Secure Authentication in the Smart Grid

Mehdi Hosseinzadeh, Rizwan Ali Naqvi, Masoumeh Safkhani, Lilia Tightiz () and Raja Majid Mehmood ()
Additional contact information
Mehdi Hosseinzadeh: Institute of Research and Development, Duy Tan University, Da Nang 550000, Vietnam
Rizwan Ali Naqvi: School of Intelligent Mechatronics Engineering, Sejong University, Seoul 05006, Republic of Korea
Masoumeh Safkhani: Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
Lilia Tightiz: School of Computing, Gachon University, 1342 Seongnamdaero, Seongnam 13120, Republic of Korea
Raja Majid Mehmood: Information and Communication Technology Department, School of Computing and Data Science, Xiamen University Malaysia, Sepang 43900, Malaysia

Mathematics, 2022, vol. 11, issue 1, 1-24

Abstract: Authenticated key agreement is a process in which protocol participants communicate over a public channel to share a secret session key, which is then used to encrypt data transferred in subsequent communications. LLAKEP, an authenticated key agreement protocol for Energy Internet of Things (EIoT) applications, was recently proposed by Zhang et al. While the proposed protocol has some interesting features, such as putting less computation on edge devices versus the server side, its exact security level is unclear. As a result, we shed light on its security in this paper through careful security analysis against various attacks. Despite the designers’ security claims in the random oracle model and its verification using GNY logic, this study demonstrates that this protocol has security weaknesses. We show that LLAKEP is vulnerable to traceability, dictionary, stolen smart glass, known session-specific temporary information, and key compromise impersonation attacks. Furthermore, we demonstrate that it does not provide perfect forward secrecy. To the best of our knowledge, it is the protocol’s first independent security analysis. To overcome the LLAKEP vulnerabilities, we suggested the LLAKEP + protocol, based on the same set of cryptographic primitives, namely the one-way hash function and ECC point multiplication. Our comprehensive security analysis demonstrates its resistance to different threats, such as impersonation, privileged insider assaults, and stolen smart glass attacks, along with its resistance to sophisticated assaults, such as key compromised impersonation (KCI) and known session-specific temporary information (KSTI). The overhead of the proposed protocol is acceptable compared to the provided security level.

Keywords: authentication; key agreement; energy internet of things; security; key compromised impersonation attack; known session-specific temporary information attack (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/11/1/176/pdf (application/pdf)
https://www.mdpi.com/2227-7390/11/1/176/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:11:y:2022:i:1:p:176-:d:1018987

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().