The paper aims in providing a securely communicating of data between the devices which are nothing but appliance of Home Area Network (HAN) by a set of controller outside the HAN. The packets generated by the controller should be delivered fast without any interruption. The role of an HAN controller is like a gateway, whose role is to filter the incoming packet. Due to this HAN controller, the data in the packets should not be modified & it should not cause any delay in encryption & decryption of the packets.
ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 Improving Security for Smart Grid with Multilayer Consensus ECC based PAKE Protocol (SGMCEP) Meera Jadhav Mallamma C G Department of CSE, SaIT, Bengaluru-India meeraj33@gmail.com Department of CSE, SaIT, Bengaluru-India mallammagoudar79@gmail.com Abstract—The paper aims in providing a securely communicating of data between the devices which are nothing but appliance of Home Area Network (HAN) by a set of controller outside the HAN The packets generated by the controller should be delivered fast without any interruption The role of an HAN controller is like a gateway, whose role is to filter the incoming packet Due to this HAN controller, the data in the packets should not be modified & it should not cause any delay in encryption & decryption of the packets Based on the level of security and quality of service, we design the protocol with an Elliptic Curve Cryptography (ECC) approach Password Authenticated Key Exchange (PAKE) protocol is improved & implemented This consists of two phases We propose an ECC version of PAKE & later extend this protocol to a multilayer consensus ECC based Password Authenticated Key Exchange (PAKE) protocol for smart grid This protocol uses only one hash function & it utilizes a primitive password between the appliance and HAN controller The four layer individual consensus password-authenticated symmetric key established between the appliance and upstream controllers during only 12 packets.It provides high security level with small key size when compared to RSA algorithm key size which is big with comparison to our proposed protocol Proposed protocol is resistant against many attacks It improves & reduces the delay caused by the security process by more than one half Finally we show that our approach decreases the number of packets & improves the security in smart grid Key words— Access control, BAN, Consensus, ECC, HAN, NAN, PAKE, Security, Smart grid I INTRODUCTION Due to the rapid development in the area of smart grid (SG) environment in recent years have led to many technical issues have drawn the attention for systems, communications and security research communities Due to the wide spread of smart grid to wireless technology has led to different levels of Sujata Ramesh P Department of CSE, SaIT, Bengaluru-India sujataramesh22@gmail.com harm to the SG system The major challenge for smart grid system is security and privacy levels Among this security plays a major key challenge for SG [2] In this paper, we propose a protocol for key agreement to securely access control in a hierarchical architecture for the SG communication infrastructure with different layers between smart appliances in users premises and upstream controllers of the Home Area Networks (HANs), Building Area Networks (BANs) and Neighbor Area Networks (NANs) & Smart Grid Central Controllers (SGCC), where these devices are located in distribution networks or substations [1] HAN controller is a smart meter (SM) that serves as the gateway for user premises To access and control the smart appliances in user’s premises this protocol provides a secured means for controllers upstream of the HAN controllers Various existing controlling commands that are sent to a smart appliance from outside the HAN have been considered in [4] For