Identity-Based Key Management Scheme for Smart Grid over Lattice

Abstract

At present, the smart grid has become one of the indispensable infrastructures in people's lives. As a commonly used communication method, wireless communication is gradually, being widely used in smart grid systems due to its convenient deployment and wide range of serious challenges to security. For the insecurity of the schemes based on large integer factorization and discrete logarithm problem in the quantum environment, an identity-based key management scheme for smart grid over lattice is proposed. To assure the communication security, through constructing intra-cluster and inter-cluster multi-hop routing secure mechanism. The time parameter and identity information are introduced in the relying phase. Through using the symmetric cryptography algorithm to encrypt improve communication efficiency. Through output the authentication information with probability, the protocol makes the private key of the certification body no relation with the distribution of authentication information. Theoretic studies and figures show that the efficiency of keys can be authenticated, so the number of attacks, including masquerade, reply and message manipulation attacks can be resisted. The new scheme can not only increase the security, but also decrease the communication energy consumption.

1. Introduction

With the continuous development of information technology, computer technology, artificial intelligence, big data, and industrial automation technology, computer network technology is widely used in the field of industrial control [1-5]. Ordinary smart grid users can view and manage other electric devices at home through the meter, and equipment maintainers upgrade and maintain the grid devices by upgrading them. Depending on the functions of the grid customers in the smart grid, the grid users have different access rights to the smart devices, and in this smart grid system with multiple devices can access these grid devices accordingly according to the needs of the grid customers in different roles and modification operations according to the needs of different roles of grid customers [6-10]. Quantum computing will potentially enable the computational power of ordinary computers to greatly exceed the present computational power, and in 1997, Shor et al. proposed quantum algorithms for solving the decomposition of large integers and discrete logarithms and demonstrated that the time complexity of their algorithmic operations is of polynomial level [11]. With the development of quantum computing and quantum computers, it is gradually found that the difficult problems currently used in traditional asymmetric cryptographic regimes will probably no longer be secure [12-16]. It is essential to study secure asymmetric cryptosystems in the quantum computer environment and has become a key direction and hotspot for research in the current cryptography and information security community. As one of the typical representatives of asymmetric cryptosystems in the post-quantum computer era, the lattice public key cryptosystem occupies an essential position in the field of quantum cryptography [17-25].

In recent years, increasingly scholars have studied security control in smart grid. In 2012, Sankar et al. proposed a signature-based security access scheme using attribute-based public key encryption [26], in which there is only one key distribution center, but the key center must have strong computing power, and with the increase of the number of smart grid node devices, the key center may become the bottleneck of the whole smart grid. In 2014, Zhou et al. proposed a decentralized access control algorithm for the access control problem of smart grid [27], which effectively reduces the generation of grid peaks and can provide automatic demand response. In 2016, Xie et al. proposed to apply cloud computing to the environment of smart grid [28] to reduce the demand for computing power of smart grid devices and use a grid hierarchy with attribute-based encryption scheme to secure information in the smart grid. In 2017, Guan et al. proposed a secure access scheme with delay tolerance using a secret sharing scheme for the unpredictability of sensitive information generated by electricity consumption transactions between smart grid nodes and grid companies [29], in a model of decentralized grid structure, which effectively reduces the computation and communication overhead of smart grid devices.

Currently, key management schemes for smart grids can be classified into two main categories: symmetric cryptographic regime based and asymmetric cryptographic regime based. When a smart grid node is depleted or identified as an illegal node, the smart grid must be cleared and eliminated in time. The key exchange between smart grid nodes is used to ensure the legitimacy of the communicating smart grid nodes, which is a prerequisite for secure smart grid communication. A lot of research work has been done to reduce the computational overhead and energy consumption of asymmetric cryptosystems and to propose a more secure and reasonable key management scheme. A review of smart grid-related security issues can be found in [30-34], among others, for smart grid key management schemes. Using the solid security foundation over lattice and higher computational efficiency, this paper proposes a lattice-based smart grid key management scheme to ensure the security of communication phase by constructing intra and inter-cluster multi-hop routing security algorithms; introducing timestamp parameters and identity-based information to ensure the security of key update phase; using symmetric cryptosystem algorithms for encryption to improve communication efficiency; and using probabilistic output authentication information that makes the distribution of the output authentication information independent of the private key of the authenticated subject.

2. Basic knowledge

Definition 1 Takes n (m ≥ n) linearly independent vectors in the m-dimensional vector space, and define the lattice generated by these n vectors as

\(\begin{aligned}\mathcal{L}\left(b_{1}, b_{2}, \ldots b_{n}\right)=\left\{\sum_{i=1}^{n} x_{i} b_{i} \mid x_{i} \in \mathbb{Z}\right\}\end{aligned}\).

Where the vector b₁,b₂,...b_n is called the basis of the lattice. If the dimensional m x n matrices B, whose column vectors are b₁,b₂,...b_n, are defined, then the lattice generated by the matrix B can be defined as

𝓛(B) = (b₁,b₂,...b_n) = {BX | X ∈ ℤⁿ}

where n is the rank of the lattice; m is the dimension of the lattice; and the lattice of m = n is a full-rank lattice.

Definition 2 Assume q is a prime number, Α ∈ ℤ_q^nxm, define:

Λ_q(Α) = {e ∈ ℤ^m : ∃s ∈ ℤ_qⁿ, Α^Ts = e(mod q)}

Λ_q^⊥(A) = {e ∈ ℤ^m : Ae = 0(mod q)}

Λ_q^u(Α) = {e ∈ ℤ^m : Ae = u(mod q)}

If t ∈ Λ_q^u(Α), then Λ_q^u(Α) = Λ_q^⊥(Α) + t, so Λ_q^u(Α) is the result of the translation of Λ_q^⊥(Α).

