Communication-efficient Certificate Revocation Management for Advanced Metering Infrastructure

Advanced Metering Infrastructure (AMI) forms a communication network for the collection of power data from smart meters in Smart Grid. As the communication within an AMI needs to be secure, public-key cryptography (PKC) can be used to reduce the overhead of key management. However, PKC still has certain challenges in terms of certificate revocation and management. In particular, distribution and storage of the Certificate Revocation List (CRL), which holds the revoked certificates, is a major challenge due to its overhead. To address this challenge, in this paper, we propose a novel revocation management approach by utilizing cryptographic accumulators which reduces the space requirements for revocation information significantly and thus enables efficient distribution of such information to all smart meters. We implemented the proposed approach on both ns-3 network simulator and an actual AMI testbed developed at FIU and demonstrated its superior performance with respect to traditional methods for CRL management.

[1]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[2]  Yngve N. Pettersen The Transport Layer Security (TLS) Multiple Certificate Status Request Extension , 2013, RFC.

[3]  Jan Camenisch,et al.  Accumulators with Applications to Anonymity-Preserving Revocation , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[5]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[6]  Jie Wu,et al.  Secure and efficient key management in mobile ad hoc networks , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[7]  Sridhar Adepu,et al.  EPIC: An Electric Power Testbed for Research and Training in Cyber Physical Systems Security , 2018, CyberICPS/SECPRE@ESORICS.

[8]  Kenneth H. Rosen Elementary Number Theory: And Its Applications , 2010 .

[9]  Kemal Akkaya,et al.  Efficient Management of Certificate Revocation Lists in Smart Grid Advanced Metering Infrastructure , 2017, 2017 IEEE 14th International Conference on Mobile Ad Hoc and Sensor Systems (MASS).

[10]  Randy L. Ekl,et al.  Security Technology for Smart Grid Networks , 2010, IEEE Transactions on Smart Grid.

[11]  William B. Hart,et al.  FLINT : Fast library for number theory , 2013 .

[12]  Jelena V. Misic,et al.  Investigating Public-Key Certificate Revocation in Smart Grid , 2015, IEEE Internet of Things Journal.

[13]  Taehun Kim,et al.  THE PKI-BASED DEVICE AUTHENTICATION SYSTEM FOR AMI , 2015 .

[14]  Kemal Akkaya,et al.  A survey of routing protocols for smart grid communications , 2012, Comput. Networks.

[15]  Kemal Akkaya,et al.  Scalable Certificate Revocation Schemes for Smart Grid AMI Networks Using Bloom Filters , 2017, IEEE Transactions on Dependable and Secure Computing.

[16]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[17]  AkkayaKemal,et al.  Survey A survey of routing protocols for smart grid communications , 2012 .

[18]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[19]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[20]  Jelena V. Misic,et al.  Efficient public-key certificate revocation schemes for smart grid , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[21]  Tanya L. Brewer,et al.  Guidelines for Smart Grid Cybersecurity , 2014 .

[22]  Kemal Akkaya,et al.  Efficient Public-Key Revocation Management for Secure Smart Meter Communications Using One-Way Cryptographic Accumulators , 2018, 2018 IEEE International Conference on Communications (ICC).

[23]  Ninghui Li,et al.  Universal Accumulators with Efficient Nonmembership Proofs , 2007, ACNS.

[24]  Vashek Matyas,et al.  The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli , 2017, CCS.

[25]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[26]  Kemal Akkaya,et al.  Efficient generation and distribution of CRLs for IEEE 802.11s-based Smart Grid AMI networks , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[27]  Leonid Reyzin,et al.  Efficient Asynchronous Accumulators for Distributed PKI , 2016, SCN.

[28]  Roberto Tamassia,et al.  Authenticated hash tables , 2008, CCS.