices such as roof top Photo Voltaic (PV), home appliances etc. SM communicates the measured data to DSO in IEC 61850 format.
A testbed for realizing the above discussed SM and DSO communication is set up. Fig. 11 Illustrates the test-setup with two devices: 1) computer with Intel R Core (TM) i5-3210M CPU @ 2.50 GHz with 8 GB RAM and 2) Raspberry PI 4 Model B terminal with 4GB RAM. Where computer terminal emulates DSO system and Raspberry PI emulates SM. For simplicity, KGC module is also simulated in computer system along with DSO. It can also be implemented in a separate terminal.

A. PERFORMANCE EVALUATION OF CERTIFICATE BASED AUTHENTICATION
Certificate-based authentication mechanism described in section III is implemented using OpenSSL libraries [18]. As first step, the SM obtains a signed certificate form CA. Using OpenSSL libraries the a CSR for SM is generated and   sent to CA. The CA returns a signed certificate generated by RSA or ECDSA algorithms. Table 1 lists the different CSR and certificate sizes obtained for different RSA and ECDSA algorithms using the OpenSSL implementations. To perform mutual authentication and share a session key between SM and DSO, a TLS handshake communication is established. In TLS handshake communication, each certificate is verified using the credentials of CA as shown in Fig. 8.
Computational times for certificate verification at both devices were calculated for RSA based certificates with 1024 and 2048 key sizes and ECDSA based certificates with different NIST-defined elliptic curves such as 'secp224r1', 'secp256k1', 'secp384r1',' secp521r1' and prime256v1 which were listed in TABLE 2.
It is observed that ECDSA based certificates with different NIST defined curves outperforms RSA based  certificates. Among the all the curves ''secp224r1'' gives least computational time on Raspberry PI device emulating SM. On the other hand, ''Secp192r1'' provides the best results for DSO emulated by the laptop terminal.

B. PERFORMANCE EVALUATION OF ID BASED AUTHENTICATION AND KEY AGREEMENT MECHANISM
The proposed ID-based mechanism is implemented using 'tinyec' python library in PyPI [19]. Tinyec library functions enable to write code on arithmetic operations on elliptic curves. It has two major functions curve() and point() which describes an elliptic curve on a finite field and point belongs to elliptic curve respectively. A random integer value is picked up as m value to generate public key and private key pairs of SM and DSO using their Identity information (SM ID , DSO ID ). Both public and private keys are generated by KGC and send to SM and DSO. Computation times obtained for generating key pairs for elliptic curves secp192r1 and secp224r1 are 8 ms and 10 ms respectively. Further, KGC also generates a common value R using point multiplication operation with prevailed information m and shares only to communicating parties. Common value R play crucial role in generating a shared key SK which further used to generate session key K. SM initially sends E SM value to DSO and DSO responds with E DSO. Using the 'tinyec' library, the E SM and E DSO were computed in 7 ms by employing the point multiplication operation over elliptic curve. In next step, SM generates a shared key using its private key, public key of DSO, R value and invitation value of DSO. This leads to bilinear mapping operation which was computed in 6 ms. Finally, a session key is generated by applying hash function on public parameters of both SM and DSO along with shared key (SK) which resulted in 2 ms computational time.
Using time function in python time module computational times for each operation in ID-based authentication and key agreement protocol are captured and listed in Table 3. All these operations are performed by KGC and not by individual terminals such as SM. Various key operations mentioned in the table are key generation by KGC, point multiplication in key agreement, computation of K value using bilinear pairing and hash function to generate SK value. Total time of authentication and key agreement is 23ms for the curve secp192r1. Table 5 shows the comparison of computational times of different authentication and key agreement protocols in the literature with the proposed ID based authentication and key agreement protocol. From the Table 4 it is observed that proposed authentication and key agreement protocol has relatively very low computational burden.   When compared with certificate-based mechanism, computational times of ID-based authentication and key agreement are far better. This fact makes ID-based scheme more suitable for securing the communication between SM and DSO. Once the key agreement is established, the PCD is encrypted using AES 128 and AES 256 encryption algorithms. The size of PCD data is considered from [3] and performed encryption and decryption operations using AES function in python PyCrypto module. Table 5 gives the computational times for encryption and decryption algorithms on Raspberry PI terminal using AES 128 and AES 256 symmetric algorithm. For both mechanisms discussed, i.e. certificate-based and ID-based, these values are identical. As it can be observed, the values are on the order of microseconds and well within the computational capacity of a SM.

VI. CONCLUSION
Smart grid network is the next generation power system. It enables real time monitoring, control, and protection in the electrical infrastructure. Introduction of DERs necessitates two-way communication between the system operate and the end users. AMI network plays a crucial role at consumer side that enables many applications like demand response, power consumption billing and energy market trading. Security is of utmost importance in AMI networks compromising which may lead to several attacks such as Impersonation, Data Integrity and Replay. Authentication and key agreement play key role in eliminating the attacks. This paper analyzes two authentication mechanisms for their suitability in AMI: certificate and ID-based mechanism. Furthermore, a test bed has been developed and these mechanisms have been implemented in separate terminals. After experiments, computational times have been noted. It is observed that ID-based authentication and key agreement mechanism is far better than heavy loaded certificate-based mechanism. The key advantage of the ID-based mechanism is that heavy computations are performed with in KGC and not in individual terminals. This is especially beneficial for SMs which have very limited computation capacity. ATIF IQBAL (Senior Member, IEEE) received the B.Sc. degree (Hons.) and the M.Sc. degree in engineering (power system and drives) from Aligarh Muslim University (AMU), Aligarh, India, in 1991 and 1996, respectively, the Ph.D. degree from Liverpool John Moores University, Liverpool, U.K., in 2006, and the D.Sc. (Habilitation) degree in control, informatics and electrical engineering from the Gdansk University of Technology, in 2019. He has been a Lecturer with the Department of Electrical Engineering, AMU, since 1991, where he was a Full Professor, in August 2016. He is currently a Full Professor with the Department of Electrical Engineering, Qatar University, and a Former Full Professor with the Department of Electrical Engineering, AMU. He has published widely in International journals and conferences. He has authored/coauthored more than 420 research articles, four books, and several chapters in edited books. He has supervised several large-research and development projects worth more than multimillion USD. He has supervised and co-supervised several Ph.D. students. His research interests include power electronics, variable speed drives, renewable energy sources, smart grid, complex energy transition, active distribution networks, electric vehicles drivetrain, sustainable development and energy security, distributed energy generation, and multiphase motor drive systems. He is a Fellow of IET, U.K., and IE, India