Abstract
With the development in wireless communication and low-power device, users can receive various useful services such as electric vehicle (EV) charging, smart building, and smart home services at anytime and anywhere in smart grid (SG) environments. The SG devices send demand of electricity to the remote control center and utility center (UC) to use energy services, and UCs handle it for distributing electricity efficiently. However, in SG environments, the transmitted messages are vulnerable to various attacks because information related to electricity is transmitted over an insecure channel. Thus, secure authentication and key agreement are essential to provide secure energy services for legitimate users. In 2019, Kumar et al. presented a secure authentication protocol for demand response management in the SG system. However, we demonstrate that their protocol is insecure against masquerade, the SG device stolen, and session key disclosure attacks and does not ensure secure mutual authentication. Thus, we propose a privacy-preserving lightweight authentication protocol for demand response management in the SG environments to address the security shortcomings of Kumar et al.’s protocol. The proposed protocol withstands various attacks and ensures secure mutual authentication and anonymity. We also evaluated the security features of the proposed scheme using informal security analysis and proved the session key security of proposed scheme using the ROR model. Furthermore, we showed that the proposed protocol achieves secure mutual authentication between the SG devices and the UC using Burrows–Abadi–Needham (BAN) logic analysis. We also demonstrated that our authentication protocol prevents man-in-the-middle and replay attacks utilizing AVISPA simulation tool and compared the performance analysis with other existing protocols. Therefore, the proposed scheme provides superior safety and efficiency other than existing related protocols and can be suitable for practical SG environments.
Highlights
In the past few years, with the advances of information and communication technologies, users can access any service provided in various smart grid (SG) environments, including smart home, smart building, vehicle-to-grid (V2G) and advanced metering infrastructure (AMI) [1,2,3,4]
This study demonstrated that Kumar et al.’s scheme cannot defend against various potential attacks such as masquerade, SG device stolen, and session key disclosure attacks
We showed that Kumar et al.’s scheme does not ensure mutual authentication
Summary
In the past few years, with the advances of information and communication technologies, users can access any service provided in various smart grid (SG) environments, including smart home, smart building, vehicle-to-grid (V2G) and advanced metering infrastructure (AMI) [1,2,3,4]. Authentication and key agreement protocol should consider SG device limitations with respect to power consumption, communication bandwidth, and memory. This paper shows that their scheme cannot withstand various attacks, including SG device stolen, session key disclosure, and masquerade attacks and cannot ensure secure mutual authentication. Their scheme [6] is not suitable for resource-limited smart devices because it uses ECC with high computation and communication overheads. We propose a privacy-preserving lightweight authentication scheme for demand response management in SG environments, considering an efficiency of SG devices and improving security level
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
