Identity Based Cryptography for Smart-grid Protection

Identity Based Cryptography for Smart-grid Protection

MICKAELAVRIL Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] LAURIEBASTA Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] LAURENT BOUILLET Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] ABDERRAHMANDAIF Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] GREGORYLANDAIS Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] C ´EDRICTAVERNIER Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected]

Abstract:The smart grid offers secure and intelligent energy distribution systems that delivers energy from

suppli-ers to consumsuppli-ers based on two-way demand and response digital communication technologies to control appliances at consumers homes to save energy and increase reliability. The smart grid improves existing energy distribution systems with digital information management and advanced metering systems. Increased interconnectivity and automation over the grid systems presents new challenges for security and its management. Cryptographic key management involved multiple components of the Smart Grid such as: advanced metering infrastructure, demand response systems, home area networks (HANs), neighborhood area networks that connect the home to utility systems, supervisory control and data acquisition (SCADA) systems that control generation, transmission and dis-tribution systems and plugin electric vehicles. Smart grid requires the design of a mutual authentication scheme and a key management protocol that keep the exchanges safe between the consumers and suppliers. This paper pro-poses efficient techniques that use the advantages of identity based cryptography to improve the resiliency against an insider or outsider attacker. We present how a hierarchical form of identity based cryptography is particularly in phase with the complex networks requirements such as the Smart grid ones.

Key–Words:Cryptography, IBE, IBS, HIBE, Smart-grids

1

Introduction

A Smart grid delivers electricity from suppliers to consumers using analogue or digital information and communications technologies to gather and act on in-formation, such as information about the behaviours of suppliers and consumers, in an automated fash-ion to improve the efficiency, reliability, economics, and sustainability of the production and distribution of electricity. In other terms Smart grid can be seen as a complex Scada network. This kind of technolo-gies are the favorite field of game for the hackers since the virus stuxnet [1] has caused damaged in the nu-clear project of Iran. Nevertheless cyber security must address not only deliberate attacks launched by

cy-Figure 1: Smart grid example [2]

ber criminals, but also inadvertent compromises of the information structures due to user errors, equipment

failures etc. Finally, additional risks to the grid in-clude [3]:

• Increasing the complexity of the grid could in-troduce vulnerabilities and increase exposure to potential attackers and unintentional errors • Interconnected networks can introduce common

vulnerabilities;

• Increasing vulnerabilities to communication dis-ruptions and the introduction of malicious soft-ware/firmware or compromised hardware could result in denial of service (DoS) or other mali-cious attacks;

• Increased number of entry points and paths are available for potential adversaries to exploit; • Interconnected systems can increase the amount

of private information exposed and increase the risk when data is aggregated;

• Increased use of new technologies can introduce new vulnerabilities; and

• Expansion of the amount of data that will be collected that can lead to the potential for com-promise of data confidentiality, including the breach of customer privacy.

Logical security architecture overview. Smart Grid technologies will introduce millions of new com-ponents to the electric grid. Many of these com-ponents are critical to interoperability and reliability, will communicate bidirectionally, and will be tasked with maintaining confidentiality, integrity, availabil-ity (CIA) vital to power systems operation and non-repudiation for the transaction. By definition, we de-note:

• Confidentiality: Preserving authorized restric-tions on information access and disclosure, in-cluding means for protecting personal privacy and proprietary information.

• Integrity: means maintaining and assuring the accuracy and consistency of data over its en-tire life-cycle

• Availability: means that the computing systems used to store and process the information, the se-curity controls used to protect it, and the commu-nication channels used to access it must be func-tioning correctly.

• Non-repudiation: Implies one’s intention to ful-fill their obligations to a contract. It also implies that one party of a transaction cannot deny hav-ing received a transaction nor can the other party deny having sent a transaction.

Except for the availability which is not directly concerned, these criterion can be solved by using a key management system like the well known PKI (public key infrastructure). Unfortunately, as the di-mension and the complexity of the smart grids are such that a PKI brings more problems than it can solve (see [3]).

Key Management Issues. All security protocols rely on the existence of a security association (SA). SAs contain all the information required for execution of various network security services. An SA can be authenticated or unauthenticated. The establishment of an authenticated SA requires that at least one party possess some sort of credential that can be used to pro-vide assurance of identity or device attributes to oth-ers. In general two types of credentials are common: secret keys that are shared between entities (e.g., de-vices), and (digital) public key certificates for key es-tablishment (i.e. for transporting or computing the se-cret keys that are to be shared). Public key certificates are used to bind user or device names to a public key through some third-party attestation model, such as a PKI.