instance, a NAN controller which is located outside a HAN may supervise electric charging of a plug-in electric vehicle located inside the HAN SGCC may need to remotely turn off low-priority high-demand appliances in the case of disaster or an emergency In such cases, HAN controllers should not interfere & should not have much delay in decrypting & re-encrypting the corresponding packets So we need to address the appropriate secrecy level in the SG control system design while providing the quality of service (QoS) required in terms of keeping the command response delay within an acceptable limit In this paper, we propose two protocols One is ECC based Password Authenticated Key Exchange (PAKE) protocol & the second one is Multilayer Consensus EPAK protocol which is developed for communications in the SG control system 99 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 were proposed to prevent against MITM One among them is Simple Authentication and Key Agreement (SAKA) which is resistant against passwords guessing attack In this protocol both parties convert their shared password into a number In SAKA each party randomly selects a number & multiplies it to the shared number to be used in the Diffie-Hellman algorithm Another protocol PAKE is used for smart card (SC) which identifies & delivers an entity server with mutual authentication It requires SC managements & supports one smart card per device This SC is used for authentication between both parties which limits its usefulness in smart grid systems Fig 1: Symmetric key Fig shows the communication between four layers which is home appliance AN, Home Area Networks controller HC, Building Area Networks controller BC, Neighbor Area Networks controller NC & Smart Grid Central Controllers CC The SG controllers with the hierarchical architecture share common secrets with each other are designed to be authenticated The controllers are authenticated to both upstream and downstream & can communicate in a secure fashion with neighbors Any smart appliance which wants to join HAN it needs to share a password with HAN controller for it to be trusted in the HAN In our proposed protocol each controller needs to setup a secure & private communication channel with home appliance with any other relay controller that just acts as a part of communication connection without participating in the security operations Primitive password is shared between hope appliance & home controller, four individual consensuses password-authenticated symmetric keys between home appliance & upstream controllers A symmetric key agreement is based on the Diffie and Hellman algorithm Sharing a pre-shared password for mutual authentication is known as the PAKE protocol T he proposed protocol is based on the Diffie & Hellman algorithm [3] 1) X.1035 Standard It specifies a protocol, establishing a symmetric cryptographic key via Diffie-Hellman exchange that ensures a mutual authentication between both parties Diffie-Hellman exchange provides a perfect forward secrecy With this authentication method the exchange is protected from the manin-the-middle attack This authentication purely relies on a preshared secret (e.g., password), which is protected which remains unrevealed to an eavesdropper which prevents an offline dictionary attack Thus, this protocol can be used in a wide variety of applications based on password sharing There are many methods used to resolve such attacks Some of them rely on public key cryptography & others rely on shared key cryptography (passwords) II RELATED WORK AND B ACKGROUND REVIEW Many solutions have been proposed over years for symmetric key & asymmetric key Many of them were based on the Diffie-Hellman algorithm for symmetric key For asymmetric key ElGamal algorithm & RSA algorithm are used Crypto-system has been proposed to resists