A lightweight smart grid authentication method based on PUF
By adopting a lightweight authentication method based on PUF, the problems of anonymity and forward confidentiality in smart grids are solved, entity authentication and session key negotiation are realized, and the security and anti-attack capabilities of smart grids are improved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- XIDIAN UNIV
- Filing Date
- 2023-03-08
- Publication Date
- 2026-06-23
Smart Images

Figure CN116388995B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of cybersecurity technology, and in particular to a lightweight smart grid authentication method based on PUF. Background Technology
[0002] Smart grids utilize embedded sensors and digital communication technologies to improve the security, reliability, and economic energy efficiency of power systems. To achieve real-time monitoring of user electricity consumption, smart metering infrastructure, such as smart meters, is deployed within the smart grid. Each user is equipped with a smart meter to periodically collect their electricity consumption data. Gateways periodically aggregate the electricity consumption data of a group of users within a region. Power suppliers analyze the aggregated data and dynamically update prices for user-side management. Because communication between power suppliers, gateways, and smart meters is bidirectional, attackers can infiltrate the smart grid system from multiple entry points and steal user electricity consumption data, further compromising the power supplier's power database. Therefore, network security is the most critical issue for smart grids. To achieve secure information exchange between communication entities, secure and efficient authentication mechanisms need to be integrated into the smart grid's communication system. Identity authentication and key negotiation schemes can ensure secure remote communication between various parties in the smart grid, achieving data confidentiality, user privacy, and message integrity, providing reliable power services for the smart grid. To address the security issues in smart grids, researchers have proposed many identity authentication and key negotiation schemes suitable for smart grids in recent years, but some problems still need to be solved.
[0003] For example, in Sahil Garg et al.'s paper, *Secure AN and Lightweight Authentication Scheme for Smart Metering Infrastructure in Smart Grid*, the entities involved in authentication include the utility provider (UP), the certificate authority (CA), the smart grid (SM), and the gateway (NAN). It is assumed that the utility provider is equipped with a CA, which participates in publishing public secret parameters, and the CA also needs to register the smart meters and gateways. The authentication protocol includes three phases: initialization, registration, and authentication / key negotiation. Garg et al.'s scheme has weaknesses in resisting key leakage impersonation attacks, and it cannot provide anonymity or forward confidentiality for the entities. Summary of the Invention
[0004] This application provides a lightweight smart grid authentication method based on PUF, which can achieve entity anonymity and forward confidentiality.
[0005] The lightweight smart grid authentication method based on PUF provided in this application includes: a control center generating first anonymous identity information of a smart meter and second anonymous identity information of a gateway, sending the first anonymous identity information to the smart meter, and sending the second anonymous identity information to the gateway; and generating a first challenge-response pair based on the registration request of the smart meter using a PUF function; the first challenge-response pair includes first challenge information and first response information; and generating a second challenge-response pair based on the registration request of the gateway using a PUF function; the second challenge-response pair includes second challenge information and second response information.
[0006] The challenge response generated by combining the first anonymous identity information and the second anonymous identity information with the PUF function is used to perform the initial authentication of the smart meter and the gateway.
[0007] In response to the successful initial authentication, the smart meter and the gateway perform a second authentication based on the challenge-response pairs and random numbers generated by each party.
[0008] The step of performing initial authentication of the smart meter and the gateway based on the challenge response generated by combining the first anonymous identity information and the second anonymous identity information with the PUF function includes:
[0009] The smart meter sends a first message to the control center, and the control center authenticates the first message;
[0010] In response to successful authentication, the control center sends a second message to the gateway, and the gateway authenticates the second message.
[0011] In response to successful authentication, the gateway sends a third message to the smart meter, and the smart meter authenticates the third message.
[0012] Upon successful authentication, the session key between the gateway and the smart meter is obtained, thus completing the initial authentication.
[0013] The feature is that the smart meter sends a first message to the control center, and the control center authenticates the first message, including the following steps:
[0014] The smart meter generates a first random number and a second random number, and uses the PUF function to generate first data and second data based on the first random number and the second random number;
[0015] The smart meter generates the first message based on the first anonymous identity information, the second anonymous identity information, the first random number, the second random number, the first data, the second data, and the first challenge information, and sends the first message to the control center;
[0016] The control center determines the corresponding first response information based on the first challenge information in the first message;
[0017] The third data is calculated based on the first response information, and the third data is compared with the second data;
[0018] If the third data matches the second data, the authentication is successful, and the first verification information is obtained based on the first data, the first response information, and the first random number.
[0019] The feature is that the step of the control center sending a second message to the gateway, and the gateway authenticating the second message, includes:
[0020] The control center generates a third random number;
[0021] The control center obtains fourth data based on the first verification information, the second response information, and the third random number; and generates fifth data based on the second response information, the first random number, the first anonymous identity information, the second anonymous identity information, the second random number, and the third random number.
[0022] The control center generates a second message based on the first anonymous identity information, the second anonymous identity information, the first random number, the second random number, the third random number, the second challenge information, the fourth data, and the fifth data, and sends the second message to the gateway.
[0023] The gateway calculates and determines the third response information based on the second challenge information, and verifies the control center based on the third response information and the second response information;
[0024] Upon successful verification by the control center, the sixth data is determined based on the third response information, the first random number, the first anonymous identity information, the second anonymous identity information, the second random number, and the third random number, and then compared with the fifth data.
[0025] If the sixth data and the fifth data match, the authentication is successful.
[0026] The steps involved in the gateway sending a third message to the smart meter, and the smart meter authenticating the third message, include:
[0027] The second verification information is calculated based on the fourth data, the third response information, and the third random number. The gateway then generates a third challenge-response pair based on the second verification information and the first random number.
[0028] The gateway uses the PUF function to calculate a first value based on a fourth random number and a first random number; and uses the PUF function to calculate a second value based on a fifth random number and a second random number.
[0029] The seventh data is calculated based on the second verification information and the fifth random number, and the session key is calculated based on the first random number, the fifth random number, the first value, and the second value; and the eighth data is calculated based on the fifth random number, the fourth random number, the session key, the first anonymous identity information, and the second anonymous identity information.
[0030] The third message is generated based on the first anonymous identity information, the second anonymous identity information, the fourth random number, the fifth random number, the seventh data, and the eighth data, and the third message is sent to the smart meter.
