Sage Journals: Discover world-class research

Abstract

The smart grid system enables bidirectional communication between end users and service providers, significantly enhancing service quality. One of its critical tasks is the monitoring and processing of abnormal transaction data. However, the openness and complexity of the network environment make the system vulnerable to a variety of attacks, such as internal data tampering and eavesdropping attacks. Consequently, the storage and communication security of abnormal transaction data pose significant challenges within the architecture and communication framework of the smart grid. To address these issues, this paper proposes a security protection scheme for abnormal transaction data in smart grid system. By employing a private blockchain network composed of consensus nodes, the scheme ensures the integrity and availability of abnormal transaction data. Additionally, the proposed authentication protocol facilitates secure communication among smart meters, consensus nodes, and servers within the blockchain-based smart grid system. Security analyses demonstrate that the proposed protocol effectively mitigates security threats while offering lower computational overhead compared to related protocols.

Keywords

Smart grid system security protection scheme blockchain

Introduction

With advancements in microelectronics, information technology, and communication technology, the traditional power grid has progressively transformed into a smart grid system. This evolution enables the seamless integration of energy flow and data management across the entire electricity transmission and distribution process, spanning from power plants to end users.^1–3 The smart grid system facilitates centralized management of electricity generation, transmission, and consumption data, thereby enhancing operational efficiency, improving grid stability, and elevating service quality.^4,5 For instance, sensors deployed within the grid collect real-time data on its operational status, while cloud servers process this data to monitor grid performance and evaluate potential security risks. This interconnected infrastructure underscores the critical role of data-driven insights in ensuring the resilience and reliability of the smart grid system.

The illegal use of electricity by end users poses a significant threat to the stable operation of smart grid systems. To address this issue, abnormal transaction data monitoring has become a widely adopted approach. Power management departments increasingly rely on information technology to enable real-time analysis and processing of abnormal transaction data, aiming to enhance the operational efficiency and reliability of smart power systems.

However, the continuous expansion in the number and diversity of end users has added complexity to abnormal transaction data management, introducing new challenges to the safe operation of the smart grid, such as data opacity and centralized control.⁶ The centralized architecture of the smart grid, which relies heavily on third-party cloud servers, assumes the security of these servers. However, this assumption is often unrealistic, as it introduces security risks, including single points of failure, data loss, and data tampering.^7,8 Blockchain, as a distributed and tamper-resistant architecture, offers a promising solution to these challenges by ensuring data integrity and availability in the smart grid system. This decentralized approach not only mitigates single-point attacks on consensus nodes by adversaries but also prevents insider threats from tampering with data.^9,10

In blockchain-based smart grid systems, effective communication between cloud servers, consensus nodes, and end users is essential for sharing data.^11,12 Given the openness and complexity of the network environment, it is critical to prevent adversaries from impersonating legitimate entities and to ensure the security of abnormal transaction data communication.¹³ For instance, an adversary impersonating a smart meter to transmit false abnormal transaction data to consensus nodes could lead to inaccurate state estimations. Therefore, designing an authentication protocol is imperative to achieve secure communication among entities in a blockchain-based smart grid system.

Public key infrastructure is a widely used encryption technology that employs certificates issued by trusted certificate authorities to facilitate mutual authentication between cloud servers and users.¹⁴ However, centralized authentication protocols face challenges in adapting to the distributed nature of blockchain architectures, as they incur high certificate management costs.^15,16 Additionally, existing authentication protocols in smart grid systems often exhibit vulnerabilities, such as susceptibility to denial-of-service (DoS) attacks and replay attacks.¹⁵ Furthermore, the smart grid's high real-time requirements, coupled with the limited computational and communication resources of end users’ smart meters, necessitate lightweight authentication protocols to minimize security risks arising from communication delays.

To address these challenges, this paper proposes a security protection scheme for abnormal transaction data in smart grid systems. The main contributions are as follows:

A blockchain-based smart grid system architecture has been designed to achieve data availability and integrity. The consensus node maintains a blockchain ledger that records abnormal transaction data collected by the smart meters.

An efficient authentication protocol for blockchain-based smart grid system is proposed. The smart meters use lightweight XOR operation and hash function to achieve mutual authentication with consensus nodes and cloud server.

Related work

Recently, a growing number of authentication schemes for smart grid systems have been proposed to enhance their security and efficiency.

In 2019, Kumar et al.¹⁷ introduced a lightweight authentication and key agreement scheme for smart metering infrastructure, aiming to secure communication between smart meters and the neighborhood area network. However, Yu et al.¹⁸ identified that Kumar et al.'s scheme could not withstand session key disclosure attacks. To address this vulnerability, Yu et al. proposed a privacy-preserving lightweight authentication protocol that leverages pseudo-identities and secret parameters to achieve anonymity. Later, in 2021, Irshad et al.¹⁹ revealed that Yu et al.'s protocol was susceptible to offline identity-guessing and DoS attacks. To mitigate these threats, they developed an improved authenticated key agreement scheme.

To strengthen communication security between smart meters and service providers, Srinivas et al.²⁰ introduced an anonymous signature-based authenticated key exchange scheme. This protocol demonstrated resilience against multiple attacks, including replay and impersonation attacks. In 2020, Aghapour et al.²¹ proposed a broadcast authentication scheme utilizing a one-way hash function, coupled with a one-time pad system that negotiates a fresh key for each time interval. Subsequently, in 2021, Sureshkumar et al.²² presented a mutually authenticated key establishment protocol for secure communication between smart meters and service providers. Similarly, Tanveer et al.²³ developed a robust access control protocol for IoT-enabled smart grids, supporting mutual authentication and session key agreement while addressing resource constraints.

