7/29/2019 Smart Grid No

1/4

SECURE SMART METER INFRASTRUCTURE IN MULTI-DWELLING ENVIRONMENT

Binod Vaidya, Dimitrios Makrakis, Hussein Mouftah

University of Ottawa, Ottawa, Canada

ABSTRACT

Smart grid deployment focuses on reliability, cost savings and

energy efficiency as well as customer satisfaction. Many

utilities are turning to Smart meter infrastructure technology.

Smart Energy profile was motivated by requirement to enable

personal energy management in Home area networks. In Multi-

dwelling units, wireless networking such as WiFi and ZigBee

could be feasible, as range of communications can be extended

to communicate with the gateway. In such a network, routing is

one of the fundamental components. However, designing

secure routing protocols for wireless mesh networks is achallenging task due to various reasons. In this paper, we

provide a comprehensive security mechanism for source

routing protocol in wireless multi-hop networks, which is

particularly suitable for multi-dwelling environment.

Index Terms Smart meter infrastructure, Multi-dwelling unit, wireless muti-hop network, secure routing

protocol

1. INTRODUCTION

Smart grid deployment focuses on reliability, cost savings

and energy efficiency as well as customer satisfaction. As a

strategic response, many utilities are turning to smart meterinfrastructure (SMI) technology.

Smart Energy Profile (SEP) 1.0 was motivated by

requirement to enable personal energy management in

Home area networks (HANs) and is used in many Smart

grid applications. Smart energy (SE) device include energy

service interface (ESI), metering device, in-home display

(IHD), programmable communicating thermostat (PCT),

load control devices (LCD), and other smart appliances.

SEP 2.0 is currently under development, which will offer

IP-based control for SMI and HANs [1].

For smart energy HAN, both wired and wireless

communication protocols can be considered, however,

wireless communications have significant advantages overwired ones. While multi-hopping is considered in wireless

communications such as low-power (LP) WiFi and ZigBee,

range of communications can be extended to communicate

with the gateway in larger smart energy HAN, especially in

multi-dwelling environment.

The wireless mesh networks may be preferred for

routing data in Neighborhood area network (NAN). In such

a network, routing is one of the fundamental components.

However, designing secure routing protocols for wireless

mesh networks is a challenging task due to various reasons

including resource constraints of nodes, limited capacity of

the wireless medium, self-organized form of the network.

In this paper, we provide a comprehensive security

mechanism for source routing protocol in wireless multi-hop

networks, which is particularly suitable for multi-dwelling

environment.

2. BACKGROUNDS

2.1. Multi-dwelling Units

Mid to high-rise dwellings including condominiums and

apartments have a number of neighboring premises area

networks operated by different customers residing on the

same premises. Such large buildings containing independent

dwellings are known as Multi-family dwelling or Multi

dwelling units (MDU) [2].

SEP 1.1 refers NAN as possible further use case

including MDUs, however, it provides little details

regarding NAN implementation. SEP 2.0 includes

specifications for MDU deployments. In MDUs, smart

meters are located in meter rooms near ground floor or in

basements. And they are physically secure with limited

access. In such MDUs, sub-meters allow for individualbilling to MDU residents.

When deploying SMI in MDU, challenge arises due to

not only need of seamless wireless connectivity but also

security and privacy concerns.

2.2. Secure routing mechanisms

In the wireless mesh multi-hop network, routing is one of

the fundamental components. For wireless mesh network,

several routing protocols such as Ad hoc On-Demand

Distance Vector (AODV), Dynamic Source Routing

(DSR)[3], and Hybrid Wireless Mesh Protocol (HWMP) can

be considered. However, none of above addresses security

and anonymity protection mechanisms.

Secure routing algorithms are used to protect the route

discovery and maintenance phase, which can counter

various attacks such as forging, modifying, or dropping of

routing messages [4]. For instance, Secure routing protocol

(SRP) [5], ARIADNE [6], Secure Dynamic Source Routing

(SDSR) [8] and Secure Route Discovery Protocol (SRDP)

[7] provide mechanisms to enable route establishment such

that malicious nodes cannot cause inappropriate routes. SRP

2012 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)978-1-4673-1433-6/12/$31.00 2012 IEEE

7/29/2019 Smart Grid No

2/4

uses end-to-end Message authentication codes (MACs)

whereas ARIADNE uses accumulation of MACs.

