Rongxing Lu,Xiaodong Lin,Zhiguo Shi,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/wcnc.2013.6554840

2013-01-01

Abstract:The increasing demands for improving transmission reliability and efficiency have brought us a wide interest in smart grid. In current smart grid research, one of challenges is its security issue. If the security is not well addressed, the concept of smart grid cannot be widely accepted. In this paper, in order to simultaneously resolve the security and efficiency challenges in smart grid communications, we propose an efficient aggregate authentication protocol, called EATH, which is characterized by eliminating the Map-To-Hash hash and reducing the pairing operations in aggregation and verification to improve the computational efficiency. Detailed security analysis has shown that the proposed EATH protocol is secure in terms of source authentication and data integrity in smart grid communications. In addition, performance evaluation also demonstrates its efficiency in terms of low computation and communication overheads.

Min Lu,Zhiguo Shi,Rongxing Lu,Ruixue Sun,Xueminsherman Shen

DOI: https://doi.org/10.1109/ICCChina.2013.6671200

2013-01-01

Abstract:Characterized by time-of-using pricing, better capacity, and usage planning, smart grid has attracted considerable attention in recent years. However, one of the research challenges in smart grid is the privacy issue due to too much sensitive and real-time user data involved. In this paper, we propose a practical privacy-preserving aggregation scheme, named PPPA, for secure smart grid communications. PPPA utilizes the lightweight cryptographic aggregation technique to achieve provable security guarantee, the differential privacy technique to achieve privacy preservation of each individual user, and the quad tree structure to achieve failure tolerance. For data communication from users to control center, data aggregation is conducted directly on ciphertexts at local gateway without decryption, and the aggregation results are reported by relays to the control center. Through extensive analysis, we demonstrate that PPPA can not only provide authentication and guarantee the data integrity, but also achieve strong privacy-preserving for each user, and thus it is feasible in practical smart grid scenarios.

Peng Xiao,Shunkun Yang,Zhenhong Zhang,Hailin Wang

DOI: https://doi.org/10.1007/s12083-024-01655-5

IF: 3.488

2024-02-13

Peer-to-Peer Networking and Applications

Abstract:Smart grids represent a transformative evolution in energy distribution, enabling bidirectional electricity flow, automation, and real-time data analysis. However, with large volumes of sensitive data becoming attractive targets for cyberattacks, the seamless data access in smart grids presents security challenges. Attribute-based encryption (ABE) offers one-to-many energy-efficient access control but faces inefficiency and revocation challenges in smart grid environments. This paper presents an edge-assisted, efficient ABE scheme to address these issues, which provides an efficient direct user revocation mechanism for dynamic user groups in smart grids, and employs edge-assisted computation to reduce decryption costs. It also gives rigorous security proofs, and the theoretical and experimental results show the practicality of smart grids and superiority over related representative works.

computer science, information systems,telecommunications

Yawen Feng,Shengke Zeng

DOI: https://doi.org/10.1007/s12083-024-01649-3

IF: 3.488

2024-02-14

Peer-to-Peer Networking and Applications

Abstract:With the rapid development of IoT, smart grids have benefited people's daily lives. Data in smart grid requires security and privacy. Fine-grained access control provides the possibility for various electricity companies and organizations to access owner data securely and flexibly for transdiscipline billing. However, it is possible for malicious electricity company employees to leak decryption keys. To protect the data security of the customers, the authorized center executes a revocation operation on the authorization of a malicious employee. However, these schemes usually cannot prevent malicious servers and revocation employees from colluding to obtain data. To overcome this problem, this work presents a secure authorized data sharing for the smart grid scenario. The data access for electricity companies in this scheme is fine-grained and revocation against server-user collusion is achieved. The security analysis shows that our solution is privacy-aware and practical for smart grid. And experiment results prove that our algorithm is efficient in authority verification.