Identity management serves as the cornerstone of authentication schemes. In 2022, Dehalwar et al.²⁴ proposed a blockchain-based self-sovereign identity and authentication technique to tackle identity leakage issues in smart grids. Xiang et al.²⁵ introduced an authentication key agreement scheme integrating the Paillier cryptosystem and zero-knowledge proofs to ensure the anonymity of authentication messages. In the same year, Chaudhry et al.²⁶ designed a privacy-preserving authentication scheme utilizing elliptic curve cryptography, providing resistance against impersonation and physical capture attacks.

In 2023, Li et al.²⁷ proposed a blockchain-based multi-domain authentication mechanism to secure power grid devices, employing blockchain to record device certificate hashes and reduce storage requirements. Similarly, Ayub et al.²⁸ presented a privacy-centric blockchain-based authentication solution to enhance consumer-centric security and ensure the integrity of demand response data in smart grids.

In 2023, Shahidinejad et al.²⁹ proposed a computationally efficient blockchain-based key management protocol, offering forward secrecy, conditional anonymity, and straightforward smart meter revocation. Concurrently, Pei et al.³⁰ developed a blockchain-based identity authentication and data aggregation scheme to facilitate secure, two-way communication between utility companies and electricity consumers. These advancements collectively enhance the robustness and security of smart grid authentication frameworks.

System model

In this section, we first propose the network model of blockchain-based smart grid system. Then, we describe the threat model used in proposed protocol.

Network model

In the proposed network model, we consider the four kinds of entities: sever, blockchain, grid gateway node, and end user, as shown in Figure 1.

Sever: It is a fully trusted entity in the authentication protocol, responsible for publishing system parameters and registering consensus nodes and end users. The server has strong computing capability, accepts data from the end users, processes and analyzes data, and sends the results to the consensus nodes.^31,32 It also uses data collected by grid sensors to optimize the energy generation, transmission, and distribution processes and makes the final decision.

Blockchain: In order to reduce the management overhead of data, this study adopts a private chain network composed of a large number of consensus nodes. Only nodes authorized by the server can join the blockchain to execute the consensus mechanism. The blockchain ledger maintained by the consensus node has the ability to prevent data from being tampered with and lost, and its main role is to record the data uploaded by the end users and the command data issued by the server. The certainty of data plays an important role in the stable operation of the smart grid system.

Grid gateway node: It is an important component of the power transmission network that carries the power from the transmission system to the end users. It is also an information relay node with strong communication capability, responsible for the communication between the server and end users, and the communication between the consensus node and end users. It does nothing with the forwarded message. Its trust and security issues are not considered in this study.

End user: Each end user is equipped with the smart meter with limited resources, which is responsible for monitoring electricity consumption and taking action against dangerous situations. Because the communication capability of the smart meter is weak, the data sent to the server and consensus node is forwarded by the gateway via the public channels. In addition, the design of authentication protocol should consider the characteristics of limited computing resources of smart meter and adopt lightweight encryption algorithm.

Figure 1.

Network model of blockchain-based smart grid system.

Threat model

We utilize the widely used Dolev–Yao (DY) threat model to verify the security of the proposed protocol against various types of attacks.^33,34 During the authentication phase, data is transmitted among entities via the public channels. Under the DY threat model, the adversaries can intercept, steal, modify, and replay transmitted messages. The extracted message is used by the adversaries to infer power grid privacy data or infer session key. Moreover, the adversaries can also impersonate legitimate smart meters and send forged data to server and consensus node.

Proposed authentication protocol

In this section, we propose an efficient authentication protocol for blockchain-based smart grid system, which includes initialization, registration, and authentication phase. The notations used in the proposed protocol are shown in Table 1.

Table 1.

Notation used in proposed protocol.

Notation	Description
CS	Server
CN	Consensus node
SM	Smart meter
$k_{C S}$	Master key of the server
$A_{C N}$ , $B_{C N}$ , $C_{S M}$	Authentication parameters
$i d_{C N}^{}$ , $i d_{S M}^{}$ , $i d_{E U}^{}$	Identities
$p w_{E U}^{}$	Password of the end user
$t_{S M}$ , $t_{C N}$ , $t_{C S}$	Timestamps
$r_{S M}$ , $r_{C N}$ , $r_{C S}$	Random parameters
$T I D$ , $T E P$	Blind signature
$k_{S}$	Session key
$E_{K}$ (x)	Symmetric encryption of x using key K
h (.)	One-way hash function
⊕	Bitwise XOR operation

Initialization phase

The server chooses a random number as the master key $k_{C S}$ , which is used to encrypt the parameters of the consensus node and smart meter. Then, the server chooses one secure one-way hash function: h: ${$ 0, 1 $} * \to {$ 0, 1 $}^{l}$ , where $l$ -bit binary string as output for an arbitrary-length binary input string.

Registration phase

During the registration phase, the consensus node and smart meter are registered by the server and obtain the authentication parameters. These authentication parameters can be further used in the mutual authentication.

Consensus node registration: The consensus node registration phase is executed in the secure channels. Firstly, the server picks the identity $i d_{C N}^{}$ of the consensus node. Then, the server computes the consensus node authentication parameters $A_{C N}$ =h( $k_{C S}$ ) and $B_{C N}$ = $k_{C S}$ ⊕ $i d_{C N}^{}$ . Finally, the consensus node stores the tuple < $i d_{C N}^{}$ , $A_{C N}$ , $B_{C N}$ > in its memory. Figure 2 shows the consensus node registration process.

