Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids
Authentication protocols are often used in smart grids to deliver the necessary level of security. A huge number of clients in such a system, however, provides the attacker with the ability to clone them, for example. Device fingerprints, or Physically Unclonable Functions (PUF), have been investiga...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-12-01
|
| Series: | Mathematics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2227-7390/11/1/48 |
| _version_ | 1827760590898069504 |
|---|---|
| author | Masoumeh Safkhani Nasour Bagheri Saqib Ali Mazhar Hussain Malik Omed Hassan Ahmed Mehdi Hosseinzadeh Amir H. Mosavi |
| author_facet | Masoumeh Safkhani Nasour Bagheri Saqib Ali Mazhar Hussain Malik Omed Hassan Ahmed Mehdi Hosseinzadeh Amir H. Mosavi |
| author_sort | Masoumeh Safkhani |
| collection | DOAJ |
| description | Authentication protocols are often used in smart grids to deliver the necessary level of security. A huge number of clients in such a system, however, provides the attacker with the ability to clone them, for example. Device fingerprints, or Physically Unclonable Functions (PUF), have been investigated as an authentication feature to thwart such attacks. In order to accomplish the necessary security in smart grid neighborhood area network communications and to prevent unwanted physical access to smart meters, a former study designed a lightweight authentication system in this way. The suggested protocol uses PUFs to reduce physical attacks. As a consequence, the server/meter impersonation attack is one of the many assaults that this protocol is thought to be secure against. On the other hand, it is generally acknowledged that no security solution should be trusted unless its security has been verified by independent researchers. As a result, this paper assesses the security of this protocol against a typical adversary who has access to or influences over the messages carried over the public channel. This study demonstrates that the attacker is simply capable of impersonating the server for the meter and vice versa. In addition, the suggested attacks desynchronize them, making the adversary the only one capable of interacting with the meter in the role of the legal server rather than the latter. Each of the proposed attacks is extremely effective, and their success probability is almost 1. Finally, a modification is suggested that successfully fixes the protocol’s security weaknesses. The security proof of the improved protocol has been done through the Scyther tool. The computational cost comparison shows that the overhead of the proposed protocol compared to the former scheme is 4.85%, while it withstands various attacks, including traceability, desynchronization, impersonation, man-in-the-middle, and secret disclosure attacks. |
| first_indexed | 2024-03-11T09:54:39Z |
| format | Article |
| id | doaj.art-136064282e4845898421a777920635c5 |
| institution | Directory Open Access Journal |
| issn | 2227-7390 |
| language | English |
| last_indexed | 2024-03-11T09:54:39Z |
| publishDate | 2022-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Mathematics |
| spelling | doaj.art-136064282e4845898421a777920635c52023-11-16T15:52:42ZengMDPI AGMathematics2227-73902022-12-011114810.3390/math11010048Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart GridsMasoumeh Safkhani0Nasour Bagheri1Saqib Ali2Mazhar Hussain Malik3Omed Hassan Ahmed4Mehdi Hosseinzadeh5Amir H. Mosavi6Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranElectrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranDepartment of Information Systems, College of Economics and Political Science, Sultan Qaboos University, Al Khoudh, Muscat P. C. 123, OmanSchool of Computing and Creative Technologies, College of Arts, Technology and Environment (CATE), University of the West of England, Frenchay Campus, Coldharbour Lane, Bristol BS16 1QY, UKDepartment of Information Technology, University of Human Development, Sulaymaniyah 0778-6, IraqPattern Recognition and Machine Learning Lab, Gachon University, 1342 Seongnamdaero, Sujeong-gu, Seongnam 13120, Republic of KoreaJohn von Neumann Faculty of Informatics, Obuda University, 1034 Budapest, HungaryAuthentication protocols are often used in smart grids to deliver the necessary level of security. A huge number of clients in such a system, however, provides the attacker with the ability to clone them, for example. Device fingerprints, or Physically Unclonable Functions (PUF), have been investigated as an authentication feature to thwart such attacks. In order to accomplish the necessary security in smart grid neighborhood area network communications and to prevent unwanted physical access to smart meters, a former study designed a lightweight authentication system in this way. The suggested protocol uses PUFs to reduce physical attacks. As a consequence, the server/meter impersonation attack is one of the many assaults that this protocol is thought to be secure against. On the other hand, it is generally acknowledged that no security solution should be trusted unless its security has been verified by independent researchers. As a result, this paper assesses the security of this protocol against a typical adversary who has access to or influences over the messages carried over the public channel. This study demonstrates that the attacker is simply capable of impersonating the server for the meter and vice versa. In addition, the suggested attacks desynchronize them, making the adversary the only one capable of interacting with the meter in the role of the legal server rather than the latter. Each of the proposed attacks is extremely effective, and their success probability is almost 1. Finally, a modification is suggested that successfully fixes the protocol’s security weaknesses. The security proof of the improved protocol has been done through the Scyther tool. The computational cost comparison shows that the overhead of the proposed protocol compared to the former scheme is 4.85%, while it withstands various attacks, including traceability, desynchronization, impersonation, man-in-the-middle, and secret disclosure attacks.https://www.mdpi.com/2227-7390/11/1/48Internet of thingsIoTsmart gridsmart citykey agreementphysically unclonable functions |
| spellingShingle | Masoumeh Safkhani Nasour Bagheri Saqib Ali Mazhar Hussain Malik Omed Hassan Ahmed Mehdi Hosseinzadeh Amir H. Mosavi Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids Mathematics Internet of things IoT smart grid smart city key agreement physically unclonable functions |
| title | Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids |
| title_full | Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids |
| title_fullStr | Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids |
| title_full_unstemmed | Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids |
| title_short | Improvement and Cryptanalysis of a Physically Unclonable Functions Based Authentication Scheme for Smart Grids |
| title_sort | improvement and cryptanalysis of a physically unclonable functions based authentication scheme for smart grids |
| topic | Internet of things IoT smart grid smart city key agreement physically unclonable functions |
| url | https://www.mdpi.com/2227-7390/11/1/48 |
| work_keys_str_mv | AT masoumehsafkhani improvementandcryptanalysisofaphysicallyunclonablefunctionsbasedauthenticationschemeforsmartgrids AT nasourbagheri improvementandcryptanalysisofaphysicallyunclonablefunctionsbasedauthenticationschemeforsmartgrids AT saqibali improvementandcryptanalysisofaphysicallyunclonablefunctionsbasedauthenticationschemeforsmartgrids AT mazharhussainmalik improvementandcryptanalysisofaphysicallyunclonablefunctionsbasedauthenticationschemeforsmartgrids AT omedhassanahmed improvementandcryptanalysisofaphysicallyunclonablefunctionsbasedauthenticationschemeforsmartgrids AT mehdihosseinzadeh improvementandcryptanalysisofaphysicallyunclonablefunctionsbasedauthenticationschemeforsmartgrids AT amirhmosavi improvementandcryptanalysisofaphysicallyunclonablefunctionsbasedauthenticationschemeforsmartgrids |