attacks against like Man-In-The-Middle (MITM) Many protocols Fig PAKE Protocol: X.1035 Standard PAKE protocols advantages are listed below: 100 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 o o o o Provides strong key exchange with passwords Foils the man-in-the-middle attack Provides explicit mutual authentication Ensures perfect forward secrecy weak Password-authenticated key exchange (PAK) protocol that meets the following requirements: Provides mutual authentication based on a pre-shared password Provides protection against a man-in-the-middle (MITM) & against offline dictionary attacks Step 4: The verification of 𝑆𝐴 , 𝑆𝐵 , 𝑇𝐴 & 𝑇𝐵 by Alice and Bob means a mutual authentication derived by pw Using the above values, Alice and Bob can obtain the symmetric key K through (9): K= 𝐻5 (P| 𝑔𝑅𝐴 mod p|𝑔 𝑅𝐵 mod p|𝑔𝑅𝐴 𝑅𝐵 mod p) (9) 2) Elliptic Curve Cryptography ECC provides same level of security with a smaller key size compared to other cryptography techniques like RSA is one of the major advantages The key size of ECC is 160 and 512 bit that provide the same level of security as RSA, PAKE protocol presented in the X.1035 standard assumes that the two parties share a password (pw) Using DH algorithm X.1035 standard constructs a symmetric cryptographic which is four-phase mutual authentication that uses D-H values g & p and five shared hash functions H1-H5 Fig shows the following phases IDA & IDB are the IDs of two parties Alice & Bob respectively P=(IDA|IDB|pw) , and RA & RB are the random numbers chosen by them respective: where as D-H or ElGamal cryptography with 1024 and 15360 bit keys respectively Due to the resource constraint issue, ECC is also beneficial in enabling efficient protocol that supports both current & as well as future devices which is important in emerging SG systems ECC is presented as an Elliptic Curve (EC) The series of steps are shown below: Step 1: Alice obtains X via (I) and forwards it to Bob: X=H1(P) (𝑔 𝑅𝐴 mod p) (1) 𝑅𝐴 On other side, Bob extracts ―𝑔 mod p‖ from X by (2) 𝑋 𝐻1 = (𝑃) 𝐻1 𝑃 (𝑔 𝑅 𝐴 mod p) 𝐻1 𝑃 = 𝑔𝑅𝐴 mod p (2) nodes/points(x,y) over Zp , via the following definition: 𝑦 ≡ 𝑥 + 𝑎𝑥 + 𝑏 𝑚𝑜𝑑 𝑝 𝑦2 = 𝑥3 𝑎𝑥 𝑏 𝑚𝑜𝑑 𝑝 Where: (𝑥, 𝑦) 𝜖 𝑍𝑝 Step 2: Bob computes Y and 𝑆𝐵 following (3) and (4) and send them to Alice Y =H2(P) (𝑔 𝑅𝐵 mod p) (3) 𝑆𝐵 = 𝐻3 ( P|𝑔𝑅𝐴 mod p|𝑔 𝑅𝐵 mod p|𝑔𝑅𝐴 𝑅𝐵 mod p) (4) 𝑅𝐴 Alice also similar obtains ―𝑔 mod p‖ from Y per (5) and then calculate 𝑆𝐴 per (6) for the verification 𝑌 𝐻2 (𝑃) = 𝐻2 𝑃 (𝑔 𝑅 𝐵 mod p ) 𝐻2 𝑃 𝑅𝐴 = 𝑔 𝑅𝑩 mod p 𝑆𝐴 = 𝐻3 (P| 𝑔 mod p|𝑔 𝑅𝐵 mod p|𝑔𝑅𝐴 𝑅𝐵 mod p) (5) (6) Step 3: Alice computes 𝑇𝐴 via (7) and sends it to Bob 𝑇𝐴 = 𝐻4 (P| 𝑔𝑅𝐴 mod p|𝑔 𝑅𝐵 mod p|𝑔𝑅𝐴 𝑅𝐵 mod p) (7) Then, Bob calculate 𝑇𝐵 via (8) for the verification: 𝑇𝐵 = 𝐻4 (P| 𝑔𝑅𝐴 mod p|𝑔 𝑅𝐵 mod p|𝑔𝑅𝐴 𝑅𝐵 mod p) (8) Show that 𝑝 > (A large prime number)𝑎, 𝑏 𝜖 𝑍𝑝 4𝑎 + 27𝑏2 ≠ 𝑚𝑜𝑑 𝑝 National Institute of Standard and Technology (NIST) in the United States issued an implementer guide which specifies EC Diffie-Hellman (ECDH) key-agreement schemes from NIST SP 800-56A, it uses pair-wise key establishment scheme using discrete logarithm cryptography The document specifies the ECs and domain parameters, key derivation function, key generation methods, ECDH primitive & other auxiliary functions that are necessary for ECDH implementations to be in compliance with SP 800-56A To specify the EC parameters we refer to the NIST document in our design 101 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 𝑄𝐴 = 𝐸𝐻 (𝑃) (𝑄𝐴 ) (12) 3) EPAK: ECC-Based Password Authenticated Keyexchange Protocol b) Bob: Once Alice the packets it reaches Bob Bob uses 𝐻(P) EPAK protocol that is the designed as an ECC version of PAKE protocol presented in the X.1035 standard Here we consider there is a pre-shared password (pw) agreement between Alice & Bob [10], [11], [12] We define P= (IDA|IDB |pw) as