Smart meter registration: The smart meter registration phase is executed in the secure channels. Firstly, the server sets the end user's identity $i d_{E U}^{}$ and password $p w_{E U}^{}$ . Then, the server picks the identity $i d_{S M}^{}$ of the smart meter and computes the smart meter authentication parameter $C_{S M}$ =h( $i d_{S M}^{}$ ⊕ $i d_{E U}^{}$ ⊕ $p w_{E U}^{}$ )⊕ $k_{C S}$ . Finally, the smart meter stores the tuple < $i d_{S M}^{}$ , $C_{S M}$ > in its memory. Figure 3 shows the smart meter registration process.

Figure 2.

Consensus node registration process in the secure channels.

Figure 3.

Smart meter registration process in the secure channels.

Authentication phase

1. The smart meter generates the authentication parameters. Initially, the smart meter picks the parameter $r_{S M}$ and timestamp $t_{S M}$ . Then, the smart meter computes the authentication parameter $X_{S M}$ = $r_{S M}$ ⊕h( $i d_{S M}^{}$ ⊕ $i d_{E U}^{}$ ⊕ $p w_{E U}^{}$ ) and blind signature $T I D_{S M}$ =h( $r_{S M}$ ⊕ $i d_{S M}^{}$ ⊕ $p w_{E U}^{}$ ⊕ $t_{S M}$ ), and encrypts the authentication parameter $E_{1}$ = $E_{(C_{S M} \oplus r_{S M})}$ ( $r_{S M}$ , $i d_{S M}^{}$ , $p w_{E U}^{}$ ). Finally, the smart meter sends the tuple < $M_{1}$ > to the consensus node, where $M_{1}$ = < $X_{S M}$ , $E_{1}$ , $T I D_{S M}$ , $t_{S M}$ >.

2. Upon receiving the parameters tuple < $X_{S M}$ , $E_{1}$ , $T I D_{S M}$ , $t_{S M}$ >, the consensus node first checks the validity of T - $t_{S M}$ < Δt, where T is the time when the consensus node receives the parameters tuple, and Δt is an acceptable transmission delay. If the condition satisfies, the consensus node picks the parameter $r_{C N}$ and timestamp $t_{C N}$ . Then, the consensus node computes the authentication parameters $X_{C N}$ = $A_{C N}$ ⊕ $r_{C N}$ , $Y_{C N}$ = $B_{C N}$ ⊕ $r_{C N}$ , and the blind signature $T I D_{C N}$ =h( $i d_{C N}^{}$ ⊕ $r_{C N}^{}$ ⊕ $t_{C N}$ ). Finally, the consensus node sends the parameters tuple < $M_{1}$ , $M_{2}$ > to the server, where $M_{2}$ =< $X_{C N}$ , $Y_{C N}$ , $T I D_{C N}$ , $t_{C N}$ >. The overall process of the smart meter and consensus node generates the authentication requests as shown in Algorithm 1.

Algorithm 1.

Smart Meter and Consensus Node Generate Authentication Requests

Input: Parameter tuple $< i d_{S M}, i d_{C N}, A_{C N}, B_{C N}, C_{S M} >$ .
Output: Request tuple $< M_{1}, M_{2} >$ .
Begin
1) For smart meter do
Picks parameter $r_{S M}$ and timestamp $t_{S M}$ .
Computes $X_{S M} = r_{S M} \oplus h (i d_{S M} \oplus i d_{E U} \oplus p w_{E U})$ ,
$T I D_{S M} = h (r_{S M} \oplus i d_{S M} \oplus p w_{E U} \oplus t_{S M})$ ,
$E_{1} = E_{(C_{S M} \oplus r_{S M})} (r_{S M}, i d_{S M}, p w_{E U})$ .
Sends $M_{1} =< X_{S M}, E_{1}, T I D_{S M}, t_{S M} >$
to consensus node.
2) For consensus node do
Receives $M_{1}$ .
Checks validity of $t_{S M}$ .
Picks parameter $r_{C N}$ and timestamp $t_{C N}$ .
Computes $X_{C N} = A_{C N} \oplus r_{C N}, Y_{C N} = B_{C N} \oplus r_{C N}$ ,
$T I D_{C N} = h (i d_{C N} \oplus r_{C N} \oplus t_{C N})$ .
Sends $M_{1}$ , $M_{2} =< X_{C N}, Y_{C N}, T I D_{C N}, t_{C N} >$
to server.
End

3. On the receipt of the parameters tuple from the consensus node, the server checks the validity of the timestamps $t_{S M}$ and $t_{C N}$ . If the condition satisfies, the server computes the consensus node authentication parameters $r_{C N} *$ =h( $k_{C S}$ )⊕ $X_{C N}$ , $i d_{C N} *$ = $Y_{C N}$ ⊕ $k_{C S}$ ⊕ $r_{C N}$ and the blind signature $T I D_{C N} *$ =h( $i d_{C N} *$ ⊕ $r_{C N} *$ ⊕ $t_{C N}^{}$ ). Then, the server checks whether the computed $T I D_{C N} *$ is equal to $T I D_{C N}$ . If the condition satisfies, the server decrypts D( $E_{1}$ ) $_{(X_{S M} \oplus k_{C S})}$ to obtain the smart meter authentication parameters ( $r_{S M} *$ , $i d_{S M} *$ , $p w_{E U} *$ ) and computes the blind signature $T I D_{S M} *$ =h( $r_{S M} *$ ⊕ $i d_{S M} *$ ⊕ $p w_{E U} *$ ⊕ $t_{S M}$ ). Then, it checks whether the computed $T I D_{S M} *$ is equal to $T I D_{S M}$ .