[0031] The smart meter obtains the first value, the second value, and the third value based on the third message;
[0032] The session key is calculated based on the first, second, and third values.
[0033] Authentication is performed based on the session key, the fourth random number, the fifth random number, the first anonymous identity information, and the second anonymous identity information.
[0034] The step of the smart meter and the gateway performing a second authentication based on the challenge-response pair and random number generated by each party in response to the successful initial authentication includes:
[0035] The smart meter sends a fourth message to the gateway, and the gateway authenticates the fourth message;
[0036] In response to successful authentication, the gateway sends a fifth message to the smart meter, and the smart meter authenticates the fifth message.
[0037] Upon successful authentication, the smart meter sends a sixth message to the gateway for authentication.
[0038] The step of the smart meter sending a fourth message to the gateway, and the gateway authenticating the fourth message, includes:
[0039] The smart meter generates first sub-data and first sub-information based on the shared response generated by the gateway after the initial authentication and the sixth random number; and generates second sub-information based on the first anonymous identity information, the second anonymous identity information, the sixth random number, and the first authentication identifier;
[0040] A fourth message is generated based on the first anonymous identity information, the second anonymous identity information, the first authentication identifier, the first sub-information, and the second sub-information, and the fourth message is sent to the gateway.
[0041] The gateway calculates the second sub-data based on the shared response generated by the gateway after the initial authentication and the first sub-information; it determines the third sub-information based on the first authentication identifier, the second sub-data, the first anonymous identity information, and the second anonymous identity information, and compares the third sub-information with the second sub-information.
[0042] If the third sub-information matches the second sub-information, then authentication is successful.
[0043] The steps of the gateway sending a fifth message to the smart meter and the smart meter authenticating the fifth message include:
[0044] The gateway calculates the third sub-data based on the second sub-data and the shared response generated by the gateway after the initial authentication.
[0045] The fourth sub-data is calculated based on the seventh random number, the second sub-data, the shared response generated by the smart meter after the first authentication, and the shared response generated by the gateway after the first authentication; the fifth sub-data is calculated based on the eighth random number and the shared response generated by the smart meter after the first authentication; and the session key is calculated based on the third, fourth, and fifth sub-data.
[0046] The gateway uses the PUF function to calculate the fourth sub-information based on the ninth random number, the sixth random number, and the session key; it calculates the fifth sub-information based on the shared response generated by the smart meter after the first authentication and the eighth random number; it calculates the sixth sub-information based on the shared response generated by the smart meter after the first authentication, the seventh random number, and the eighth random number; and it calculates the seventh sub-information based on the ninth random number, the sixth random number, the seventh random number, the eighth random number, the session key, and the second authentication identifier.
[0047] The fifth message is obtained based on the first anonymous identity information, the second anonymous identity information, the second authentication identifier, the fourth sub-information, the sixth sub-information, the ninth random number, the session key, the fifth sub-information, and the seventh sub-information. The fifth message is then sent to the smart meter.
[0048] The smart meter determines the eighth sub-information based on the fifth message and compares the eighth sub-information with the seventh sub-information;
[0049] If the eighth sub-information matches the seventh sub-information, then authentication is successful.
[0050] The method further includes:
[0051] Determine the tag information X of the parameter to be updated, wherein the parameter to be updated includes at least one of the following: the gateway's sharing challenge, the smart meter's sharing challenge, the smart meter's generated sharing response, and the gateway's generated sharing response;
[0052] Based on the tag information X, determine the update result of the parameters to be updated stored in the smart meter;
[0053] The smart meter generates a sixth message and sends the sixth message to the gateway;
[0054] The gateway performs authentication based on the sixth message;
[0055] In response to successful authentication, the gateway determines the tag information X of the parameter to be updated, and determines the update result of the parameter to be updated stored in the gateway based on the tag information X.
[0056] The authentication method provided in this application includes: a control center generating first anonymous identity information for a smart meter and second anonymous identity information for a gateway, sending the first anonymous identity information to the gateway, and sending the second anonymous identity information to the smart meter; performing an initial authentication on the smart meter and the gateway based on the first and second anonymous identity information; and, in response to successful initial authentication, performing a second authentication on the smart meter and the gateway based on a negotiated challenge-response agreement. This method achieves entity anonymity and forward confidentiality while reducing computational and communication overhead, effectively resisting desynchronization attacks, and achieving forward and backward security. Attached Figure Description
[0057] Figure 1 This is a flowchart illustrating an embodiment of the lightweight smart grid authentication method based on PUF in this application. Detailed Implementation
[0058] To further illustrate the technical means and effects adopted by the present invention to achieve its intended purpose, the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. The foregoing and other technical contents, features, and effects of the present invention will be clearly presented in the following detailed description of the specific embodiments with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are only for explaining the present invention and are not intended to limit the present invention. The accompanying drawings are for reference and illustration only and are not intended to limit the technical solutions of the present invention.
[0059] Please see Figure 1 , Figure 1 This is a flowchart illustrating an embodiment of the lightweight smart grid authentication method based on PUF of this application, specifically including:
[0060] Step S11: The control center generates first anonymous identity information for the smart meter and second anonymous identity information for the gateway, and sends the first anonymous identity information to the smart meter and the second anonymous identity information to the gateway; and generates a first challenge-response pair based on the smart meter's registration request using a PUF function; the first challenge-response pair includes first challenge information and first response information; generates a second challenge-response pair based on the gateway's registration request using a PUF function; the second challenge-response pair includes second challenge information and second response information.
[0061] Specifically, smart meters (SM) i A registration request is securely sent to the Control Center (CC), which then initiates n sets of first challenge information (C). i0 C i1 ,…,C in-1 (This refers to a type of smart meter, SM), where n is typically set to 5 groups by default. i A set of first response information (M) can be generated using the PUF function. i0 M i1 ,…,M in-1 The first response information is transmitted back to the control center (CC). Then, based on the first challenge information and the first response information, the first challenge-response pair {(C)} is stored in the control center (CC). i0 M i0 ),(C i1 M i1 ),(C in-1 M in-1 )}.