similar to the X.1035 standard Both Alice & bob have the knows the e EC parameters set {a,b,p,G,n,h} & H the hash function Table 5.1 presents the list of parameters and their definitions [6], [7], [8] TABLE EPAK parameters Parameter 𝑎&𝑏 𝑄𝑤 𝑆𝑤 & 𝑇𝑤 𝑈 = 𝐸ke (𝑉) Description Two field elements that define the equation EC The field size An ECC point that generates the subgroup of order 𝑛 The order of the point 𝐺 The order of EC divided by 𝑛 Two elements of the finite field of size 𝑝 (in the range of [0, 𝑝 − 1]), which are the 𝑥 & 𝑦 coordinate of point 𝑊 Private key of party 𝑊,which are integers in range [2,𝑛 − 1] Public key of party 𝑊 Verifiers generated by party 𝑊 𝑈 in encryption of 𝑉 using key 𝐾e 𝑉 = 𝐷kd (𝑈) 𝑉 in encryption of 𝑈 using key 𝐾d 𝑝 𝐺 𝑛 ℎ 𝑥𝑤 & 𝑦𝑤 𝑑𝑤 to decrypt and obtain 𝑄𝐴 following (13), & appropriate EC point aligned with the value shown by (11) 𝑄𝐴 = 𝐷𝐻 (𝑃) (X) (13) Step 2: c) Bob: dB a random number which Bob chooses € [2, n-1] (as his private key) & then multiply this number with group generator G in order to obtain his public key QB via (14) Calculates EC point (xb ,yb ) aligned with the QB based on the value from (15): 𝑄𝐵 =𝑑𝐵 G (14) (𝑥𝑏 , 𝑦𝑏 ) = 𝑄𝐴 (15) Now, we multiplies his private key to Alice’s public key to obtain QAB which is a shared value through (16), than find appropriate EC points (xab ,yab ) as per (17) Bob computes 𝑆B in order to verify the values QA, QB & QAB, through (18) & finally, uses 𝐻(P) to encrypt QB via (19), and sends it to Alice 𝑄𝐴𝐵 =𝑑𝐵 𝑄𝐴 = 𝑑𝐵 𝑑𝐴 G (16) (𝑥𝑎𝑏 , 𝑦𝑎𝑏 ) = 𝑄𝐴𝐵 (17) EPAK Protocol: EPAKE protocol has the following steps: 𝑆𝐵 = 𝐻(𝑃|𝑦𝑎 |𝑦𝑏 |𝑦𝑎𝑏 ) (18) Step 1: Y=𝐸𝐻 (𝑃) (𝑄𝐵 ) (19) a) Alice: Alice is the initiator, were she picks a random number d A€ [2,n-1] (as her private key) & multiply it to G t d) Alice: Alice uses 𝐻(P) in order to decrypt Y & obtains QB which is a group generator to obtain her public key QA via through (20), & computes EC point (xb ,yb ) aligned with the (10) & with EC point as (xa , ya) via (11) Finally, she given by (15) Which later she multiplies her private key to computes 𝐻(P) to obtain a symmetric key with which she Bob’s public key QB to obtain shared value Q AB via (21), encrypts QA as X via (12) than sends it to Bob followed by (xab ,yab ) given by (17) 𝑄𝐴 =𝑑𝐴 G (10) (𝑥𝑎 , 𝑦𝑎 )= 𝑄𝐴 (11) 102 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 Alice computes SA for verification of having the values of QA, The appliance AN knows at least the ID of the HAN later it can QB, QAB through (22) If the verification holds that she can be obtain ID of the HC Using four phase mechanism AN gains sure that Bob has the required values access controllers Now we assume: 𝑄𝐴 = 𝐷𝐻 (𝑃) (Y) (20) 𝑄𝐴𝐵 =𝑑𝐴 𝑄𝐵 = 𝑑𝐵 𝑑𝐴 G (21) 𝑆𝐵 = 𝐻(𝑃|𝑥𝑎 |𝑥𝑏 |𝑥𝑎𝑏 ) (22) Appliance AN & Home controller HC share a predefined secret password pw ECC parameter set {a, b, p, G, n, h} and 𝐻(.) are known & shared among all the parties Step 3: e) Alice: Alice needs to make Bob assure that she has the In order to have secure communications among values as well Then Alice performs (23) to calculate TA out of them, controllers HC, BC, NC and CC have already QA, QB, and QAB which is later sends it to Bob been authenticated to upstream & downstream controllers 𝑇𝐴 = 𝐻(𝑃|𝑥𝑎 |𝑥𝑏 |𝑥𝑎𝑏 ) (23) Controllers are trusted parties that are controlled by the grid domain The appliance which belongs to the f) Bob: On the other side, Bob calculates TB via (24) and compares it with TA If the verification holds than Bob is assured that Alice has the required values as well 𝑇𝐵 = 𝐻(𝑃|𝑦𝑎 |𝑦𝑏 |𝑦𝑎𝑏 ) customer domain is controlled by the customer The symmetric keys exist: — khb: Shared between HC and BC (24) — kbn: Shared between BC and NC — knc: Shared between NC and CC Step 4: Here the both parties have the required parameters & have verified each other Finally, they perform (25) to