Enhanced ID-Based Authentication Scheme Using OTP in Smart Grid AMI Environment

This paper presents the vulnerabilities analyses ofKL schemewhich is an ID-based authentication scheme forAMInetwork attached SCADA in smart grid and proposes a security-enhanced authentication scheme which satisfies forward secrecy as well as security requirements introduced inKL scheme and also other existing schemes.The proposed scheme usesMDMSwhich is the supervising system located in an electrical company as a time-synchronizing server in order to synchronize smart devices at home and conducts authentication between smart meter and smart devices using a new secret value generated by an OTP generator every session. The proposed scheme has forward secrecy, so it increases overall security, but its communication and computation overhead reduce its performance slightly, comparing the existing schemes.Nonetheless, hardware specification and communication bandwidth of smart devices will have better conditions continuously, so the proposed scheme would be a good choice for secure AMI environment.


Introduction
Smart grid is a convergence technology adding information technology to a conventional electrical power grid to bilaterally exchange and use real-time information electricity generated in a power plant with users through the core infrastructure of AMI (advanced metering infrastructure) [1][2][3].Consumers can utilize AMI to monitor power use in real time and save household and company energy cost, contributing to an appropriate level of energy production, lower production cost, and higher confidence on sustainable energy supply [1][2][3].Also, more new and renewable energy is used to help overcome global environmental problems [4].With such a widespread smart grid environment, smart grid security has also become significant [3,5].
The existing power grid operated in a closed net, effectively distancing itself from people having malicious intentions [6,7].However, smart grid puts the grid device in the customer domain, making its power net vulnerable to malicious attacks both online and offline.Malicious attacks can be made by penetrating into an upper-level power grid system through smart grid devices or by taking over a user's device to send false information or infringing private information by using a user's power consumption pattern and so forth [8][9][10].
To prevent such malicious attacks, devices installed in the users' domain and power suppliers' own system should securely communicate.To this end, more researches are necessary to find a way for supplier systems to authenticate user-domain devices and allow only valid users to transmit data [3,[5][6][7][8][9][10][11].
This paper proposes a novel scheme for improving security aspects of KL scheme [12] in order to provide forward secrecy.We, in this paper, investigate the previous research results first, then make suggestions on how to provide forward secrecy where the existing schemes did not pay attention.To guarantee forward secrecy, we propose the time synchronization scheme OTP to let undisclosed values change.The proposed scheme herein satisfies every security requirement of the KL scheme and adds hash calculation and communication frequency for forward secrecy.
The proposed scheme added a function of time synchronization server to the meter data management system (MDMS) to resolve the problem of having a separate set of time synchronization server but it requires one more round of communication for time synchronization to make the total communication frequency of four.Based on the analysis of the proposed time synchronized OTP scheme, we show the best time and the best conditions for using that scheme.
This paper is structured as follows.Sections 2 and 3 introduce AMI components and previous security schemes with their weak points or problems.Section 4 proposes a security protocol to increase the security aspects of the existing schemes.Section 5 presents a comparison of security and performance between the existing schemes and the proposed one.Section 6 finishes by drawing a conclusion.

Related Work
In this section, we look at the components of AMI as described in previous researches and analyze those authentication schemes.
2.1.AMI Components.AMI components, as in Figure 1, are identified centering on the MDMS as the upper system in a power company; Smart Meter, communication system connecting a power company and household's smart meter; household devices, and so forth.For smart meter's authentication of devices, we adopted the power line communication (PLC), a power line communication, and ZigBee through home area network (HAN).The neighborhood area network (NAN) is used for communication between smart meter and MDMS for data transmission.