[0062] Specifically, gateway G g A registration request is sent to the Control Center (CC). The Control Center (CC) then initiates n sets of second challenge information (C). g0 C g1 ,…,C gn-1 The gateway generates a second set of response information (M). g0 M g1 ,…,M gn-1 The second response information is then transmitted back to the control center (CC), where the challenge-response pair {(C)} is stored. g0 M g0 ),(C g1 M g1 ),(C gn-1 M gn-1 )}.
[0063] Specifically, the control center is the smart meter SM. i Generate First Anonymous Identity Information FSM i =H(c||SM) i), where 'c' is the identity mask, stored only in the control center CC. The control center is the gateway G. g Generate second anonymous identity information FG g =H(c||G g ).
[0064] Step S12: Perform initial authentication of the smart meter and the gateway based on the challenge response generated by the PUF function using the first anonymous identity information and the second anonymous identity information.
[0065] Specifically, step S12 includes: the smart meter sending a first message to the control center, and the control center authenticating the first message; in response to successful authentication, the control center sending a second message to the gateway, and the gateway authenticating the second message; in response to successful authentication, the gateway sending a third message to the smart meter, and the smart meter authenticating the third message; in response to successful authentication, the session key between the gateway and the control center is obtained, thereby completing the initial authentication.
[0066] Specifically, the process of the smart meter sending a first message to the control center, and the control center authenticating the first message, is as follows:
[0067] 1) The smart meter generates a first random number r1 and a second random number r2, and uses the PUF function to generate first data B1 and second data H1 based on the first random number and the second random number.
[0068] Specifically, smart meters (SM) i Two random numbers are selected to generate a first random number r1 and a second random number r2. The PUF function is then used to generate first data B1 and second data H1 based on the first random number r1 and the second random number r2. Specifically, H1=H(PUF i (C i1 )||r1||FSM i ||FG g ||r2). Among them, PUF i () refers to the PUF function in a smart meter, H() refers to hash operation, ⊕ refers to XOR operation, and || represents concatenation.
[0069] 2) The smart meter generates the first message based on the first anonymous identity information, the second anonymous identity information, the first random number, the second random number, the first data, the second data, and the first challenge information, and sends the first message to the control center.
[0070] Specifically, the smart meter is based on the first anonymous identity information (FSM). i Second anonymous identity information FGg The first random number r1, the second random number r2, the first data B1, the second data H1, and the first challenge information (C) i0 C i1 ,…,C in-1 C in ) i1 The first message is generated, and the first message is {FSM}. i ,FG g ,r1,r2,B1,C i1 H1}, and send the first message to the control center.
[0071] 3) The control center determines the corresponding first response information based on the first challenge information in the first message.
[0072] Specifically, the control center (CC) received the SM. i The first message sent {FSM} i ,FG g ,r1,r2,B1,C i1 When H1 is reached, authentication is performed using the PUF value. Specifically, based on the received C... i1 Find the corresponding PUF i (C i1 The value is also known as the first response information (M). i0 M i1 ,…,M in-1 M in ) i1 .
[0073] 4) Calculate the third data H′1 based on the first response information, and compare the third data with the second data.
[0074] Specifically, the third data H'1 = H(M) i1 ||r1||FSM i |FG g ||r2), compare the third data H'1 with the second data H1 to determine whether H'1 and H1 are consistent.
[0075] 5) If the third data matches the second data, the authentication is successful, and the first verification information (PUF) is obtained based on the first data, the first response information, and the first random number. i (r1)'.
[0076] Specifically, if H'1 is consistent with H1, then based on the first data B1 and the first response information M... i1 The first random number r1 is used to obtain the first verification information.
[0077] In one embodiment, the step of the control center sending a second message to the gateway, and the gateway authenticating the second message, includes:
[0078] 11) The control center generates a third random number r3.
[0079] 12) The control center obtains the fourth data B2 based on the first verification information, the second response information, and the third random number; and generates the fifth data H2 based on the second response information, the first random number, the first anonymous identity information, the second anonymous identity information, the second random number, and the third random number.
[0080] Specifically, the control center (CC) selects a third random number r3, and selects the second response information and the first verification information PUF. i (r1)' The fourth data point B2 is obtained. The second response information is the second challenge information (C). g0 C g1 ,…,C gn-1 C in ) g2 The response, i.e., the second response information (M) g0 M g1 ,…,M gn-1 M in ) g2。 Fourth data
[0081] The control center selects the second response information (M) g0 M g1 ,…,M gn-1 M in ) g2 First random number r1, second random number r2, third random number r3, first anonymous identity information FSM i Second anonymous identity information FG g Generate the fifth data H2, H2 = H(M) g2 ||r1||FSM i ||FG g ||r2||r3).
[0082] 13) The control center generates a second message based on the first anonymous identity information, the second anonymous identity information, the first random number, the second random number, the third random number, the second challenge information, the fourth data, and the fifth data, and sends the second message to the gateway.
[0083] The control center is based on the first anonymous identity information FSM i Second anonymous identity information FG g First random number r1, second random number r2, third random number r3, second challenge information (C) g0 C g1 ,…,C gn-1 C in )g2 The fourth data B2 and the fifth data H2 generate the second message {FSM} i ,FG g ,r1,r2,r3,C g2 ,B2,H2}. The second message {FSM} i ,FG g ,r1,r2,r3,C g2 ,B2,H2} are sent to the gateway.
[0084] 14) The gateway calculates and determines the third response information M' based on the second challenge information. g2 Based on the third response information M' g2 Second response information M g2 Verify the control center.
[0085] Gateway G g Upon receiving the second message, the gateway authenticates it. First, the gateway calculates and determines the third response information M' based on the second challenge information. g2 Specifically, the third response information M' g2 =PUF g (C g2 ), PUF g () represents the gateway's PUF function. It should be noted that the third response information M' g2 This indicates the result calculated by the gateway based on its own PUF function, and the second response information M. g2 This information is obtained during registration; please refer to step S11 for details. If the third response information M' g2 With the second response information M g2 If the values are the same, then the verification by the control center is passed; if the third response information M' g2 With the second response information M g2 If the values are different, the verification of the control center will fail.
[0086] 15) Upon successful verification by the control center, based on the third response information H'2, the first random number r1, and the first anonymous identity information FSM i Second anonymous identity information FG g The second random number r2 and the third random number r3 determine the sixth data H'2, and the sixth data is compared with the fifth data.