calculate the shared symmetric key KAB =𝐻(𝑥𝑎 𝑥𝑏 𝑥𝑎𝑏 |𝑃|𝑦𝑎 |𝑦𝑏 |𝑦𝑎𝑏 ) (25) We try to eliminate the fixed initial private key when in comparison to the previous models Here a random number is chosen to get the private key by both the parties Key is constructed via one multiplication from (16) & (21) & one hash function from (25) Fig 3: Four keys construction in SGMCEP 4) SGMCEP: Smart Grid with Multilayer Consensus ECC based PAKE Protocol The following are the sequence of steps that takes place in SGMCEP 103 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 AN sends a request to send the packets to Home involved in SGMCEP as a part of the information exchanged controller HC Next HC accept the request & sends an between them The four phases in SGMCEP protocol depicted acknowledgment to AN At this point, AN starts in Fig.4 consists of the following steps sending the packets to HC AN sends a request to send the packets to Building Phase I (Initial Flow): In SGMCEP, AN initiates the keys controller BC via HC Next BC accept the request & establishment process: sends an acknowledgment to AN via HC At this 1) First Packet: AN follows (26) to utilize the initial password point, AN starts sending the packets to BC via HC pw shared by HC to calculate temporary key ktah AN sends a request to send the packets to Neighbour controller NC via HC & BC Next NC accept the request & sends an acknowledgment to AN via HC & BC At this point, AN starts sending the packets to BC In a similar way, AN sends a request to send the packets to Central controller CC via HC, BC & NC Next CC accept the request & sends an acknowledgment to AN via HC, BC & NC At this point, AN starts sending the packets to CC 𝑘 𝑡 𝑎ℎ =𝐻 𝐼𝐷𝐴 𝑝𝑤 |𝐼𝐷𝐻 ) AN also picks a random number dA€ [2,n-1], then computes QAH via (27) & appropriate coordinates (xa , ya) given by (28) 𝑄𝐴𝐻 = 𝑑𝐴 G (27) (𝑥𝑎 , 𝑦𝑎 ) = 𝑄𝐴𝐻 (28) AN put its own ID in field A of 𝑉 given by (29).Finally, AN forms packets PAH by QAH and 𝑉 all encrypted by ktah key as per (30), and then sends the packet from to HC 𝑉 [𝐴] In this model, we need to have a predefined shared (26) 𝐼𝐷𝐴 (29) 𝑃𝐴𝐻 = 𝐸𝑘 𝑡 𝑎ℎ (𝑄𝐴𝐻 , 𝑉 ) (30) password between the two parties i.e., appliance and one of the controllers At the end SGMCEP protocol decreases the 2) Second Packet: First, HC calculates temporary key ktah by number of packets and improves the security for smart grid performing (26) & decrypts received packet from AN by way of (31) to obtain QAH and 𝑉 (𝑄𝐴𝐻 , 𝑉 ) = 𝐷𝑘 𝑡 𝑎ℎ (PAH ) (31) HC picks a random number dH € [2,n-1] and computes QHB through (32) 𝑄𝐻𝐵 = (𝑄𝐴𝐻 ).d = (𝑑𝐴 𝐺) dH = 𝑑𝐴 dH G (32) (𝑥ℎ𝑏 ,𝑦ℎ𝑏 ) = 𝑄𝐻𝐵 Fig 4: SGMCEP Protocol phases and packets transfer Here we, introduce a new vector 𝑉 (entities identification set), which contains the IDs of the entities (33) HC puts its own ID into field H of 𝑉 by way of (34),and also computes pwb via (35) 𝑉 [𝐻] 𝐼𝐷𝐻 (34) 104 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 𝑝𝑤𝑏 = 𝐻( 𝑘𝑎ℎ 𝑡 | 𝐼𝐷𝐴 ) (35) 𝑝𝑤𝑐 = 𝐻( 𝑝𝑤𝑛 | 𝐼𝐷𝐶 ) (47) Finally, HC dispatches 𝑉 along with QHB and pwb to BC, all Finally, NC forms packet PNC out of 𝑉, QCN and pwc as shown encrypted with the khb shared key following (36) by (48),encrypts its by knc, and forwards it to CC 𝑃𝐻𝐵 = 𝐸𝑘 ℎ𝑏 (𝑄𝐻𝐵 , 𝑉 , 𝑝𝑤𝑏 ) (36) 𝑃𝑁𝐶 = 𝐸𝑘 𝑛𝑐 (𝑄𝐶𝑁 , 𝑉 , 𝑝𝑤𝑐 ) (48) 3)Third Packet: First, BC obtains QHB, 𝑉 and pwb by Phase II (Response Flow): This flow starts with CC replying decryption of the received packets PHB from HC via (37): to the fourth packets above (𝑄𝐻𝐵 , 𝑉 , 𝑝𝑤𝑏 ) = 𝐷𝑘 ℎ𝑏 (𝑃𝐻𝐵 ) (37) 5) Fifth packet: First, CC obtains the QCN, 𝑉 and pwc values by decryption of the packets PNC received from the NC following Then, BC chooses random number dB € [2,n-1] and computes QBN through (38): (49) (𝑄𝐶𝑁 , 𝑉 , 𝑝𝑤𝑐 ) = 𝐷𝑘 ℎ𝑐 (𝑃𝑁𝐶 ) 𝑄𝐵𝑁 = (𝑄𝐻𝐵 ) 𝑑𝐵 =𝑑𝐴 dH 𝑑𝐵 G (38) (𝑥𝑏𝑛 ,𝑦𝑏𝑛 )= 𝑄𝐵𝑁 (39) (49) Then, CC extracts ID