Secure Authentication in the Smart Grid
Authenticated key agreement is a process in which protocol participants communicate over a public channel to share a secret session key, which is then used to encrypt data transferred in subsequent communications. LLAKEP, an authenticated key agreement protocol for Energy Internet of Things (EIoT) a...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2022-12-01
|
Series: | Mathematics |
Subjects: | |
Online Access: | https://www.mdpi.com/2227-7390/11/1/176 |
_version_ | 1797431405296222208 |
---|---|
author | Mehdi Hosseinzadeh Rizwan Ali Naqvi Masoumeh Safkhani Lilia Tightiz Raja Majid Mehmood |
author_facet | Mehdi Hosseinzadeh Rizwan Ali Naqvi Masoumeh Safkhani Lilia Tightiz Raja Majid Mehmood |
author_sort | Mehdi Hosseinzadeh |
collection | DOAJ |
description | Authenticated key agreement is a process in which protocol participants communicate over a public channel to share a secret session key, which is then used to encrypt data transferred in subsequent communications. LLAKEP, an authenticated key agreement protocol for Energy Internet of Things (EIoT) applications, was recently proposed by Zhang et al. While the proposed protocol has some interesting features, such as putting less computation on edge devices versus the server side, its exact security level is unclear. As a result, we shed light on its security in this paper through careful security analysis against various attacks. Despite the designers’ security claims in the random oracle model and its verification using GNY logic, this study demonstrates that this protocol has security weaknesses. We show that LLAKEP is vulnerable to traceability, dictionary, stolen smart glass, known session-specific temporary information, and key compromise impersonation attacks. Furthermore, we demonstrate that it does not provide perfect forward secrecy. To the best of our knowledge, it is the protocol’s first independent security analysis. To overcome the LLAKEP vulnerabilities, we suggested the LLAKEP<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msup><mrow></mrow><mo>+</mo></msup></semantics></math></inline-formula> protocol, based on the same set of cryptographic primitives, namely the one-way hash function and ECC point multiplication. Our comprehensive security analysis demonstrates its resistance to different threats, such as impersonation, privileged insider assaults, and stolen smart glass attacks, along with its resistance to sophisticated assaults, such as key compromised impersonation (KCI) and known session-specific temporary information (KSTI). The overhead of the proposed protocol is acceptable compared to the provided security level. |
first_indexed | 2024-03-09T09:44:29Z |
format | Article |
id | doaj.art-3264af4ad7b54ef092c74e261d0f4db7 |
institution | Directory Open Access Journal |
issn | 2227-7390 |
language | English |
last_indexed | 2024-03-09T09:44:29Z |
publishDate | 2022-12-01 |
publisher | MDPI AG |
record_format | Article |
series | Mathematics |
spelling | doaj.art-3264af4ad7b54ef092c74e261d0f4db72023-12-02T00:38:59ZengMDPI AGMathematics2227-73902022-12-0111117610.3390/math11010176Secure Authentication in the Smart GridMehdi Hosseinzadeh0Rizwan Ali Naqvi1Masoumeh Safkhani2Lilia Tightiz3Raja Majid Mehmood4Institute of Research and Development, Duy Tan University, Da Nang 550000, VietnamSchool of Intelligent Mechatronics Engineering, Sejong University, Seoul 05006, Republic of KoreaFaculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, IranSchool of Computing, Gachon University, 1342 Seongnamdaero, Seongnam 13120, Republic of KoreaInformation and Communication Technology Department, School of Computing and Data Science, Xiamen University Malaysia, Sepang 43900, MalaysiaAuthenticated key agreement is a process in which protocol participants communicate over a public channel to share a secret session key, which is then used to encrypt data transferred in subsequent communications. LLAKEP, an authenticated key agreement protocol for Energy Internet of Things (EIoT) applications, was recently proposed by Zhang et al. While the proposed protocol has some interesting features, such as putting less computation on edge devices versus the server side, its exact security level is unclear. As a result, we shed light on its security in this paper through careful security analysis against various attacks. Despite the designers’ security claims in the random oracle model and its verification using GNY logic, this study demonstrates that this protocol has security weaknesses. We show that LLAKEP is vulnerable to traceability, dictionary, stolen smart glass, known session-specific temporary information, and key compromise impersonation attacks. Furthermore, we demonstrate that it does not provide perfect forward secrecy. To the best of our knowledge, it is the protocol’s first independent security analysis. To overcome the LLAKEP vulnerabilities, we suggested the LLAKEP<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msup><mrow></mrow><mo>+</mo></msup></semantics></math></inline-formula> protocol, based on the same set of cryptographic primitives, namely the one-way hash function and ECC point multiplication. Our comprehensive security analysis demonstrates its resistance to different threats, such as impersonation, privileged insider assaults, and stolen smart glass attacks, along with its resistance to sophisticated assaults, such as key compromised impersonation (KCI) and known session-specific temporary information (KSTI). The overhead of the proposed protocol is acceptable compared to the provided security level.https://www.mdpi.com/2227-7390/11/1/176authenticationkey agreementenergy internet of thingssecuritykey compromised impersonation attackknown session-specific temporary information attack |
spellingShingle | Mehdi Hosseinzadeh Rizwan Ali Naqvi Masoumeh Safkhani Lilia Tightiz Raja Majid Mehmood Secure Authentication in the Smart Grid Mathematics authentication key agreement energy internet of things security key compromised impersonation attack known session-specific temporary information attack |
title | Secure Authentication in the Smart Grid |
title_full | Secure Authentication in the Smart Grid |
title_fullStr | Secure Authentication in the Smart Grid |
title_full_unstemmed | Secure Authentication in the Smart Grid |
title_short | Secure Authentication in the Smart Grid |
title_sort | secure authentication in the smart grid |
topic | authentication key agreement energy internet of things security key compromised impersonation attack known session-specific temporary information attack |
url | https://www.mdpi.com/2227-7390/11/1/176 |
work_keys_str_mv | AT mehdihosseinzadeh secureauthenticationinthesmartgrid AT rizwanalinaqvi secureauthenticationinthesmartgrid AT masoumehsafkhani secureauthenticationinthesmartgrid AT liliatightiz secureauthenticationinthesmartgrid AT rajamajidmehmood secureauthenticationinthesmartgrid |