Applying the defense-in-depth strategy with the classical Onion structure (see Fig 2) could require many appliances and protocols (radius servers, VPN, SSH, Firewall,...) and ideally a notion of role based access because specific action is authorized by only specific authorized people. In fact, as each layer has to be protected almost independently from the other, it complexifies a lot the architecture and the key man-agement which is crucial for these concerned appli-ances and protocols. Theoretically, Public key infras-tructure (PKI) solutions address many of the problems that surround key management, but Operating it for generating and handling certificates can also require a significant amount of overhead and is typically not appropriate for small and some mid-sized systems. A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke dig-ital certificates. In cryptography, a PKI is an arrange-ment that binds public keys with respective user iden-tities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of CA. The binding is es-tablished through the registration and issuance pro-cess, which, depending on the level of assurance the

Figure 2: Onion model of defense in depth [4]

binding has, may be carried out by software at a CA, or under human supervision. The PKI role that as-sures this binding is called the registration authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation. Hence PKI-based solution

Figure 3: Public key infrastructure scheme[5] can have a high cost of entry, but requires only one certificate per device (as opposed to one key per pair of communicating devices), and may be more appro-priate for large systems, depending on the number of possible communicating pairs of devices. In fact, the largest users of digital certificates are the Department of Defense and large enterprises. We refer directly to the rapport of Nist ([3]) for a complete description of the issues of using a PKI for Smart grids.

IBE (Identity based encryption), IBS (Identity based signature) as an alternative solution. The idea of IBC (Identity based cryptography) appeared in 1984 in [6], but without the introduction of ellip-tic curves. The bilinear pairing appears in 2001 [7]. Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Pri-vate Key Generator (PKG), generates the correspond-ing private keys. To operate, the PKG first publishes a master public key, and retains the corresponding master private key (referred to as master key). Given the master public key, any party can compute a pub-lic key corresponding to the identity ID by combin-ing the master public key with the identity value. To obtain a corresponding private key, the party autho-rized to use the identity ID contacts the PKG, which uses the master private key to generate the private key for identity ID. As a result, parties may encrypt mes-sages (or verify signatures) with no prior distribution of keys between individual participants. This is ex-tremely useful in cases where pre-distribution of au-thenticated keys is inconvenient or infeasible due to technical restraints. However, to decrypt or sign mes-sages, the authorized user must obtain the appropri-ate privappropri-ate key from the PKG. The steps involved are depicted in this diagram: We go more deeply in the

Figure 4: ID Based Encryption: Offline and Online Steps [8]

details in the next sections of this paper.

Smart grid application.Hence, we claim as in certain previous paper [9] that we can provide:

• Advanced metering infrastructure (AMI): Estab-lish two-way communications between advanced meters and utility business systems. Millions of meters will be deployed in Smart Grid systems and keys must be embedded in these meters to protect the AMI networks. Providing keys to this equipment is a challenge, for generation,

de-ployment, revocation, etc. Mechanisms to re-distribute or re-establish keys are a real chal-lenge. Managing all of these keys and their life-cycle is very complex. This problem must be ad-dressed in a way that one key having problem must not compromise the entire system or affect the others.

• Cyber security: Ensure the confidentiality, in-tegrity and availability of the electronic informa-tion.

• Demand response and consumer energy effi-ciency: Provide mechanisms and incentives for customers to cut energy use during times of peak demand.

• Distribution grid management: Maximize the performance of feeders, transformers and other components of distribution systems.

• Electric transportation: Enable large-scale inte-gration of plug-in electric vehicles.

• Energy storage: Provide the means to store en-ergy.

• Network communications: Identify performance metrics and core operational requirements of var-ious Smart Grid applications.

• Wide-area situational awareness: Monitoring and display of power-system components over large geographic areas in near real time to op-timize management of grid components and per-formance and respond to problems before disrup-tions arise.

Contribution. We propose in this article to use a modified version of the IBE and IBS system to pro-vide an efficient security for Smart grids. We succeed to remove the disadvantage linked to the PKG that could be corrupted in our model. In the same time we show that these technologies are perfectly adapted with huge dimension and complex architecture where role based access could not be ignored.