of any of the controller as well as ID of the appliance ID A from 𝑉 (𝑉 [A]), and also calculates ktca Then, BC copies its own ID into the 𝑉 field B in (40), and through (50).Beside, CC inserts its own ID into field C of V as computes pwn via (41).Finally, BC forwards 𝑉, QBN and pwn to presented by (51) NC ,all encrypted with the predefined shared key of khb through 𝑘 𝑡 𝑐𝑎 = 𝐻(𝐼𝐷𝐶 |𝑝𝑤𝑐 |𝐼𝐷𝐴 ) (50) (42) 𝑉 [𝐶] (51) 𝑉 [𝐵] 𝐼𝐷𝐵 𝐼𝐷𝐶 (40) 𝑝𝑤𝑛 = 𝐻( 𝑝𝑤𝑏 | 𝐼𝐷𝑁 ) (41) Then, CC picks a random number dC € [2, n-1] to obtain QC 𝑃𝐵𝑁 = 𝐸𝑘 ℎ𝑏 (𝑄𝐵𝑁 , 𝑉 , 𝑝𝑤𝑛 ) (42) and QCC following (52) and (53) respectively 4) Fourth Packet: Firstly, NC follows (43) to obtain QBN, 𝑉 and pwn from the packet PBN received from BC: (𝑄𝐵𝑁 , 𝑉 , 𝑝𝑤𝑛 ) = 𝐷𝑘 ℎ𝑏 (𝑃𝐵𝑁 ) (43) 𝑄𝐶 =𝑑𝐴 𝐺 (52) 𝑄𝐶𝐶 = (𝑄𝐶𝑁 ) 𝑑𝐶 (53) (𝑥𝑐 , 𝑦𝑐 )= 𝑄𝐶𝐶 (54) Then, CC obtains coordinates (xc, yc) as shown by (54) and (xnc, ync) as depicted by (45), and then computes SCN via (55) for Then, NC chooses random number dN € [2, n-1] to obtain QCN verification purpose via (44) 𝑆𝐶𝑁 = 𝐻( 𝑘 𝑡 𝑐𝑎 |𝑦𝑛𝑐 |𝑦𝑐 ) 𝑄𝐶𝑁 = (𝑄𝐵𝑁 ) dN = 𝑑𝐴 dH 𝑑𝐵 dN G (44) Finally, CC follows (56) to form PCN from SCN, QC and 𝑉, in (𝑥𝑏𝑛 ,𝑦𝑏𝑛 )= 𝑄𝐵𝑁 Then, NC updates 𝑉 field N with its own ID as depicted by (46), also computes pwc through (47) 𝑉 [𝑁] 𝐼𝐷𝑁 (55) which CC encrypts the packets by knc as shown in (56) 𝑃𝐶𝑁 = 𝐸𝑘 𝑛𝑐 (𝑆𝐶𝑁 , 𝑄𝐶 , 𝑉) (56) (46) 105 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 6) Sixth Packet: First, NC decrypts the packets received from CC to obtain the SCN, QC and V values following (57) Then, NC calculate ktna through (58) Finally, BC forms PBH packets by SBH, QN, QNC, QBNC and 𝑉, encrypted by knc as shown (69), and sends the packet to HC 𝑃𝐵𝐻 = 𝐸𝑘 ℎ𝑏 (𝑆𝐵𝐻 , 𝑄𝐵 ,𝑄𝐵𝑁 , 𝑄𝐵𝑁𝐶 , 𝑉) (𝑆𝐶𝑁 , 𝑄𝐶 , 𝑉) = 𝐷𝑘 𝑛𝑐 (𝑃𝐶𝑁 ) (57) 𝑘 𝑡 𝑐𝑎 = 𝐻(𝐼𝐷𝑁 |𝑝𝑤𝑛 |𝐼𝐷𝐴 ) (58) (69) 8) Eighth Packet: First, HC decrypts the packet received from BC and obtains SBH, QN, QNC, QBNC and 𝑉 depicted by Then, NC utilizes its own random number dN to calculate QN (70).Then, HC calculates ktha through (71) via (59), and QNC via (60) Then, NC follows (61) to calculate (𝑆𝐵𝐻 , 𝑄𝐵 ,𝑄𝐵𝑁 , 𝑄𝐵𝑁𝐶 , 𝑉) =𝐷𝑘 ℎ𝑏 ( 𝑃𝐵𝐻 ) (70) 𝑘 𝑡 ℎ𝑎 = 𝐻(𝐼𝐷𝐻 |𝑝𝑤|𝐼𝐷𝐴 ) (71) SNB for the verification purpose 𝑄𝑁 =𝑑𝑁 𝐺 (59) 𝑄𝑁𝐶 = (𝑄𝐶 ).dN = dN dC G (60) 𝑆𝑁𝐵 = 𝑆𝐶𝑁 𝐻( 𝑘 𝑡 𝑛𝑎 |𝑦𝑏𝑛 |𝑦𝑛𝑐 ) (61) Finally, NC forms PNB out of SNB, QN, QNC and 𝑉 and encrypts the packet by kbn as shown in (62) to be sent to the BAN controller (BC ) 𝑃𝑁𝐵 = 𝐸𝑘 𝑏𝑛 (𝑆𝑁𝐵 , 𝑄𝑁 , 𝑄𝑁𝐶 , 𝑉) Then, HC utilize its own random number d H to compute QH via (72), QHB through (73), QHBN via (74) and QHBNC through (75) 𝑄𝐻 =𝑑𝐻 𝐺 (72) 𝑄𝐻𝐵 = (𝑄𝐵 ).dH = dH dB G (73) 𝑄𝐻𝐵𝑁 = (𝑄𝐵𝑁 G).dH = dH dB.dN G (74) 𝑄𝐻𝐵𝑁𝐶 = (𝑄𝐻𝐵𝑁 ) dH =( dC dB.dN G) =( dH dB.dN dC.G) (62) (75) 7) Seventh Packet: Firstly, BC obtains the parameters SNB, QN, HC obtains coordinates (xbn,ybn ) and (xhb , yhb) as depicted by QNC and 𝑉 as presented by (63) by decrypting packet received (39) and (33), respectively, and then computes SHA using (76) from NC Then, BC calculates the ktba key via (64) for verification (𝑆𝑁𝐵 , 𝑄𝑁 , 𝑄𝑁𝐶 , 𝑉) = 𝐷𝑘 𝑏𝑛 (𝑃𝑁𝐵 ) (63) 𝑘 𝑡 𝑏𝑎 =𝐻(𝐼𝐷𝐵 |𝑝𝑤𝑏 |𝐼𝐷𝐴 ) (64) Then, BC uses its own random number d B to obtain the QB via 𝑆𝐻𝐴 = 𝑆𝐵𝐻 𝐻( 𝑘 𝑡 ℎ𝑎 |𝑦𝑎 |𝑦ℎ𝑏 ) (76) Finally, HC forms PHA packet out of SHA, QH, QHB,QHBN and QHBNC 𝑉, encrypted by ktha as shown by (77), and sends the packet to AN (65), QNC through (66) and QBNC via (67) 𝑄𝐵 =𝑑𝐵 𝐺 (65) 𝑄𝐵𝑁 = (𝑄𝑁 ).dB = dN dB G (66) 𝑄𝐵𝑁𝐶 = (𝑄𝑁𝐶 ).dB = dB dN dC G (67) 𝑃𝐻𝐴 =𝐸𝑘 𝑡 ℎ𝑎 (𝑆𝐻𝐴 , 𝑄𝐻 , 𝑄𝐻𝐵 , 𝑄𝐻𝐵𝑁 , 𝑄𝐻𝐵𝑁𝐶 , 𝑉) (77) Then, BC obtains coordinates (xnc, ync) and (xbn , ybn) as shown Phase III: Verification by (45) and (39) respectively, and calculates SBH through (68) 9) Ninth Packet (Appliance): In this phase, AN verifies the for verification received values and dispatches the confirmation to the 𝑆𝐵𝐻 = 𝑆𝑁𝐵 𝐻( 𝑘 𝑡 𝑏𝑎 |𝑦ℎ𝑏 |𝑦𝑏𝑛 ) (68) upstream controllers First, AN computes