If the condition satisfies, the server picks the parameter $r_{C S}$ and timestamp $t_{C S}$ . Next, the server computes the authentication parameter $α_{S M}$ =h( $p w_{E U} *$ )⊕ $i d_{C N} *$ ⊕ $r_{C N} *$ ⊕ $r_{C S}$ and the blind signature $T E P_{S M}$ =h( $i d_{C N} *$ ⊕ $r_{C N} *$ ⊕ $r_{C S}$ ⊕ $t_{C S}$ ) for the authentication of the smart meter, and computes the parameters $β_{C N}$ =h( $i d_{C N} *$ )⊕ $i d_{S M} *$ ⊕ $r_{S M} *$ ⊕ $r_{C S}$ , $T E P_{C N}$ =h( $i d_{S M} *$ ⊕ $r_{S M} *$ ⊕ $r_{C S}$ ⊕ $t_{C S}$ ) for the authentication of the consensus node. Then, the server computes the session key $k_{S}$ =h( $i d_{C N} *$ ⊕ $i d_{S M} *$ ⊕ $r_{C N} *$ ⊕ $r_{S M} *$ ⊕ $r_{C S}$ ). Finally, the server sends $M_{3}$ =< $β_{C N}$ , $T E P_{C N}$ , $t_{C S}$ > and $M_{4}$ = < $α_{S M}$ , $T E P_{S M}$ , $t_{C S}$ > to the consensus node and smart meter, respectively. The overall process of the server generates the session key as shown in Algorithm 2.

Algorithm 2.

Server Generates Session Key

Input: Master key

< k_{C S} >

Output: Session key

< k_{S} >

Begin

1) For server do

Checks validity of

t_{S M}

t_{C N}

Computes

r_{C N} * = h (k_{C S}) \oplus X_{C N}

i d_{C N} * = Y_{C N} \oplus k_{C S} \oplus r_{C N}

T I D_{C N} * = h (i d_{C N} * \oplus r_{C N} * \oplus t_{C N})

Checks

T I D_{C N} * = T I D_{C N}

Computes

(r_{S M} *, i d_{S M} *, p w_{E U} *) = D_{(X_{S M} \oplus k_{C S})} (E_{1})

T I D_{S M} * = h (r_{S M} * \oplus i d_{S M} * \oplus p w_{E U} * \oplus t_{S M})

Checks

T I D_{S M} * = T I D_{S M}

If so, picks parameter

r_{C S}

and timestamp

t_{C S}

Computes

α_{S M} = h (p w_{E U} *) \oplus i d_{C N} * \oplus r_{C N} * \oplus r_{C S}

T E P_{S M} = h (i d_{C N} * \oplus r_{C N} * \oplus r_{C S} \oplus t_{C S})

β_{C N} = h (i d_{C N} *) \oplus i d_{S M} * \oplus r_{S M} * \oplus r_{C S}

T E P_{C N} = h (i d_{S M} * \oplus r_{S M} * \oplus r_{C S} \oplus t_{C S})

k_{S} = h (i d_{C N} * \oplus i d_{S M} * \oplus r_{C N} * \oplus r_{S M} * \oplus r_{C S})

Sends

M_{3} =< β_{C N}, T E P_{C N}, t_{C S} >

to consensus node.

Sends

M_{4} =< α_{S M}, T E P_{S M}, t_{C S} >

to smart meter.

End

4. Upon receiving $M_{3}$ from the server, the consensus node checks the validity of the timestamps $t_{C S}$ . If it is valid, the consensus node computes $β_{C N}$ ⊕h( $i d_{C N}^{}$ ) to obtain the authentication parameter ( $i d_{S M} *$ ⊕ $r_{S M} *$ ⊕ $r_{C S} *$ ) . Then, it computes the blind signature $T E P_{C N} *$ =h( $i d_{S M} *$ ⊕ $r_{S M} *$ ⊕ $r_{C S} *$ ⊕ $t_{C S}$ ) and checks whether the computed $T E P_{C N} *$ is equal to $T E P_{C N}$ . If the condition satisfies, the consensus node computes the session key $k_{S}$ =h( $i d_{C N}$ ⊕ $i d_{S M} *$ ⊕ $r_{C N}$ ⊕ $r_{S M} *$ ⊕ $r_{C S} *$ ).

5. When $M_{4}$ is received, the smart meter checks the validity of the timestamps $t_{C S}$ . If it is valid, the smart meter computes $α_{S M}$ ⊕h( $p w_{E U}^{}$ ) to obtain the authentication parameter ( $i d_{C N} *$ ⊕ $r_{C N} *$ ⊕ $r_{C S} *$ ). Then, it computes the blind signature $T E P_{S M} *$ =h( $i d_{C N} *$ ⊕ $r_{C N} *$ ⊕ $r_{C S} *$ ⊕ $t_{C S}$ ) and checks whether the computed $T E P_{S M} *$ is equal to $T E P_{S M}$ . If the condition satisfies, the smart meter computes the session key $k_{S M}$ = h( $i d_{C N} *$ ⊕ $i d_{S M}$ ⊕ $r_{C N} *$ ⊕ $r_{S M}$ ⊕ $r_{C S} *$ ) (Table 2). The overall process of the smart meter and consensus node generate the session key as shown in Algorithm 3.

