identity based cryptography for smart-grid protection · identity based cryptography for smart-grid...

Identity Based Cryptography for Smart-grid Protection

MICKAEL AVRILAssystem

Department of CybersecurityAssystem E&OS.

23, Place de Wicklow 78067St-Quentin en Yvelines

[email protected]

LAURIE BASTAAssystem



[email protected]

LAURENT BOUILLETAssystem



[email protected]

ABDERRAHMAN DAIFAssystem



[email protected]

GREGORY LANDAISAssystem



[email protected]

CEDRIC TAVERNIERAssystem



[email protected]

Abstract: The smart grid offers secure and intelligent energy distribution systems that delivers energy from suppli-ers to consumers based on two-way demand and response digital communication technologies to control appliancesat consumers homes to save energy and increase reliability. The smart grid improves existing energy distributionsystems with digital information management and advanced metering systems. Increased interconnectivity andautomation over the grid systems presents new challenges for security and its management. Cryptographic keymanagement involved multiple components of the Smart Grid such as: advanced metering infrastructure, demandresponse systems, home area networks (HANs), neighborhood area networks that connect the home to utilitysystems, supervisory control and data acquisition (SCADA) systems that control generation, transmission and dis-tribution systems and plugin electric vehicles. Smart grid requires the design of a mutual authentication schemeand a key management protocol that keep the exchanges safe between the consumers and suppliers. This paper pro-poses efficient techniques that use the advantages of identity based cryptography to improve the resiliency againstan insider or outsider attacker. We present how a hierarchical form of identity based cryptography is particularlyin phase with the complex networks requirements such as the Smart grid ones.

Key–Words: Cryptography, IBE, IBS, HIBE, Smart-grids

1 Introduction

A Smart grid delivers electricity from suppliers toconsumers using analogue or digital information andcommunications technologies to gather and act on in-formation, such as information about the behavioursof suppliers and consumers, in an automated fash-ion to improve the efficiency, reliability, economics,and sustainability of the production and distributionof electricity. In other terms Smart grid can be seenas a complex Scada network. This kind of technolo-gies are the favorite field of game for the hackers sincethe virus stuxnet [1] has caused damaged in the nu-clear project of Iran. Nevertheless cyber security mustaddress not only deliberate attacks launched by cy-

Figure 1: Smart grid example [2]

ber criminals, but also inadvertent compromises of theinformation structures due to user errors, equipment

Advances in Information Science and Computer Engineering

ISBN: 978-1-61804-276-7 15

failures etc. Finally, additional risks to the grid in-clude [3]:

• Increasing the complexity of the grid could in-troduce vulnerabilities and increase exposure topotential attackers and unintentional errors

• Interconnected networks can introduce commonvulnerabilities;

• Increasing vulnerabilities to communication dis-ruptions and the introduction of malicious soft-ware/firmware or compromised hardware couldresult in denial of service (DoS) or other mali-cious attacks;

• Increased number of entry points and paths areavailable for potential adversaries to exploit;

• Interconnected systems can increase the amountof private information exposed and increase therisk when data is aggregated;

• Increased use of new technologies can introducenew vulnerabilities; and

• Expansion of the amount of data that will becollected that can lead to the potential for com-promise of data confidentiality, including thebreach of customer privacy.

Logical security architecture overview. SmartGrid technologies will introduce millions of new com-ponents to the electric grid. Many of these com-ponents are critical to interoperability and reliability,will communicate bidirectionally, and will be taskedwith maintaining confidentiality, integrity, availabil-ity (CIA) vital to power systems operation and non-repudiation for the transaction. By definition, we de-note:

• Confidentiality: Preserving authorized restric-tions on information access and disclosure, in-cluding means for protecting personal privacyand proprietary information.

• Integrity: means maintaining and assuring theaccuracy and consistency of data over its en-tirelife-cycle

• Availability: means that the computing systemsused to store and process the information, the se-curity controls used to protect it, and the commu-nication channels used to access it must be func-tioning correctly.

• Non-repudiation: Implies one’s intention to ful-fill their obligations to a contract. It also impliesthat one party of a transaction cannot deny hav-ing received a transaction nor can the other partydeny having sent a transaction.