[0087] Based on the third response information M' g2 First random number r1, first anonymous identity information FSM i Second anonymous identity information FG g The second random number r2, the third random number r3, determine the sixth data H'2, the sixth data H'2 = H(H'2||r1||FSM)i ||FG g ||r2||r3). Compare the sixth data H'2 with the fifth data H2.
[0088] 16) If the sixth data and the fifth data are consistent, the authentication is successful.
[0089] Determine if H'2 and H2 are consistent. If they are consistent, the authentication is successful.
[0090] In one embodiment, the gateway sends a third message to the smart meter, and the smart meter authenticates the third message, including the following steps:
[0091] 21) The second verification information PUF is calculated based on the fourth data, the third response information, and the third random number. i (r1)”, the gateway generates a third challenge response pair (r1, PUF) based on the second verification information and the first random number. i (r1)”).
[0092] Using the fourth data B2 and the third response information M' g2 The second verification information PUF was recovered using the third random number r3. i (r1)”=B2⊕H(M' g2 ||r3), the gateway is based on the second authentication information PUF i (r1)” and the first random number r1 store the third challenge response pair (r1, PUF) i (r1)”).
[0093] 22) The gateway uses the PUF function to calculate the first value a based on the fourth random number r4 and the first random number r2; and uses the PUF function to calculate the second value b based on the fifth random number r5 and the second random number r2.
[0094] Specifically, the gateway selects two random numbers as the fourth random number r4 and the fifth random number r5. Using the PUF function, it calculates the first value a based on the fourth random number r4 and the first random number r2, where a = H(PUF). i (r1)||r4). The second value b is calculated using the PUF function based on the fifth random number r5 and the second random number r2, where b = H(PUF). g (r5)||r2).
[0095] 23) The seventh data B3 is calculated based on the second verification information and the fifth random number, and the session key is calculated based on the first random number, the fifth random number, the first value, and the second value; and the eighth data H3 is calculated based on the fifth random number, the fourth random number, the session key, the first anonymous identity information, and the second anonymous identity information.
[0096] Specifically, based on the second verification information PUF i (r1)”, the fifth random number r5 is used to calculate the seventh data B3,
[0097] The session key SK is calculated based on the first random number r1, the fifth random number r5, the first value a, and the second value b: SK = H(a||b||k1), where k1 = r1⊕r5.
[0098] Based on the fifth random number r5, the fourth random number r4, the session key SK, and the first anonymous identity information FSM i Second anonymous identity information FG g We obtain the eighth data H3, where H3 = H(SK||FSM). i ||FG g ||r5||r4).
[0099] 24) Generate the third message based on the first anonymous identity information, the second anonymous identity information, the fourth random number, the fifth random number, the seventh data, and the eighth data, and send the third message to the smart meter.
[0100] Specifically, based on the first anonymous identity information, FSM i Second anonymous identity information FG g The third message is obtained by using the fourth random number r4, the fifth random number r5, the seventh data B3, and the eighth data H3. The third message is {FSM}. i ,FG g The third message is sent to the smart meter.
[0101] 25) The smart meter obtains a first value a, a second value b, and a third value k1 based on the second message.
[0102] Smart Meter (SM) i After receiving the third message, it can be determined according to B3⊕H(PUF) i (r1)||r5) Solve for PUF g (r5)', using the recovered PUF g (r5) calculates the third value k1, the first value a, and the second value b. Specifically, b = H(PUF) g (r5)||r2).
[0103] 26) The session key SK is calculated based on the first value a, the second value b, and the third value k1. SK = H(a||b||k1).
[0104] 27) Authentication is performed based on the session key, the fourth random number, the fifth random number, the first anonymous identity information, and the second anonymous identity information.
[0105] Specifically, the session key SK, the fourth random number r4, the fifth random number r5, and the first anonymous identity information FSM are used. i Second anonymous identity information FG g Calculate H3' = H(sk) l ||FSM i ||FG g ||r5||r4). If H3' matches the eighth data H3, then authentication is successful, meaning SK is the gateway G. g With smart meters SM i The session key between them.
[0106] Step S13: In response to the successful initial authentication, the smart meter and the gateway perform a second authentication based on the challenge-response pairs and random numbers generated by each party.
[0107] After initial authentication, the smart meter defines a first authentication identifier (IDG). g,x Where X∈{old,new}, smart meter SM i The first initial authentication identifier IDG g,old Define it as H(r5||r1), and at the same time, IDG g,old Give IDG g,new Meanwhile, SM i Save G g SM shared information i :G g →{r5,PUF g (r5), IDG g,old =H(r5||r1)}.
[0108] After the initial authentication, the gateway defines a second authentication identifier, IDSM. i,x Where X∈{old,new}, gateway G g The second initial authentication identifier IDSM i,old Defined as H(r5||r1), and IDSM i,old Give IDSM i,new Meanwhile, G g Save SM i Shared information G g :SM i →{r1,PUF i (r1), IDSM i,old =H(r5||r1)}.
[0109] Specifically, step S13 includes: the smart meter sending a fourth message to the gateway, the gateway authenticating the fourth message; in response to successful authentication, the gateway sending a fifth message to the smart meter, the smart meter authenticating the fifth message; in response to successful authentication, the smart meter sending a sixth message to the gateway for authentication.
[0110] 131) The smart meter is based on the shared response ANG generated by the gateway after the initial authentication. g,x The first sub-data a and the first sub-information B4 are generated using the sixth random number; and the first anonymous identity information, the second anonymous identity information, the sixth random number, and the first authentication identifier IDG are generated based on these. g,X Generate the second sub-information H4.
[0111] ANG g,x Indicates gateway G g Shared responses, where X∈{old,new}. ANG g,old Indicates gateway G g The old shared response, initially set to PUF. g (r5), ANG g,new Indicates gateway G g The new shared response, with an initial value of ANG. g,old .
[0112] Based on shared response ANG g,x The first sub-data a and the first sub-information B4 are generated using the sixth random number r6. Specifically, the first sub-data a = H(ANG) g,x ||r6), First Sub-information
[0113] Based on first anonymous identity information FSM i Second anonymous identity information FG g The sixth random number r6, the first authentication identifier IDG g,X Generate the second sub-information H4, H4 = H(FSM) i ||FG g ||r6||IDG g,X ).