KL Scheme.
The KL scheme proposed by Kim and Lee in [12] encodes , an undisclosed value created by the device, and saves it in the device itself and smart meter to create information necessary for authentication based on the security of the  value.Then it performs authentication and verification, as describe in Figure 2. The device creates an authentication key to make possible the inference of a random number of  included in an undisclosed individual  value transmitted in the registration stage during the smart meter authentication process.Then it sends the value to smart meter to proceed with authentication and identify device through ID identifiers. value is not shown during communication so that  value can hardly be inferred.By combining existing information and data sent from the device for mutual authentication, the proposed scheme generates   value based on the smart meter-generated   for successful mutual authentication.
Nonrepudiation is possible in authentication and data exchange between smart meter and MDMS as private keys are sent only to specifically intended MDMSs by using smart meter MAC Addr and hash-calculated private keys to encode data.And the MDMSs receiving the data send their ID's to smart meter to identify MDMS when transmitting power, ensuring power information is sent to a right MDMS.

Vulnerabilities of KL Scheme
The KL scheme deals with device-smart meter-MDMS authentication and data transmission to help resolve problems such as, for instance, an external device accesses smart meter to increase power use in an AMI network environment or raise charges.Also as regular communication is made between smart meter and MDMS, we suggested a scheme that requires less calculation and less communication frequency for faster data processing when multiple smart meters send data to MDMS to authenticate smart meters securely and send data effectively.But the undisclosed value of  is fixed, which is used for device-smart meter authentication and data transmission, and each session needs it for operation.Therefore, if a disclosed key or  value is inferred and exposed, those values already used for session performance to complete transmission could be assessed by malicious attackers, risking forward secrecy.
Forward secrecy refers to a situation where a malicious attacker who happened to make a successful attack to know current communication information should not be able to trace previous secret information only with that disclosed information.
The undisclosed value of KF scheme,  is secured as devices and smart meters exchanged in the registration status.But if any malicious attackers get to know  value or symmetric key at any given point, they can infer the undisclosed value of  after getting communication information from successful attacks on the authentication stage communication.Thus, past information records are easily captured by malicious attackers in the system.

Security-Enhanced ID-Based Authentication
In this section, we propose a security scheme using IDs for authentication as described in the KL scheme yet in a further improved version with better forward secrecy protection than previous design protocols.The proposed scheme herein is an encryption to calculate through OTP function an undisclosed value and the present time based on the time synchronized by the time synchronization to allow the undisclosed value to change.
The proposed ID-based authentication scheme is an advanced version that guarantees to meet all of the security requirements while guaranteeing forward secrecy at the same time.

The Proposed Scheme.
An authentication scheme is suggested to help resolve forward secrecy problems by using MDMS, of the KL scheme components, as a global time synchronization server to activate the time synchronization OTP scheme.The suggested scheme requests a time synchronization value of  MDMS to the time synchronization server MDMS in the smart meter registration phase to perform smart meter's time synchronization.Smart meters with completed synchronization send  SYN to devices for smart meter time synchronization at any registration request by a device to synchronize time between smart meter and devices.After synchronization, the device calculates the present time Time of the synchronized time and the undisclosed value of  seed through OTP function to encryption.The time synchronization OTP scheme is performed in line with the order as follows.

Smart meter A MDMS
Time synchronization using (5) The device uses the symmetric key to decipher the received value and extracts from  res the time synchronization value  SYN to perform time synchronization between smart meter and the device.Here, based on the time synchronization value of  SYN , the present time value generating every fixed period is Time.Consider Time synchronization to  :  SYN .
Phase 3: Authentication.In the device registration and time synchronization stage, devices and smart meters completing undisclosed value transmission and time synchronization store undisclosed value  seed and ID  to identify devices.Devices and smart meters are time synchronized by  SYN to generate the value of present time Time that has a certain cycle and create final value  OTP through OTP( seed , Time).Using the generated value  OTP , devices produce CID, ,  and then send ID, CID, , and   to smart meter.Smart meter calculates the value  OTP by itself and also calculates the value  which is not transmitted through the communication.And then smart meter performs authentication using  OTP , , and .If the authentication succeeds, they produce value   based on value   .Mutual authentication between device and smart meter remains secure by not exchanging value  through communication.
Even though  OTP value is noticed by inferring, Time values change each session; thus the produced value of  OTP varies from session to session to satisfy forward secrecy.Authentication steps are shown in Figure 5.