Except for the availability which is not directlyconcerned, these criterion can be solved by using akey management system like the well known PKI(public key infrastructure). Unfortunately, as the di-mension and the complexity of the smart grids aresuch that a PKI brings more problems than it can solve(see [3]).

Key Management Issues. All security protocolsrely on the existence of a security association (SA).SAs contain all the information required for executionof various network security services. An SA can beauthenticated or unauthenticated. The establishmentof an authenticated SA requires that at least one partypossess some sort of credential that can be used to pro-vide assurance of identity or device attributes to oth-ers. In general two types of credentials are common:secret keys that are shared between entities (e.g., de-vices), and (digital) public key certificates for key es-tablishment (i.e. for transporting or computing the se-cret keys that are to be shared). Public key certificatesare used to bind user or device names to a public keythrough some third-party attestation model, such as aPKI.

Applying the defense-in-depth strategy with theclassical Onion structure (see Fig 2) could requiremany appliances and protocols (radius servers, VPN,SSH, Firewall,...) and ideally a notion of role basedaccess because specific action is authorized by onlyspecific authorized people. In fact, as each layer hasto be protected almost independently from the other,it complexifies a lot the architecture and the key man-agement which is crucial for these concerned appli-ances and protocols. Theoretically, Public key infras-tructure (PKI) solutions address many of the problemsthat surround key management, but Operating it forgenerating and handling certificates can also requirea significant amount of overhead and is typically notappropriate for small and some mid-sized systems. Apublic-key infrastructure (PKI) is a set of hardware,software, people, policies, and procedures needed tocreate, manage, distribute, use, store, and revoke dig-ital certificates. In cryptography, a PKI is an arrange-ment that binds public keys with respective user iden-tities by means of a certificate authority (CA). Theuser identity must be unique within each CA domain.The third-party validation authority (VA) can providethis information on behalf of CA. The binding is es-tablished through the registration and issuance pro-cess, which, depending on the level of assurance the


ISBN: 978-1-61804-276-7 16

Figure 2: Onion model of defense in depth [4]

binding has, may be carried out by software at a CA,or under human supervision. The PKI role that as-sures this binding is called the registration authority(RA). The RA ensures that the public key is boundto the individual to which it is assigned in a way thatensures non-repudiation. Hence PKI-based solution

Figure 3: Public key infrastructure scheme[5]

can have a high cost of entry, but requires only onecertificate per device (as opposed to one key per pairof communicating devices), and may be more appro-priate for large systems, depending on the number ofpossible communicating pairs of devices. In fact, thelargest users of digital certificates are the Departmentof Defense and large enterprises. We refer directly tothe rapport of Nist ([3]) for a complete description ofthe issues of using a PKI for Smart grids.

IBE (Identity based encryption), IBS (Identitybased signature) as an alternative solution. Theidea of IBC (Identity based cryptography) appearedin 1984 in [6], but without the introduction of ellip-tic curves. The bilinear pairing appears in 2001 [7].Identity-based systems allow any party to generate apublic key from a known identity value such as anASCII string. A trusted third party, called the Pri-vate Key Generator (PKG), generates the correspond-ing private keys. To operate, the PKG first publishesa master public key, and retains the correspondingmaster private key (referred to as master key). Giventhe master public key, any party can compute a pub-lic key corresponding to the identity ID by combin-ing the master public key with the identity value. Toobtain a corresponding private key, the party autho-rized to use the identity ID contacts the PKG, whichuses the master private key to generate the private keyfor identity ID. As a result, parties may encrypt mes-sages (or verify signatures) with no prior distributionof keys between individual participants. This is ex-tremely useful in cases where pre-distribution of au-thenticated keys is inconvenient or infeasible due totechnical restraints. However, to decrypt or sign mes-sages, the authorized user must obtain the appropri-ate private key from the PKG. The steps involved aredepicted in this diagram: We go more deeply in the

Figure 4: ID Based Encryption: Offline and OnlineSteps [8]

details in the next sections of this paper.Smart grid application.Hence, we claim as in

certain previous paper [9] that we can provide:

• Advanced metering infrastructure (AMI): Estab-lish two-way communications between advancedmeters and utility business systems. Millions ofmeters will be deployed in Smart Grid systemsand keys must be embedded in these meters toprotect the AMI networks. Providing keys tothis equipment is a challenge, for generation, de-


ISBN: 978-1-61804-276-7 17

ployment, revocation, etc. Mechanisms to re-distribute or re-establish keys are a real chal-lenge. Managing all of these keys and their life-cycle is very complex. This problem must be ad-dressed in a way that one key having problemmust not compromise the entire system or affectthe others.