Definition 3 Assumes Λ is a lattice whose dual lattice Λ* is the set of all vectors whose inner products with all lattice vectors in the lattice Λ are integers, that is.

Λ* = {x ∈ ℝⁿ : v ∈ Λ, <x, v> ∈ ℤ}

The dual of the dual of the lattice Λ is itself.

(Λ*)* = Λ

The lattice and in Definition 2 are dual.

Λ_q^⊥ = q.(Λ_q)* , Λ_q = q.(Λ_q^⊥)*

Definition 4： For any vector c [22], positive real numbers σ > 0, the discrete Gaussian distribution over the lattice Λ_q^⊥ is defined as:

\(\begin{aligned}D_{\Lambda_{q}^{\perp}(\mathrm{A}), \sigma, \mathrm{c}}(\mathrm{x})=\frac{\rho_{\sigma, \mathrm{c}}(\mathrm{x})}{\rho_{\sigma, \mathrm{c}}\left(\Lambda_{q}^{\perp}(\mathrm{A})\right)}\end{aligned}\)

Where ρ_σ,c(x) is.

ρ_σ,c(x) = exp(π||x - c||²/σ²)

Theorem 1 Let n, m are the integer, that q ≥ 3 is an odd number, for any real number δ : δ > 0 [13]. If m ≥ (5 +3δ)n log q, then there exists a probabilistic polynomial time algorithm TrapGen(q, n) out-put matrix pair.

(A, T_A) ∈ ℤ_q^nxm x ℤ^mxm

Where the distribution of Α is statistically close to the uniform distribution on ℤ_q^nxm, Τ_Α is a set of short bases on the lattice q − ary Λ_q^⊥(Α), while the following two equations hold with overwhelming probability:

\(\begin{aligned}\begin{array}{l}\left\|\tilde{\mathrm{T}}_{\mathrm{A}}\right\| \leq O(\sqrt{n \log q}) \\ \left\|\mathrm{T}_{\mathrm{A}}\right\| \leq O(n \log q) \\\end{array}\end{aligned}\)

The specific algorithm is described as follows:

Input: Α₁ ∈ ℤ_q^nxm₁ and positive integer m₂ : m₂ = m − m₁.

Output: Α ∈ ℤ_q^nxm and S ：S ∈ ℤ^mxm the group of bases on the lattice Λ^⊥(Α).

(a) Generate the matrices U ∈ ℤ^m₂xm₂ ; G, R ∈ ℤ^m₁xm₂ ; P ∈ ℤ^m₂xm₁ and C ∈ ℤ^m₁xm₁, satisfying the following equations:

(GP + C) ⊂ Λ^⊥(Α₁)

Where U is a nonsingular matrix.

(b) Calculate Α₂ : A₂ = -A₁.(R + G) ∈ ℤ^nxm₂.

(c) Calculate S :

\(\begin{aligned}\mathrm{S}=\left(\begin{array}{cc}(\mathrm{R}+\mathrm{G}) \mathrm{U} & \mathrm{RP}-\mathrm{C} \\ \mathrm{U} & \mathrm{P}\end{array}\right) \in \mathbb{Z}^{m \times m}\end{aligned}\).

(d) Calculate Α : A = [A₁ | A₂].

(e) Final output Α and S.

Theorem 2 Assume m > n is the integer, q is the prime number. The input matrix A ∈ ℤ_q^nxm, the trapdoor Τ_Α on the lattice Λ^⊥(Α), the vector y ∈ ℤ_qⁿ and the real number \(\begin{aligned}s>\left\|\tilde{\mathrm{T}}_{\mathrm{A}}\right\| \omega(\sqrt{\log (m)})\end{aligned}\), and the original image sampling algorithmSample Pre(A, T_A, y, s) can output y in one polynomial time, an original image of x ∈ ℤ^m, for a vector x on the lattice Λ^⊥(Α), and the distribution of x obedience is statistically close to the distribution of D_Λq^y(A),s [11].

3. Network Model

In the smart grid key management scheme proposed in this paper, to reduce the energy consumption of smart grid nodes, the smart grid ordinary model is used for key pre-distribution management of smart grid nodes; to adapt to the deployment of smart grid nodes in a wider area, this paper uses a clustered smart grid model for node deployment. The smart grid consists of two types of smart grid nodes: base stations, a few cluster head nodes N_i^H and the most common nodes N_(i,j)^C, and the topology of the smart grid is shown in Fig. 1.

Fig. 1. Network Model

In Fig. 1, the base station is characterized by unlimited energy, high computing power, and sufficient storage space, and is honest and reliable. The function of the cluster head smart grid node is to collect information and send it to the base station; the ordinary smart grid node is responsible for sensing the relevant data and sending the collected data to the cluster head smart grid node of this cluster. The ordinary smart grid node has limited energy, computational power, and storage space and is the most deployed type of sensor in the whole network.

In this paper, the following assumptions are made for the base station and smart grid nodes:

(1). The key pairs of smart grid nodes are pre-generated by the base station and pre-distributed to all smart grid nodes.

2). Each smart grid node has its own unique identity ID_i^H, ID_(i,j)^C ∈ ℤ_qⁿ_∘

(3). The processing capacity and storage space of the cluster head node is much larger than that of the ordinary smart grid nodes, and the cluster head smart grid node is indebted to forward the information collected by all ordinary smart grid nodes in this cluster to the base station, and to generate and manage the symmetric communication keys shared by all smart grid nodes in this cluster.