Algorithm 3.

Smart Meter and Consensus Node Generate Session Key

Input: Parameter tuple

< i d_{S M}, i d_{C N}, A_{C N}, B_{C N}, C_{S M} >

Output: Session key

< k_{S} >

Begin

1) For consensus node do

Checks validity of

t_{C S}

Computes

(i d_{S M} * \oplus r_{S M} * \oplus r_{C S} *) = β_{C N} \oplus h (i d_{C N})

T E P_{C N} * = h (i d_{S M} * \oplus r_{S M} * \oplus r_{C S} * \oplus t_{C S})

Checks

T E P_{C N} * = T E P_{C N}

Computes

k_{S} = h (i d_{C N} \oplus i d_{S M} * \oplus r_{C N} \oplus r_{S M} * \oplus r_{C S} *)

2) For smart meter do

Checks validity of

t_{C S}

Computes

(i d_{C N} * \oplus r_{C N} * \oplus r_{C S} *) = α_{S M} \oplus h (p w_{E U})

T E P_{S M} * = h (i d_{C N} * \oplus r_{C N} * \oplus r_{C S} * \oplus t_{C S})

Checks

T E P_{S M} * = T E P_{S M}

Computes

k_{S M} = h (i d_{C N} * \oplus i d_{S M} \oplus r_{C N} * \oplus r_{S M} \oplus r_{C S} *)

End

Secure analysis

In this section, we introduce the security of proposed protocol against the hypothetical threat model and compare its security features with other related protocols.

Table 2.

Comparison of security features.

Feature	³⁵	³⁶	³⁷	Ours
Mutual authentication	×	√	√	√
Session key agreement	√	√	√	√
Anonymity	√	√	√	√
Message integrity	√	×	×	√
Resist eavesdropping attack	√	√	√	√
Resist replay attack	√	×	×	√
Resist offline password guessing	√	√	√	√
Resist impersonation attack	√	×	×	√

Security feature analysis

We discuss the security features of the protocol, including mutual authentication, session key agreement, anonymity, message integrity, resist eavesdropping attack, resist replay attack, resist offline password guessing, and resist impersonation attack.

Mutual authentication: Mutual authentication means that two transmitters confirm that each other is a legitimate entity in the network before establishing communication. In the proposed protocol, the server checking the legitimacy of smart meter and consensus nodes by verifying the blind signatures $T I D_{S M}$ and $T I D_{C N}$ . Similarly, the smart meters and consensus nodes confirm the legitimacy of server by verifying blind signatures $T E P_{C N}$ and $T E P_{S M}^{}$ . Therefore, the proposed protocol supports mutual authentication.

Session key agreement: The smart meter, consensus node, and server all participate in the session key agreement, contributing parameters $r_{S M}$ , $r_{C N}$ , and $r_{C S}$ , respectively. The negotiated session key $k_{S}$ =h( $i d_{C N}$ ⊕ $i d_{S M}$ ⊕ $r_{C N}$ ⊕ $r_{S M}$ ⊕ $r_{C S}$ ) is used to encrypt the transmitted data for secure communication among entities. Therefore, the proposed protocol realizes session key agreement.

Anonymity: The identities $i d_{E U}$ , $i d_{S M}$ , $i d_{C N}$ , and $i d_{C S}$ of end user, smart meter, consensus node, and server are not transmitted in the public channel. Thus, the proposed protocol provides anonymity.

Message integrity: The proposed protocol uses hash function to achieve message integrity. For example, the smart meter sends $M_{1}$ =< $X_{S M}$ , $E_{1}$ , $T I D_{S M}$ , $t_{S M}$ > to the server. After receiving the messages, the server computes $T I D_{S M} *$ using parameters $r_{S M} *$ , $i d_{S M} *$ , $p w_{E U} *$ , and $t_{S M}$ . If $T I D_{S M} *$ = $T I D_{S M}$ , then the messages have not been modified. Therefore, the proposed protocol ensures message integrity.

Resist eavesdropping attack: The secret data sent by the smart meter, consensus node, and server are protected by XOR operation, hash function, and symmetric encryption, and cannot be directly obtained by adversaries. Therefore, the proposed protocol can resist eavesdropping attack.

Resist replay attack: Replay attack refers to the adversary resending eavesdropped messages to the legitimate entity. The proposed protocol uses timestamps to ensure the freshness of messages. If the timestamp expires, the message is invalid. Thus, the proposed protocol can resist replay attack.

Resist offline password guessing: The private key $p w_{E U}^{}$ of the end user is protected by the symmetric encryption $E_{1}$ = $E_{(C_{S M} \oplus r_{S M})}$ ( $r_{S M}$ , $i d_{S M}^{}$ , $p w_{E U}^{}$ ), and the adversary can only decrypt the private key by obtaining parameters $C_{S M}$ and $r_{S M}$ . However, the parameter $C_{S M}$ is transmitted via a secure channel and cannot be obtained by the adversaries. Therefore, the proposed protocol can resist offline password guessing attack.

Resist impersonation attack: In this attack, the adversary attempts to impersonate smart meter by generating blind signature $T I D_{S M}$ =h( $r_{S M}$ ⊕ $i d_{S M}^{}$ ⊕ $p w_{E U}^{}$ ⊕ $t_{S M}$ ). However, the adversary cannot generate the valid identity $i d_{S M}^{}$ and password $p w_{E U}^{}$ , which cannot be verified by the server. Hence, adversary will fail to impersonate smart meter.

