CP_ABSC: An attribute-based signcryption scheme to secure multicast communications in smart grids

Chunqiang Hu; Jiguo Yu; Xiuzhen Cheng; Zhi Tian; Kemal Akkaya; and Limin Sun

doi:10.3934/mfc.2018005

Article Contents

2018, Volume 1, Issue 1: 77-100. Doi: 10.3934/mfc.2018005

This issue Previous Article Application of learning algorithms in smart home IoT system security Next Article

CP_ABSC: An attribute-based signcryption scheme to secure multicast communications in smart grids

1.
Key Laboratory of Dependable Service Computing in Cyber Physical Society, Ministry of Education, Chongqing University, China
2.
School of Software Engineering, Chongqing University, China
3.
School of Information Science and Engineering, Qufu Normal University, China
4.
Department of Computer Science, The George Washington University, USA
5.
Electrical & Computer Engineering Department, George Mason University, USA
6.
Electrical & Computer Engineering Department, Florida International University, USA
7.
Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences (CAS), China

^*Corresponding author: Chunqiang Hu
^*Corresponding author: Chunqiang Hu

Received: August 31, 2017

Revised: October 31, 2017

Published: February 2018

This research was partially supported by the National Natural Science Foundation of China under grants 61702062,61373027 and 61472418, and the National Science Foundation of the US under grants CCF-1442642, IIS-1343976, CNS-1318872, and CNS-1550313

Abstract Full Text(HTML) Figure(8) / Table(5) Related Papers Cited by

Abstract

In this paper, we present a signcryption scheme called CP_ABSC based on Ciphertext-Policy Attribute Based Encryption (CP_ABE)[7] to secure the multicast communications in smart grids that require access control, data encryption, and authentication to ensure message integrity and confidentiality. CP_ABSC provides algorithms for key management, signcryption, and designcryption. It can be used to signcrypt a message based on the access rights specified by the message itself. A user can designcrypt a ciphertext if and only if it possesses the attributes required by the access structure of the data. Thus CP_ABSC effectively defines a multicast group based on the access rights of the data specified by the data itself, which differs significantly from the traditional Internet based multicast where the destination group is predetermined and must be known by the data source. CP_ABSC provides collusion attack resistance, message authentication, forgery prevention, and confidentiality. It can be easily applied in smart grids to secure the instructions/commands broadcast from a utility company to multiple smart meters (push-based multicast) and the data retrieved from a smart meter to multiple destinations (pull-based multicast). Compared to CP_ABE, CP_ABSC combines encryption with signature at a lower computational cost for signcryption and a slightly higher cost in designcryption for signature verification. We also consider the adoption of attribute-based signature (ABS), and conclude that CP_ABSC has a much lower computational cost than ABS.

Keywords:

Mathematics Subject Classification: Primary: 58F15, 58F17; Secondary: 53C35.

Citation:

Full Text(HTML)

Figure 1. A communication architecture in smart grid systems

Download: Full-size image PowerPoint slide

Figure 2. An access control tree structure

Download: Full-size image PowerPoint slide

Figure 3. An example access control structure in Smart Grid

Download: Full-size image PowerPoint slide

Figure 4. Key generation time

Download: Full-size image PowerPoint slide

Figure 5. Encryption time

Download: Full-size image PowerPoint slide

Figure 6. Decryption time

Download: Full-size image PowerPoint slide

Figure 7. ABS signature running-time

Download: Full-size image PowerPoint slide

Figure 8. ABS verification running-time

Download: Full-size image PowerPoint slide

Table 1. The Computational Cost of Different Functions and Operations between CP_ABE and our scheme

	CP_ABE [7]	CP_ABSC
Key Generation	$n{{\mathbb{G}}_{1}} + (n+2){{\mathbb{G}}_{2}} + nH_{{{\mathbb{G}}_{2}}}$	$(2n+5){{\mathbb{G}}_{2}}$
Encryption	$(k+1){{\mathbb{G}}_{1}} + k{{\mathbb{G}}_{2}} + 1{{\mathbb{G}}_{3}} + kH_{{{\mathbb{G}}_{2}}}$	$2((k+1){{\mathbb{G}}_{1}} +{{\mathbb{G}}_{2}}+{{\mathbb{G}}_{3}})+2$ (pairings)
Decryption	$(2k^\prime + 1)$ (pairings)	$1{{\mathbb{G}}_{3}} + (2k^\prime+3)$ (pairings)
Notes: ${{\mathbb{G}}_{1}}$ in the table means an exponentiation operation in ${{\mathbb{G}}_{1}}$ group; ${{\mathbb{G}}_{2}}$ and ${{\mathbb{G}}_{3}}$ are defined similarly. $H_{{{\mathbb{G}}_{1}}}$ means hashing an attribute string or a message into an element in ${{\mathbb{G}}_{1}}$; $H_{{{\mathbb{G}}_{2}}}$ is defined similarly.