• Cyber security: Ensure the confidentiality, in-tegrity and availability of the electronic informa-tion.

• Demand response and consumer energy effi-ciency: Provide mechanisms and incentives forcustomers to cut energy use during times of peakdemand.

• Distribution grid management: Maximize theperformance of feeders, transformers and othercomponents of distribution systems.

• Electric transportation: Enable large-scale inte-gration of plug-in electric vehicles.

• Energy storage: Provide the means to store en-ergy.

• Network communications: Identify performancemetrics and core operational requirements of var-ious Smart Grid applications.

• Wide-area situational awareness: Monitoringand display of power-system components overlarge geographic areas in near real time to op-timize management of grid components and per-formance and respond to problems before disrup-tions arise.

Contribution. We propose in this article to usea modified version of the IBE and IBS system to pro-vide an efficient security for Smart grids. We succeedto remove the disadvantage linked to the PKG thatcould be corrupted in our model. In the same timewe show that these technologies are perfectly adaptedwith huge dimension and complex architecture whererole based access could not be ignored.

2 Boneh & Franklin IBEWe present in this section the first efficient IBEscheme due to Boneh and Franklin [10], it is basedon the bilinear Diffie-Hellman problem (BDHP) overelliptic curves. This scheme involves a third autoritythat is denoted PKG. It could be compared to the CA(certificate autority) of a PKI. It is defined by the fol-lowing algorithms:

Initialization:

• A prime number q.

• Two cyclic groups G1 and GT of orderq.

• A pairing e : G1 ×G1 → GT .

• A generator P ∈R G1.

• The master key s ∈R Z∗q .

• P0 = sP .

• M = {0, 1}n the set of messages.

• C = G∗1 ×M All cryptograms.

• Two hash functions: H1 : {0, 1}∗ →G∗

1 and H2 : GT →M.

• The public parameters: PP =(q,G1,GT , e, n, P, P0, H1, H2).

• Output : (PP, s).

Extraction :

• Input: An identity ID.

• The public key of the identity: QID =H1(ID) ∈ G∗

1.

• The secrete key of the identity: SID =sQID ∈ G∗

1.

• Output: (QID, SID).

Encryption:

• Input: A message M ∈ M and anidentity ID.

• QID = H1(ID) ∈ G∗1.

• Choose r ∈R Z∗q .

• gID = e(QID, P0) ∈ G∗T .

• Output: The cryptogram C =(rP,M

⊕H2(g

rID)) ∈ G∗

1 ×M.

Decryption:

• Input: A cryptogram C = (U, V ) ∈G∗

1 ×M.

• Output: The message M =V⊕H2(e(SID, U)).

Proof.We have: V

⊕H2(e(SID, U)) = M

⊕H2(g

rID)⊕

H2(e(SID, U)). Thus we have to show that:

grID = e(SID, U).


ISBN: 978-1-61804-276-7 18

We have: grID = e(QID, P0)r = e(QID, sP )

r =e(sQID, rP ) (accorgind to the properties of e) =e(SID, U).

Remark 1. Let P a generator in G∗1, then the func-

tion:H1 : {0, 1}∗ → G∗

1

m 7→ mP

can be considered as a hash function.

2.1 Network exchanges:We propose to describe graphically the network ex-changes and the role of PKG.

Bob : [email protected] Public Key : Secret Key :

PKG

Master Key :

Public Key :

Figure 5: Key generation in Boneh & Franklin scheme

The figure 5 corresponds to the secret key genera-tion which is done periodically while the user has notbeen revoked. In this scheme, PKG authenticates Boband generate a secret key SB that will stay valid dur-ing a certain time denoted “period”. The public keycan be generated by anyone throught the calculation:H(ID|Periode).