computer science, information systems,telecommunications

XiaoFang Huang,Qi Tao,BaoDong Qin,ZhiQin Liu

DOI: https://doi.org/10.1109/icccn.2015.7288431

2015-01-01

Abstract:Attribute Based Encryption (ABE) scheme can achieve information sharing of one-to-many users, without considering the number of users and the users identity. But, the traditional single Attribute Authority (AA) ABE scheme can hardly meet requirements of different agencies in distributed application environment and it is easy to form the system performance bottlenecks. Based on ciphertext-policy ABE scheme, this paper proposes a multi-authority revocable ABE scheme, where the classification manages user attributes, effectively relieving the management burden of single organization. In addition, it can achieve fine grained access control of shared information by adopting tree access strategy and secret sharing scheme, and support system attribute revocation. Finally, we show that the scheme is secure against chosen plaintext attack under the Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Yuanpeng Xie,Hong Wen,Jinsong Wu,Yixin Jiang,Jiaxiao Meng,Xiaobin Guo,Aidong Xu,Zewu Guan

DOI: https://doi.org/10.1109/vtcfall.2015.7391174

2015-01-01

Abstract:Cloud computing is an Internet-based computing paradigm which may share resources to provide on-demand services to devices. Integrating smart grid into cloud computing is emerging and promising, and this integration may execute in the cloud based hierarchical multi-user data-shared environment, where security issues such as data confidentiality and manager authority may arise in the smart grid system. In order to provide safe and secure grid operations, a hierarchical access control method using modified hierarchical attribute-based encryption (M-HABE) and a modified three layers structure are proposed in this paper. In power grids, the system can be controlled and monitored by the enormous sensitive data which may be from sensor nodes, smart measurement units and soon on. The novel scheme mainly focus on the data process, storage and access to ensure the managers with legal authorities to get corresponding sensitive data and restrict illegal managers and unauthorized legal managers from accessing the data.

Zhitao Guan,Jing Li,Liehuang Zhu,Zijian Zhang,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.48550/arXiv.1810.10748

2018-10-25

Abstract:In the Smart Grid with Renewable Energy Resources (RERs), the Residential Units (RUs) with Distributed Energy Resources (DERs) are considered to be both power consumers and suppliers. Specifically, RUs with excessive renewable generations can trade with the utility in deficit of power supplies for mutual benefits. It causes two challenging issues. First, the trading data of RUs is quite sensitive, which should be only accessed by authorized users with fine-grained policies. Second, the behaviors of the RUs to generate trading data are spontaneous and unpredictable, then the problem is how to guarantee system efficiency and delay tolerance simultaneously. In this paper, we propose a delay-tolerant flexible data access control scheme based on Key Policy Attribute Based Encryption (KP-ABE) for Smart Grid with Renewable Energy Resources (RERs). We adopt the secret sharing scheme (SSS) to realize a flexible access control with encryption delay tolerance. Furthermore, there is no central trusted server to perform the encryption/decryption. We reduce the computation cost on RUs and operators via a semi-trusted model. The analysis shows that the proposed scheme can meet the data security requirement of the Smart Grid with RERs, and it also has less cost compared with other popular models.

Cryptography and Security

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Sushmita Ruj,Amiya Nayak

DOI: https://doi.org/10.1109/tsg.2012.2224389

IF: 10.275

2013-03-01

IEEE Transactions on Smart Grid

Abstract:We propose a decentralized security framework for smart grids that supports data aggregation and access control. Data can be aggregated by home area network (HAN), building area network (BAN), and neighboring area network (NAN) in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism uses attribute-based encryption (ABE) which gives selective access to consumer data stored in data repositories and used by different smart grid users. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Since RTUs are maintained in the substations they are well protected in control rooms and are assumed to be trusted. Users can decrypt information provided they have valid attributes. The access control scheme is distributed in nature and does not rely on a single KDC to distribute the keys which makes the approach robust. To the best of our knowledge, ours is the first work on smart grids, which integrates these two important security components (privacy preserving data aggregation and access control) and the first paper which addresses access control in smart grids.

