Scalable Certificate Revocation Schemes for Smart Grid AMI Networks Using Bloom Filters

Given the scalability of the advanced metering infrastructure (AMI) networks, maintenance and access of certificate revocation lists (CRLs) pose new challenges. It is inefficient to create one large CRL for all the smart meters (SMs) or create a customized CRL for each SM since too many CRLs will be required. In order to tackle the scalability of the AMI network, we divide the network into clusters of SMs, but there is a tradeoff between the overhead at the certificate authority (CA) and the overhead at the clusters. We use Bloom filters to reduce the size of the CRLs in order to alleviate this tradeoff by increasing the clusters’ size with acceptable overhead. However, since Bloom filters suffer from false positives, there is a need to handle this problem so that SMs will not discard important messages due to falsely identifying the certificate of a sender as invalid. To this end, we propose two certificate revocation schemes that can identify and nullify the false positives. While the first scheme requires contacting the gateway to resolve them, the second scheme requires the CA additionally distribute the list of certificates that trigger false positives. Using mathematical models, we have demonstrated that the probability of contacting the gateway in the first scheme and the overhead of the second scheme can be very low by properly designing the Bloom filters. In order to assess the scalability and validate the mathematical formulas, we have implemented the proposed schemes using Visual C. The results indicate that our schemes are much more scalable than the conventional CRL and the mathematical and simulation results are almost identical. Moreover, we simulated the distribution of the CRLs in a wireless mesh-based AMI network using ns-3 network simulator and assessed its distribution overhead.

[1]  Jelena V. Misic,et al.  A scalable public key infrastructure for smart grid communications , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[2]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[3]  Mohamed F. Younis,et al.  Cross-layer scheme for detecting large-scale colluding Sybil attack in VANETs , 2015, 2015 IEEE International Conference on Communications (ICC).

[4]  Jonathan K. Millen,et al.  Efficient fault-tolerant certificate revocation , 2000, CCS.

[5]  Weihua Zhuang,et al.  Decentralized Economic Dispatch in Microgrids via Heterogeneous Wireless Networks , 2012, IEEE Journal on Selected Areas in Communications.

[6]  Abhishek Kumar,et al.  Space-code bloom filter for efficient per-flow traffic measurement , 2004, IEEE INFOCOM 2004.

[7]  Petra Wohlmacher,et al.  Digital certificates: a survey of revocation methods , 2000, MULTIMEDIA '00.

[8]  Michael Szydlo,et al.  Merkle Tree Traversal in Log Space and Time , 2004, EUROCRYPT.

[9]  BHARAT. VEERLA,et al.  A Secure Payment Scheme with Low Communication and Processing Overhead for Multihop Wireless Networks , 2014 .

[10]  Guido R. Hiertz,et al.  Principles of IEEE 802.11s , 2007, 2007 16th International Conference on Computer Communications and Networks.

[11]  H. Owen,et al.  Certificate revocation list distribution in vehicular ad hoc networks , 2010 .

[12]  Kemal Akkaya,et al.  Preserving consumer privacy on IEEE 802.11s-based smart grid AMI networks using data obfuscation , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[13]  Xuemin Shen,et al.  DCS: An Efficient Distributed-Certificate-Service Scheme for Vehicular Networks , 2010, IEEE Transactions on Vehicular Technology.

[14]  Mohsen Guizani,et al.  An enhanced public key infrastructure to secure smart grid wireless communication networks , 2014, IEEE Network.

[15]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[16]  Ben Smyth,et al.  Secure authenticated key exchange with revocation for smart grid , 2012, 2012 IEEE PES Innovative Smart Grid Technologies (ISGT).

[17]  A. Kumar,et al.  Space-code bloom filter for efficient per-flow traffic measurement , 2004, IEEE INFOCOM 2004.

[18]  Miroslaw Malek,et al.  NPART - node placement algorithm for realistic topologies in wireless multihop network simulation , 2009, SIMUTools 2009.

[19]  Panagiotis Papadimitratos,et al.  Eviction of Misbehaving and Faulty Nodes in Vehicular Networks , 2007, IEEE Journal on Selected Areas in Communications.

[20]  Mohamed F. Younis,et al.  Privacy-preserving route reporting scheme for traffic management in VANETs , 2015, 2015 IEEE International Conference on Communications (ICC).