the ktha Temporary key via (71), to decrypt the received packet PHA from HC in 106 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 order to obtain SHA, QH, QHB,QHBN and QHBNC and 𝑉 following 11) Eleventh Packet (BAN controller): BC receives the above (78) values and then verifies TAB following (85) If the verification (𝑆𝐻𝐴 , 𝑄𝐻 , 𝑄𝐻𝐵 , 𝑄𝐻𝐵𝑁 , 𝑄𝐻𝐵𝑁𝐶 , 𝑉) = 𝐷𝑘 𝑡 ℎ𝑎 (𝑃𝐻𝐴 ) (78) Then, AN utilizes its own random number d A to calculate QHB via (79), QBN through (80), QNC via (81) and QCC through (82), 12) Twelfth Packet (NAN controller): NC receives the eleventh packet & then verifies TAN through (87), If the verification holds, NC relays the other values to CC SGCC controller: CC which are shared by HC, BC, NC and CC respectively (𝑄𝐻 ) 𝑑𝐴 =( dH.G) d A = dA dH.G= (79) (𝑄𝐻𝐵 ) 𝑑𝐴 =(𝑑𝐻 𝑑𝐵 G ) 𝑑𝐴 =𝑑𝐴 𝑑𝐻 𝑑𝐵 G = 𝑄𝐵𝑁 (80) (𝑄𝐻𝐵𝑁 ) 𝑑𝐴 = (𝑑𝐻 𝑑𝐵 𝑑𝑁 𝐺) 𝑑𝐴 =𝑑𝐴 𝑑𝐻 𝑑𝐵 𝑑𝑁 𝐺= 𝑄𝐶𝑁 (81) (𝑄𝐻𝐵𝑁𝐶 ) 𝑑𝐴 = (𝑑𝐻 𝑑𝐵 𝑑𝑁 𝑑𝐶 𝐺) 𝑑𝐴 =𝑑𝐴 𝑑𝐻 𝑑𝐵 𝑑𝑁 𝑑𝐶 𝐺= 𝑄𝐶𝐶 holds, BC relays the values to NC (82) receives the twelfth packet and then verifies TAC via (89) Phase IV: Keys Calculation Thus far, all parties have their verified shared values Finally, they can generate their appropriate symmetric keys per (90), (91), (92) and (93) Then, AN uses the above shared values to obtain coordinates 𝐴𝑁 & 𝐻𝐶 :𝐾𝐻𝐴 = 𝐻(𝑥𝑎 |𝑥ℎ𝑏 |𝑘 𝑡 ℎ𝑎 |𝑘 𝑡 𝑎ℎ |𝑦𝑎 |𝑦ℎ𝑏 ) 𝑡 (90) 𝑡 (xc, yc), (xnc, ync ), (xbn, ybn), (xhb, yhb) as shown in (54), (45), 𝐴𝑁 & 𝐵𝐶 : 𝐾𝐻𝐴 = 𝐻(𝑥ℎ𝑏 |𝑥𝑏𝑛 |𝑘 𝑏𝑎 |𝑘 𝑎𝑏 |𝑦ℎ𝑏 |𝑦𝑏𝑛 ) (91) (39) and (33) respectively Then, AN utilize the coordinates 𝐴𝑁 & 𝑁𝐶 : 𝐾𝑁𝐴 = 𝐻(𝑥𝑏𝑛 |𝑥𝑛𝑐 |𝑘 𝑡 𝑛𝑎 |𝑘 𝑡 𝑎𝑛 |𝑦𝑏𝑛 |𝑦𝑛𝑐 ) (92) and performs (55), (61), (68) and (76) to substantiate SHA If 𝐴𝑁 & 𝐶𝐶 : 𝐾𝐶𝐴 = 𝐻(𝑥𝑛𝑐 |𝑥𝑐 |𝑘 𝑡 𝑡 𝑐𝑎 |𝑘 𝑎𝑐 |𝑦𝑛𝑐 |𝑦𝑐 ) (93) the verification holds, AN proceeds to next step Note that, since AN has pw, it is able to obtain pwb, pwn, pwc based upon (35),(41) and (47) Finally, AN generates four values TAH via (83) for HC, TAB through (85) for BC, TAN via (87) for NC and TAC through (89) for CC, as verifiers of the shared values, and forwards them to HC 𝑇𝐴𝐻 = 𝐻(𝑘 𝑡 𝑎ℎ |𝑥𝑎 |𝑥ℎ𝑏 ) 𝑘 𝑡 𝑎𝑏 = 𝐻(𝐼𝐷𝐴 |𝑝𝑤𝑎𝑏 |𝐼𝐷𝐵 ) 𝑇𝐴𝐵 = 𝐻(𝑘 𝑡 𝑎𝑏 |𝑥ℎ𝑏 |𝑥𝑏𝑛 ) 𝑘 𝑡 𝑎𝑛 = 𝐻(𝐼𝐷𝐴 |𝑝𝑤𝑎𝑛 |𝐼𝐷𝑁 ) (83) (84) (85) (86) 𝑇𝐴𝑁 = 𝐻(𝑘 𝑡 𝑎𝑛 |𝑥𝑏𝑛 |𝑥𝑛𝑐 ) (87) 𝑘 𝑡 𝑐𝑎 = 𝐻(𝐼𝐷𝐴 |𝑝𝑤𝑎𝑐 |𝐼𝐷𝐶 ) (88) 𝑇𝐴𝐶 = 𝐻(𝑘 𝑡 𝑎𝑐 |𝑥𝑛𝑐 |𝑥𝑐 ) (89) 10) Tenth Packet (HAN controller): HC receives the above substantiation values and then verifies TAH based upon (83) If the verification holds, HC relays the other values to BC 107 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 V RESULTS Fig 1: SGMCEP (Smart Grid with Multilayer Consensus ECC based PAKE Protocol home page This is demonstration of all multilayer or modules) Fig 2: Requesting Page (the interface of HAN is requesting to connect network via SG) Fig 4: File Transformation (requesting parameters converted into file and sent to the Smart Grid) Fig 5: Key generation by the Smart Grid (when smart grid received the request from the appliance it will generate the complete keys for authentication and it will send to the appliance) Fig 3: Request from the appliance of BAN (request from Building area Network Appliance) 108 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 Fig 6: User Premises (after receiving the file from the Smart Grid user again logins to get encrypted information and keys generated for authentication) Fig 9: Verification of Key (shared keys are verified by the smart grid gateways & validated at each phase) Fig 7: Multi Layer Consensus (appliance shares its shared key to all the network controllers to authenticate to entire gateways) Fig 10: Final Output (finally the file is accessed by the appliance with the interaction of Smart Grid) VI CONCLUSION Fig 8: Multi Layer Authentication (the keys are enquired at each packet and validated) The proposed protocol enables secure communications between a home appliance and different layers of the