engineering, electrical & electronic

Yuyang Zhou,Yuanfeng Guan,Zhiwei Zhang,Fagen Li

DOI: https://doi.org/10.1109/nana.2019.00070

2019-01-01

Abstract:At present, the access control schemes in the power grid are centralized. In the centralized system, the data of the network sensor nodes is transmitted by centralized nodes, and the data itself may be illegally tamped with or lost, which can lead to reduced system reliability. For this feature, we apply blockchain technology to the design of access control schemes. In this paper, we propose a blockchain-based access control scheme that is suitable for multiple scenarios in the smart grid. Our access control scheme is based on an identity-based combined encryption, signature and signcryption scheme. In addition, we design a consensus algorithm in the power system for the consortium blockchain architecture to solve the key escrow problem of the untrusted third parties. Our scheme also ensures the confidentiality, integrity, authentication and non-repudiation of the data. Compared with the existing work, our scheme can use the same key pair to encrypt, sign and signcrypt the message, which has lower computation and communication costs in multiple scenarios of smart grids.

Oberko Prince Silas Kwesi,Obeng Victor-Hillary Kofi Setornyo,Xiong Hu

DOI: https://doi.org/10.1007/s12652-021-02915-5

IF: 3.662

2021-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:The introduction of attribute-based encryption (ABE) targets to achieve the implementation of single-to-numerous encryption; however, the sole authority challenge and the issue of distributed management of attributes are bottlenecks to its realization. Multi-authority attribute-based encryption (MA-ABE) where various attribute authorities (which may be independent of each other) control different attribute universe and are involved in the administration of attribute keys for decryption provides the necessary platform to undertake the implementation of fine-grained access regulation over shared data while achieving single-to-numerous encryption. In recent years, research into MA-ABE has seen rapid advancement, and we believe that it is a suitable solution to thwarting the key escrow problem as well as the problem of distributed management of attributes. This paper offers a thorough survey and examines the state-of-the-art of some traditional ABE as well as multi-authority attribute-based encryption schemes over the past decade. Furthermore, the survey gives detailed insights on some essential techniques as well as some classic concretely constructed algorithms. Moreover, we discuss an extension (the different directions) of MA-ABE and its progress since its inception. We also provide design principles of MA-ABE and also show comparisons between existing works on areas as security, performance, and functionality. This paper also discusses several interesting open problems. As far as we can tell, no comparable survey on MA-ABE exists in literature so far.

Mingping Qi,Jianhua Chen

DOI: https://doi.org/10.1109/jsyst.2020.2991174

IF: 4.802

2020-01-01

IEEE Systems Journal

Abstract:The design of an authenticated key agreement protocol for securing the smart meter communications in smart grid networks has attracted growing attention recently. Typically, realizing mutual authentication and key agreement without active involvement of a trusted third party is expected in this field. Thus, to achieve this aim, several authenticated key agreement schemes for smart grid have been presented; while as investigated in the following section of this work, most of these schemes remain vulnerable to various attacks. Therefore, to design a truly secure authenticated key agreement protocol for smart grid and make some contributions to this field, this work presents our new authenticated key agreement scheme for smart grid using Elliptic Curve Qu-Vanstone (ECQV) implicit certificate as the building block. Our scheme is pairing-free and just uses two passes to realize mutual authentication and key agreement as well as strong credential privacy, making it with high efficiency in both computation and communication overheads. Moreover, its security is formally proved under the widely accepted Canetti and Krawczyk (CK) security model, and is further confirmed by a heuristic security analysis.

Hongwei Li,Rongxing Lu,Liang Zhou,Bo Yang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/jsyst.2013.2271537

IF: 4.802

2014-01-01

IEEE Systems Journal

Abstract:Smart grid has emerged as the next generation of power grid, due to its reliability, flexibility, and efficiency. However, smart grid faces some critical security challenges such as the message injection attack and the replay attack. If these challenges cannot be properly addressed, an adversary can maliciously launch the injected or replayed message attacks to degrade the performance of smart grid. To cope with these challenging issues, in this paper, we propose an efficient authentication scheme that employs the Merkle hash tree technique to secure smart gird communication. Specifically, the proposed authentication scheme considers the smart meters with computation-constrained resources and puts the minimum computation overhead on them. Detailed security analysis indicates its security strength, namely, resilience to the replay attack, the message injection attack, the message analysis attack, and the message modification attack. In addition, extensive performance evaluation demonstrates its efficiency in terms of computation complexity and communication overhead.