(4). The communication keys between the sensors in each cluster are different.

(5). Ordinary smart grid nodes are the most restricted smart grid nodes in the network in terms of processing power and storage space.

(6). If nodes in different clusters need to communicate, they must go through the cluster head smart grid node in their own cluster for forwarding.

(7). The base station storage space in the proposed protocol in this paper is only large enough and is honest and reliable.

4. Key Management Scheme

In this paper, a lattice-based smart grid key management scheme is proposed, which uses the smart grid common model for key pre-distribution management of smart grid nodes; a clustered smart grid model is used for deployment of smart grid nodes. The base station first generates the system parameters and public-private key pairs of all smart grid nodes and assigns the key pairs to the corresponding smart grid nodes. The smart grid nodes in different clusters establish the corresponding key pairs only when they need to communicate. After establishing the shared key, the smart grid nodes in different clusters can use the shared key to communicate securely through the cluster head of this cluster, which is based on the symmetric cryptosystem. Since the symmetric cryptosystem is more efficient than the asymmetric cryptosystem in cryptographic operations, it can effectively reduce the communication energy consumption of smart grid nodes. Smart grid nodes in the same cluster can communicate with the communication key shared by all nodes in this cluster, and this shared communication key is managed and updated by the cluster head liability. The proposed scheme assumes that the base station can effectively detect the captured nodes, and when the base station detects a captured smart grid node, it immediately sends it to the cluster head node of its cluster to prevent them from continuing communication with the captured smart grid node, and adds the node to the blacklist list, and the ID corresponding cluster head node immediately updates the shared key used for communication of all nodes in the cluster.

To make better use of the original image sampling algorithm, this paper proposes a method to generate the corresponding matrix from a vector, denoted as Gen_u→U(u, k) , where the positive integers k > 0 denotes the dimension of the generated matrix.

The steps of the matrix generation algorithm are as follows:

Input vector u and positive integers k; output matrix U.

(a) Suppose the vector u = {u₁,u₂,...,u_n}, first take out the last bit u_n ; then shift the other n − 1 bits to the right; fill u_n in the first bit to get u₁ :

u₁ = {u_n,u₁,...,u_n-1}.

(b) Repeat step (a) to obtain :

u₂ = {u_n-1,u_n,...,u_n-2}

u₃ = {u_n-2,u_n-1,...,u_n-3}

⦙ ⦙

(c) The last vector is output :

u_k-1 = {u_n-k+2,u_n-k+3,...,u_n-k+1}.

(d) Final output matrix U ∈ ℤ^nxk :

\(\begin{aligned}\mathrm{U}=\left\{\begin{array}{cccc}u_{1} & u_{n} & \ldots & u_{n-k+2} \\ u_{2} & u_{1} & \ldots & u_{n-k+3} \\ \vdots & \vdots & \vdots & \vdots \\ u_{n} & u_{n-1} & \ldots & u_{n-k+1}\end{array}\right\}\end{aligned}\)

4.1 System parameters and keys

The system parameters and key pairs are generated as follows:

(1) Let the system security parameter is 1ⁿ_∘

(2) First, choose the prime number q : q = poly(n), positive integers d, m, k, λ, l, where m the following inequalities must be satisfied:

m ≥ (5 + 3δ)n logq ;

Select real numbers σ,s, satisfy the following two equations:

\(\begin{aligned}\begin{array}{c}\sigma \geq 12 d \lambda \sqrt{m} \\ s>O(\sqrt{n \log q}) \cdot \omega(\sqrt{\log (m)})\end{array}\end{aligned}\).

(3) Run the trapdoor generation algorithmTrapGen(q,n) in Theorem 1, and output a matrix Α ∈ ℤ_q^nxm and a set of bases Τ_A ∈ ℤ^mxm on the lattice Λ_q^⊥(Α), Satisfaction:

\(\begin{aligned}\left\|{\mathrm{T}}^{\sim}_{\mathrm{A}}\right\| \leq O(\sqrt{n \log q})\end{aligned}\).

(4) Select four secure hash functions :

H₁ : {0,1}* → {v : v ∈ {-1,0,1}^k, ||v||₁ ≤ k}

H₂ : Z_qⁿ → {0,1}^l

F₁ : {0,1}^l → {0,1}^l₁

F₂ : {0,1}^l₁ → {0,1}^l.

(5) To generate the key pairs of cluster head smart grid nodes: first, run the vector generation matrix algorithm Gen_u→U(ID_i^H, k) can be proposed in this paper to output an identity-based ID_i^H ∈ ℤ_qⁿ matrix U_i^H ∈ ℤ_q^nxk for each cluster-head smart grid node N_i^H ; run the original image sampling algorithm Sample Pre(A, T_A, u_i^H, s) to output the number k identity-based vectors s_i^H ∈ ℤ^m for each vector in the matrix U_i^H, and form a matrix S_i^H ∈ ℤ^mxk from this number k vectors, where each column vector in the k columns of the matrix S_i^H is the original image each column vector in the column of the matrix is the number k vectors corresponding to the output of the original image sampling algorithm. Finally, the base station generates a public-private key pair(U_i^H, S_i^H) for the cluster head smart grid node with identity information ID_i^H that satisfies U_i^H = AS_i^H.

