Identity Based Cryptography for Smart-grid
Transcription
Identity Based Cryptography for Smart-grid
Identity Based Cryptography for Smart-grid Protection M ICKAEL AVRIL Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] L AURIE BASTA Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] L AURENT B OUILLET Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] A BDERRAHMAN DAIF Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] G REGORY L ANDAIS Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] C E´ DRIC TAVERNIER Assystem Department of Cybersecurity Assystem E&OS. 23, Place de Wicklow 78067 St-Quentin en Yvelines France [email protected] Abstract: The smart grid offers secure and intelligent energy distribution systems that delivers energy from suppliers to consumers based on two-way demand and response digital communication technologies to control appliances at consumers homes to save energy and increase reliability. The smart grid improves existing energy distribution systems with digital information management and advanced metering systems. Increased interconnectivity and automation over the grid systems presents new challenges for security and its management. Cryptographic key management involved multiple components of the Smart Grid such as: advanced metering infrastructure, demand response systems, home area networks (HANs), neighborhood area networks that connect the home to utility systems, supervisory control and data acquisition (SCADA) systems that control generation, transmission and distribution systems and plugin electric vehicles. Smart grid requires the design of a mutual authentication scheme and a key management protocol that keep the exchanges safe between the consumers and suppliers. This paper proposes efficient techniques that use the advantages of identity based cryptography to improve the resiliency against an insider or outsider attacker. We present how a hierarchical form of identity based cryptography is particularly in phase with the complex networks requirements such as the Smart grid ones. Key–Words: Cryptography, IBE, IBS, HIBE, Smart-grids 1 Introduction A Smart grid delivers electricity from suppliers to consumers using analogue or digital information and communications technologies to gather and act on information, such as information about the behaviours of suppliers and consumers, in an automated fashion to improve the efficiency, reliability, economics, and sustainability of the production and distribution of electricity. In other terms Smart grid can be seen as a complex Scada network. This kind of technologies are the favorite field of game for the hackers since the virus stuxnet [1] has caused damaged in the nuclear project of Iran. Nevertheless cyber security must address not only deliberate attacks launched by cy- Figure 1: Smart grid example [2] ber criminals, but also inadvertent compromises of the information structures due to user errors, equipment failures etc. Finally, additional risks to the grid include [3]: • Increasing the complexity of the grid could introduce vulnerabilities and increase exposure to potential attackers and unintentional errors • Interconnected networks can introduce common vulnerabilities; • Increasing vulnerabilities to communication disruptions and the introduction of malicious software/firmware or compromised hardware could result in denial of service (DoS) or other malicious attacks; • Increased number of entry points and paths are available for potential adversaries to exploit; • Interconnected systems can increase the amount of private information exposed and increase the risk when data is aggregated; • Increased use of new technologies can introduce new vulnerabilities; and • Expansion of the amount of data that will be collected that can lead to the potential for compromise of data confidentiality, including the breach of customer privacy. Logical security architecture overview. Smart Grid technologies will introduce millions of new components to the electric grid. Many of these components are critical to interoperability and reliability, will communicate bidirectionally, and will be tasked with maintaining confidentiality, integrity, availability (CIA) vital to power systems operation and nonrepudiation for the transaction. By definition, we denote: • Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. • Integrity: means maintaining and assuring the accuracy and consistency of data over its en-tire life-cycle • Availability: means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. • Non-repudiation: Implies one’s intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Except for the availability which is not directly concerned, these criterion can be solved by using a key management system like the well known PKI (public key infrastructure). Unfortunately, as the dimension and the complexity of the smart grids are such that a PKI brings more problems than it can solve (see [3]). Key Management Issues. All security protocols rely on the existence of a security association (SA). SAs contain all the information required for execution of various network security services. An SA can be authenticated or unauthenticated. The establishment of an authenticated SA requires that at least one party possess some sort of credential that can be used to provide assurance of identity or device attributes to others. In general two types of credentials are common: secret keys that are shared between entities (e.g., devices), and (digital) public key certificates for key establishment (i.e. for transporting or computing the secret keys that are to be shared). Public key certificates are used to bind user or device names to a public key through some third-party attestation model, such as a PKI. Applying the defense-in-depth strategy with the classical Onion structure (see Fig 2) could require many appliances and protocols (radius servers, VPN, SSH, Firewall,...) and ideally a notion of role based access because specific action is authorized by only specific authorized people. In fact, as each layer has to be protected almost independently from the other, it complexifies a lot the architecture and the key management which is crucial for these concerned appliances and protocols. Theoretically, Public key infrastructure (PKI) solutions address many of the problems that surround key management, but Operating it for generating and handling certificates can also require a significant amount of overhead and is typically not appropriate for small and some mid-sized systems. A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the Figure 2: Onion model of defense in depth [4] binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the registration authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation. Hence PKI-based solution IBE (Identity based encryption), IBS (Identity based signature) as an alternative solution. The idea of IBC (Identity based cryptography) appeared in 1984 in [6], but without the introduction of elliptic curves. The bilinear pairing appears in 2001 [7]. Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a master public key, and retains the corresponding master private key (referred to as master key). Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use the identity ID contacts the PKG, which uses the master private key to generate the private key for identity ID. As a result, parties may encrypt messages (or verify signatures) with no prior distribution of keys between individual participants. This is extremely useful in cases where pre-distribution of authenticated keys is inconvenient or infeasible due to technical restraints. However, to decrypt or sign messages, the authorized user must obtain the appropriate private key from the PKG. The steps involved are depicted in this diagram: We go more deeply in the Figure 4: ID Based Encryption: Offline and Online Steps [8] Figure 3: Public key infrastructure scheme[5] can have a high cost of entry, but requires only one certificate per device (as opposed to one key per pair of communicating devices), and may be more appropriate for large systems, depending on the number of possible communicating pairs of devices. In fact, the largest users of digital certificates are the Department of Defense and large enterprises. We refer directly to the rapport of Nist ([3]) for a complete description of the issues of using a PKI for Smart grids. details in the next sections of this paper. Smart grid application.Hence, we claim as in certain previous paper [9] that we can provide: • Advanced metering infrastructure (AMI): Establish two-way communications between advanced meters and utility business systems. Millions of meters will be deployed in Smart Grid systems and keys must be embedded in these meters to protect the AMI networks. Providing keys to this equipment is a challenge, for generation, de- ployment, revocation, etc. Mechanisms to redistribute or re-establish keys