Functionality comparison

Table 3 shows the comparison of security features between the proposed protocol and related protocols. Moghadam et al.'s³⁵ protocol only supports session key agreement and does not support mutual authentication among entities. In Zhang et al.'s³⁶ protocol and Mehta et al.'s³⁷ protocol, message integrity and timeliness verification mechanisms are not considered, so the protocol is also unable to resist impersonation attack. In addition, it can be seen that our proposed protocol has more security features and can resist a variety of well-known attacks.

Table 3.

This is a sample of a table title computation cost analysis of three protocols.

Protocol	Smart meter	Server
³⁵	2 $T_{E / D}^{}$ + 9 $T_{H}^{}$	2 $T_{E / D}^{}$ + 8 $T_{H}^{}$
³⁶	$T_{E / D}^{}$ + 7 $T_{H}^{}$	3 $T_{E / D}^{}$ + 9 $T_{H}^{}$
³⁷	2 $T_{E / D}^{}$ + 2 $T_{H}^{}$	2 $T_{E / D}^{}$ + 2 $T_{H}^{}$
Ours	16 $T_{X O R}^{}$ + $T_{E / D}^{}$ + 5 $T_{H}^{}$	24 $T_{X O R}^{}$ + $T_{E / D}^{}$ + 8 $T_{H}^{}$

Performance evaluation

In this section, we evaluate the proposed protocol and compare it with related protocols^35–37 from the perspectives of computation cost and communication overhead.

Computation cost

The proposed protocol is simulated based on Python program on the Ubuntu 18.04 workstation with Intel Core i7–10700 CPU @2.9 GHz and 8 GB memory. We use $T_{X O R}^{}$ , $T_{E / D}^{}$ , and $T_{H}^{}$ to represent the time for performing a XOR operation, a symmetric decryption/encryption operation, and a one-way hash function.

In the authentication phase of the proposed protocol, the smart meter performs 16 XOR operations, one symmetric encryption, and five hash functions; the computation cost required for the smart meter is 16 $T_{X O R}^{}$ + $T_{E / D}^{}$ + 5 $T_{H}^{}$ . The consensus node performs 14 XOR operations and four hash functions; it requires 14 $T_{X O R}^{}$ + 4 $T_{H}^{}$ . The server performs 24 XOR operations, one symmetric encryption, and eight hash functions; it requires 24 $T_{X O R}^{}$ + $T_{E / D}^{}$ + 8 $T_{H}^{}$ .

There is less research on blockchain-based for smart power grid authentication protocols. This study only discusses the computation cost comparison of the smart meter and server. In Moghadam et al.'s³⁵ protocol, the smart meter performs two symmetric encryptions and nine hash functions, and the server performs two symmetric encryptions and eight hash functions. In Zhang et al.'s³⁶ protocol, the smart meter performs seven symmetric encryptions and one hash function, and the server performs three symmetric encryptions and nine hash functions. Table 3 lists the computation cost analysis between the proposed protocol and other two related protocols in the meter and server. In Mehta et al.'s³⁷ protocol, the smart meter performs two symmetric encryptions and two hash functions, and the server performs two symmetric encryptions and two hash functions.

The computation cost comparison results of the proposed protocol and related protocols are shown in Figures 4 and 5 respectively. It can be seen from the figure that the proposed protocol has the lowest computation cost of smart meter and server.

Figure 4.

Computation cost comparison for smart meter.

Figure 5.

Computation cost comparison for server.

Communication overhead

As per the Meng et al.'s³⁸ protocol, we assume that the size of a random number, the size of a time stamp, and the size of hash function output are 32 bytes, 4 bytes, and 32 bytes, respectively. The size of AES-128 symmetric decryption/ encryption algorithm is a multiple of 16 bytes.

In proposed scheme, the authentication parameters < $X_{S M}$ , $E_{1}$ , $T I D_{S M}$ , $t_{S M}$ > of smart meter requires (32 + 96 + 32 + 4) = 164 bytes, the authentication parameters < $α_{S M}$ , $T E P_{S M}$ , $t_{C S}$ > of server requires (32 + 32 + 4) = 68 bytes, where the size of $E_{1}$ = $E_{(C_{S M} \oplus r_{S M})}$ ( $r_{S M}$ , $i d_{S M}^{}$ , $p w_{E U}^{}$ ) is (32 + 32 + 32) = 96 bytes. The total message size is 232 bytes.

In Moghadam et al.'s³⁵ protocol, the smart meter sends the parameters < $E_{(k)}$ ( $R e q$ , $T_{i}^{}$ , $P$ ), $E_{(k)}$ ( $T_{i}^{}$ , $N$ , $L_{2}^{}$ )> to the server, the communication overhead of smart meter is (80 + 80) = 160 bytes. Besides, the server sends the parameters < $E_{(k)}$ ( $T_{i}^{}$ , $M$ , $L_{1}^{}$ ), $E_{(k)}$ ( $T_{i}^{}$ , $L_{3}^{}$ )> to the smart meter, the communication overhead of server is (80 + 48) = 128 bytes. Therefore, the total communication overhead of Moghadam et al.'s³⁵ protocol is 288 bytes.

In Zhang et al.'s³⁶ protocol, the smart meter sends the parameters < $M_{i}^{}$ , $X_{i}^{}$ , $A u t h_{j i}^{}$ > to the server, the communication overhead of smart meter is (64 + 32 + 32) = 128 bytes. Besides, the server sends the parameters < $A u t h_{j i}^{}$ , $A c k_{j i}^{}$ > to the smart meter, the communication overhead of server is (128 + 32) = 160 bytes. Therefore, the total communication overhead of Zhang et al.'s³⁶ protocol is 288 bytes.