Security and Performance
KL's device authentication scheme shares  value after encryption in the registration stage and conducts authentication while hiding the secrecy of the  value.In this scheme, the main data of  is not shared in the process of communication to keep its secrecy and as secret key   is hash calculated, its integrity is secured.By adding time stamp to generated CID, , and  values, the scheme allows change for every session in preparation for possible reuse attack.Devices and smart meter include a mutual authentication process to verify they are in communication with the right counterpart.But, in this case, if a symmetric key that encodes the undisclosed value or undisclosed value  is exposed by inference, even previously-used data, not just the current information, could be exposed too, implying the risk of forward secrecy vulnerability.Also, we found a missing part in the calculation amount estimation process so we recalculated the calculation load of Hash scheme.Deciphering process was also not included in the calculation load estimation, so it was reassessed and presented in Table 1.
The proposed scheme is designed for reducing the disclosure possibility of constant  value, a key factor for forward secrecy, throughout the authentication process; the value of  seed is encoded upon registration and sent to smart meter.Even though the initial  seed value is exposed, further exposure of other   values would be extremely difficult by design to guarantee forward secrecy.
The proposed scheme utilizes MDMS as a time synchronization server to receive time synchronization value from MDMS in the initial smart meter registration stage and performs smart meter synchronization.Smart meters completing time synchronization encode smart meter time synchronization value based on device ID and undisclosed value used for devices to request registration to smart meter; then it sends it to devices.Devices encrypt the time synchronization values and synchronize time.Devices put the present time Time based on the synchronized hour and the undisclosed value of  seed to OTP function to produce  OTP for authentication.Even if  seed value is exposed, further information is necessary including the value of  seed used for device-smart meter authentication and the present time Time based on the synchronized hour to get the initial authentication data.And  OTP value can't be guessed because it is calculated using Time value that varies every session, and the time synchronization value of  SYN is not exchanged in communication to complicate inference attempts.

Conclusion
KL scheme which is designed to protect the AMI-network environment supports mutual authentication by using the undisclosed value transmitted during the initial registration from devices to smart meter while accelerating calculation speed.However, in this scheme, if any undisclosed value is exposed at any given time, malicious attackers can use their accumulated data and the undisclosed value to even get the data used before the time of exposure, troubling forward secrecy.Therefore, in this paper, to resolve forward secrecy problem, we used MDMS as a time synchronization server so that the smart meter receives the time synchronization value from MDMS during the initial registration and exchanges the time synchronization values in the device registration phase to calculate the present time based on the synchronized time in devices and smart meter and the undisclosed value through OTP function for synchronization.
The proposed scheme in this paper is a simpler way to time synchronize but as initially undisclosed values do not change and the time value with cycles based on the synchronized time is used for authentication, undisclosed values are easily exposed if devices and smart meter are physically attacked.Considering this, we believe it would be more effective to apply the scheme in a closed environment, for instance, where structures are relatively secure against physical attacks and devices or smart meter synchronization and management are conducted altogether.

4. 1 .
Terms.Codes and terms used for the protocol herein are defined as follows: : Meter data ks: Session keys shared by each entity MAC Addr : MAC address of smart meter ID * : Name of *  * : Transmission hour value of *  * : Random number created by * PW * : Passwords entered by * in synchronization  * []: Encryption by using * 's key ℎ(): One-way hash function OTP(): OTP function

Figure 2 :
Figure 2: Initial setup and authentication phase of KL scheme.

Figure 3 :
Figure 3: Smart meter registration and synchronization phase between smart meter and MDMS.

