Multicast Authentication in the Smart Grid With

Multicast has been envisioned to be useful in many smart grid applications such as demand-response, wide area protection, in-substation protection and various operation and control. Since the multicast messages are related to critical control, authentication is necessary to prevent message forgery attacks. In this paper, we first identify the requirements of multicast com- munication and multicast authentication in the smart grid. Based on these requirements, we find that one-time signature based multicast authentication is a promising solution, due to its short authentication delay and low computation cost. However, existing one-time signatures are not designed for the smart grid and they may have high storage and bandwidth overhead. To address this problem, we propose a new one-time signature scheme which can reduce the storage cost by a factor of 8 and reduce the signature size by 40% compared with existing schemes. Thus, our scheme is more appropriate for smart grid applications where the receivers have limited storage (e.g., home appliances and field devices) or where data communication is frequent and short (e.g., phasor data). These gains are at the cost of increased computations in signature generation and/or verification and fortunately our scheme can flexibly allocate the computations between the sender and receiver based on their computing resources. We formulate the computation allocation as a nonlinear integer programming problem to minimize the signing cost under a certain verification cost and propose a heuristic solution to solve it.

[1]  Adrian Perrig,et al.  Distillation Codes and Applications to DoS Resistant Multicast Authentication , 2004, NDSS.

[2]  Donggang Liu,et al.  Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[3]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[4]  Sushil Jajodia,et al.  Practical broadcast authentication in sensor networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[5]  Yong Yang,et al.  oCast: Optimal multicast routing protocol for wireless sensor networks , 2009, 2009 17th IEEE International Conference on Network Protocols.

[6]  William D. Neumann HORSE: an extension of an r-time signature scheme with fast signing and verification , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[7]  Farrokh Albuyeh,et al.  Grid of the future , 2009, IEEE Power and Energy Magazine.

[8]  Qinghua Li,et al.  Multicasting in delay tolerant networks: a social network perspective , 2009, MobiHoc '09.

[9]  Klara Nahrstedt,et al.  Time Valid One-Time Signature for Time-Critical Multicast Data Authentication , 2009, IEEE INFOCOM 2009.

[10]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[11]  Shiuh-Pyng Shieh,et al.  An efficient broadcast authentication scheme in wireless sensor networks , 2006, ASIACCS '06.

[12]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[14]  Markus Jakobsson,et al.  Almost Optimal Hash Sequence Traversal , 2002, Financial Cryptography.

[15]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[16]  Ragib Hasan,et al.  Analyzing NASPInet data flows , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[17]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[18]  Adrian Perrig,et al.  Bounds and Improvements for BiBa Signature Schemes , 2002 .

[19]  Dawn Xiaodong Song,et al.  Expander graphs for digital stream authentication and robust overlay networks , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[20]  Refik Molva,et al.  Efficient Multicast Packet Authentication , 2003, NDSS.

[21]  Roberto Tamassia,et al.  Multicast authentication in fully adversarial networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.