Furthermore, SDSR uses digital signatures as well as

accumulation of public Diffie-Hellmann and encrypted

hashed keys while SRDP uses MACs and aggregate

signature schemes of Accountable-Subgroup Multi-

signature (ASM).

Above schemes are not suitable for SMI since either

they lack sufficient security measures or they have

comparatively higher computational cost.

3. NETWORK CONSIDERSATIONS FOR MULTI-

DWELLING ENVIRONMENT

In many urban areas, MDUs are the norm rather than the

exception. These residential dwellings present challenges

and often require special planning to assure that wired (i.e.

fiber) or wireless networks can efficiently and reliably scale

the heights involved across multiple floors.

For existing MDU environment, where running fiber to

each unit may not be feasible, thus wireless networkinfrastructure could be viable solution. Cost-effective

wireless mesh architecture could deliver real-time services

such as voice and video as well as data services to the MDU

customers.

Following network considerations for multi-dwelling

environment have been accounted:

A single mesh network covering whole MDU; Range extenders are employed whenever coverage is

not sufficient;

Intermediate repeaters may not be trust-worthy; theybelongs to different dwellers;

SE devices (i.e. IHD) may be statics or semi-statics; All devices share same network key and networkaccess is granted by a Coordinator / Trust Center.

4. PROPOSED SECURE ROUTING SCHEME FOR

MULTI-DWELLING ENVIRONMENT

In this section, we propose secure routing scheme for

wireless mesh infrastructure in multi-dwelling environment.

Main goal is to furnish lightweight, efficient and secure

on-demand source routing protocol based on elliptic curve

cryptography (ECC) based public key cryptography.

The main intention of this mechanism is to obtain secure

route discovery in on-demand routing protocol by utilizing

self-certified public keying technique, Schnorr digital

signature algorithm, as well as multi-signature scheme.

As this framework is based on source routing algorithm,

it has three basic operations: initialization, route discovery,

and route maintenance.

4.1. Initialization

Prior to joining the network, every node has to access the

Certificate Authority (CA) in secure manner to obtain an

implicit certificate (i). CA has secret key (xCA) and publickey (XCA).

The ESI that includes Trust center and Coordinator shall

provide common network key to all SE devices, then each

SE device can have shared secret keys with other ones.

4.2. Secure Route Discovery and Maintenance

In the proposed secure route discovery, we have used

Schnorr digital signature algorithm for source node

authentication and multi-signatures scheme for intermediate

node authentication.

The route discovery in wireless multi-hop ad-hoc

network performed is as follows.

Consider a source node (S) that does not have route to

the destination node (D). When Shas data packets to be sent

to D, it initiates Route Request (RREQ) packet. This RREQ

packet is flooded throughout the network.

Initially, S will compute Schnorr digital signature (yS)

with the help of shared secret key (kSD) and append it to the

RREQ packet.When an intermediate node receives RREQ packet with

source address Sand destination addressD, the intermediate

node rebroadcasts it as per DSR protocol. Lets suppose the

RREQ will transverse through nodes A, B, and C before

reaching the destination D. When intermediate node A

receives the RREQ from S, it computes partial commitment

(A). Then node A appends its own address in the route listand its partial commitment, and then rebroadcastsRREQ.

Similarly, intermediate nodes B and C compute joint

partial commitments (1) and (

2) respectively, and append

their addresses in the route list and respective commitments

before rebroadcast RREQ. RREQ algorithm for secure

RREQ message flow is shown in Figure 1.

S ComputeyS= xS.h(kSD, M)+ kSD

where M = {S, D, Sid}

S * {REQ, M, {S}, yS}

A Choose A

Compute A = A.P

A * {REQ, M, {S, A}, A, yS}

B Choose B

Compute B = B.Pand 1 = A + B

B * {REQ, M, {S, A, B}, 1, yS}

C Choose C

Compute C= C.Pand 2 = 1 + C

C * {REQ, M, {S, A, B, C}, 2, yS}

Fig 1: Secure RREQ message flow

When D receives RREQ packet from its neighboring

nodes, it checks validity ofRREQ by verifying Equation 1.