In Mehta et al.'s³⁷ protocol, the smart meter sends the parameters < $S I D_{S M}^{i}$ , $t_{1}^{}$ , $E_{2}$ , $t_{5}^{}$ > to the server, the communication overhead of smart meter is (32 + 4 + 576 + 4) = 616 bytes. Besides, the server sends the parameters < $E_{1}$ , $t_{3}^{}$ > to the smart meter, the communication overhead of server is (544 + 4) = 548 bytes. Therefore, the total communication overhead of Mehta et al.'s³⁷ protocol is 1164 bytes.

Table 4 illustrates the communication overhead comparison between the proposed protocol and other related protocols. From this table, it is clear that our protocol has the lowest communication overhead.

Table 4.

Communication overhead comparison.

Protocol	Total communication overhead	No. of msgs.
³⁵	232 bytes	4
³⁶	288 bytes	4
³⁷	1164 bytes	3
Ours	232 bytes	2

Conclusion

This paper proposes a security protection scheme for abnormal transaction data in smart grid system. By combining blockchain with the smart grid structure, the blockchain ledger maintained by consensus nodes ensures the integrity and availability of abnormal transaction data. In addition, the authentication protocol achieves communication security among entities in the power grid system. Finally, the security analysis and performance evaluation demonstrate that the proposed protocol provides strong security guarantees while achieving lower computational costs and communication overhead compared to related protocols.

Footnotes

Acknowledgement

This work was partially supported by the National Natural Science Foundation of China under Grants 62472168, 62072170, and 61976087, the Science and Technology Project of the Department of Communications of Hunan Provincial under Grant 202101, the Key Research and Development Program of Hunan Province under Grant 2022GK2015, and the Hunan Provincial Natural Science Foundation of China under Grants 2021JJ30141 and 2024JJ6066, and the Research Foundation of Education Bureau of Hunan Province of China under Grant 23B0288.

Author contributions

Conceptualization and writing original draft: Lijun Xiao and Dezhi Han. Editing: Xiangwei Meng and Meiguo Ke. Investigation and validation: Dacheng He.

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Ethical statement

I certify that this manuscript is original and has not been published and will not be submitted elsewhere for publication while being considered by editors. The study is not split up into several parts to increase the quantity of submissions and submitted to various journals or to one journal over time. No data have been fabricated or manipulated (including images) to support your conclusions. No data, text, or theories by others are presented as if they were our own. The submission has been received explicitly from all co-authors. And authors whose names appear on the submission have contributed sufficiently to the scientific work and therefore share collective responsibility and accountability for the results. This article does not contain any studies with human participants or animals performed by any of the authors.

Funding

The authors disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was partially supported by the National Natural Science Foundation of China under Grants 62472168, 62072170 and 61976087, the Science and Technology Project of the Department of Communications of Hunan Provincial under Grant 202101, the Key Research and Development Program of Hunan Province under Grant 2022GK2015, and the Hunan Provincial Natural Science Foundation of China under Grant 2021JJ30141.

Data Availability Statement

Data sharing not applicable to this article as no datasets were generated or analyzed during the current study.

Informed consent

Informed consent was obtained from all individual participants included in the study.

ORCID iD

Xiangwei Meng

References

Rivas

AEL

Abrao

. Faults in smart grid systems: monitoring, detection and classification. Electr Power Syst Res 2020; 189: 106602.

Kaur

Islam

Mahmud

, et al. Energy forecasting in smart grid systems: recent advancements in probabilistic deep learning. IET Gener, Transm Distrib 2022; 16: 4461–4479.

Dileep

. A survey on smart grid technologies and applications. Renew Energy 2020; 146: 2589–2625.

Syed

Zainab

Ghrayeb

, et al. Smart grid big data analytics: survey of technologies, techniques, and applications. IEEE Access 2020; 9: 59564–59585.

Kumari

Tanwar

. Secure data analytics for smart grid systems in a sustainable smart city: challenges, solutions, and future directions. Sustain Comput: Inf Syst 2020; 28: 100427.

Tufail

Parvez

Batool

, et al. A survey on cybersecurity challenges, detection, and mitigation techniques for the smart grid. Energies 2021; 14: 5894.

Zhang

Liang

, et al. A caching-based dual k-anonymous location privacy-pre- serving scheme for edge computing. IEEE Internet Things J 2023; 10: 9768–9781.

Shi

, et al. Push–pull gradient methods for distributed optimization in networks. IEEE Trans Autom Control 2020; 66: 1–16.

Liang

Liu

Yang

, et al. On identity, transaction, and smart contract privacy on permissioned and permissionless blockchain: a comprehensive survey. ACM Comput Surv 2024; 56: 1–35.

10.

Wang

Qiu

, et al. Blockchain-based data deduplication and distributed audit for shared data in cloud-fog computing-based VANETs. IEEE Trans Netw Serv Manage 2024; 21: 5548–5565.

11.

Mengelkamp

Notheisen

Beer

, et al. A blockchain-based smart grid: towards sustainable local energy markets. Comput Sci-Res Dev 2018; 33: 207–214.

12.

Hassan

Rehmani

Chen

. Optimizing blockchain based smart grid auctions: a green revolution. IEEE Trans Green Commun Netw 2021; 6: 462–471.