are a real challenge. Managing all of these keys and their lifecycle is very complex. This problem must be addressed in a way that one key having problem must not compromise the entire system or affect the others. • Cyber security: Ensure the confidentiality, integrity and availability of the electronic information. • Demand response and consumer energy efficiency: Provide mechanisms and incentives for customers to cut energy use during times of peak demand. • Distribution grid management: Maximize the performance of feeders, transformers and other components of distribution systems. • Electric transportation: Enable large-scale integration of plug-in electric vehicles. • Energy storage: Provide the means to store energy. • Network communications: Identify performance metrics and core operational requirements of various Smart Grid applications. • Wide-area situational awareness: Monitoring and display of power-system components over large geographic areas in near real time to optimize management of grid components and performance and respond to problems before disruptions arise. Contribution. We propose in this article to use a modified version of the IBE and IBS system to provide an efficient security for Smart grids. We succeed to remove the disadvantage linked to the PKG that could be corrupted in our model. In the same time we show that these technologies are perfectly adapted with huge dimension and complex architecture where role based access could not be ignored. 2 Boneh & Franklin IBE We present in this section the first efficient IBE scheme due to Boneh and Franklin [10], it is based on the bilinear Diffie-Hellman problem (BDHP) over elliptic curves. This scheme involves a third autority that is denoted PKG. It could be compared to the CA (certificate autority) of a PKI. It is defined by the following algorithms: Initialization: • A prime number q. • Two cyclic groups G1 and GT of order q. • A pairing e : G1 × G1 → GT . • A generator P ∈R G1 . • The master key s ∈R Z∗q . • P0 = sP . • M = {0, 1}n the set of messages. • C = G∗1 × M All cryptograms. • Two hash functions: H1 : {0, 1}∗ → G∗1 and H2 : GT → M. • The public parameters: P P (q, G1 , GT , e, n, P, P0 , H1 , H2 ). = • Output : (P P, s). Extraction : • Input: An identity ID. • The public key of the identity: QID = H1 (ID) ∈ G∗1 . • The secrete key of the identity: SID = sQID ∈ G∗1 . • Output: (QID , SID ). Encryption: • Input: A message M ∈ M and an identity ID. • QID = H1 (ID) ∈ G∗1 . • Choose r ∈R Z∗q . • gID = e(QID , P0 ) ∈ G∗T . • Output: L The cryptogram C r )) ∈ G∗ × M. (rP, M H2 (gID 1 = Decryption: • Input: A cryptogram C = (U, V ) ∈ G∗1 × M. • Output: The message L V H2 (e(SID , U )). M = Proof. L L r ) We H2 (e(SID , U )) = M H2 (gID L have: V H2 (e(SID , U )). Thus we have to show that: r gID = e(SID , U ). r We have: gID = e(QID , P0 )r = e(QID , sP )r = e(sQID , rP ) (accorgind to the properties of e) = e(SID , U ). Remark 1. Let P a generator in G∗1 , then the function: H1 : {0, 1}∗ → G∗1 m 7→ mP Alice The message : Encryption : . Bob : [email protected] Secret Key : Public Key : Decryption : can be considered as a hash function. Figure 7: Encryption, Decryption in Boneh & Franklin scheme 2.1 2.2 Network exchanges: We propose to describe graphically the network exchanges and the role of PKG. PKG Master Key : Public Key : Bob : [email protected] Public Key : Secret Key : Figure 5: Key generation in Boneh & Franklin scheme The figure 5 corresponds to the secret key generation which is done periodically while the user has not been revoked. In this scheme, PKG authenticates Bob and generate a secret key SB that will stay valid during a certain time denoted “period”. The public key can be generated by anyone throught the calculation: H(ID|Periode). PKG The master key : The public key : Alice The message : . Figure 6: Public key transfer in Boneh & Franklin scheme In the Figure 6, Alice wants to send a confidential message to Bob, then she sends a request to PKG that sends his master public key P0 . In the figure 7, Alice encrypts M with a pairing based function. Then Bob can decrypt the message with this pairing based function. Advantages and disadvantages Certificates periods and certificates revocations based on CRL rely on the system time for their validation. If the system time is incorrect, an expired certificate may be considered as valid and/or a valid certificate may be considered as expired; a revoked certificate may