[0114] 132) Based on the first anonymous identity information, the second anonymous identity information, and the first authentication identifier IDG g,X The first sub-information B4 and the second sub-information H4 generate the fourth message, which is then sent to the gateway.
[0115] Based on first anonymous identity information FSM i Second anonymous identity information FG g IDG, the first certification mark g,XThe first sub-information B4 and the second sub-information H4 generate the fourth message. <FSM i ,FG g IDG g,X ,B4,H4>.
[0116] 133) The gateway calculates the second sub-data r′6 based on the shared response generated by the gateway after the initial authentication and the first sub-information B4; and determines the third sub-information based on the first authentication identifier, the second sub-data, the first anonymous identity information, and the second anonymous identity information. The third sub-information is then compared with the second sub-information.
[0117] When G g Upon receiving the fourth message, G g According to the first authentication mark IDG g,X Find the corresponding R i,X R i,X Let X represent the sharing challenge of smart meters, where X∈{old,new}. i,old Indicates smart meter SM i The old shared challenge, with an initial value of r1. i,new Indicates smart meter SM i A new sharing challenge, with an initial value of R. i,old .
[0118] G then g Based on the shared response ANG generated by the gateway after initial authentication g,x Calculate the second sub-data r'6 using the first sub-information B4.
[0119] Based on the first authentication identifier IDG g,X Second sub-data r'6, First anonymous identity information FSM i Second anonymous identity information FG g Determine the third sub-information H'4, H'4 = H(FSM) i ||FG g ||r'6||IDG g,X The third sub-information H'4 is compared with the second sub-information H4.
[0120] 134) If the third sub-information matches the second sub-information, then the authentication is successful.
[0121] In response to successful authentication, the gateway sends a fifth message to the smart meter, and the smart meter authenticates the fifth message by means of:
[0122] 135) The gateway calculates the third sub-data a' based on the second sub-data and the shared response generated by the gateway after the first authentication.
[0123] Specifically, the gateway uses the second sub-data r'6 and the shared response ANG generated by the gateway after the initial authentication. g,x The third sub-data a' is calculated, a' = H(ANG) g,x ||r'6).
[0124] 136) Shared response ANSM generated by the smart meter after initial authentication, based on the seventh random number, the second sub-data, and the first random number. i,x The shared response ANG generated by the gateway after initial authentication g,x The fourth sub-data c is calculated; the fifth sub-data is obtained based on the eighth random number and the shared response generated by the smart meter after the first authentication; the session key is obtained based on the third, fourth, and fifth sub-data.
[0125] Specifically, based on the seventh random number r7, the second sub-data r'6, and the shared response ANSM generated by the smart meter after initial authentication. i,x The shared response ANG generated by the gateway after initial authentication g,x The fourth sub-data c is calculated.
[0126] Among them, ANSM i,x This represents the shared response of a smart meter, where X∈{old,new}. ANSM i,old This indicates the old shared response of the smart meter, with an initial value of PUF. g (r1), ANSM i,new This indicates a new shared response for the smart meter, with an initial value of ANSM. i,old .
[0127] Based on the eighth random number r8 and the shared response generated by the smart meter after the initial authentication, the fifth sub-data b is obtained, b = H(ANSM). i,x ||r8).
[0128] The session key SK is obtained based on the third sub-data a', the fourth sub-data c, and the fifth sub-data b, where SK = H(a'||b||c). Specifically, a' = H(ANG). g,x ||r'6), b = H(ANSM) i,x ||r8).
[0129] 137) The gateway uses the PUF function to calculate the fourth sub-information B5 based on the ninth random number, the sixth random number, and the session key; and calculates the shared response ANSM generated by the smart meter after the first authentication. i,xThe fifth sub-information B6 is obtained from the eighth random number; the sixth sub-information B9 is obtained from the shared response, the seventh random number, and the eighth random number generated by the smart meter after the first authentication; the seventh sub-information H5 is obtained from the ninth random number, the sixth random number, the seventh random number, the eighth random number, and the session key.
[0130] Specifically, the gateway uses the PUF function to calculate the fourth sub-information B5 based on the ninth random number r9, the sixth random number r6, and the session key SK.
[0131] Shared Response ANSM generated by the smart meter after initial authentication i,x The eighth random number r8 yields the fifth sub-information B6.
[0132] Shared Response ANSM generated by the smart meter after initial authentication i,x The seventh random number r7 and the eighth random number r8 yield the sixth sub-information B9.
[0133] Based on the ninth random number r9, the sixth random number r6, the seventh random number r7, the eighth random number r8, the session key SK, and the second authentication identifier IDSM i,X The seventh sub-information H5 is obtained, H5 = H(r9||PUF) g (k2)||r7||r8||SK||IDSM i,X ),
[0134] 138) Based on the first anonymous identity information, the second anonymous identity information, and the second authentication identifier IDSM iX The fifth message is obtained by taking the fourth sub-information B5, the sixth sub-information B9, the ninth random number, the session key, the fifth sub-information B6, and the seventh sub-information H5, and then sending the fifth message to the smart meter.
[0135] Based on first anonymous identity information FSM i Second anonymous identity information FG g Second Authentication Mark IDSM i,X The fifth message is obtained by combining the fourth sub-information B5, the sixth sub-information B9, the ninth random number, the session key, the fifth sub-information B6, and the seventh sub-information H5.
[0136] 139) The smart meter determines the eighth sub-information H5' based on the fifth message and compares the eighth sub-information with the seventh sub-information.
[0137] SM i Choose a random number r 10 and calculate Smart Meter (SM) i Calculate sk' based on a, b', and c'. Then SM i calculate H'5=H(r'9||PUF g (k2)'||r7||r'8||sk'||IDSM i,X The system checks if the eighth sub-information H5' matches the received seventh sub-information H5. If they do not match, authentication terminates. Otherwise, authentication succeeds. When the above authentication steps are successful, SM... i With G g The secondary authentication process is now complete.
[0138] 140) If the eighth sub-information matches the seventh sub-information, then the authentication is successful.
[0139] The methods described above enable the system to resist replay attacks. After authentication, in order to make the proposed protocol resistant to desynchronization attacks, the present application also proposes the following methods:
[0140] 51) Determine the tag information X of the parameter to be updated, wherein the parameter to be updated includes: the gateway's sharing challenge R. g,x The challenges of sharing smart meters i,x Shared response ANSM generated by smart meters i,x The shared response ANG generated by the gateway g,x At least one of them.
