You are on page 1of 6

2014 Annual IEEE India Conference (INDICON)

Secure communication for

advance metering infrastructure in smart grid
Vijay Kumar and Muzzammil Hussain
Department of Computer Science and Engineering,
Central University of Rajasthan, kishangarh-305801, Raj, INDIA

AbstractThe electrical power industry is in the process

of integration with bidirectional information and power flow
infrastructure commonly called smart grid. Advance metering
infrastructure (AMI) is an important component of the smart
grid in which data and signal is transferred from consumer
smart meter to smart grid and vice versa. Cyber security is
to be considered before implementing AMI applications. For
delivering Smart meter data and manage message securely, there
is a need of a unique security mechanism to ensure the integration
of availability and privacy. In such security mechanisms, the
cryptographic overhead, including certificates and signatures, is
quite significant for an embedded device like a smart meter in
smart grid AMI compared to normal personal computers in a regular enterprise network. Additionally, cryptographic operations
contribute significant computational cost, when recipient end
verifies the message in each communication. We proposed a light
and flexible protocol for secure communication between smart
meters and smart grid infrastructure. The proposed protocol
authenticate both control center and smart meter and also
securely exchange secret key (session key) between two entities for
secure communication between them. Proposed protocol help to
mitigate several types of attacks on smart grid by identifying the
origin of attacks against AMI. The proposed protocol is tested
for security and no attack was found. Its performance is also
found to be better than existing mechanism.
KeywordsAMI, smart meter, smart grid.



The electrical power industry is the process of integration

of bidirectional electricity and information flow to create
efficient, reliable, intelligent, automated, complex networks
built on top of the existing electric grid to enhance distributed
electricity generation, transmission, storage, distribution, and
consumption commonly called smart grid. In a smart grid
traditional electromechanical electric meters on consumer side
is being replaced with the next generation electricity meters
called as smart meter. Smart grid provides infrastructure using
intelligent tools and technology which is more robust, reliable,
and efficient. Smart grid encourage active participation of
customer, and also customer can better access to electricity,
promoting green and clean environment [12].
Smart grid get the benefits of distributed computing and
communications to deliver real time information to the grid.
With the help of information power grid take almost instantaneous balance of supply and demand at the device level.
Smart meter records electricity usage data and report remotely
978-1-4799-5364-6/14/$31.00 2014 IEEE

to support new capabilities such as real time pricing, outage

management, demand response as load balancing. The network
of smart meter, data collector and utility services is known as
advance metering architecture (AMI).
Advance metering architecture is used to measure, collect,
store, analyse the energy usage data from networks that are
connected to smart meters. AMI includes software, hardware,
communication networks, consumers associated devices and
smart metering management systems. The main function of
AMI is (1) it collects energy usages data from customer smart
meter and deliver to utility provider or data collector and
(2) provide a communication link between smart meter and
utility provider for remote management. Remote management
includes load balancing, remotely connecting and disconnecting power, and smart meter firmware or software upgradation.
Usage data collected from meters is used for billing, load
forecasting and outage management. It helps to detect Nontechnical losses and sensitive detection of power theft as
Tamper Detection, Anomalous Reading and Meter Status to
protect revenue. It also provide facility of Real Time Pricing
(RTP) for Customer Load and Time of Use (TOU) Pricing [3].
Demand response is a signal sends by AMI controller end
to change or update of smart meter Information or program.
With Demand Response Customer Pricing Information for
current and future time periods can sends in real time. This
may involve just decrease the load from peak hour to off peak
hour for better management of power and encourage the use of
power in off peak time. To avoid condition of like black out of
power generation station failure AMI controller end can shut
off smart meter or balance the load of smart meter by sending
demand response.
Smart grid not only brings great performance benefit to
the power industry, but also tremendous risks as well as
difficult to protect the smart grid systems from cyber security threats. As smart grid becomes reality, security threats
expected to grow terribly. National Institute of Standards and
Technology (NIST) specifically addresses this requirement and
recommends research in tools and techniques that provide
quantitative notions of risks, that is, threats, vulnerabilities,
and attack consequences for current and emerging power grid
systems [3].
When the power grid is more and more interconnected
cyber security becomes extremely critical issue of smart grid.
Smart grid is in progress to come from closed system to