be listed in the CRL but the CRL will not be taken into account. Synchronization of the time is really important for PKI systems, VPN and another tunnels based on certificate authentication. This IBE scheme avoids the management of certificates since public keys are computed directly from the identities. Revocation is almost free because simply the revoked user won’t receive the valid secret key. Also, this scheme involves less traffic network. Unfortunately the PKG has a full power and if it is corrupted, the system falls. In order to fix these disadvantages, we propose a new scheme that we denote IBE-2 3 IBE-2, an improved version We have described in the previous section a certificate-less scheme that owns certain advantages on PKI, but which is not enough practically for complex systems as Smart grid. PKG is very sensitive and it is not acceptable that the security of the full system holds on only it. In our proposed scheme we use the trick considered in [11] that consists in involving a new authority called KPA (key protection authority). Among the advantages of this new scheme, we note that now the users contribute in the generation of the secret key in a sense that only him can compute it. To reach to this PKG and KPA provide together the public key Q1 containing the private master keys s0 and s1 , the user identity QID and a mask H3 (e(s0 X, P0 )) × H3 (e(s1 X, P1 )) only known from the user. The seven main steps are decribed in this scheme: Initialization of parameters: (done by PKG) • A huge prime number q. • Two cyclic groups G1 and GT of order q. • A pairing e : G1 × G1 → GT . • A generator P ∈R G1 . • s0 ∈R Z∗q and compute P0 = s0 P ∈ G1 . • C = G∗1 × M the set of cryptograms. • Three hash functions: H1 : {0, 1}∗ → G∗1 , H2 : GT → M and H3 : GT → Z∗q . • PKG publishes : PP = (q, G1 , GT , e, P, P0 , H1 , H2 , H3 ). • The PKG secret Key: s0 . Initialization of the public Key: (Done by KPA) ? Extraction of secret Keys: by the user) After receiving Q1 and sign(Q1 ) : ? e(sign(Q1 ), P ) = e(Q1 , P1 ) Providing to users keys: (Done by PKG) The user choose a temporary secret x ∈R Z∗q and compute X = xP . Then he sends X to PKG that computes: (5) • He computes the secret Key: 1 SID = H3 (e(P0 ,P0 )xQ)H x 3 (e(P1 ,P1 ) ) = s0 s1 QID (6) • The user can check the correctness of the key by testing: ? (1) (Done • He checks: e(SID , P ) = e(QID , Y ) • The KPA secret Key s1 ∈R Z∗q . • The KPA public key P1 = s1 P ∈ G1 . • Computes Y = s1 P0 = s0 s1 P the public key. PKG can check if Y has been computed with the correct P0 by testing: e(Y, P ) = e(P0 , P1 ) • Computes sign(Q1 ) = s1 Q1 . (7) Encryption: For the encryption, it is exactly done as in the previous scheme by using Y as public key: gID = e(QID , Y ) (8) M r C = (U, V ) = (rP, M H2 (gID )) ∈ G∗1 × M. Decryption: For the decryption: M M =V H2 (e(SID , U )) (9) • QID = H1 (ID, P KG, KP A) ∈ G1 . • (2) This scheme allows a secure key exchange between the user and the authorities PKG and KPA through the following test: Providing Keys to users: (Done by KPA) KPA receives X, QID , Q0 , sign(Q0 ) from the user and: • The test 1 gives the proof to PKG and the user that Y = s0 s1 P , (KPA could choose s0 and could send Y = s0 s1 P . Q0 = H3 (e(s0 X, P0 ))s0 QID • sign(Q0 ) = s0 Q0 . • The test 3 gives the proof to KPA that the received data (X, Q0 , Sign(Q0 )) come from PKG. • Checks the signature Q0 by testing ? e(sign(Q0 ), P ) = e(Q0 , P0 ) (3) • After checking the signature, he computes: Q1 = H3 (e(s1 X, P1 ))s1 Q0 (4) • The test 5 gives the proof to the user that the received data (Q1 , Sign(Q1 )) come from KPA. • The test 7 gives the proof to the user that his secret key is computed from the correct master Keys s0 and s1 . PKG : Master Key 1. : Public Key. KPA : Master Key 2. : Public Key. Bob : [email protected] Secret Key : Public key : Figure 8: Key distribution in IBE-2 The figure 8 summarizes the key distribution between PKG, KPA and the user. Remark 2. It is important to note that KPA is involved only during the enrollment stage. Concerning the encryption and decryption, PKG is in charge of distributing public keys as showed in figure 9. Thus concretely, PKG is a server that changes periodically its secret key whereas the KPA secret key won’t change and can be kept in a secure way such that only a lawyer authority could access in case of corruption for example. PKG KPA 4 Identity based signature Smart grids generate a business activity. As for