[0141] 52) Based on the tag information X, determine the update result of the parameters to be updated stored in the smart meter.
[0142] 53) The smart meter generates a sixth message and sends the sixth message to the gateway.
[0143] 54) The gateway performs authentication based on the sixth message.
[0144] 55) In response to successful authentication, the gateway determines the tag information X of the parameter to be updated, and determines the update result of the parameter to be updated stored in the gateway based on the tag information X.
[0145] Specifically, step 52) above includes:
[0146] 521) If the tag information X = old, the new sharing challenge corresponding to the gateway. New shared response for the gateway IDG is the first and final certification mark for smart meters. g,new =H(k3||k2'), where,
[0147] 522) If the tag information X == new, the new shared challenge R corresponding to the gateway. g,new Identified as the old shared challenge R corresponding to the gateway g,old R g,old =R g,new The new shared response ANG corresponding to the gateway. g,new It was determined that the old shared response ANG corresponding to the gateway would be used. g,old ANG g,old =ANG g,new The first final authentication identifier IDG g,new Identified as the first initial authentication identifier IDG g,old New sharing challenges corresponding to gateways (R) g,new =k2'=r9'⊕r6. New shared response corresponding to the gateway. IDG is the first and final certification mark for smart meters. g,new =H(k3||k2'), k3=r9'⊕r 10 .
[0148] Specifically, step 53) involves the smart meter generating a sixth message and sending it to the gateway, which specifically includes: SM i calculate IDG g,new =H(k3||k2'). Then SM i calculate H6=H(r 10 ||PUF i (k3)||sk'||IDSM i,X IDSM i,X This is the value received. SM i To G g Send the sixth message: <FSM i ,FG g IDSM i,X ,B7,B8,H6>.
[0149] Specifically, step 54) of the gateway performing authentication based on the sixth message includes:
[0150] G g calculate Then calculate H6' = H(r) 10 '||PUF i (k3')||SK||IDSM i,X The system checks whether H6' matches the received H6. If they match, the authentication is successful.
[0151] Specifically, step 55) of determining the update result of the parameter to be updated stored in the gateway based on the tag information X includes:
[0152] 551) If the tag information X = old, the new sharing challenge R of smart meters i,new =k3', New Shared Response ANSM for Smart Meters i,new =PUF i (k3'), the gateway's second final authentication identifier IDSM i,new =H(k3'||k2').
[0153] 552) If the tag information X == new, the old sharing challenge R of the smart meter i,old =R i,new The legacy shared response ANSM for smart meters i,old =ANSM i,new The gateway's second initial authentication identifier (IDSM) i,old =IDSM i,new New Sharing Challenges of Smart Meters i,new =k3', New Shared Response ANSM for Smart Meters i,new =PUF i (k3'), the gateway's second final authentication identifier IDSM i,new =H(k3'||k2').
[0154] It should be noted that, in this application, the absence of the parenthesis (') indicates that the parameter is calculated by the smart meter, the parenthesis (') indicates that it is calculated by the control center, and the parenthesis (") indicates that it is calculated by the gateway. For example, 'a' indicates that parameter 'a' is calculated by the smart meter, and 'a'' indicates that parameter 'a' is calculated by the control center. Other similar parameters follow this definition and will not be elaborated further here.
[0155] The solution presented in this application exhibits the following characteristics:
[0156] 1. Data confidentiality: In this solution, SM i and G g A registration request is securely initiated to the Control Center (CC). Since attackers cannot obtain the challenge-response pair during the registration phase, this pair, as a shared secret in the authentication process, possesses a degree of confidentiality. Secondly, in the initial authentication phase, SM... i It will use random numbers to generate temporary challenge-response pairs and utilize SM. i The shared challenge-response pairs between the control center (CC) and G are encrypted. Similarly, the control center (CC) and G... g The same method is used for encrypted transmission of challenge-response pairs. Finally, in the secondary authentication phase, SM... i With Gg After initial authentication, authentication proceeds independently of the Control Center (CC). During authentication, both parties use pre-negotiated challenge-response protocols. Upon successful authentication, a key update process ensures the key remains unchanged, and this update is performed via IDG. g,X This ensures the smooth progress of the update process. Therefore, attackers cannot steal the session key during the authentication process, thus ensuring data confidentiality.
[0157] 2. Mutual Authentication: During the initial authentication phase of the authentication protocol, the Control Center (CC) verifies the consistency between H′1 and H1 to ensure the accuracy of the challenge-response pair. Only after successful authentication will the Control Center (CC) confirm the SM. i identity and to G g Encrypted transmission shares a secret, thus ensuring the generation of the session key. SM i Upon receiving G g When sending messages, PUF needs to be restored. g (r5) and calculate the session key, when G can only be confirmed when it matches H3. g The identity of G is simultaneously negotiated to obtain the session key. Similarly, G... g The accuracy of H2 must be successfully verified during the initial authentication process; only consistent G... g The Trust Control Center (CC) has successfully certified SM. i and SM i Proceed to the session key generation phase. g During the secondary authentication phase, SM also needs to be verified. i The challenge was certified, and only G was certified. g Storage SM i Only when the responses are consistent can authentication be successfully passed and information transmission proceed.
[0158] 3. Unlinkability: SM i During the initial certification process with the Control Center (CC), SM i The provisional challenge response is generated by random numbers and encrypted using a pre-set shared secret. Even if an attacker gains access to {FSM} i ,FG g ,r1,r2,B1,C i1 H1}, B1 contains SM i The generated provisional challenge responses are unrelated to the preset challenge responses. Therefore, even if an attacker can obtain messages from the channel multiple times, they cannot link multiple challenge responses from the same user. Furthermore, the identities used by the sensors during both the initial and secondary authentication processes are anonymous identities issued by the control center (CC), preventing attackers from accessing the sensor's real identity through its anonymous identity.