2

Boneh & Franklin IBE

We present in this section the first efficient IBE scheme due to Boneh and Franklin [10], it is based on the bilinear Diffie-Hellman problem (BDHP) over elliptic curves. This scheme involves a third autority that is denoted PKG. It could be compared to the CA (certificate autority) of a PKI. It is defined by the fol-lowing algorithms:

Initialization:

• A prime numberq.

• Two cyclic groupsG1andGT of order

q.

• A pairinge:G1×G1 →GT. • A generatorP ∈R

G1.

• The master keys∈R Z∗q. • P0 =sP.

• M={0,1}n_{the set of messages.} • C=G∗1× MAll cryptograms.

• Two hash functions: H1 : {0,1}∗ →

G∗1andH2 :GT → M.

• The public parameters: P P = (q,G1,GT, e, n, P, P0, H1, H2).

• Output :(P P, s).

Extraction :

• Input: An identityID.

• The public key of the identity:QID =

H1(ID)∈G∗1.

• The secrete key of the identity: SID=

sQID∈G∗1.

• Output:(QID, SID).

Encryption:

• Input: A message M ∈ M and an identityID.

• QID=H1(ID)∈G∗1.

• Chooser ∈R Z∗q.

• gID=e(QID, P0)∈G∗T.

• Output: The cryptogram C =

(rP, ML

H2(gr_ID))∈G∗1× M. Decryption:

• Input: A cryptogram C = (U, V) ∈ G∗1× M.

• Output: The message M =

V L H2(e(SID, U)). Proof. We have: VL H2(e(SID, U)) = MLH2(grID) L

H2(e(SID, U)). Thus we have to show that:

We have: gr_ID = e(QID, P0)r = e(QID, sP)r =

e(sQID, rP) (accorgind to the properties of e) =

e(SID, U).

Remark 1. LetP a generator in_G∗₁, then the func-tion:

H1 : {0,1}∗ → G∗1

m 7→ mP

can be considered as a hash function.

2.1 Network exchanges:

We propose to describe graphically the network ex-changes and the role of PKG.

Bob : [email protected] Public Key : Secret Key : PKG Master Key : Public Key :

Figure 5: Key generation in Boneh & Franklin scheme The figure 5 corresponds to the secret key genera-tion which is done periodically while the user has not been revoked. In this scheme, PKG authenticates Bob and generate a secret keySB that will stay valid dur-ing a certain time denoted “period”. The public key can be generated by anyone throught the calculation:

H(ID|Periode).

Alice

The message : .

PKG The master key : The public key :

Figure 6: Public key transfer in Boneh & Franklin scheme

In the Figure 6, Alice wants to send a confidential message to Bob, then she sends a request to PKG that sends his master public keyP0.

In the figure 7, Alice encrypts M with a pairing based function. Then Bob can decrypt the message with this pairing based function.

Bob : [email protected] Secret Key : Public Key : Decryption : Alice The message : . Encryption :

Figure 7: Encryption, Decryption in Boneh & Franklin scheme

2.2 Advantages and disadvantages

Certificates periods and certificates revocations based on CRL rely on the system time for their validation. If the system time is incorrect, an expired certificate may be considered as valid and/or a valid certificate may be considered as expired; a revoked certificate may be listed in the CRL but the CRL will not be taken into account. Synchronization of the time is really impor-tant for PKI systems, VPN and another tunnels based on certificate authentication.

This IBE scheme avoids the management of cer-tificates since public keys are computed directly from the identities. Revocation is almost free because sim-ply the revoked user won’t receive the valid secret key. Also, this scheme involves less traffic network. Un-fortunately the PKG has a full power and if it is cor-rupted, the system falls.

In order to fix these disadvantages, we propose a new scheme that we denote IBE-2

3

IBE-2, an improved version

We have described in the previous section a certificate-less scheme that owns certain advantages on PKI, but which is not enough practically for com-plex systems as Smart grid. PKG is very sensitive and it is not acceptable that the security of the full sys-tem holds on only it. In our proposed scheme we use the trick considered in [11] that consists in involving a new authority called KPA (key protection author-ity). Among the advantages of this new scheme, we note that now the users contribute in the generation of the secret key in a sense that only him can com-pute it. To reach to this PKG and KPA provide to-gether the public keyQ1 containing the private

mas-ter keyss0 ands1, the user identityQID and a mask

H3(e(s0X, P0))×H3(e(s1X, P1))only known from

the user. The seven main steps are decribed in this scheme:

Initialization of parameters:

• A huge prime numberq.