If it is true, D will accept RREQ packet; otherwise, D will

discard it.

7/29/2019 Smart Grid No

3/4

yS.P = XS.h(kSD, M) + kSD.P (1)

Then, D generates route reply (RREP) packet, which

includes the accumulated route as obtained fromRREQ, and

partial multi-signature.

TheRREPis then sent back on the reverse route as given

by the accumulated route found in the corresponding RREQ.

Intermediate nodes compute joint partial signature

parameter (si). After appending this partial signature

parameter in RREP, intermediate nodes will pass it to the

next node on route path. Upon receiving RREP, S will

compute necessary parameters. RREP algorithm for secure

RREPmessage flow is shown in Figure 2.

D Choose D

Compute D = D.P

Compute

ComputesD = xD.h(M1) + D,

whereM1 = {S, D,Sid,{S, A, B, C, D}, T}

D C {REP, M1, sD}

C ComputesC= xC.h(M1) + C, ands 1 = sD + sC

C B {REP, M1, s 1}

B ComputesB = xB.h(M1) + B, ands 2 = s 1 + sB

C B {REP, M1, s 2}

A ComputesA = xA.h(M1) + A, ands T = s 2 + sA

A S {REP, M1, s T}

S Compute

Fig 2: Secure RREP message flow

Then S will check Equation 2 to verify the multi-

signature. If it holds, S will accept received RREP packet

from the destinationD; otherwise, Swill discard it.

sT.P = XCA.eT.h(M1) + RT.h(M1) + T (2)

With this algorithm, source S can be assure that it has

authenticated destination D and all intermediary nodes, in

turn, the source route is authentic and trustworthy.

In case of route maintenance, whenever a route breaks

because of node mobility, the neighbor of the node will send

route error to the source. In order to authenticate the packet

and ensure freshness, this scheme uses digital signaturealong with nonce in route error messages.

5. ANALYSIS OF PROPOSED MECHANISM

5.1. Security Analysis

Numerous attacks such as modification attack, man-in-the-

middle (MiTM) attack, invisible node attack may be

possible in existing on-demand source routing protocol in

wireless multi-hop networks that could threaten the security

of the network.

We will evaluate the proposed scheme for several active

attacks. Due to lack of space, we have not compared with

existing schemes.

5.1.1. Resistance to modification attacks

Malicious nodes can modify the protocol fields of messages

passed among nodes. Such attacks compromise the integrity

of routing computation. By altering routing information

such as the hop count and the destination sequence number,

an attacker can cause network traffic to be dropped,

redirected to a different destination or take a long route to

the destination increasing communication delays, in turn,

could cause a denial of service attack. In this scheme, the

multi-signature scheme provides authentication during route

discovery while Schnorr signature scheme provides source

node authentication duringRREQ process.

5.1.2. Resistance to Man-In-The-Middle attacks

In active attacks, an attacker actively participates indisrupting the normal operation of the network services. A

malicious host can create an active attack by modifying

packets or by introducing false information in the ad hoc

network. It confuses routing procedures and degrades

network performance. In this scheme, every intermediate

node participates while constructing multi-signatures, which

will be verified by the source at the end of the route

discovery process. Since all nodes use self-certified public

keys, it would be difficult for malicious nodes to participate

in the route discovery process.

5.1.3. Resistance to Invisible node attacks

In the case of ad hoc network, a malicious node simplyrelays unaltered messages during route discovery, resulting

in invalid routes being returned by the routing protocol to

the requesting node. In this mechanism, RREQ packet

carries joint commitments contributed by intermediate nodes

through which RREQ packet passes. Also while a RREP

packet travels towards the source, every intermediate node it

passes through participates in the construction of a multi-

signature. Thus the source can easily detect possible

invisible node attack.

5.2. Performance Evaluation

We have used OPNET as a simulator for performance

evaluation of the secure on-demand routing protocol used inmulti-dwelling environment.

The simulation includes a network having 50 nodes, each

having radio power range of 300m and channel capacity of 1

Mbps. For this purpose, 10 source and destination pairs are

randomly selected among the 50 nodes. Continuous bit rate

(CBR) traffic sources are used. Each run executes 300

seconds of simulation time.