many activities, there is suppliers and consumers. In the case of Smart grids, consumers can be also suppliers for example with smart houses that use photovoltaic and or wind generators. . . This fact complexifies a lot the exchanges. Managing a PKI for the transaction would be a difficult task, furthermore the identity based cryptography does not solve all problems because it requires third party (PKG). Unfortunately, for many countries this is not acceptable because potentially this third part could sign instead of the user (PKG could usurp the identity). We propose to describe in this section a signature based on a method introduced in [12]. We aim to give the possibility to the user to prove that the signature belongs to PKG when this is the case. The notion of arbiter lawyer authority is introduced to reach to this proof. This is the arbiter that check if the signature is valid or not as explained in this following scheme composed of 6 stages: Parameters: • A huge prime number q. • A pairing (Tate Pairing) e : G1 ×G1 → GT . Alice The message: Bob : [email protected] Secret Key : Public Key : • Two hash functions: H : {0, 1}∗ → G∗1 et h : {0, 1}∗ × G∗T → Z∗q . • s ∈ Z∗q the master Key of PKG. • P0 = sP the public Key of PKG. Figure 9: Encryption and decryption in IBE-2 • P P = (G1 , GT , q, P, P0 , e, H, h). • P S = (s). Initialization: 3.1 IBE-2 advantages Compared to a PKI, IBE-2 offers the following: • This key management is certificate-less, thus there no need to check any certificate before encryption operation and the famous LDAP server is no more required. • A simplified management of the “CRL”, because any revoked key can be recalculated algorithmically. • IBE-2 brings more security because the security is spread over two authorities instead of one and because the system is more dynamical. • s1 ∈ Z∗q the secret Key of the user. • Q1 = s1 P the public key of the user. Extraction: • Q2 = H(ID, Q1 ). • S2 = sQ2 . Signing: Input: a message M ∈ M • k ∈R Z∗q . • r = e(Q2 , P0 )k . • v = h(M, r). • U = kS2 − vs1 Q2 . PKG The master Key : The public Key : • σ = (v, U ) ∈ (Z∗q , G1 ). Checking: Input: σ = (v, U ) ∈ (Z∗q , G1 ) • r = e(U, P )e(Q2 , Q1 )v . • test: ? v = h(M, r) ? Q2 = H(ID, Q1 ) (10) (11) Arbiter: If the signer denies to be the owner of the signature, the arbiter is involved and choose a random α ∈ Z∗q , then he identifies the signer by sending a demand to check if he owns S2 via a zero knowledge proof. After proving that the user owns S2 , the arbiter sends him αP , then the signer returns the value e(S2 , αP ) and the arbiter tests ? e(S2 , αP ) = e(Q2 , P0 )α . If the test is satisfied, it means that PKG is the owner of this signature because he is the only one that could produce a fake S2 . Figure 10: The secret Key generation PKG Master key Public key e(U, P )e(Q2 , Q1 )v e(kS2 − vs1 Q2 , P )e(Q2 , Q1 )v e(ksQ2 − vs1 Q2 , P )e(vQ2 , s1 P ) e(ksQ2 − vs1 Q2 , P )e(vs1 Q2 , P ) e(ksQ2 − vs1 Q2 + vs1 Q2 , P ) e(ksQ2 , P ) = e(kQ2 , sP ) e(Q2 , P0 )k It is clear that the test (11) is satisfied for a valid signature. This test is required only to identify the user key Q1 . The figure 10 describes the enrollment stage that corresponds to the Initialization. This stage allows the user to generate his own secret Key s1 and public Key Q1 . Then the user sends his public to PKG that must generate the pair (S2 , Q2 ) via the algorithm Extraction. The second key Q2 creates the link between the user identity and the public Key Q1 . The figures 11 and 12 describes the signature with Alice that wants to send to Bob the message M signed. Hence, we have described an efficient Identity based signature that could be an alternative to the standard one for Smart grid applications. : : Bob : [email protected] Secret key 1 : Public key : Secret key 2 : Public key 2 : Proof. To test (10), it is enough to show that r = e(Q2 , P0 )k : r = = = = = = = PKG La clé maitre : La clé publique : Bob : [email protected] Secret Key 1 : Public Key 1 : Secret Key 2 : Public Key 2 : Alice The message : . Figure 11: The signature stage PKG Master key Public key Bob : [email protected] Secret key 1 : Public key : Secret key 2 : Public key 2 : : : Alice The message : . Figure 12: The checking stage 5 Hierarchical IBE For huge Smart grids with ten millions of users, we cannot imagine that one server PKG will succeed to satisfy the demand, then it is mandatory to consider a hierarchical organization to these Smart grids. It