Secure authenticated key exchange with revocation for smart grid

Using cryptographic technologies to provide security solutions in smart grid is extensively discussed in NISTIR 7628 [1] and IEC 62351 standards series [2]. Both series identify cryptographic key management for Intelligent Electronic Devices (IEDs) communication as one of the most important issues. In this paper, considering the system constraints and the security requirements in the smart grid, we propose an authenticated key exchange scheme with revocation by exploiting a well-known cryptographic protocol: Broadcast encryption [3], [11], [12] using a media key block(MKB) [15]. Furthermore, we show that our scheme is efficient in comparison with the PKI-signature based Internet Key Exchange(IKE) protocol, [4], [8] in terms of the following points of view: (1) communication cost; (2) compuation cost; (3) device revocation cost. The comparison results show that our scheme is efficient and cost-effective in most cases for devices and systems in smart grid.

[1]  Kevin McGrath,et al.  Key management for substations: Symmetric keys, public keys or no keys? , 2011, 2011 IEEE/PES Power Systems Conference and Exposition.

[2]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[3]  L. Pietre-Cambacedes,et al.  Cryptographic Key Management for SCADA Systems-Issues and Perspectives , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[4]  Ian F. Blake,et al.  Advances in Elliptic Curve Cryptography: Frontmatter , 2005 .

[5]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[6]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[7]  Jerome A. Solinas,et al.  IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) , 2007, RFC.

[8]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.