Abstract
This paper studies the security requirements for remote authentication and communication in smart grid systems. Though smart card based authentication techniques have been a successful solution for addressing key management challenges in several cryptographic authentication systems, they may not be applicable to smart grid systems. For example, in order to unlock the credentials stored in tamper-resistant components (which could either be integrated in smart meters and collectors or be separate components that could be inserted into smart meters and collectors), one generally needs to input a password or PIN number to the smart meters or collectors. Since most smart meters and collectors are unattended, they could be maliciously modified or impersonated. Thus there is no trusted platform for the device owners or service provider agents to input the PIN number. Furthermore, the tamper resistant components (either integrated or separated) that hold the secret credentials could be easily accessed by an attacker and offline dictionary attacks could be easily mounted against these devices to retrieve the password or PIN number. In this paper, we review the security requirements for smart grid authentication systems and propose trust models for smart grid remote authentication systems. Finally, we propose secure authentication protocols within these trust models to defeat the common attacks such as offline dictionary attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chen, Y., Chou, J., Huang, C.: Comment on four two-party authentication protocols (2010)
Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50, 629–631 (2004)
Gong, L., Lomas, M.A., Roger, M., Needham, R.M., Saltzer, J.H.: Protecting poorly chosen secrets from guessing attacks. IEEE J. Sel. Areas Commun. 11, 648–656 (1993)
Goriparthi, T., Das, M.L., Saxena, A.: An improved bilinear pairing based remote user authentication scheme. Comput. Stand. Interfaces 31, 181–185 (2009)
IEEE 1363: Standard specifications for public-key cryptography (2005)
Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 55, 2551–2556 (2008)
Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. Cryptology ePrint Archive, Report 2005/176 (2005). http://eprint.iacr.org/
Lee, Y., Nam, J., Won, D.: Vulnerabilities in a remote agent authentication scheme using smart cards. In: Nguyen, N.T., Jo, G.S., Howlett, R.J., Jain, L.C. (eds.) KES-AMSTA 2008. LNCS, vol. 4953, pp. 850–857. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78582-8_86
Rhee, H.S., Kwon, J.O., Lee, D.H.: A remote user authentication scheme without using smart cards. Comput. Stand. Interfaces 31, 6–13 (2009)
Wang, D., Ma, C.: Robust smart card based password authentication scheme against smart card security breach. Technical report, Cryptology ePrint Archive, Report 2012/439 (2012). http://eprint.iacr.org/2012/439
Wang, Y.: Cryptographic challenges in smart grid system security. In: IEEE Smart Grid News Letters, December 2012. http://smartgrid.ieee.org/december-2012/732-cryptographic-challenges-in-smart-grid-system-security
Wang, Y.: Password protected smart card and memory stick authentication against off-line dictionary attacks. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 489–500. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30436-1_40
Wang, Y.: Efficient identity-based and authenticated key agreement protocol. Trans. Comput. Sci. 17, 172–197 (2013)
Wang, Y.: Smart grid, automation, and SCADA systems security. In: Xiao, Y. (ed.) Security and Privacy in Smart Grids, pp. 245–268. CRC Press, July 2013
Xia, J., Wang, Y.: Secure key distribution for the smart grid. IEEE Trans. Smart Grid 3(3), 1437–1443 (2012)
Xiang, T., Wong, K., Liao, X.: Cryptanalysis of a password authentication scheme over insecure networks. Comput. Syst. Sci. 74, 657–661 (2008)
Zhao, Z., Dong, Z., Wang, Y.: Security analysis of a password-based authentication protocol proposed to IEEE 1363. Theor. Comput. Sci. 352, 280–287 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wang, Y. (2017). Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems. In: Cuppens-Boulahia, N., Lambrinoudakis, C., Cuppens, F., Katsikas, S. (eds) Security of Industrial Control Systems and Cyber-Physical Systems. CyberICPS 2016. Lecture Notes in Computer Science(), vol 10166. Springer, Cham. https://doi.org/10.1007/978-3-319-61437-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-61437-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61436-6
Online ISBN: 978-3-319-61437-3
eBook Packages: Computer ScienceComputer Science (R0)