Chao Gai,Wenting Shen,Ming Yang,Ye Su

DOI: https://doi.org/10.3389/fenrg.2022.1058125

IF: 3.4

2023-01-17

Frontiers in Energy Research

Abstract:As the promising next generation power system, smart grid can collect and analyze the grid information in real time, which greatly improves the reliability and efficiency of the grid. However, as smart grid coverage expands, more and more data is being collected. To store and manage the massive amount of smart grid data, the data owners choose to upload the grid data to the cloud for storage and regularly check the integrity of their data. However, traditional public auditing schemes are mostly based on Public Key Infrastructure (PKI) or Identity Based Cryptography (IBC) system, which will lead to complicated certificate management and inherent key escrow problems. We propose a certificateless public auditing scheme for cloud-based smart grid data, which can avoid the above two problems. In order to prevent the disclosure of the private data collected by the smart grid during the phase of auditing, we use the random masking technology to protect data privacy. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient.

energy & fuels

Haomiao Yang,Xiaofen Wang,Jiang Deng,Jing Zeng,Xiaosong Zhang

DOI: https://doi.org/10.1080/02564602.2014.892750

2014-01-01

Abstract:ABSTRACT With the evolution of traditional power grids into smart grids, utilities alone cannot yet provide all electricity services and thus third-party service providers (SPs) are required to help in service provision. Therefore, it is critical to secure third-party service provisions in smart grids. In particular, authentication is required to be done in the first place. However, authentication for multiple third-party SPs has not been well studied in smart grids. In this paper, we model the third-party service provision in smart grids for the first time which can capture specific cyber security threats with the existence of multiple third-party SPs. Furthermore, we propose an efficient authentication scheme for multiple third-party SPs. Security analysis shows that our scheme can achieve multiserver authentication, conditional anonymity, and other important security goals. Performance evaluation demonstrates that our scheme is well suited for smart meters (SMs) with limited resources, and each user only needs to do one registration for multiple SPs thus it has low communication overhead.

ZhiShuo Zhang,Wei Zhang,ZhiGuang Qin

DOI: https://doi.org/10.1109/sagc50777.2020.00026

2020-01-01

Abstract:Space-air-ground integrated network (SAGIN) is emerged as a versatile computing and traffic architecture in recent years. Though SAGIN brings many significant benefits for modern communication and computing services, there are many unprecedented challenges in SAGIN. The one critical challenge in SAGIN is the data security. In SAGIN, because the data will be stored in cleartext on cloud, the sensitive data may suffer from the illegal access by the unauthorized users even the untrusted cloud servers (CSs). Ciphertext-policy attribute-based encryption (CP-ABE), which is a type of attribute-based encryption (ABE), has been regarded as a promising solution to the critical challenge of the data security on cloud. But there are two main blemishes in traditional CP-ABE. The first one is that there is only one attribute authority (AA) in CP-ABE. If the single AA crashs down, the whole system will be shut down. The second one is that the AA cannot effectively manage the life cycle of the users’ private keys. If a user on longer has one attribute, the AA cannot revoke the user’s private key of this attribute. This means the user can still decrypt some ciphertexts using this invalid attribute. In this paper, to solve the two flaws mentioned above, we propose a multi-authority CP-ABE (MA-CP-ABE) scheme with the dynamical key revocation (DKR). Our key revocation supports both user revocation and attribute revocation. And the our revocation is time friendly. What’s more, by using our dynamically tag-based revocation algorithm, AAs can dynamically and directly re-enable or revoke the invalid attributes to users. Finally, by evaluating and implementing our scheme, we can observe that our scheme is more comprehensive and practical for cloud applications in SAGIN.