(6) Generate key pairs for common smart grid nodes: As (5), run the matrix algorithm Gen_u→U(ID_i,j^C, k) and original image sampling algorithm Sample Pre(A, T_A, u_i,j^C,s) to output public-private key pairs (U_i,j^C, S_i,j^C) based on identity information ID_i,j^C ∈ ℤ_qⁿ for each common smart grid node N_i,j^C respectively.

Finally, the base station outputs the system common parameters:

PP = {A, F₁, F₂, H₁, H₂}

Key pairs of cluster heads and common smart grid nodes:

(U_i^H, S_i^H),(U_i,j^C, S_i,j^C).

4.2 Generate intra-cluster key

All smart grid nodes in the same cluster share the same communication key, which is produced, managed, updated, etc. By the cluster head smart grid node. The communication key is based on a symmetric cryptographic system, so that the communication efficiency will be higher. The specific process of intra-cluster key generation is as follows: first, the cluster head smart grid node randomly generates the communication key shared within the cluster and then forwards the generated key message to all smart grid nodes within the cluster. This scheme assumes that the public key of the smart grid nodes in the cluster is known only to the smart grid nodes in this cluster and the base station, and is not known to the smart grid nodes in other clusters. When the normal smart grid nodes in this cluster receive the message with the key, they first verify it, and if it passes the verification, they receive the corresponding intra-cluster key message, otherwise they reject it. The detailed process of generating the intra-cluster key is as follows.

Take the number i cluster as an example, the number i cluster head smart grid node N_i^H first randomly generates a symmetric communication key K_i for intra-cluster communication: K_i ∈ {0,1}^l, which is a key in the symmetric cryptosystem, using the symmetric cryptosystem for encryption and decryption is more efficient, the specific validity time of the key depends on the specific situation, if the network environment security is relatively good, and no smart grid node is captured the key The validity time of the key K_i can be extended appropriately if the security condition of the network environment is good and no smart grid node is captured.

The specific process is as follows:

(1) Select a random y_i : y_i ← D_σ^m and a timestamp t_i : t_i ∈ {0,1}*, where t_i indicate that the message was generated by the number i cluster head smart grid node N_i^H at time t.

(2) Calculate u_y and u_K :

u_y = H₂(Ay_i)

u_K = K_i ⊕ u_y

(3) Calculate u'_K :

u'_K = F₁(u_K) || (F₂(F₁(u_K)) ⊕ u_K)

(4) Calculate the validation message (z,c) :

c = H₁(Ay_i,t_i)

z = S_ic + y_i

(5) With probability min(1, \(\begin{aligned}\frac{D_{\sigma}^{m}(z)}{M D_{\sigma, \mathrm{S}_{i} c}^{m}(z)}\end{aligned}\)) Output (z,c), the number i cluster head smart grid node N_i^H sends the message (z,c,u'_K,t_i) containing the symmetric communication key to all normal smart grid nodes and base stations in the cluster.

The timestamp t_i is used to determine the timeliness of the message; (z,c) is used for authentication; and u'_K is used to extract the symmetric communication key after authentication.

4.3 Verify and recover the intra-cluster key

When all common smart grid nodes and the base station in the cluster receive the message (z,c,u'_K,t_i) from the number i cluster head smart grid node, first verify the validity of the message with the public key U_i^H of the number i cluster head smart grid node, and if the verification passes, extract and receive the symmetric communication key sent by the number i cluster head smart grid node, all smart grid nodes in the number i cluster can use the symmetric key for All smart grid nodes in the number i cluster can use this symmetric key for secure communication, and the base station can also use this symmetric key to communicate with the first cluster head smart grid node, and if the verification fails, the packet is discarded.

The specific process is as follows.

(1) Verify that both following equations hold :

c = H₁(Az - U_i^Hc,t_i)

\(\begin{aligned}\|z\| \leq 2 \sigma \sqrt{m}\end{aligned}\)

If both of the above equations hold, it means that the verification passes and will continue to the next operation; otherwise, the verification fails and the packet is discarded.

(2) Calculate :

u_y = H₂(Az - U_i^Hc)

(3) Recovered message u_K :

u_K = [u'_K]_l ⊕ F₂([u'_K]^l₁)

(4) Verify that the equation [u'_K]^l₁ = F₁(u_K) holds, and if it does, recover the symmetric communication key K_i = u_K ⊕ u_y ; if it fails, discard the packet and terminate the operation.

Where [u'_K]^l₁ denotes the first few l₁ bit of u'_K from high to low; [u'_K]_l denotes: the last few bits of u'_K from low to high.

Finally, all normal smart grid nodes and base stations in the cluster receive the symmetric communication key information from the number i cluster head smart grid node and recover the symmetric communication key K_i from the packet if it passes the verification.

If the base station finds that a smart grid node is captured, it should broadcast the ID information of the node in time to avoid its malicious attack. If the network security condition is good, the valid time of the symmetric communication key can be extended appropriately to reduce the consumption due to the frequent update of the key.

4.4 Cross-Cluster Communication Key

If the smart grid nodes in different clusters need to communicate with each other, they must go through the cluster head smart grid node of the corresponding cluster for forwarding, because the common smart grid nodes in different clusters do not have a common symmetric communication key and the public key information of the other smart grid nodes, so the common smart grid nodes in different clusters cannot communicate with each other directly. The corresponding symmetric communication key message is generated by one of the cluster head smart grid nodes in the communication, and then the generated symmetric communication key message is sent to the cluster head smart grid node of another cluster. When the cluster head smart grid node of another cluster receives the symmetric communication key message, it first asks for the public key information of the cluster head smart grid node to which the information is sent by the base station and verifies it, and if it passes the verification, it receives the corresponding symmetric communication key message, otherwise it rejects it.