• Two cyclic groupsG1 andGT of order

q. • A pairinge:G1×G1 →GT. • A generatorP ∈R G1. • s0 ∈R Z∗q and compute P0 = s0P ∈ G1.

• C =G∗1× Mthe set of cryptograms.

• Three hash functions: H1 :{0,1}∗ →

G∗1,H2 : GT → M andH3 : GT → Z∗q.

• PKG publishes : P P = (q,G1,GT, e, P, P0, H1, H2, H3).

• The PKG secret Key:s0.

Initialization of the public Key: (Done by KPA)

• The KPA secret Keys1 ∈RZ∗q. • The KPA public keyP1 =s1P ∈G1.

• Computes Y = s1P0 = s0s1P the

public key.

PKG can check if Y has been com-puted with the correctP0by testing:

e(Y, P)=? e(P0, P1) (1)

Providing to users keys: (Done by

PKG)

The user choose a temporary secretx∈R Z∗q and computeX =xP. Then he sendsXto PKG that computes:

• QID=H1(ID, P KG, KP A)∈G1.

•

Q0=H3(e(s0X, P0))s0QID (2) • sign(Q0) =s0Q0.

Providing Keys to users: (Done by

KPA)

KPA receives X, QID, Q0, sign(Q0) from

the user and:

• Checks the signatureQ0by testing e(sign(Q0), P)

?

=e(Q0, P0) (3)

• After checking the signature, he com-putes:

Q1 =H3(e(s1X, P1))s1Q0 (4)

• Computessign(Q1) =s1Q1.

Extraction of secret Keys: (Done

by the user)

After receivingQ1andsign(Q1):

• He checks:

e(sign(Q1), P) ?

=e(Q1, P1) (5)

• He computes the secret Key:

SID = _H3(e(P0,P0)xQ_)H1

3(e(P1,P1)x)

=s0s1QID

(6) • The user can check the correctness of

the key by testing:

e(SID, P)

?

=e(QID, Y) (7)

Encryption:

For the encryption, it is exactly done as in the previous scheme by usingY as public key:

gID =e(QID, Y) (8)

C= (U, V) = (rP, MMH2(grID)) ∈_G∗₁× M.

Decryption:

For the decryption:

M =V MH2(e(SID, U)) (9)

This scheme allows a secure key exchange be-tween the user and the authorities PKG and KPA through the following test:

• The test 1 gives the proof to PKG and the user that Y = s0s1P, (KPA could choose s0 and

could sendY =s0s1P.

• The test 3 gives the proof to KPA that the re-ceived data (X, Q0, Sign(Q0)) come from PKG.

• The test 5 gives the proof to the user that the re-ceived data (Q1, Sign(Q1)) come from KPA.

• The test 7 gives the proof to the user that his secret key is computed from the correct master Keyss0ands1.

Bob : [email protected] Secret Key : Public key : KPA : Master Key 2. : Public Key. PKG : Master Key 1. : Public Key.

Figure 8: Key distribution in IBE-2

The figure 8 summarizes the key distribution be-tween PKG, KPA and the user.

Remark 2. It is important to note that KPA is in-volved only during the enrollment stage. Concerning the encryption and decryption, PKG is in charge of distributing public keys as showed in figure 9. Thus concretely, PKG is a server that changes periodically its secret key whereas the KPA secret key won’t change and can be kept in a secure way such that only a lawyer authority could access in case of corruption for example. Alice The message: PKG Bob : [email protected] Secret Key : Public Key : KPA

Figure 9: Encryption and decryption in IBE-2

3.1 IBE-2 advantages

Compared to a PKI, IBE-2 offers the following: • This key management is certificate-less, thus

there no need to check any certificate before en-cryption operation and the famous LDAP server is no more required.

• A simplified management of the“CRL”, because any revoked key can be recalculated algorithmi-cally.

• IBE-2 brings more security because the security is spread over two authorities instead of one and because the system is more dynamical.

4

Identity based signature

Smart grids generate a business activity. As for many activities, there is suppliers and consumers. In the case of Smart grids, consumers can be also suppli-ers for example with smart houses that use photo-voltaic and or wind generators. . . This fact complexi-fies a lot the exchanges. Managing a PKI for the trans-action would be a difficult task, furthermore the iden-tity based cryptography does not solve all problems because it requires third party (PKG). Unfortunately, for many countries this is not acceptable because po-tentially this third part could sign instead of the user (PKG could usurp the identity). We propose to de-scribe in this section a signature based on a method introduced in [12]. We aim to give the possibility to the user to prove that the signature belongs to PKG when this is the case. The notion of arbiter lawyer authority is introduced to reach to this proof. This is the arbiter that check if the signature is valid or not as explained in this following scheme composed of 6 stages:

Parameters:

• A huge prime numberq.