could be organized in function of regions where consumers are located and also according to the type of consumer (factories, home, building, etc). Thus a nice key management should be hierarchical and attributebased. Fortunately, it is well known that IBE can be extended in HIBE with several PKGs that deliver keys hierarchically (see [13]). Hence, each authority has to generate keys to PKGs directly under its responsibility (leafs). Encryption: • Input: The message M ∈ {0, 1}n . • Output: The cryptogram C ∈ Gt1 × {0, 1}n . • r ∈R Z∗q . Root PKG • g = e(Q0 , P1 ). • C = (rP0 , rP2 , ..., rPt , M PKG 1 ... PKG 2 PKG k L H(g r )). Decryption: • Input: The cryptogram C = (U0 , U2 , ..., Ut , V ) ∈ Gt1 × {0, 1}n . Groupe of users 1 Groupe of users 2 ... • Output: M ∈ {0, 1}n . L 0 ,St ) • M =V H( Qt e(U ). e(Q ,U ) Groupe of users k’ i=2 i−1 i Figure 13: HIBE architecture 5.1 Proof. It is enough to prove that: have: Key distribution in HIBE [13]: e(U0 ,St ) i=2 e(Qi−1 ,Ui ) Qt Initialization: (Done by Root PKG0 ) = • Choose: P0 ∈ G1 a public generator. • Choose: s0 ∈ Z∗q = Qt e(U0 ,St ) e(Qi−1 ,Ui ) = g r . We i=2 P e(rP0 , ti=1 si−1 Pi ) Qt Qti=2 e(si−1 P0 ,rPi ) e(rP0 ,si−1 Pi ) Qi=1 t i=2 e(rP0 ,si−1 Pi ) = e(rP0 , s0 P1 ) = e(s0 P0 , P1 )r = e(Q0 , P1 )r = gr the master Key. • Calculate : Q0 = s0 P0 the public Key. • A pairing: e : G1 × G1 → GT . • Two hash functions: – H1 : {0, 1}∗ → G1 – H2 : GT → {0, 1}∗ • Output: P P0 (G1 , G2 , e, P0 , Q0 , H1 , H2 ), SP0 (s0 ). Remark 3. 1. Obviously the HIBE scheme is an extension of the Boneh & Franklin scheme. = = Initialization: (Done by PKGt at the floor t) • Compute Pt = H1 (id1 , id2 , . . . , idt ) with idi for 1 ≤ i < t the identity of the i-th PKG father of PKGt . • Choose st ∈ Z∗q the master key of the sub tree for which the root is PKGt . P • St = St−1 + st−1 Pt = ti=1 si−1 Pi provided by the PKG father of the floor t − 1. • Qi = si P0 for 1 ≤ i ≤ t − 1 computed by the PKGs fathers above. 2. This scheme is compliant with IBE-2 and only one KPA is required to protect all user keys. The figure 14 describes the encryption and decryption stages between Alice and Bob. Alice first determines the address of Bod in the tree and compute her public key PB , then she encrypts her message by using the public keys Pi of the previous PKGs of Bob. Bob decrypts the message with the public key Qi of its previous PKGs and his secret key SB generated by his PKG father. 6 Conclusion In this paper, we have presented a certificate-less key management system which is more scalable and more [7] Alice Message : [8] Bob [9] Encryption: [10] [11] Decryption: [12] Figure 14: Encryption and decryption in HIBE efficient than a PKI. This scheme is working for asymmetric encryption and signature which is important for Smart grid business. This scheme is compliant with hierarchical IBE and gives the advantage to address access control in smart grids. Obviously, this techniques allows less storage than for PKI. Acknowledgements: The work of L. Basta, G. Landais And C. Tavernier was partially supported by SCISSOR ICT project no. 644425, funded by the European Commissions Information & communication technology H2020 Framework Program. References: [1] http://en.wikipedia.org/wiki/ Stuxnet. [2] http://www.hitachi.com/ environment/showcase/solution/ energy/smartgrid.html. [3] Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security, Nist Cyber Security Working Group. September 2010. [4] http://en.wikipedia.org/wiki/ Information_security. [5] http://en.wikipedia.org/wiki/ Public_key_infrastructure [6] Adi Shamir, Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology: [13] Proceedings of CRYPTO 84, Lecture Notes in Computer Science, 7:47-53, 1984 Dan Boneh, Matthew K. Franklin, IdentityBased Encryption from the Weil Pairing Advances in Cryptology - Proceedings of CRYPTO 2001 http://en.wikipedia.org/wiki/ ID-based_encryption Priti V. Jasud, Manish D. Katkar, S. D. Kamble. Authentication Mechanism for Smart Grid Network. International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-4, Issue-1, March 2014, Dan Boneh, Matthew Franklin, Identity-Based Encryption from the Weil Pairing, 2001. Byoungcheon Lee, Colin Boyd, Ed Dawson, Kwangjo Kim, Jeongmo Yang, Seungjae Yoo, Secure Key Issuing in ID-based Cryptography, 2004. Jingwei Liu, Rong Sun, Weidong Kou, Xinmei Wang, Efficient ID-based Signature Without Trusted PKG, 2007. C.Gentry, A. Silverberg, Hierarchical ID-Based Cryptography, 2002.