Alice The message : .

PKG

The master key :

The public key :

Figure 6: Public key transfer in Boneh & Franklinscheme

In the Figure 6, Alice wants to send a confidentialmessage to Bob, then she sends a request to PKG thatsends his master public key P0.

In the figure 7, Alice encrypts M with a pairingbased function. Then Bob can decrypt the messagewith this pairing based function.

Bob : [email protected] Secret Key : Public Key : Decryption :

Alice The message : . Encryption :

Figure 7: Encryption, Decryption in Boneh &Franklin scheme

2.2 Advantages and disadvantagesCertificates periods and certificates revocations basedon CRL rely on the system time for their validation. Ifthe system time is incorrect, an expired certificate maybe considered as valid and/or a valid certificate maybe considered as expired; a revoked certificate may belisted in the CRL but the CRL will not be taken intoaccount. Synchronization of the time is really impor-tant for PKI systems, VPN and another tunnels basedon certificate authentication.

This IBE scheme avoids the management of cer-tificates since public keys are computed directly fromthe identities. Revocation is almost free because sim-ply the revoked user won’t receive the valid secret key.Also, this scheme involves less traffic network. Un-fortunately the PKG has a full power and if it is cor-rupted, the system falls.

In order to fix these disadvantages, we propose anew scheme that we denote IBE-2

3 IBE-2, an improved versionWe have described in the previous section acertificate-less scheme that owns certain advantageson PKI, but which is not enough practically for com-plex systems as Smart grid. PKG is very sensitive andit is not acceptable that the security of the full sys-tem holds on only it. In our proposed scheme we usethe trick considered in [11] that consists in involvinga new authority called KPA (key protection author-ity). Among the advantages of this new scheme, wenote that now the users contribute in the generationof the secret key in a sense that only him can com-pute it. To reach to this PKG and KPA provide to-gether the public key Q1 containing the private mas-ter keys s0 and s1, the user identity QID and a maskH3(e(s0X,P0))×H3(e(s1X,P1)) only known fromthe user. The seven main steps are decribed in thisscheme:

Initialization of parameters:(done by PKG)


ISBN: 978-1-61804-276-7 19

• A huge prime number q.• Two cyclic groups G1 and GT of orderq.• A pairing e : G1 ×G1 → GT .• A generator P ∈R G1.• s0 ∈R Z∗

q and compute P0 = s0P ∈G1.• C = G∗

1 ×M the set of cryptograms.• Three hash functions: H1 : {0, 1}∗ →G∗

1, H2 : GT → M and H3 : GT →Z∗q .

• PKG publishes : PP =(q,G1,GT , e, P, P0, H1, H2, H3).

• The PKG secret Key: s0.

Initialization of the publicKey: (Done by KPA)

• The KPA secret Key s1 ∈R Z∗q .

• The KPA public key P1 = s1P ∈ G1.• Computes Y = s1P0 = s0s1P the

public key.PKG can check if Y has been com-puted with the correct P0 by testing:

e(Y, P )?= e(P0, P1) (1)

Providing to users keys: (Done byPKG)The user choose a temporary secret x ∈R Z∗

qand compute X = xP . Then he sends X toPKG that computes:

• QID = H1(ID, PKG,KPA) ∈ G1.•

Q0 = H3(e(s0X,P0))s0QID (2)

• sign(Q0) = s0Q0.

Providing Keys to users: (Done byKPA)KPA receives X,QID, Q0, sign(Q0) fromthe user and:

• Checks the signature Q0 by testing

e(sign(Q0), P )?= e(Q0, P0) (3)

• After checking the signature, he com-putes:

Q1 = H3(e(s1X,P1))s1Q0 (4)

• Computes sign(Q1) = s1Q1.