| Show Table

DownLoad: CSV

Table 2. The Computational Cost of Different Operations in Charm Library

Group	${{\mathbb{G}}_{1}}$	${{\mathbb{G}}_{2}}$	${{\mathbb{G}}_{3}}$	(pairings)	$H_{{{\mathbb{G}}_{1}}}$	$H_{{{\mathbb{G}}_{2}}}$
SS512	3.73	3.70	0.48	3.92	8.34	8.39
MNT159	1.12	9.84	2.62	8.42	0.10	34.82
Notes: Time is in ms. The result in this table is the average of 1000 runs.

| Show Table

DownLoad: CSV

Table 3. Comparison between CP_ABE and CP_ABSC

The scheme	System Initial.	KeyGeneration	Encryption	Decryption
CP_ABE[7]	symmetric groups	private key	encryption	decryption
CP_ABSC	asymmetric groups	(sign+verify) key	signcrypt.	decrypt.&verify.

| Show Table

DownLoad: CSV

Table 4. Number of operations in the Maji's ABS scheme

TSetup()	1${{\mathbb{G}}_{1}}$ /user
AttrGen()	1${{\mathbb{G}}_{1}}$ / attribute
Sign()	2${{\mathbb{G}}_{1}}$+3($\ell_r$)${{\mathbb{G}}_{1}}$+2($\ell - \ell_r$)${{\mathbb{G}}_{1}}$ + 2($\ell \cdot t$)${{\mathbb{G}}_{2}}$
Verify()	1${{\mathbb{G}}_{1}}$+2($\ell \cdot t + t$)${{\mathbb{G}}_{2}}$+($\ell+4$)(pairings)