Fei Guo,Zhenfu Cao,Zhusen Liu,Nanyuan Cao

DOI: https://doi.org/10.1007/s12204-019-2137-8

2019-01-01

Abstract:With the enormous development of imformation and communication technology, more concerns are focused to achieve secure and reliable smart grids as the social infrastructure, especially in the explosion era of mobile devices. In this paper, we propose an efficient scheme to satisfy the outdoor electrical demand of mobile customers. Our scheme protects the privacy and integrity of users’ electricity consumption data. Technically, we encrypt users’ electricity consumption data by a chosen-plaintext-attack (CPA) secure public key encryption (PKE) scheme and aggregate ciphertexts by the aggregator (an untrusted third party). In the scheme, internal and external adversaries cannot obtain the electricity consumption data. Additionally, we require users to provide authentication and commitment of consumption data that can track who modifies the data, which protects the integrity of users’ electricity consumption data.

Huanhuan Ma,Chenyu Wang,Guosheng Xu,Qiang Cao,Guoai Xu,Li Duan

DOI: https://doi.org/10.1109/jsyst.2023.3289492

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:Smart grid (SG) achieves more convenient and efficient power transmission through the rapid development of the information and communication technology. In addition to the transmission of electrical energy, the SG system also involves privacy and control information of service providers, which is closely related to people's livelihood. However, at present, the data in the SG system are transmitted in the form of plaintext, which does not have complete protection measures for entity privacy and communication data security. Focusing on preserving entity privacy and data security, this article proposes an anonymous secure authentication protocol (ASAP-SG) for the SG environment. Based on elliptic curve cryptography and physical unclonable function, ASAP-SG can realize authentication and key agreement between smart meters and service providers. The security of ASAP-SG has been verified with proverif tool and proven strictly under the real-or-random model. Furthermore, heuristic analysis manifests that ASAP-SG can successfully resist known security attacks. Finally, a fully comparison with the other five most advanced schemes reveals that ASAP-SG consumes the optimal computation cost on both smart meters and service providers and reduces the communication overhead by 33.3%–45.8%, on the basis of satisfying ten security objectives. These features make ASAP-SG more suitable for resource-constrained SG environment.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Zhitao Guan,Jing Li,Longfei Wu,Yue Zhang,Jun Wu,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1810.10746

2018-10-25

Abstract:Cloud-supported Internet of Things (Cloud-IoT) has been broadly deployed in smart grid systems. The IoT front-ends are responsible for data acquisition and status supervision, while the substantial amount of data is stored and managed in the cloud server. Achieving data security and system efficiency in the data acquisition and transmission process are of great significance and challenging, because the power grid-related data is sensitive and in huge amount. In this paper, we present an efficient and secure data acquisition scheme based on CP-ABE (Ciphertext Policy Attribute Based Encryption). Data acquired from the terminals will be partitioned into blocks and encrypted with its corresponding access sub-tree in sequence, thereby the data encryption and data transmission can be processed in parallel. Furthermore, we protect the information about the access tree with threshold secret sharing method, which can preserve the data privacy and integrity from users with the unauthorized sets of attributes. The formal analysis demonstrates that the proposed scheme can fulfill the security requirements of the Cloud-supported IoT in smart grid. The numerical analysis and experimental results indicate that our scheme can effectively reduce the time cost compared with other popular approaches.

Cryptography and Security

Jianan Hong,Kaiping Xue,Wei Li

2015-01-01

Abstract:Yang et al. [1] have proposed a multi-authority CP-ABE based data access control for cloud storage (DAC-MACS), in which the authors claimed that the mechanism in dealing with attribute revocation could achieve both forward security and backward security. Unfortunately, our further analysis and investigation show that their work adopts a bidirectional re-encryption method in ciphertext updating, so a security vulnerability appears. Our proposed attack method demonstrates that a revoked user can still decrypt new ciphertexts that are claimed to require the new-version secret keys to decrypt.