SG control system This protocol establishes four multilayer consensus password-authenticated symmetric keys between an appliance & upper layer controllers in order to provide a hierarchical authority over the appliances The SGMCEP protocol relies on ECC to provide a high security level with a small key size while addressing the resource constraints in the devices The protocol is easily implemented by adaptation of the X.1035 standard & applying ECC approach SGMCEP protocol can be extended to a larger number of layers if required The proposed protocol reduces the system security overhead against most of the well-known attacks When compared to the X.1035 standard, SGMCEP involves a lower load for computations of the hash function & it requires passwords EPAK protocol presented in this paper can be used & implemented in any application & environment outside of any smart grid system We have developed EPAK, which is based on ECC that a high security level with a small key size REFERENCES [1] M.M Fouda, Z.M Fadlullah,N Kato,R.Lu, andX.Shen, ―Towards a light-weight message authentication mechanism tailored for smart grid 109 ISSN:2249-5789 Meera Jadhav et al , International Journal of Computer Science & Communication Networks,Vol 4(3),99-110 communications,‖ in Proc IFIP SCNC Workshop, Shanghai, China, Apr 2011 [2] ―Introduction to NISTIR 7628 guidelines for smart grid cyber security,‖ National Institute of Standards and Technology (NIST), 2010 [Online] Available: http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf [3] H Nicanfar and V C M Leung, ―Smart grid multilayer consensus password-authenticated key exchange protocol,‖ in Proc IEEE SFCS Workshop, Ottawa, ON, Canada, Jun 2012 [4] Q Li and G Cao, ―Multicast authentication in the smart grid with onetime signature,‖ IEEE Trans Smart Grid, vol 2, no 4, pp 686–696, Dec 2011 [5] A P Muniyandi, R Ramasamy, and Indrani, ―Password based remote authentication scheme using ECC for smart card,‖ in Proc ICCCS, Orisa, India, Feb 2011 [6] P Jokar, H Nicanfar, and V C M Leung, ―Specification-based intrusion detection for home area networks in smart grids,‖ in Proc IEEE SmartGridComm, Brussels, Belgium, Oct 2011 [7] X Ding, C Ma, and Q Cheng, ―Password authenticated key exchange protocol with stronger security,‖ in Proc ETCS Workshop, Wuhan, Hubei, China, Mar 2009 [8] H Boumerzoug, B A Bensaber, and I Biskri, ―A keys management method based on an AVL tree and ECC cryptography for wireless sensor networks,‖ in Proc Q2SWinet, Miami Beach, FL, Oct.–Nov 2011 [9] E J Yooni and K Y Yoo, ―A new elliptic curve Diffie-Hellman two party key agreement protocol,‖ in Proc ICSSSM Conf., Tokyo, Japan, Jun 2010 [10] S Wang, Z Cao, M A Strangio, and L Wang, ―Cryptanalysis and improvement of an elliptic curve Diffie-Hellman key agreement protocol,‖ IEEE Commun Lett., vol 12, no 2, pp 149–151, Feb 2008 [11] A H Koblitz, N Koblitzb, and A Menezes, ―Elliptic curve cryptography: The serpentine course of a paradigm shift,‖ Elsevier J Number Theory, vol 131, no 5, pp 781–814, May 2011 [12] S M Bellovin and M Merritt, ―Encrypted key exchange: Passwordbased protocols secure against dictionary attacks,‖ in Proc.IEEE Comput Soc Symp Res Security Privacy, Oakland, CA, May 1992 110 ... Networks,Vol 4(3),99-110 V RESULTS Fig 1: SGMCEP (Smart Grid with Multilayer Consensus ECC based PAKE Protocol home page This is demonstration of all multilayer or modules) Fig 2: Requesting Page... function from (25) Fig 3: Four keys construction in SGMCEP 4) SGMCEP: Smart Grid with Multilayer Consensus ECC based PAKE Protocol The following are the sequence of steps that takes place in SGMCEP... grid with onetime signature,‖ IEEE Trans Smart Grid, vol 2, no 4, pp 686–696, Dec 2011 [5] A P Muniyandi, R Ramasamy, and Indrani, ―Password based remote authentication scheme using ECC for smart