Extraction of secret Keys: (Doneby the user)After receiving Q1 and sign(Q1) :

• He checks:

e(sign(Q1), P )?= e(Q1, P1) (5)

• He computes the secret Key:

SID = Q1

H3(e(P0,P0)x)H3(e(P1,P1)x)

= s0s1QID(6)

• The user can check the correctness ofthe key by testing:

e(SID, P )?= e(QID, Y ) (7)

Encryption:For the encryption, it is exactly done as in theprevious scheme by using Y as public key:

gID = e(QID, Y ) (8)

C = (U, V ) = (rP,M⊕

H2(grID))

∈ G∗1 ×M.

Decryption:For the decryption:

M = V⊕

H2(e(SID, U)) (9)

This scheme allows a secure key exchange be-tween the user and the authorities PKG and KPAthrough the following test:

• The test 1 gives the proof to PKG and the userthat Y = s0s1P , (KPA could choose s0 andcould send Y = s0s1P .

• The test 3 gives the proof to KPA that the re-ceived data (X,Q0, Sign(Q0)) come from PKG.

• The test 5 gives the proof to the user that the re-ceived data (Q1, Sign(Q1)) come from KPA.

• The test 7 gives the proof to the user that hissecret key is computed from the correct masterKeys s0 and s1.


ISBN: 978-1-61804-276-7 20

Bob : [email protected] Secret Key : Public key :

KPA

: Master Key 2.

: Public Key.

PKG

: Master Key 1.

: Public Key.

Figure 8: Key distribution in IBE-2

The figure 8 summarizes the key distribution be-tween PKG, KPA and the user.

Remark 2. It is important to note that KPA is in-volved only during the enrollment stage. Concerningthe encryption and decryption, PKG is in charge ofdistributing public keys as showed in figure 9. Thusconcretely, PKG is a server that changes periodicallyits secret key whereas the KPA secret key won’t changeand can be kept in a secure way such that only alawyer authority could access in case of corruptionfor example.

Alice The message:

PKG

Bob : [email protected] Secret Key : Public Key :

KPA

Figure 9: Encryption and decryption in IBE-2

3.1 IBE-2 advantagesCompared to a PKI, IBE-2 offers the following:

• This key management is certificate-less, thusthere no need to check any certificate before en-cryption operation and the famous LDAP serveris no more required.

• A simplified management of the “CRL”, becauseany revoked key can be recalculated algorithmi-cally.

• IBE-2 brings more security because the securityis spread over two authorities instead of one andbecause the system is more dynamical.

4 Identity based signatureSmart grids generate a business activity. As for manyactivities, there is suppliers and consumers. In thecase of Smart grids, consumers can be also suppli-ers for example with smart houses that use photo-voltaic and or wind generators. . . This fact complexi-fies a lot the exchanges. Managing a PKI for the trans-action would be a difficult task, furthermore the iden-tity based cryptography does not solve all problemsbecause it requires third party (PKG). Unfortunately,for many countries this is not acceptable because po-tentially this third part could sign instead of the user(PKG could usurp the identity). We propose to de-scribe in this section a signature based on a methodintroduced in [12]. We aim to give the possibility tothe user to prove that the signature belongs to PKGwhen this is the case. The notion of arbiter lawyerauthority is introduced to reach to this proof. This isthe arbiter that check if the signature is valid or notas explained in this following scheme composed of 6stages:

Parameters:

• A huge prime number q.

• A pairing (Tate Pairing) e : G1×G1 →GT .

• Two hash functions: H : {0, 1}∗ →G∗

1 et h : {0, 1}∗ ×G∗T → Z∗

q .

• s ∈ Z∗q the master Key of PKG.

• P0 = sP the public Key of PKG.

• PP = (G1,GT , q, P, P0, e,H, h).

• PS = (s).

Initialization:

• s1 ∈ Z∗q the secret Key of the user.

• Q1 = s1P the public key of the user.

Extraction:

• Q2 = H(ID,Q1).

• S2 = sQ2.

Signing: Input: a message M ∈M

• k ∈R Z∗q .

• r = e(Q2, P0)k.

• v = h(M, r).

• U = kS2 − vs1Q2.


ISBN: 978-1-61804-276-7 21

• σ = (v, U) ∈ (Z∗q ,G1).

Checking: Input: σ = (v, U) ∈ (Z∗q ,G1)

• r = e(U,P )e(Q2, Q1)v.