| Show Table

DownLoad: CSV

Table 5. Key generation per attribute of the Maji's ABS scheme

SS512	MNT159	MNT159.S	BN.S
3.67 ms	9.72 ms	1.13 ms	2.30 ms

| Show Table

DownLoad: CSV

Related Papers

Cited by

References

[1]	Guidelines for smart grid cyber security (vol. 1 to 3), http://csrc.nist.gov/publications/ PubsNISTIRs.html, 2010.
[2]	J. A. Akinyele, C. Garman, I. Miers, M. W. Pagano, M. Rushanan, M. Green and A. D. Rubin, Charm: A framework for rapidly prototyping cryptosystems, Journal of Cryptographic Engineering, 3 (2013), 111-128. doi: 10.1007/s13389-013-0057-3.
[3]	A. Alrawais, A. Alhothaily, J. Yu, C. Hu and X. Cheng, Secureguard: A certificate validation system in public key infrastructure, to appear in IEEE Transactions on Vehicular Technology.
[4]	Z. A. Baig and A.-R. Amoudi, An analysis of smart grid attacks and countermeasures, Journal of Communications, 8 (2013), 473-479. doi: 10.12720/jcm.8.8.473-479.
[5]	G. Baker and A. Berg, Supervisory control and data acquisition (scada) systems, The Critical Infrastructure Protection Report, 1 (2002), 5-6.
[6]	P. S. Barreto and M. Naehrig, Pairing-friendly elliptic curves of prime order, in Selected areas in cryptography, Springer, 2006,319-331.
[7]	J. Bethencourt, A. Sahai and B. Waters, Ciphertext-policy attribute-based encryption, in Security and Privacy, 2007. SP'07. IEEE Symposium on, IEEE, 2007,321-334. doi: 10.1109/SP.2007.11.
[8]	Z. Cai, Z.-Z. Chen and G. Lin, A 3.4713-approximation algorithm for the capacitated multicast tree routing problem, Theoretical Computer Science, 410 (2009), 5415-5424. doi: 10.1016/j.tcs.2009.05.013.
[9]	Z. Cai, R. Goebel and G. Lin, Size-constrained tree partitioning: Approximating the multicast k-tree routing problem, Theoretical Computer Science, 412 (2011), 240-245. doi: 10.1016/j.tcs.2009.05.031.
[10]	Z. Cai, Z. He, X. Guan and Y. Li, Collective data-sanitization for preventing sensitive information inference attacks in social networks, IEEE Transactions on Dependable and Secure Computing, PP (2016), 1-1. doi: 10.1109/TDSC.2016.2613521.
[11]	Z. Cai, G. Lin and G. Xue, Improved approximation algorithms for the capacitated multicast routing problem, Computing and combinatorics, Lecture Notes in Comput. Sci., Springer, Berlin, 3595 (2005), 136-145.
[12]	Z. Erkin, J. R. Troncoso-Pastoriza, R. L. Lagendijk and F. Perez-Gonzalez, Privacy-preserving data aggregation in smart metering systems: An overview, Signal Processing Magazine, IEEE, 30 (2013), 75-86. doi: 10.1109/MSP.2012.2228343.
[13]	Z. Fadlullah, N. Kato, R. Lu, X. Shen and Y. Nozaki, Toward secure targeted broadcast in smart grid, Communications Magazine, IEEE, 50 (2012), 150-156. doi: 10.1109/MCOM.2012.6194396.
[14]	M. Gagné, S. Narayan and R. Safavi-Naini, Threshold attribute-based signcryption, in Security and Cryptography for Networks, Springer, 2010,154-171.
[15]	V. Goyal, O. Pandey, A. Sahai and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proceedings of the 13th ACM conference on Computer and communications security, ACM, 2006, 89-98.
[16]	C. Hu, X. Cheng, Z. Tian, J. Yu, K. Akkaya and L. Sun, An attribute-based signcryption scheme to secure attribute-defined multicast communications, in International Conference on Security and Privacy in Communication Systems, Springer, 2015,418-437. doi: 10.1007/978-3-319-28865-9_23.
[17]	C. Hu, W. Li, X. Cheng, J. Yu, S. Wang and R. Bie, A secure and verifiable access control scheme for big data storage in clouds, IEEE Transactions on Big Data.
[18]	C. Hu, X. Liao and X. Cheng, Verifiable multi-secret sharing based on lrsr sequences, Theoretical Computer Science, 445 (2012), 52-62. doi: 10.1016/j.tcs.2012.05.006.
[19]	M. Kgwadi and T. Kunz, Securing RDS broadcast messages for smart grid applications, Proceeding: IWCMC '10 Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, (2011), 1177-1181. doi: 10.1145/1815396.1815666.
[20]	Y. Kim, A. Perrig and G. Tsudik, Simple and fault-tolerant key agreement for dynamic collaborative groups, in Proceedings of the 7th ACM conference on Computer and communications security, ACM, 2000,235-244. doi: 10.1145/352600.352638.
[21]	A. Lewko and B. Waters, Decentralizing attribute-based encryption, Advances in Cryptology-EUROCRYPT 2011, 6632 (2011), 568-588.
[22]	D. Li, Z. Aung, S. Sampalli, J. Williams and A. Sanchez, Privacy preservation scheme for multicast communications in smart buildings of the smart grid, Smart Grid and Renewable Energy, 4 (2013), Article ID: 33928, 12 pages. doi: 10.4236/sgre.2013.44038.
[23]	Q. Li and G. Cao, Multicast authentication in the smart grid with one-time signature, Smart Grid, IEEE Transactions on, 2 (2011), 686-696. doi: 10.1109/TSG.2011.2138172.
[24]	J. Liu, Y. Xiao, S. Li, W. Liang and C. Chen, Cyber security and privacy issues in smart grids, Communications Surveys & Tutorials, IEEE, 14 (2012), 981-997. doi: 10.1109/SURV.2011.122111.00145.