Take the example of the smart grid nodes the number i cluster and the number j cluster need to communicate, the number i cluster head smart grid node N_i^H first generates a random symmetric communication key K_i↔j : K_i↔j ∈ {0,1}^l for communication with the number j cluster head smart grid node, which is a key in the symmetric cryptographic regime. Then an authentication message (z,c,u'_K,t_i↔j) with the symmetric communication key embedded is generated and forwarded to the number j cluster head smart grid node N_j^H.

When the number i cluster head smart grid node N_j^H receives the authentication message (z,c,u_K,t_i↔j), it first asks the base station for the public key U_i^H of the number i cluster head smart grid node and uses the public key U_i^H to verify the validity of the message (z,c,u'_K,t_i↔j), and finally recovers the symmetric communication key K_i↔j from the message (z,c,u'_K,t_i↔j). The cross-cluster symmetric communication key exchange process is similar to the intra-cluster symmetric communication key exchange process.

4.5 Communication using a symmetric key

After the above symmetric communication key exchange process, the symmetric communication keys between the intra-cluster smart grid nodes, between the base station and the cluster head smart grid nodes, and between the cluster head and the cluster head in the smart grid are shown in Table 1.

Table 1. Symmetric communication key sharing situation

The following describes the specific process of communication with symmetric keys in three cases: the communication between smart grid nodes within a cluster, communication between smart grid nodes across a cluster, and communication between a cluster head and a base station, respectively.

(1) Communication between smart grid nodes within a cluster

Assume that the smart grid nodes N_(i,1)^C and N_(i,2)^C i in the number i cluster need to communicate with each other, and since the smart grid nodes in the number i cluster share the same key K_i, the two smart grid nodes that need to communicate can communicate directly with the symmetric key K_i, and the roadmap for the communication of the smart grid nodes in the cluster is shown in Fig. 2.

Fig. 2. Intra-cluster node communication line diagram

The specific process is as follows:

The smart grid node of number i cluster of N_(i,1)^C:

Encrypted message u:

u_En = En(K_i,u)

Where u denotes the message to be encrypted; K_i denotes: the symmetric communication key shared by the smart grid nodes in the number i cluster; En(K_i,u) denotes: the plaintext message u to be encrypted is encrypted with the symmetric communication key K_i, and the algorithm used is the more efficient symmetric cryptosystem algorithm, which is set as EnSY ; u_En denotes: the encrypted ciphertext message; N_(i,1)^C denotes: the first smart grid node in the number i cluster. Then, the smart grid node N_(i,1)^C sends the encrypted ciphertext u_En to the smart grid node N_(i,2)^C.

When the smart grid nodes N_(i,2)^C receives the cipher text u_En can be sent from the smart grid node N_(i,1)^C, then the text u_En will be decrypted with the previously generated symmetric communication key pair K_i.

The smart grid nodes of number i cluster N_(i,2)^C:

Decrypted message :

u_De = De(K_i,u_En) = u.

Where De(K_i,u_En) denotes: decryption of the ciphertext u_En with a symmetric communication key K_i using a symmetric cryptosystem algorithm EnSY ; u_De denotes the decrypted ciphertext message. Finally, the smart grid node N_(i,2)^C obtains the message u : u = u_De sent by the smart grid node N_(i,1)^C.

(2) Communication between cross-cluster smart grid nodes

Assume that the ordinary smart grid node N_(i,1)^C of the number i cluster and the ordinary smart grid node N_(i,1)^C of the number j cluster need to communicate with each other, because the ordinary smart grid node of the number i cluster and the ordinary smart grid node of the number j cluster do not have a shared key, so the two smart grid nodes of different clusters cannot communicate directly, they must forward through the cluster head node in their own cluster, the smart grid node and the smart grid of the roadmap for communication between smart grid nodes N_(i,1)^C and smart grid nodes N_(i,1)^C is shown in Fig. 3.

Fig. 3. Cross-cluster node communication line diagram

The specific process is as follows:

(a) The smart grid node of the number i cluster N_(i,2)^C :

Encrypted message u :

u_Enⁱ = En(K_i,u).

Where u_Enⁱ denotes: the smart grid node N_(i,1)^C of number i cluster encrypts the plaintext message using the symmetric communication key K_i shared by the smart grid nodes of the number i cluster and encrypts the ciphertext message using the encryption algorithm EnSY. Then, the smart grid node N_(i,1)^C ciphertext u_Enⁱ is sent to the head smart grid node N_i^H of number i.

When the head smart grid node of the number i cluster receives the cipher text u_Enⁱ, which can be sent from the smart grid node N_(i,1)^C, first decrypts u_Enⁱ with the symmetric communication key K_i shared within the cluster.

(b) Number i cluster head smart grid node N_i^H :

Decrypted message :

u_Dnⁱ = De(K_i,u_Enⁱ) = u

Where De(K_i,u_Enⁱ) denotes: decrypting the ciphertext u_Enⁱ with a symmetric communication key K_i using an algorithm EnSY. Finally, the cluster head smart grid node N_i^H acquires the message u, which is sent by the smart grid node N_(i,1)^C.

After decryption, the number i cluster head smart grid node re-encrypts the message u with the symmetric key shared with the number j cluster head smart grid node and forwards it to the first cluster head smart grid node.

Encrypted message u :

u_En^i→j = En(K_i↔j,u)

The number i cluster head smart grid nodes N_i^H sends the cipher text u_En^i→j, which can be encrypted with the symmetric communication key K_i↔j to the number j cluster head smart grid node N_j^H.