[0159] 4. Forward and Backward Security: Forward security means that even if an attacker obtains the shared secret in this stage, they cannot calculate the shared key from the previous stage. Since the protocol assumes the control center (CC) is trusted, the leakage of the shared secret is primarily considered during the two-factor authentication phase. During the two-factor authentication phase, SM... i With G g Both parties share a challenge and response system for authentication. Upon successful authentication, the session key is updated. SM i With G g Internally, two challenge-response pairs are stored simultaneously via IDG. g,X The parameters determine which set of shared secrets is used to calculate the session key, IDG. g,X It is composed of random numbers. Therefore, even if an attacker obtains the shared key for this round, they cannot obtain which session key was used in the previous stage, thus ensuring forward security.
[0160] SM in the secondary authentication process i With G g Upon successful authentication, the challenge response pair between both parties will be updated. During this process, SM... i With G g The protocol primarily utilizes random numbers to update the PUF challenge-response pairs, thereby calculating a new shared key. Even if an attacker obtains the shared secret from the previous stage, the uniqueness of the PUF function prevents the attacker from forging the PUF response value. Therefore, the attacker cannot calculate the shared key for the next node, ensuring backward security.
[0161] 5. Resistance to desynchronization attacks: Assuming an attacker eavesdrops on SM... i With G g Intercept and obtain messages from the communication between them using IDSM. i,x B7, B8, H6. At this time, G g The storage information is IDSM i,old ,R g,old ,ANG g,old IDSM i,new ,R g,new ,ANG g,new When an attacker intercepts a message, G g Unable to accept updated messages, no message updates will be performed. Due to the initial state G... g The information in the internal storage is still the initial IDSM. i,old ,R g,old ,ANG g,old And IDSM i,new ,R g,new ,ANG g,new The value is obtained from the former. If the update operation is interrupted after multiple authentications, then in G... gTwo shared secrets remain internally, so the authentication and key update processes will not be compromised. i With G g Mutual authentication and key updates are still possible.
[0162] 6. Anti-replay attack: During the initial authentication, attackers exploit network eavesdropping to steal message information during the authentication process {FSM}. i ,FG g ,r1,r2,r3,C g2 ,B2,H2} and {FSM i ,FG g The expression is: r1, r2, r4, r5, r5, r5, r6, r7, r8, r9, r1, r2, r4, r5 are random numbers that change in each round of authentication, and B1 and B2 are determined by SM. i and G g The response to the PUF (Problem-Based Function) is determined by a random number generated and a preset challenge response. Furthermore, due to the characteristics of the PUF function, an attacker cannot reconstruct the same response value even if they receive the same challenge. Therefore, the message messages change each round, making it impossible for an attacker to compromise the SM (Small Message Service) using a replay attack. i With G g Previous certification.
[0163] During the secondary authentication process, due to SM i With G g A shared key is pre-configured, and both parties use random numbers for encryption. Therefore, the message packets transmitted through the channel are also changing, making it impossible for attackers to authenticate by listening to the channel and replaying intercepted message packets.
[0164] 7. Resistance to Forgery Attacks: Forgery attacks refer to the process by which an attacker can successfully achieve the authentication goal by forging challenge-response pairs. This protocol uses the PUF function to resist SM. i and G g Authentication is performed, and the PUF function is unique and random. Therefore, only SM challenge-response pairs are registered in the Control Center (CC). i or G g It can be restored, and attackers cannot forge legitimate identities in the system for authentication, nor can they launch forgery attacks.
[0165] 8. Communication Overhead: Some literature combines PUF functions and elliptic curve techniques in the authentication process, resulting in high communication overhead. This scheme, however, transmits messages with only low overhead, such as identity identifiers and hash functions. Unlike traditional PUF authentication protocols, this scheme allows sensors to perform secondary authentication using the shared key generated during the initial authentication phase, significantly reducing communication overhead.
[0166] 9. Computational Overhead: Assuming the control center (CC) resources are not limited, the performance analysis only considers the SM. i With G g The computational overhead, of which SM i The initial authentication process requires six hash operations and two XOR operations. g This scheme performs 6 hash operations and 2 XOR operations during the initial authentication process, and its computational overhead is lower than that of some schemes in the literature.
[0167] This application proposes applying physically unclonable functions (PUFs) to mutual authentication between smart meters and gateways in smart grids, combining hash and XOR operations to achieve a secure and efficient mutual authentication protocol. Furthermore, unlike traditional PUF authentication protocols, the proposed protocol employs an initial authentication phase and a secondary authentication phase. The smart meter and gateway can use the shared key generated in the initial authentication phase for secondary authentication, significantly reducing the communication overhead of authentication.
[0168] The proposed protocol focuses on communication security between smart meters and gateways, prioritizing identity authentication and privacy protection. Privacy protection is primarily manifested in strong anonymity for both authenticating parties. During the smart meter registration phase, the control center (CC) uses its stored identity mask (c) and the smart meter's identity ID to calculate the corresponding anonymous identity using a hash algorithm, thus preventing attackers from launching eavesdropping attacks or other malicious attacks.
[0169] The proposed protocol also features a shared key update phase and is resistant to replay attacks, desynchronization attacks, spoofing attacks, and other attack methods.
[0170] The above are merely implementation methods of the present invention and do not limit the patent scope of the present invention. Any equivalent structural or procedural transformations made based on the content of the present invention specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of the present invention.