13.

Liang

Xie

Li K

, et al. MC-DSC: a dynamic secure resource configuration scheme based on medical consortium blockchain. IEEE Trans Inf Forensics Secur 2024; 19: 3525–3538.

14.

Tong

Chen

Wang

, et al. CCAP: a complete cross-domain authentication based on blockchain for internet of things. IEEE Trans Inf Forensics Secur 2022; 17: 3789–3800.

15.

Liu

Liang

Xie

, et al. LightPay: a lightweight and secure off-chain multi-path payment scheme based on adapter signatures. IEEE Trans Serv Comput 2023; 17: 1622–1635.

16.

Hong

Yang

Liang

, et al. Secure access control for electronic health records in blockchain-enabled consumer Internet of Medical Things. IEEE Trans Consumer Electron 2023; 70: 4574–4584.

17.

Kumar

Gurtov

Sain

, et al. Lightweight authentication and key agreement for smart metering in smart energy networks. IEEE Trans Smart Grid 2018; 10: 4349–4359.

18.

Park

Lee

, et al. Privacy-preserving lightweight authentication protocol for demand response management in smart grid environment. Appl Sci 2020; 10: 1758.

19.

Irshad

Chaudhry

Alazab

, et al. A secure demand response management authentication scheme for smart grid. Sustain Energy Technol Assess 2021; 48: 101571.

20.

Srinivas

Das

, et al. Designing anonymous signature-based authenticated key exchange scheme for internet of things-enabled smart grid systems. IEEE Trans Ind Inf 2020; 17: 4425–4436.

21.

Aghapour

Kaveh

Martín

, et al. An ultra-lightweight and provably secure broadcast authentication protocol for smart grid communications. IEEE Access 2020; 8: 125477–125487.

22.

Sureshkumar

Anandhi

Amin

, et al. Design of robust mutual authentication and key establishment security protocol for cloud-enabled smart grid communication. IEEE Syst J 2020; 15: 3565–3572.

23.

Tanveer

Kumar

Naushad

, et al. A robust access control protocol for the smart grid systems. IEEE Internet Things J 2021; 9: 6855–6865.

24.

Dehalwar

Kolhe

Deoli

, et al. Blockchain-based trust management and authentication of devices in smart grid. Clean Eng Technol 2022; 8: 100481.

25.

Xiang

Cao

. An efficient authenticated key agreement scheme supporting privacy-preservation for smart grid communication. Electr Power Syst Res 2022; 203: 107630.

26.

Chaudhry

Yahya

Garg

, et al. LAS-SG: an elliptic curve-based lightweight authentication scheme for smart grid environments. IEEE Trans Ind Inf 2022; 19: 1504–1511.

27.

Zhang

Wang

, et al. A blockchain-based cooperative authentication mechanism for smart grid. Appl Sci 2023; 13: 6831.

28.

Ayub

Mahmood

, et al. Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication. IEEE Trans Consumer Electron 2024; 70: 1370–1379.

29.

Shahidinejad

Abawajy

Huda

. Highly-secure yet efficient blockchain-based CRL-free key management protocol for IoT-enabled smart grid environments. IEEE Trans Inf Forensics Secur 2024; 19: 6738–6750.

30.

Pei

Hou

Zhou

, et al. Blockchain-based anonymous authentication and data aggregation for advanced metering infrastructure in smart grid. Int J Crit Infrastruct Protect 2024; 46: 100702.

31.

Peng

Yang

, et al. Drug repositioning via multi-view representation learning with heterogeneous graph neural network. IEEE J Biomed Health Inf 2024. DOI: https://doi.org/10.1109/JBHI.2024.3434439.

32.

Xie

Wen

, et al. Finemon: an innovative adaptive network telemetry scheme for fine-grained, multi-metric data monitoring with dynamic frequency adjustment and enhanced data recovery. Proce ACM Manage Data 2024; 2: 1–26.

33.

Meng

Liu

Meng

, et al. A lightweight group authentication protocol for blockchain-based vehicular edge computing networks. IEEE Trans Intell Transp Syst 2024; 25: 8556–8567.

34.

Liang

, et al. Qos prediction and adversarial attack protection for distributed services under dlaas. IEEE Trans Comput 2024; 73: 669–682.

35.

Moghadam

Nikooghadam

Mohajerzadeh

, et al. A lightweight key management protocol for secure communication in smart grids. Electr Power Syst Res 2020; 178: 106024.

36.

Zhang

Zhao

Yin

, et al. A lightweight authentication scheme with privacy protection for smart grid communications. Fut Gener Comput Syst 2019; 100: 770–778.

37.

Mehta

Parne

Patel

. PF-AKA: PUF-FSM based authentication and key agreement framework for IoT based smart grid networks. Cluster Comput 2024: 1–19.

38.

Meng

Yang

, et al. A novel multi-party authentication scheme for FCN-based MIoT systems in natural language processing environment. ACM Trans Asian Low-Res Lang Inf Proces 2023. DOI: https://doi.org/10.1145/3590149.

A security protection scheme for abnormal transaction data in smart grid system

Abstract

Keywords

Introduction

Related work

System model

Network model

Threat model

Proposed authentication protocol

Initialization phase

Registration phase

Authentication phase

Secure analysis

Security feature analysis

Functionality comparison

Performance evaluation

Computation cost

Communication overhead

Conclusion

Footnotes

Acknowledgement

Author contributions

Declaration of conflicting interests

Ethical statement

Funding

Data Availability Statement

Informed consent

ORCID iD

References