(c) The number j cluster head smart grid node N_j^H :

Decrypted message :

u_De^i→j = De(K_i↔j,u_En^i→j) = u

The number j cluster head smart grid node will decrypt the message with the symmetric communication key shared with the number i cluster head smart grid node and re-encrypt it with the shared key within this cluster.

Encrypted message u :

u_En^j = En(K_j,u)

Finally, the number j cluster head smart grid node sends the ciphertext u_En^j encrypted with the intra-cluster symmetric communication key K_j to this cluster smart grid node N_(j,1)^C

(d) The number j cluster smart grid node N_(j,1)^C :

Decrypted message :

u_Dn^j = De(K_j,u_En^j) = u

Finally, the smart grid node N_(j,1)^C of the number j cluster gets the message u : u = u_Dn^j sent by the smart grid node of the number i cluster.

(3) Communication between base stations and cluster head smart grid nodes

Assume that communication is required between the number i cluster-head smart grid node N_i^H and the base station, and since there is a shared symmetric communication key K_i between the number i cluster-head smart grid node and the base station, the communication can be performed directly as follows:

The number i cluster head smart grid node N_i^H :

Encrypted messages u :

u_En^i→ = En(K_i,u)

Decrypted message :

u_Dn^i→ = De(K_i,u_En^i→) = u

Since the communication between the cluster head smart grid node and the base station is more important, another more secure communication method between the base station and the cluster head smart grid node is described below:

The number i cluster head smart grid node N_i^H :

(a) Decrypted message u :

u_En^a = En(K_i,u)

(b) Compute the message (z_a,c_a) after ciphertext embedding :

c_a = H₁(Ay,u_En^a)

z_a = S_ac + y

(c) Output with probability min(1, \(\begin{aligned}\frac{D_{\sigma}^{m}\left(z_{a}\right)}{M D_{\sigma, \mathrm{S}_{a} c_{a}}^{m}\left(z_{a}\right)}\end{aligned}\)) message (z_a,c_a) with embedded ciphertext.

Then, the number i cluster head smart grid node sends the message (z_a,c_a,u_En^a) with the embedded ciphertext to the base station.

When the base station receives the message (z_a,c_a,u_En^a) embedded in the ciphertext from the number i cluster head smart grid node, it verifies the message (z_a,c_a) with the public key U_i^H of the number i cluster head smart grid node and decrypts u_En^a with the previously generated symmetric communication key K_i.

Base station :

(a) Verify that both following equations hold :

c_a = H₁(Az_a - U_i^Hc_a,u_En^a)

\(\begin{aligned}\left\|z_{a}\right\| \leq 2 \sigma \sqrt{m}\end{aligned}\)

If both of the above equations hold, the verification passes and will continue to the next step; otherwise, the verification fails and this packet is discarded.

(b) Decrypted message u_En^a :

u_De^a = De(K_i,u_En^a) = u.

Finally, the base station acquires the message u sent by the number i cluster head smart grid node.

The two smart grid communication methods described above have their own advantages and disadvantages, and different smart grid communication methods can be selected according to the importance of the data. If the data to be encrypted is not essential and the security level is not particularly high, you can use the smart grid communication method of using a symmetric secret key to communicate directly, which is more efficient as long as the encryption and decryption operations are carried out by the symmetric cryptographic system algorithm. If the data to be encrypted is more important and the security requirement is higher, you can use the smart grid communication method of embedding the cipher text into the message, which is more secure. Communication method, this communication method is more secure.

5. Protocol Analysis

In this paper, we analyze the new scheme in 3 aspects: consistency, security and efficiency.

5.1 Consistency Analysis

According to the specific process of the above key management scheme, the sampling algorithm consistency, verification process consistency and key recovery consistency is described and analyzed separately in this paper. (1) Sampling algorithm consistency analysis :

According to the original image sampling principle in Theorem 2, there exists a polynomial-time algorithm Sample Pre(A,T_A,u_i^H,s) for all u_i^H ∈ ℤ_qⁿ draw vector S_i^H, such that the following equation holds.

u_i^H = As_i^H, i = 0,1,...,k - 1

From the principle of the matrix construction algorithm Gen_u→U(u,k) proposed in this paper, we get

\(\begin{aligned}\begin{array}{l}\mathrm{U}_{i}^{H}=\left\{\begin{array}{l}\mathrm{u}_{o}^{H} \\ \mathrm{u}_{1}^{H} \\ \vdots \\ \mathrm{u}_{k-1}^{H}\end{array}\right\}^{T}=\left\{\begin{array}{cccc}u_{1} & u_{2} & \ldots & u_{n} \\ u_{n} & u_{1} & \ldots & u_{n-1} \\ \vdots & \vdots & \vdots & \vdots \\ u_{n-k+2} & u_{n-k+3} & \ldots & u_{n-k+1}\end{array}\right\}^{T} \\ \mathrm{~S}_{i}^{H}=\left\{\begin{array}{l}\mathrm{s}_{o}^{H} \\ \mathrm{~s}_{1}^{H} \\ \vdots \\ \mathrm{s}_{k-1}^{H}\end{array}\right\}^{T}=\left\{\begin{array}{cccc}s_{01} & s_{02} & \ldots & s_{0 m} \\ s_{11} & s_{12} & \ldots & s_{1 m} \\ \vdots & \vdots & \vdots & \vdots \\ s_{(k-1) 1} & s_{(k-1) 2} & \ldots & s_{(k-1) m}\end{array}\right\}\end{array}\end{aligned}\)

For u_i^H = As_i^H to get :

U_i^H = AS_i^H

From the above analysis, we can see that it is correct to use the public-private key pair (U_i^H,S_i^H) generated based on the identity information ID_i^H of the smart grid nodes in this paper.