7/29/2019 Smart Grid No

4/4

We have assumed that an adversarial node forwards a

routing packet without appending its address on RREQ

packet and can drop some of the data packets later.

While assessing the performance of the routing scheme,

we have considered packet delivery ratio (PDR) and

Average end-to-end delay (ETED). PDR is the ratio of

number of data packet successfully delivered to destinations

to number of data packets generated by CBR sources. The

ETED indicates how long it took for a packet successfully

delivery from the CBR source to the application layer of the

destination.

Fig 3: Effect of adversaries on PDR for various schemes

Figure 3 illustrates the effect of adversaries on PDR for

proposed scheme and existing schemes on applying above-

mentioned attack. It can be seen that with the increase of

misbehaving nodes, PDR for SRP scheme decreases

dramatically because it is susceptible to such an attack. And

similar result is observed in SDSR scheme. In the case of

proposed scheme, PDR remains above 80% even for higher

percentage of misbehaving nodes. It is clear that proposed

scheme is affected in much lesser extent because it can resist

the invisible man attack and tends to prevent from such an

attack.

Fig 4: Effect of adversaries on ETE delay for various schemes

Figure 4 shows the ETE delay for proposed scheme and

other schemes. It is plotted against percentage of adversarial

nodes applying above-mentioned attack scenario. In this

figure, we can observe that the ETED in network increases

with the increase in percentage of adversaries. For higher

percentage of adversaries, say 10%, the ETED for SRP and

SDSR are much higher than that for proposed scheme.

6. CONCLUSIONS AND FUTURE WORKS

In this paper, we provide comprehensive security framework

for wireless multi-hop SMI network, capable of providingend-to-end security. The proposed scheme deploys self-

certified public keying technique along with multi-signature

scheme and Schnorr digital signature scheme to achieve

secure route discovery. We have analyzed its robustness to

various attacks. The simulation results show that the

proposed scheme is not only robust against misbehaving

activities but also better than existing protocols.

In future, we will conduct more detailed security analysis

as well as performance evaluation of the proposed protocol.

7. ACKNOWLEDGMENTS

This work was supported by the Government of Ontariounder the ORF-RE WISENSE project as well as by NSERC

under the Discovery Grants program 2011 - 2016.

8. REFERENCES

[1]ZigBee Smart Energy Profile 2.0 Technical Requirements,M.G. Stuber (Ed.), Mar 2010.

[2] L. Negri, A ZigBee Smart Energy based Metering Solution forMulti Dwelling Units, 5th European ZigBee DevelopersConference, Munich, Germany, May 2011.

[3] D.B. Johnson et. al., The Dynamic Source Routing Protocol

(DSR) for Mobile Ad Hoc Networks for IPv4, IETF RFC 4728,2007.

[4] Y.C. Hu and A. Perrig, A survey of secure wireless ad hocrouting,IEEE Security & Privacy 2(3): 2839, 2004.

[5] P. Papadimitratos and Z.J. Haas, Secure Routing for MobileAd hoc Networks, In Proc. of CNDS 2002, San Antonio, TX,USA, 2002.

[6] Y.C. Hu, et. al., ARIADNE: A Secure On-demand RoutingProtocol for Ad hoc Networks, In Proc. of MobiCom 2002,

Atlanta, Georgia, USA, 2002.

[7] J. Kim and G. Tsudik, SRDP: Secure route discovery fordynamic source routing in MANETs, Ad Hoc Networks, 7(6):

1097-1109, 2009.

[8] F. Kargl, et. al., Secure Dynamic Source Routing,In Proc. ofHICSS 2005, Hawaii, 2005.

[9] M. Girault, Self-certified public keys,In Proc of Advances in

Cryptology: Eurocrypt'91, Springer, pp. 490-497, 1991.

[10] N. Koblitz, et. al., The state of elliptic curve cryptography,Designs, Codes and Cryptography, 19(2-3), pp. 173-193, 2000.

[11] P. Schnorr, Efficient Signature Generation by Smart Cards,Journal of Cryptology 4(3): 161174, 1991.

[12] S. Micali, et. al., Accountable-subgroup multi-signatures,InProc. ACM CCS 2001, Philadelphia, PA, USA, pp. 245-254, 2001.