• A pairing (Tate Pairing)e:G1×G1 →

GT.

• Two hash functions: H : {0,1}∗ → G∗1eth:{0,1}∗×G∗T →Z∗q.

• s∈_Z∗

qthe master Key of PKG. • P0 =sP the public Key of PKG.

• P P = (G1,GT, q, P, P0, e, H, h).

• P S= (s).

Initialization:

• s1∈Z∗qthe secret Key of the user. • Q1 =s1Pthe public key of the user.

Extraction:

• Q2 =H(ID, Q1).

• S2 =sQ2.

Signing:Input: a messageM ∈ M • k∈R

Z∗q. • r=e(Q2, P0)k.

• v=h(M, r). • U =kS2−vs1Q2.

• σ= (v, U)∈(Z∗q,G1). Checking: Input:σ= (v, U)∈(Z∗q,G1) • r=e(U, P)e(Q2, Q1)v. • test: v=? h(M, r) (10) Q2 ? =H(ID, Q1) (11) Arbiter:

If the signer denies to be the owner of the signature, the arbiter is involved and choose a random α ∈ Z∗q, then he identifies the signer by sending a demand to check if he owns S2 via a zero knowledge proof.

Af-ter proving that the user owns S2, the

ar-biter sends himαP, then the signer returns the value e(S2, αP) and the arbiter tests e(S2, αP) =? e(Q2, P0)α. If the test is

sat-isfied, it means that PKG is the owner of this signature because he is the only one that could produce a fakeS2.

Proof.

To test (10), it is enough to show thatr=e(Q2, P0)k: r = e(U, P)e(Q2, Q1)v = e(kS2−vs1Q2, P)e(Q2, Q1)v = e(ksQ2−vs1Q2, P)e(vQ2, s1P) = e(ksQ2−vs1Q2, P)e(vs1Q2, P) = e(ksQ2−vs1Q2+vs1Q2, P) = e(ksQ2, P) =e(kQ2, sP) = e(Q2, P0)k

It is clear that the test (11) is satisfied for a valid sig-nature. This test is required only to identify the user keyQ1.

The figure 10 describes the enrollment stage that corresponds to the Initialization. This stage allows the user to generate his own secret Keys1and

public KeyQ1. Then the user sends his public to PKG

that must generate the pair (S2,Q2) via the algorithm Extraction. The second key Q2 creates the link

between the user identity and the public KeyQ1.

The figures 11 and 12 describes the signature with Alice that wants to send to Bob the messageM

signed.

Hence, we have described an efficient Identity based signature that could be an alternative to the stan-dard one for Smart grid applications.

Bob : [email protected] Secret Key 1 : Public Key 1 : Secret Key 2 : Public Key 2 : PKG

The master Key : The public Key :

PKG La clé maitre : La clé publique :

Figure 10: The secret Key generation

Alice The message : . Bob : [email protected] Secret key 1 : Public key : Secret key 2 : Public key 2 : PKG Master key : Public key :

Figure 11: The signature stage

Alice The message : . Bob : [email protected] Secret key 1 : Public key : Secret key 2 : Public key 2 : PKG Master key : Public key :

Figure 12: The checking stage

5

Hierarchical IBE

For huge Smart grids with ten millions of users, we cannot imagine that one server PKG will succeed to satisfy the demand, then it is mandatory to consider a hierarchical organization to these Smart grids. It could be organized in function of regions where con-sumers are located and also according to the type of consumer (factories, home, building, etc). Thus a nice

key management should be hierarchical and attribute-based. Fortunately, it is well known that IBE can be extended in HIBE with several PKGs that deliver keys hierarchically (see [13]). Hence, each authority has to generate keys to PKGs directly under its responsibility (leafs). Root PKG PKG 1 PKG 2 . . . PKG k Groupe of users 1 Groupe of users 2 Groupe of users k’ . . .

Figure 13: HIBE architecture

5.1 Key distribution in HIBE [13]:

Initialization: _{(Done by Root PKG0)}

• Choose:P0 ∈G1a public generator.

• Choose:s0 ∈Z∗qthe master Key. • Calculate :Q0 =s0P0 the public Key.