Claims
1. A lightweight smart grid authentication method based on PUF, characterized in that, include: The control center generates first anonymous identity information for the smart meter and second anonymous identity information for the gateway, and sends the first anonymous identity information to the smart meter and the second anonymous identity information to the gateway; and generates a first challenge-response pair based on the smart meter's registration request using a PUF function; the first challenge-response pair includes first challenge information and first response information; The registration request based on the gateway uses a PUF function to generate a second challenge-response pair; the second challenge-response pair includes second challenge information and second response information. The challenge response generated by combining the first anonymous identity information and the second anonymous identity information with the PUF function is used to perform the initial authentication of the smart meter and the gateway. In response to the successful initial authentication, the smart meter and the gateway perform a second authentication based on the challenge-response pairs and random numbers generated by each party. The step of performing initial authentication of the smart meter and the gateway based on the challenge response generated by combining the first anonymous identity information and the second anonymous identity information with the PUF function includes: The smart meter sends a first message to the control center, and the control center authenticates the first message; In response to successful authentication, the control center sends a second message to the gateway, and the gateway authenticates the second message. In response to successful authentication, the gateway sends a third message to the smart meter, and the smart meter authenticates the third message. Upon successful authentication, the session key between the gateway and the smart meter is obtained, thus completing the initial authentication. The process of the smart meter sending a first message to the control center, and the control center authenticating the first message, includes: The smart meter generates a first random number and a second random number, and uses the PUF function to generate first data and second data based on the first random number and the second random number; The smart meter generates the first message based on the first anonymous identity information, the second anonymous identity information, the first random number, the second random number, the first data, the second data, and the first challenge information, and sends the first message to the control center. The control center determines the corresponding first response information based on the first challenge information in the first message; The third data is calculated based on the first response information, and the third data is compared with the second data; If the third data matches the second data, the authentication is successful, and the first verification information is obtained based on the first data, the first response information, and the first random number. The step of the control center sending a second message to the gateway and the gateway authenticating the second message includes: The control center generates a third random number; The control center obtains fourth data based on the first verification information, the second response information, and the third random number; and generates fifth data based on the second response information, the first random number, the first anonymous identity information, the second anonymous identity information, the second random number, and the third random number. The control center generates the second message based on the first anonymous identity information, the second anonymous identity information, the first random number, the second random number, the third random number, the second challenge information, the fourth data, and the fifth data, and sends the second message to the gateway; The gateway calculates and determines the third response information based on the second challenge information, and verifies the control center based on the third response information and the second response information; In response to the control center's successful verification, a sixth data point is determined based on the third response information, the first random number, the first anonymous identity information, the second anonymous identity information, the second random number, and the third random number, and the sixth data point is compared with the fifth data point. If the sixth data is consistent with the fifth data, then the authentication is successful.
2. The authentication method according to claim 1, characterized in that, The steps of the gateway sending a third message to the smart meter and the smart meter authenticating the third message include: The second verification information is calculated based on the fourth data, the third response information, and the third random number. The gateway generates a third challenge-response pair based on the second verification information and the first random number. The gateway generates a fourth random number and a fifth random number; The gateway uses the PUF function to calculate a first value based on the fourth random number and the first random number; and uses the PUF function to calculate a second value based on the fifth random number and the second random number. The seventh data is calculated based on the second verification information and the fifth random number, and the session key is calculated based on the first random number, the fifth random number, the first value, and the second value; and the eighth data is calculated based on the fifth random number, the fourth random number, the session key, the first anonymous identity information, and the second anonymous identity information. The third message is generated based on the first anonymous identity information, the second anonymous identity information, the fourth random number, the fifth random number, the seventh data, and the eighth data, and the third message is sent to the smart meter. The smart meter obtains the first value, the second value, and the third value based on the third message; The session key is calculated based on the first value, the second value, and the third value. Authentication is performed based on the session key, the fourth random number, the fifth random number, the first anonymous identity information, and the second anonymous identity information.
3. The authentication method according to claim 1, characterized in that, In response to the successful initial authentication, the smart meter and the gateway perform a second authentication based on the challenge-response pair and random number generated by each party, including: The smart meter sends a fourth message to the gateway, and the gateway authenticates the fourth message; In response to successful authentication, the gateway sends a fifth message to the smart meter, and the smart meter authenticates the fifth message. Upon successful authentication, the smart meter sends a sixth message to the gateway for authentication.
4. The authentication method according to claim 3, characterized in that, The steps of the smart meter sending a fourth message to the gateway and the gateway authenticating the fourth message include: The smart meter generates a sixth random number; The smart meter generates first sub-data and first sub-information based on the shared response generated by the gateway after the initial authentication and the sixth random number; and generates second sub-information based on the first anonymous identity information, the second anonymous identity information, the sixth random number, and the first authentication identifier; A fourth message is generated based on the first anonymous identity information, the second anonymous identity information, the first authentication identifier, the first sub-information, and the second sub-information, and the fourth message is sent to the gateway. The gateway calculates the second sub-data based on the shared response generated by the gateway after the initial authentication and the first sub-information; it determines the third sub-information based on the first authentication identifier, the second sub-data, the first anonymous identity information, and the second anonymous identity information, and compares the third sub-information with the second sub-information; If the third sub-information matches the second sub-information, then authentication is successful.
5. The authentication method according to claim 4, characterized in that, The steps of the gateway sending a fifth message to the smart meter and the smart meter authenticating the fifth message include: The smart meter generates a sixth random number; the gateway generates a seventh, eighth, and ninth random number. The gateway calculates the third sub-data based on the second sub-data and the shared response generated by the gateway after the initial authentication. The fourth sub-data is calculated based on the seventh random number, the second sub-data, the shared response generated by the smart meter after the first authentication, and the shared response generated by the gateway after the first authentication; the fifth sub-data is calculated based on the eighth random number and the shared response generated by the smart meter after the first authentication; and the session key is calculated based on the third sub-data, the fourth sub-data, and the fifth sub-data. The gateway uses the PUF function to calculate the fourth sub-information based on the ninth random number, the sixth random number, and the session key; it calculates the fifth sub-information based on the shared response generated by the smart meter after the first authentication and the eighth random number; it calculates the sixth sub-information based on the shared response generated by the smart meter after the first authentication, the seventh random number, and the eighth random number; and it calculates the seventh sub-information based on the ninth random number, the sixth random number, the seventh random number, the eighth random number, the session key, and the second authentication identifier. Based on the first anonymous identity information, the second anonymous identity information, the second authentication identifier, the fourth sub-information, the sixth sub-information, the ninth random number, the session key, the fifth sub-information, and the seventh sub-information, a fifth message is obtained and the fifth message is sent to the smart meter. The smart meter determines the eighth sub-information based on the fifth message and compares the eighth sub-information with the seventh sub-information; If the eighth sub-information matches the seventh sub-information, then authentication is successful.
6. The authentication method according to claim 5, characterized in that, The method further includes: Determine the tag information X of the parameter to be updated, wherein the parameter to be updated includes at least one of the following: the gateway's sharing challenge, the smart meter's sharing challenge, the smart meter's generated sharing response, and the gateway's generated sharing response; Based on the tag information X, determine the update result of the parameters to be updated stored in the smart meter; The smart meter generates a sixth message and sends the sixth message to the gateway; The gateway performs authentication based on the sixth message; In response to successful authentication, the gateway determines the tag information X of the parameter to be updated, and determines the update result of the parameter to be updated stored in the gateway based on the tag information X.