[25]	Y. Liu, P. Ning and M. Reiter, False data injection attacks against state estimation in electric power grids, Proceeding: CCS '09 Proceedings of the 16th ACM conference on Computer and communications security, (2009), 21-32. doi: 10.1145/1653662.1653666.
[26]	R. Lu, X. Liang, X. Li, X. Lin, X. Shen et al., Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications, IEEE Trans. on Parallel and Distributed Systems.
[27]	B. Lynn, On the Implementation of Pairing-Based Cryptosystems, PhD thesis, Stanford University, 2007.
[28]	H. K. Maji, M. Prabhakaran and M. Rosulek, Attribute-based signatures, in Topics in Cryptology-CT-RSA 2011, Springer, 2011,376-392.
[29]	A. Metke and R. Ekl, Security technology for smart grid networks, Smart Grid, IEEE Transactions on, 1 (2010), 99-107. doi: 10.1109/TSG.2010.2046347.
[30]	A. Molina-Markham, P. Shenoy, K. Fu, E. Cecchet and D. Irwin, Private memoirs of a smart meter, in Proceedings of the 2nd ACM Workshop on Embedded Sensing Systems for EnergyEfficiency in Building, ACM, 2010, 61-66. doi: 10.1145/1878431.1878446.
[31]	W. Neumann, Horse: An extension of an r-time signature scheme with fast signing and verification, in Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on, IEEE, 1 (2004), 129-134. doi: 10.1109/ITCC.2004.1286438.
[32]	H. Nicanfar, P. Jokar and V. C. Leung, Smart grid authentication and key management for unicast and multicast communications, in Innovative Smart Grid Technologies Asia (ISGT), 2011 IEEE PES, IEEE, 2011, 1-8.
[33]	A. Perrig, The biba one-time signature and broadcast authentication protocol, in Proceedings of the 8th ACM conference on Computer and Communications Security, ACM, 2001, 28-37. doi: 10.1145/501983.501988.
[34]	A. Perrig, R. Canetti, J. Tygar and D. Song, The tesla broadcast authentication protocol, CryptoBytes, 5 (2002), 2-13.
[35]	M. Pirretti, P. Traynor, P. McDaniel and B. Waters, Secure attribute-based systems, in Proceedings of the 13th ACM conference on Computer and communications security, ACM, 2006, 99-112. doi: 10.1145/1180405.1180419.
[36]	L. Reyzin and N. Reyzin, Better than biba: Short one-time signatures with fast signing and verifying, in Information Security and Privacy, Springer, 2002,144-153. doi: 10.1007/3-540-45450-0_11.
[37]	S. Ruj, A. Nayak and I. Stojmenovic, A security architecture for data aggregation and access control in smart grids, arXiv: 1111.2619.
[38]	A. Sahai and B. Waters, Fuzzy identity-based encryption, Advances in Cryptology-EUROCRYPT 2005, 3494 (2005), 457-473.
[39]	N. Saputro, K. Akkaya and S. Uludag, A survey of routing protocols for smart grid communications, Computer Networks, 56 (2012), 2742-2771. doi: 10.1016/j.comnet.2012.03.027.
[40]	A. Shamir, How to share a secret, Communications of the ACM, 22 (1979), 612-613. doi: 10.1145/359168.359176.
[41]	A. Shamir, Identity-based cryptosystems and signature schemes, in Advances in cryptology, Springer, 196 (1985), 47-53.
[42]	H. So, S. Kwok, E. Lam and K. Lui, Zero-configuration identity-based signcryption scheme for smart grid, in IEEE International Conference on Smart Grid Communications, IEEE, 2010,321-326. doi: 10.1109/SMARTGRID.2010.5622061.
[43]	C. Valli, A. Woodward, C. Carpene, P. Hannay and M. Brand, Eavesdropping on the smart grid, in Australian Digital Forensics Conference, 2012, 54-60.
[44]	Q. Wang, H. Khurana, Y. Huang and K. Nahrstedt, Time valid one-time signature for timecritical multicast data authentication, in INFOCOM 2009, IEEE, IEEE, 2009,1233-1241. doi: 10.1109/INFCOM.2009.5062037.
[45]	W. WANG and Z. LU, Cyber security in the smart grid: Survey and challenges, Computer networks, 57 (2013), 1344-1371. doi: 10.1016/j.comnet.2012.12.017.
[46]	C. K. Wong, M. Gouda and S. S. Lam, Secure group communications using key graphs, SIGCOMM '98 Proceedings of the ACM SIGCOMM '98 conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, (1998), 68-79. doi: 10.1145/285237.285260.
[47]	K. Xing, C. Hu, J. Yu, X. Cheng and F. Zhang, Mutual privacy preserving k-means clustering in social participatory sensing, IEEE Transactions on Industrial Informatics, 13 (2017), 2066-2076. doi: 10.1109/TII.2017.2695487.
[48]	L. Zhang, Z. Cai and X. Wang, Fakemask: a novel privacy preserving approach for smartphones, IEEE Transactions on Network and Service Management, 13 (2016), 335-348. doi: 10.1109/TNSM.2016.2559448.
[49]	S. Zhongwei, H. Sitian, M. Yaning and S. Fengjie, Security mechanism for smart distribution grid using ethernet passive optical network, 2010 2nd International Conference on Advanced Computer Control, 3 (2010), 246-250. doi: 10.1109/ICACC.2010.5486625.
[50]	Z. Zhou and D. Huang, On efficient ciphertext-policy attribute based encryption and broadcast encryption, in Proceedings of the 17th ACM conference on Computer and communications security, ACM, 2010,753-755. doi: 10.1145/1866307.1866420.
[51]	C. Zimmer and F. Mueller, Fault tolerant network routing through software overlays for intelligent power grids, in Parallel and Distributed Systems (ICPADS), 2010 IEEE 16th International Conference on, IEEE, 2010,542-549. doi: 10.1109/ICPADS.2010.47.