• A pairing:e:G1×G1 →GT. • Two hash functions:

– H1 :{0,1}∗→G1

– H2 :GT → {0,1}∗

• Output: P P0 =

(G1,G2, e, P0, Q0, H1, H2), SP0 = (s0).

Initialization: (Done by PKGt at the floort)

• Compute Pt = H1(id1, id2, . . . , idt)

withidi for1 ≤ i < tthe identity of

the i-th PKG father of PKGt.

• Choosest ∈ Z∗q the master key of the sub tree for which the root is PKGt. • St = St−1 +st−1Pt = Pt_i=1si−1Pi

provided by the PKG father of the floor

t−1.

• Qi=siP0for1≤i≤t−1computed

by the PKGs fathers above.

Encryption:

• Input: The messageM ∈ {0,1}n_. • Output: The cryptogram C ∈ _Gt

1 × {0,1}n_. • r∈R Z∗q. • g=e(Q0, P1). • C= (rP0, rP2, ..., rPt, MLH(gr)). Decryption:

• Input: The cryptogram C = (U0, U2, ..., Ut, V)∈Gt1× {0,1}n. • Output:M ∈ {0,1}n_. • M =V L H( e(U0,St) Qt i=2e(Qi−1,Ui)). Proof.

It is enough to prove that: e(U0,St)

Qt i=2e(Qi−1,Ui) = g r_{. We} have: e(U0,St) Qt i=2e(Qi−1,Ui) = e(rP0,Pti=1si−1Pi) Qt i=2e(si−1P0,rPi) = Qt i=1e(rP0,si−1Pi) Qt i=2e(rP0,si−1Pi) =e(rP0, s0P1) =e(s0P0, P1)r =e(Q0, P1)r =gr Remark 3.

1. Obviously the HIBE scheme is an extension of the Boneh & Franklin scheme.

2. This scheme is compliant with IBE-2 and only one KPA is required to protect all user keys.

The figure 14 describes the encryption and de-cryption stages between Alice and Bob. Alice first determines the address of Bod in the tree and compute her public keyPB, then she encrypts her message by using the public keysPiof the previous PKGs of Bob. Bob decrypts the message with the public keyQi of its previous PKGs and his secret keySBgenerated by his PKG father.

6

Conclusion

In this paper, we have presented a certificate-less key management system which is more scalable and more

Bob Alice Message : Decryption: Encryption:

Figure 14: Encryption and decryption in HIBE efficient than a PKI. This scheme is working for asym-metric encryption and signature which is important for Smart grid business. This scheme is compliant with hierarchical IBE and gives the advantage to address access control in smart grids. Obviously, this tech-niques allows less storage than for PKI.

Acknowledgements: The work of L. Basta, G. Landais And C. Tavernier was partially supported by SCISSOR ICT project no. 644425, funded by the Eu-ropean Commissions Information & communication technology H2020 Framework Program.

References: [1] http://en.wikipedia.org/wiki/ Stuxnet. [2] http://www.hitachi.com/ environment/showcase/solution/ energy/smartgrid.html.

[3] Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security, Nist Cyber Security Working Group. September 2010.

[4] http://en.wikipedia.org/wiki/

Information_security.

[5] http://en.wikipedia.org/wiki/

Public_key_infrastructure

[6] Adi Shamir, Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology:

Proceedings of CRYPTO 84, Lecture Notes in Computer Science, 7:47-53, 1984

[7] Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing Ad-vances in Cryptology - Proceedings of CRYPTO 2001

[8] http://en.wikipedia.org/wiki/

ID-based_encryption

[9] Priti V. Jasud, Manish D. Katkar, S. D. Kam-ble. Authentication Mechanism for Smart Grid Network. International Journal of Soft Comput-ing and EngineerComput-ing (IJSCE) ISSN: 2231-2307, Volume-4, Issue-1, March 2014,

[10] Dan Boneh, Matthew Franklin, Identity-Based Encryption from the Weil Pairing, 2001.

[11] Byoungcheon Lee, Colin Boyd, Ed Dawson, Kwangjo Kim, Jeongmo Yang, Seungjae Yoo, Secure Key Issuing in ID-based Cryptography, 2004.

[12] Jingwei Liu, Rong Sun, Weidong Kou, Xin-mei Wang, Efficient ID-based Signature Without Trusted PKG, 2007.

[13] C.Gentry, A. Silverberg, Hierarchical ID-Based Cryptography, 2002.