( 1 )( 5 )
Devices use  seed and the present time value Time of synchronized devices, which are synchronized every session based on Time through OTP function to produce  OTP value and calculate CID, ,  by using the time stamp value of   that changes secret number  OTP each session along with the random number   generated in the registration stage, the SM :   = ℎ (CID ⊕  SM ⊕   ) .SM →  :   ,  SM .Devices produce  value based on the received  SM and compare with the received value   to perform mutual authentication.Consider  :  = ℎ (CID ⊕  SM ⊕ )  :  =?  .(14) Phase 1: Smart Meter Registration and Time Synchronization.MDMS used for registration and time synchronization stages functions as a global time synchronization server.Smart meter, during registration, sends a request of the time synchronization value of request  MDMS to MDMS.The receiving MDMS generates  MDMS value based on the global time of request receipt from smart meter and sent it back to smart meter.Smart meter, then, synchronizes time with MDMS versus  MDMS .Smart meter registration and time synchronization procedures are as follows in Figure 3.
(1) Smart meter  produces   by calculating its own private key  SMP 's hash-calculated value ℎ( SMP ) with smart meter's MAC Addr .Then the produced value   is bit combined with  SM , MAC Addr and In the authentication phase, it saves MAC Addr and ℎ( SMP )in MDMS to make a proper search of ℎ( SMP ) by using identifier MAC Addr .ConsiderMD : [ MDU [  ‖  SM ‖ MAC Addr ]]Then with the extracted hash-calculated private key of smart meter ℎ( SMP ), it encodes the value and sends to smart meter.ConsiderMD → SM :  ℎ( SMP ) [ID MD ‖  SM ‖ MAC Addr ‖  MDMS ] .SMP ) [ ℎ( SMP ) [ID MD ‖  SM ‖  MDMS ]] .(4)Devicesencryptand send undisclosed values with a symmetric key in the smart meter registration phase and send it.And at the same time, they request a synchronization value.Smart meter uses a symmetric key to decode the undisclosed value and save device ID to identify the undisclosed value and device.Smart meter produces the time synchronization value of  SYN and produces  res through undisclosed value  seed from devices and device identifier ID  .The produced  res is encrypted with a symmetric key and sent to a device.The device decodes the received value  res and extracts  SYN and saves the value then completes the time synchronization and registration phase.The registration and time synchronization procedures are shown in Figure4.Devices use a mutually-shared symmetric key for encryption of  seed to securely send the undisclosed value to smart meter.By bit combining the encrypted value with device identifier ID  , they request the time synchronization value while sending it to smart meter.Consider  → SM : request  SYN ,  ks [ seed ] ‖ ID  .Smart meter extracts ID  value from the value it received and deciphers the encrypted undisclosed value  seed and saves ID  and  seed in smart meter.Consider Smart meter, in order for a device to decode the time synchronization value, performs hash calculation by using device ID, ID  , and  seed , then calculates them with the time synchronization value  SYN to produce  res .The generated value  res is encoded with a shared symmetric key and sent to a device from smart meter.Consider SM :  res =  SYN ⊕ ℎ (ID  ⊕  seed ) SM →  : respones  ks [ res ] .
(2) MDMS produces the time synchronization value of T MDMS based on request  MDMS and decodes the transmitted data which was encrypted with an MDMS disclosed key by using a private key.Based on the decoded value of   and MAC Addr , it draws out smart meter's hash-calculated private key ℎ( SMP ).ℎ ( SMP ) =   ⊕ MAC Addr Store ℎ ( SMP ) , MAC Addr .(2) (3) After saving a private key of smart meter, MDMS performs bit combination between MDMS ID of ID MD ,  SM , and MAC Addr transmitted from smart meter and  MDMS , the time synchronization value.Phase 2: Device Registration and Time Synchronization.(1) Devices, to generate undisclosed value of  seed , conduct hash calculation of the password PW  entered initially to start the device and device ID, ID  ; then they calculate final values with the random number   value created by the device.Consider  seed =   ⊕ ℎ (ID  ⊕ PW  ) .SM :  ks [ ks [ seed ]] .SM : Store  seed , ID  .

Table 1 :
Security and performance comparison.