(2) Validation process consistency analysis：

Az - U_i^Hc = A(S_i^Hc + y) - U_i^Hc = AS_i^Hc + Ay - U_i^Hc = AS_i^Hc + Ay - (AS_i^H)c = Ay

Thus：

H₁(Az - U_i^Hc,t_i) = H₁(Ay,t_i) = c

The following two lemmas are introduced before proving that the inequalities holds \(\begin{aligned}\|z\| \leq 2 \sigma \sqrt{m}\end{aligned}\) with overwhelming probability.

Lemma 1 For any real number σ > 0 and positive integer m, the following inequality holds [14]

\(\begin{aligned}\operatorname{Pr}\left[y \leftarrow D_{\sigma}^{m}:\|y\|>2 \sigma \sqrt{m}\right]<2^{-m}\end{aligned}\)

Lemma 2 For an arbitrary vector v ∈ ℤ^m , if：

\(\begin{aligned}\sigma=\omega(\|v\| \sqrt{\log m})\end{aligned}\)

Then the following equation holds^[14] ：

Pr[y←D_σ^m : D_σ^m(y) / D_σ,ν^m(x) = O(1)] = 1 - 2^{ω(log m)}

According to Lemma 2, the distribution characteristics of z are very close D_σ^m ; from Lemma 2, we can conclude that the inequality \(\begin{aligned}\|z\| \leq 2 \sigma \sqrt{m}\end{aligned}\) will be satisfied with a probability greater z than or equal to 1 - 2^-m, the inequality will be satisfied with an overwhelming probability.

(2) Recover Keys Consistency Analysis：

(a) Analytical equation [u'_K]^l₁ = F₁(u_K) :

[u'_K]^l₁ = [F₁(u_K)||(F₂(F₁(u_K))⊕u_K)]^l₁ = F₁(u_K)

(b) Analyze the correctness of the key K_i :

K_i = u_K ⊕ u_y = [u'_K]_l ⊕ F₂([u'_K]^l₁) ⊕ u_y = [F₁(u_K)||(F₂(F₁(u_K)) ⊕ u_K)]_l ⊕ F₂([F₁(u_K)||(F₂(F₁(u_K)) ⊕ u_K)]^l₁) ⊕ u_y = [F₁(u_K)||(F₂(F₁(u_K)) ⊕ u_K)]_l ⊕ F₂(F₁(u_K)) ⊕ u_y =(F₂(F₁(u_K)) ⊕ u_K) ⊕ F₂(F₁(u_K)) ⊕ u_y = u_K ⊕ u_y = K_i ⊕ u_y ⊕ u_y = K_i

From the above analysis, it can be concluded that the smart grid nodes in the number i cluster establish a common symmetric communication key K_i , and can use K_i to communicate.

5.2 Security Analysis

This section analyzes that the above smart grid key management scheme is secure under the assumption of a small integer solution problem with parameters(q,m, \(\begin{aligned}(4 \sigma+2 d \lambda) \sqrt{m}\end{aligned}\)) of the following two aspects: key exchange process and smart grid node communication.

(1) Key Management Solution Security Analysis：

Assume that there exists a polynomial-time algorithm ξ to obtain a new forged authentication signature for a message (z^w,c^w) with non-negligible probability, such that:

Az - U_i^Hc = Az^w - U_i^Hc^w

As U_i^H = AS_i^H, then :

Az - U_i^Hc - Az^w - U_i^Hc^w = Az - AS_i^Hc - Az^w - AS_i^Hc^w = A(z - S_i^Hc - z^w - S_i^Hc^w) = 0

Based on the consistency of the authenticated message, we get：

||z||, \(\begin{aligned}\left\|z^{w}\right\| \leq 2 \sigma \sqrt{m}\left\|\mathrm{S}_{i}^{H} c\right\|,\left\|\mathrm{S}_{i}^{H} c^{w}\right\| \leq d \lambda \sqrt{m}\end{aligned}\) holds with overwhelming probability, then：

\(\begin{aligned}z-\mathrm{S}_{i}^{H} c-z^{w}-\mathrm{S}_{i}^{H} c^{w} \leq 4 \sigma \sqrt{m}+2 d \lambda \sqrt{m}\end{aligned}\)

Lemma 3 for any matrix A ∈ ℤ_q^nxm satisfying the condition m ≥ 64 + n log q / log(2d + 1), randomly chosen \(\begin{aligned}\mathrm{s}: \mathrm{s} \stackrel{\$}{\leftarrow}\{-d, \ldots, 0, \ldots, d\}^{m}\end{aligned}\) , then with probability 1 - 2^-m there exists another s' : s' ∈ {−d,...,0, ...,d}^m, satisfying As = As'[14]

According to Lemma 3, it can be concluded that a new smart grid node private key S_i^Hw can be generated with greater probability than1 − 2^-m, satisfying the equation AS_i^H = AS_i^Hw, then :

z - S_i^Hc - z^w + _i^Hc^w - z + S_i^Hwc + z^w - S_i^Hwc^w = (S_i^Hw - S_i^H)(c - c^w) ≠ 0

then :

z - S_i^Hc - z^w + S_i^Hc^w ≠ 0

Thus, the smart grid key management scheme proposed in this paper is secure under the assumption of a small integer solution problem with parameters (q,m, \(\begin{aligned}(4 \sigma+2 d \lambda) \sqrt{m}\end{aligned}\)).