• test:v

?= h(M, r) (10)

Q2?= H(ID,Q1) (11)

Arbiter:

If the signer denies to be the owner of thesignature, the arbiter is involved and choosea random α ∈ Z∗

q , then he identifies thesigner by sending a demand to check if heowns S2 via a zero knowledge proof. Af-ter proving that the user owns S2, the ar-biter sends him αP , then the signer returnsthe value e(S2, αP ) and the arbiter tests

e(S2, αP )?= e(Q2, P0)

α. If the test is sat-isfied, it means that PKG is the owner ofthis signature because he is the only one thatcould produce a fake S2.

Proof.To test (10), it is enough to show that r = e(Q2, P0)

k:

r = e(U,P )e(Q2, Q1)v

= e(kS2 − vs1Q2, P )e(Q2, Q1)v

= e(ksQ2 − vs1Q2, P )e(vQ2, s1P )= e(ksQ2 − vs1Q2, P )e(vs1Q2, P )= e(ksQ2 − vs1Q2 + vs1Q2, P )= e(ksQ2, P ) = e(kQ2, sP )= e(Q2, P0)

k

It is clear that the test (11) is satisfied for a valid sig-nature. This test is required only to identify the userkey Q1.

The figure 10 describes the enrollment stage thatcorresponds to the Initialization. This stageallows the user to generate his own secret Key s1 andpublic KeyQ1. Then the user sends his public to PKGthat must generate the pair (S2, Q2) via the algorithmExtraction. The second key Q2 creates the linkbetween the user identity and the public Key Q1.

The figures 11 and 12 describes the signaturewith Alice that wants to send to Bob the message Msigned.

Hence, we have described an efficient Identitybased signature that could be an alternative to the stan-dard one for Smart grid applications.

Bob : [email protected] Secret Key 1 :

Public Key 1 : Secret Key 2 : Public Key 2 :

PKG

The master Key :

The public Key :

PKG

La clé maitre :

La clé publique :

Figure 10: The secret Key generation


Bob : [email protected] Secret key 1 :

Public key : Secret key 2 : Public key 2 :

PKG

Master key :

Public key :

Figure 11: The signature stage


Bob : [email protected] Secret key 1 :

Public key : Secret key 2 : Public key 2 :

PKG

Master key :

Public key :

Figure 12: The checking stage

5 Hierarchical IBEFor huge Smart grids with ten millions of users, wecannot imagine that one server PKG will succeed tosatisfy the demand, then it is mandatory to considera hierarchical organization to these Smart grids. Itcould be organized in function of regions where con-sumers are located and also according to the type ofconsumer (factories, home, building, etc). Thus a nice


ISBN: 978-1-61804-276-7 22

key management should be hierarchical and attribute-based. Fortunately, it is well known that IBE can beextended in HIBE with several PKGs that deliver keyshierarchically (see [13]). Hence, each authority has togenerate keys to PKGs directly under its responsibility(leafs).

Root PKG

PKG 1 PKG 2 . . . PKG k

Groupe of

users 1

Groupe of

users 2

Groupe of

users k’ . . .

Figure 13: HIBE architecture

5.1 Key distribution in HIBE [13]:

Initialization: (Done by Root PKG0)

• Choose: P0 ∈ G1 a public generator.

• Choose: s0 ∈ Z∗q the master Key.

• Calculate : Q0 = s0P0 the public Key.

• A pairing: e : G1 ×G1 → GT .

• Two hash functions:

– H1 : {0, 1}∗ → G1

– H2 : GT → {0, 1}∗

• Output: PP0 =(G1,G2, e, P0, Q0, H1, H2), SP0 =(s0).

Initialization: (Done by PKGt at thefloor t)

• Compute Pt = H1(id1, id2, . . . , idt)with idi for 1 ≤ i < t the identity ofthe i-th PKG father of PKGt.

• Choose st ∈ Z∗q the master key of the

sub tree for which the root is PKGt.

• St = St−1 + st−1Pt =∑t

i=1 si−1Piprovided by the PKG father of the floort− 1.

• Qi = siP0 for 1 ≤ i ≤ t−1 computedby the PKGs fathers above.