[21]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[22]  Kemal Akkaya,et al.  Privacy-preserving and secure communication scheme for power injection in smart grid , 2015, 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[23]  Xuemin Shen,et al.  RISE: Receipt-Free Cooperation Incentive Scheme for Multihop Wireless Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[24]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[25]  Yih-Chun Hu,et al.  Efficient Certificate Revocation List Organization and Distribution , 2011, IEEE Journal on Selected Areas in Communications.

[26]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[27]  Randy L. Ekl,et al.  Security Technology for Smart Grid Networks , 2010, IEEE Transactions on Smart Grid.

[28]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[29]  Ross Anderson,et al.  Who Controls the off Switch? , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[30]  Kemal Akkaya,et al.  Efficient generation and distribution of CRLs for IEEE 802.11s-based Smart Grid AMI networks , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[31]  Kemal Akkaya,et al.  Customized Certificate Revocation Lists for IEEE 802.11s-Based Smart Grid AMI Networks , 2015, IEEE Transactions on Smart Grid.

[32]  Jelena V. Misic,et al.  Efficient public-key certificate revocation schemes for smart grid , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[33]  Thomas R. Henderson,et al.  Network Simulations with the ns-3 Simulator , 2008 .

[34]  Xuemin Shen,et al.  DSC: Cooperation Incentive Mechanism for Multi-Hop Cellular Networks , 2009, 2009 IEEE International Conference on Communications.

[35]  Xuemin Shen,et al.  Trust-Based and Energy-Aware Incentive Routing Protocol for Multi-Hop Wireless Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[36]  Maxim Raya,et al.  Certificate Revocation in Vehicular Networks , 2006 .

[37]  Xuemin Shen,et al.  FESCIM: Fair, Efficient, and Secure Cooperation Incentive Mechanism for Multihop Cellular Networks , 2012, IEEE Transactions on Mobile Computing.

[38]  Panagiotis Papadimitratos,et al.  Scalable & Resilient Vehicle-Centric Certificate Revocation List Distribution in Vehicular Communication Systems , 2020, IEEE Transactions on Mobile Computing.

[39]  Weiguo Liu,et al.  A Parallel Algorithm for Error Correction in High-Throughput Short-Read Data on CUDA-Enabled Graphics Hardware , 2010, J. Comput. Biol..

[40]  Kemal Akkaya,et al.  On preserving user privacy in Smart Grid advanced metering infrastructure applications , 2014, Secur. Commun. Networks.

[41]  Xuemin Shen,et al.  An Integrated Stimulation and Punishment Mechanism for Thwarting Packet Dropping Attack in Multihop Wireless Networks , 2011, IEEE Transactions on Vehicular Technology.

[42]  Kemal Akkaya,et al.  An efficient certificate revocation scheme for large-scale AMI networks , 2014, 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC).

[43]  Imane Aly Saroit,et al.  Secure and privacy-preserving AMI-utility communications via LTE-A networks , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[44]  Ning Lu,et al.  Smart-grid security issues , 2010, IEEE Security & Privacy.

[45]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[46]  Xuemin Shen,et al.  ESIP: Secure Incentive Protocol with Limited Use of Public-Key Cryptography for Multihop Wireless Networks , 2011, IEEE Transactions on Mobile Computing.

[47]  Yi Xu,et al.  A survey on the communication architectures in smart grid , 2011, Comput. Networks.

[48]  Kemal Akkaya,et al.  A survey of routing protocols for smart grid communications , 2012, Comput. Networks.

[49]  Xuemin Shen,et al.  PIS: A Practical Incentive System for Multihop Wireless Networks , 2010, IEEE Transactions on Vehicular Technology.

[50]  H. T. Mouftah,et al.  Effective public key infrastructure for vehicle-to-grid network , 2014, DIVANet '14.

[51]  Xiaodong Lin,et al.  Secure and Reliable Routing Protocols for Heterogeneous Multihop Wireless Networks , 2015, IEEE Transactions on Parallel and Distributed Systems.

[52]  Jelena V. Misic,et al.  Investigating Public-Key Certificate Revocation in Smart Grid , 2015, IEEE Internet of Things Journal.

[53]  R. E. Castellanos,et al.  Design of a wireless communications network for advanced metering infrastructure in a utility in Colombia , 2012, 2012 IEEE Colombian Communications Conference (COLCOM).