(3) Smart grid node communication security analysis：

Take the example of the communication between the number i cluster head smart grid node and the base station.

If no other malicious, smart grid node eavesdrops during the key exchange and transmission between the number i cluster head smart grid node and the base station, then the direct communication with symmetric smart grid communication keys K_i is secure.

If a malicious smart grid node N_e eavesdrops on the packet during the key exchange and transmission between the number i cluster head smart grid node and the base station, but the malicious smart grid node N_e does not know the public key U_i^H of the number i cluster head smart grid node, the malicious smart grid node N_e cannot recover the corresponding communication key from the eavesdropped symmetric communication key exchange information, so the number i cluster head smart grid node and the base station communicate directly with the symmetric communication key in a secure manner. The direct communication between the first cluster smart grid node and the base station with the symmetric communication key K_i is secure.

If the malicious smart grid node N_e has previously obtained the public key U_i^H of the number i cluster head smart grid node, the malicious smart grid node N_e can verify and recover the symmetric communication key shared between the number i cluster head smart grid node and the base station by using the public key K_i of the number i cluster head smart grid node, and this case can be communicated by embedding the ciphertext into the authentication message in a more secure way. The security of the embedded ciphertext communication method is analyzed below.

A malicious, smart grid node N_e can impersonate the number i cluster head smart grid node to encrypt the forged message u^e and generate a forged ciphertext u_En^e :

u_En^e = En(K_i,u^e)

Then, a random one y_e ← D_σ^m is generated; the forged authentication message c_a is calculated:

c_a = H₁(Ay_a,u_En^a)

However, since the malicious, smart grid nodes Ne do not know the private key S_i^H of the number i cluster head smart grid node, there is no way to embed the impersonated ciphertext u_En^e into the forged authentication message z_e.

z_e ≠ S_i^Hc_e + y_e

From the above analysis, it can be seen that the communication between the first cluster head smart grid node and the base station proposed in this paper is secure. The communication between the intra-cluster smart grid nodes and the cross-cluster smart grid nodes is a similar to the analysis of the communication method between the cluster head smart grid node and the base station.

5.3 Efficiency Analysis

In this section, we mainly focus on the computational costs, storage overhead. First, we make a comparison of storage overhead between our smart grid key management scheme and other related secret key schemes, Li et al. Scheme [23], Wang et al. Scheme [24] and Brakerski et al. Scheme [25]. The specific results of storage comparison of the schemes are shown in Table 2.

Table 2. Storage overheads of all schemes

As depicted in Table 2, we make a comparison of storage overhead between our smart grid key management scheme and Li et al. Scheme [23], Wang et al. Scheme [24] and Brakerski et al. Scheme [25]. The public key size is 4nklogq in Li et al. Scheme [23], is (2l + 9)m² log q in Wang et al. Scheme [24], is m² log q in Brakerski et al. Scheme [25], and is 2n(n - k) log q in our smart grid key management scheme. The private key size is nk log q in Li et al. Scheme [23], is 3m² log q in Wang et al. Scheme [24], is 2ml log q in Brakerski et al. Scheme [25], and is mk log q in our smart grid key management scheme. By comparing the results, our proposed the smart grid key management scheme has certain advantages in storage overhead.

By comparing the results of our smart grid key management scheme and other related secret key schemes base on RSA and ECC algorithm, the costs of our smart grid key management scheme is m log(12σ), which is only related to the message m and the parameter σ. The authentication costs corresponding to different security levels (such as 128bits, 256 bits and 512 bits) can be calculated when the selected system parameter is n = 256, q = 2³². The results are shown in Table 3. The authentication costs of RSA and ECC authentication algorithms corresponding to different security levels are given. As shown in Table 3, the authentication costs of the RSA algorithm increase rapidly with the improvement of the security level, but no matter how the security level increases, the size of the authentication remains at a stable level in our smart grid key management scheme. In addition, RSA and ECC algorithms can’t resist quantum attacks, so our smart grid key management scheme has good anti-quantum security. With the development of quantum computer and quantum computing, lattice cipher will be a very practical cryptographic algorithm in the quantum era.

Table 3. Comparison with RSA and ECC algorithms

The smart grid key management scheme proposed in this paper consumes less energy compared with the standard key management scheme. The smart grid key management scheme proposed in this paper does not require the smart grid nodes to send the key exchange information separately because the symmetric key information has been embedded in the key exchange information, and the smart grid nodes receiving the key exchange information can verify the embedded key information and extract the corresponding symmetric communication key. Since the proposed smart grid key management scheme does not require multiple messages, it can reduce the communication overhead of the smart grid. In addition, the key used for communication between smart grid nodes is based on the symmetric cryptosystem algorithm, so it can effectively improve the efficiency of smart grid communication. In terms of computational complexity, the main operations of the proposed key management scheme are simple hash operations and logical operations, which generally consume more energy to transmit 1 bit of data than to compute 32 bits of data. In summary, the smart grid key management scheme proposed in this paper has certain advantages in storage overhead, costs and high security.

6. Conclusion

In this paper, we propose an identity-based smart grid key management scheme on the grid, whose core idea is to use the solid security foundation and high computational efficiency on the grid, and the keys for communication are based on symmetric cryptosystem algorithm, so it can effectively reduce the communication overhead between smart grid nodes. The private keys of smart grid nodes are generated by identity-based information, so malicious, smart grid nodes are unable to calculate the public-private key pairs of other smart grid nodes. The analysis results show that the smart grid key management scheme proposed in this paper has good security.