Encryption:

• Input: The message M ∈ {0, 1}n.

• Output: The cryptogram C ∈ Gt1 ×

{0, 1}n.

• r ∈R Z∗q .

• g = e(Q0, P1).

• C = (rP0, rP2, ..., rPt,M⊕H(gr)).

Decryption:

• Input: The cryptogram C =(U0, U2, ..., Ut, V ) ∈ Gt

1 × {0, 1}n.

• Output: M ∈ {0, 1}n.

• M = V⊕H( e(U0,St)∏t

i=2 e(Qi−1,Ui)).

Proof.It is enough to prove that: e(U0,St)∏t

i=2 e(Qi−1,Ui)= gr. We

have:

e(U0,St)∏ti=2 e(Qi−1,Ui)

=e(rP0,

∑ti=1 si−1Pi)∏t

i=2 e(si−1P0,rPi)

=∏t

i=1 e(rP0,si−1Pi)∏ti=2 e(rP0,si−1Pi)

= e(rP0, s0P1)= e(s0P0, P1)

r

= e(Q0, P1)r

= gr

Remark 3.

1. Obviously the HIBE scheme is an extension of theBoneh & Franklin scheme.

2. This scheme is compliant with IBE-2 and onlyone KPA is required to protect all user keys.

The figure 14 describes the encryption and de-cryption stages between Alice and Bob. Alice firstdetermines the address of Bod in the tree and computeher public key PB , then she encrypts her message byusing the public keys Pi of the previous PKGs of Bob.Bob decrypts the message with the public key Qi ofits previous PKGs and his secret key SB generated byhis PKG father.

6 ConclusionIn this paper, we have presented a certificate-less keymanagement system which is more scalable and more


ISBN: 978-1-61804-276-7 23

Bob

Alice

Message :

Decryption:

Encryption:

Figure 14: Encryption and decryption in HIBE

efficient than a PKI. This scheme is working for asym-metric encryption and signature which is important forSmart grid business. This scheme is compliant withhierarchical IBE and gives the advantage to addressaccess control in smart grids. Obviously, this tech-niques allows less storage than for PKI.

Acknowledgements: The work of L. Basta, G.Landais And C. Tavernier was partially supported bySCISSOR ICT project no. 644425, funded by the Eu-ropean Commissions Information & communicationtechnology H2020 Framework Program.

References:

[1] http://en.wikipedia.org/wiki/Stuxnet.

[2] http://www.hitachi.com/environment/showcase/solution/energy/smartgrid.html.

[3] Introduction to NISTIR 7628 Guidelines forSmart Grid Cyber Security, Nist Cyber SecurityWorking Group. September 2010.

[4] http://en.wikipedia.org/wiki/Information_security.

[5] http://en.wikipedia.org/wiki/Public_key_infrastructure

[6] Adi Shamir, Identity-Based Cryptosystems andSignature Schemes. Advances in Cryptology:

Proceedings of CRYPTO 84, Lecture Notes inComputer Science, 7:47-53, 1984

[7] Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing Ad-vances in Cryptology - Proceedings of CRYPTO2001

[8] http://en.wikipedia.org/wiki/ID-based_encryption

[9] Priti V. Jasud, Manish D. Katkar, S. D. Kam-ble. Authentication Mechanism for Smart GridNetwork. International Journal of Soft Comput-ing and Engineering (IJSCE) ISSN: 2231-2307,Volume-4, Issue-1, March 2014,

[10] Dan Boneh, Matthew Franklin, Identity-BasedEncryption from the Weil Pairing, 2001.

[11] Byoungcheon Lee, Colin Boyd, Ed Dawson,Kwangjo Kim, Jeongmo Yang, Seungjae Yoo,Secure Key Issuing in ID-based Cryptography,2004.

[12] Jingwei Liu, Rong Sun, Weidong Kou, Xin-mei Wang, Efficient ID-based Signature WithoutTrusted PKG, 2007.

[13] C.Gentry, A. Silverberg, Hierarchical ID-BasedCryptography, 2002.


ISBN: 978-1-61804-276-7 24

identity based cryptography for smart-grid protection · identity based cryptography for smart-grid...

Documents