open systems, Potential of cyber threats and incident increases

gradually against this critical sector. Cyber security not only
concern with deliberate attacks of disgruntled employees,
industrial espionage, and terrorists but also from compromises
of information in case of user errors, equipment failures, and
natural disasters. If there are Vulnerabilities in smart grid we
provide the opportunity to attacker to penetrate the smart grid
network to gain access control of software, alter the load
condition to one of way to destabilize the grid in unpredictable
Public key cryptography provides better security and authentication but each time verifying certificate and signature
with encryption and decryption contribute much computation
cost for both smart meter and control center. For smart meter
as an embedded device, cryptographic overhead is becoming
significantly such that it can not produce the result for data
transmission in desired time. For symmetric key cryptography
there is the need of the Key Distribution Center (KDC).
So there is need of light and flexible security model which
provides availability, privacy, authentication and less cryptographic overhead.
Key management scheme for secure communication of
AMI in smart grid proposed by LIU et al.[1]uses symmetric
key cryptography but has the problems of synchronisation
of random number and other security parameter. In this key
management system how both smart meter and control center
is authenticate to each other is not defined. Keys are distributed
through secure channel or smart card. In this key management
scheme all security parameters are loaded initially in smart
meter and communication is started. On the same time control
center generate the same key for decryption of message and
vice versa.
For these reasons, we aim to designing a protocol for
secure communication between smart meter and control center.
Our protocol is bootstrapping protocol which initiates when
meter wake up as power failure, demand response signal,
need of new keys or when authentication is required. In this
protocol we use public key cryptography for authentication
and secret key exchange. After key exchange it generates a
session key each time for communication which is symmetric
key. Public key cryptography has much cryptographic overhead
but that protocol runs at a fixed time interval depending upon
implementation, so smart meter can sustain that cryptographic
overhead. After bootstrapping protocol there is normal communication with symmetric keys.
In this protocol smart meter initiates the communication for
handshaking in which security parameter is exchanged. After
handshaking both smart meter and control center authenticate
to each other. After authentication they exchanged a secret key
for session key. The session is refreshed each communication.
The secret key is for a very short period of time. When the time
of the secret key is expired, then there is need of the new secret
key and key exchange will be happens. For an extra cost of
third party we arent using the trusted third party. Smart meter
and control center both mutually authenticate with each other.


Security is the important aspect in smart grid. Smart grid

not only protect from military threats but also misconduct of

consumers and different service provider integrated into the

grid [21]. Smart grid has several component like SCADA
(Supervisory Control and Data Acquisition), with different
communication links. The security of each component is essential in smart grid. The cyber security is outlined by the National
Institute of Standard Technology (NIST)[3]. Authentication in
smart grid is studied by Fouda et al [7]. Authentication is
achieved using Deffie Hellman key agreement protocol, hashbased authentication code and Internet key exchange.
Key management scheme for secure communication of
AMI in smart grid proposed by LIU et al. [1] uses symmetric
key cryptography but have problems of synchronisation. In this
key management system authentication is not clearly defined.
Keys are distributed through secure channel or with smart card.
Ye Yan et al, proposed Integrated Authentication and
Confidentiality (IAC) protocol in smart grid [5]. Authentication
server and neighboring authenticated smart meter play as
authenticators. IAC includes hop-by-hop data aggregation and
forwarding schemes that transmits meter data and control
messages between smart meter and control center.
Boba et al. [9] presents a centralized access control scheme
for smart grids. It has KDC for online data transfer. Its uses
attribute Based Encryption schemes for data transfer and data
Sushmita et al. [22] proposed a decentralized security
framework for in smart grids which integrates data aggregation
and access control. Homomorphic encryption is used for
customer privacy and ABE is used for access control.


When initially entering the AMI network, each smart meter

must be verified as a legal device and a terminal customer
by the remote authentication server located at the local management office. Unique security mechanisms are needed to
ensure the integration, availability, and privacy of both meter
reading data and management messages. In such security
mechanisms, the cryptographic overhead, including digital
certificates and signatures, is quite significant for an embedded
device like a smart meter in smart grid AMI compared to
normal personal computers in a regular enterprise network.
Additionally, cryptographic operations contribute significant
computational cost, when recipient end verifies the message
in each communication [5].
In a smart grid system, a smart meter typically sends
individual meter reading messages at an interval of several
seconds to a few minutes. A digital signature in such a time
interval can be generated by a public key Infrastructure (PKI).
However, for a smart grid system that connects hundreds of
buildings, each possibly with a large number of apartments,
the number of meter reading messages to be verified might
overwhelm its capacity. In addition, the adoption of wireless
and IP technologies exposes smart grid AMI communications
to traditional cyber attacks such as resource depletion and
masquerade attacks.
Although digitally signing and verifying each message
can enhance the security of communications, schemes based
on conventional cryptographic operations are neither efficient
nor scalable to the traffic density and resource constraints

in a smart grid system. We need lightweight but secure and

efficient schemes tailored specifically for smart grid AMI
communications so that meter reading data collection and
management message distribution can be processed securely
and efficiently.


In this section we describe system security requirements,

assumptions and communication protocol between smart meter
and collector or utility provider.
A. Trust and threat model System security requirements
A typical AMI system consists of smart meter, data collector and utility provider. Some AMI system data collection
is done in two steps (1) smart meter send data to data
collector and then (2) data collector sends data to utility
provider or smart grid. In such case it is assumed that smart
meter processing speed cannot match with the utility provider.
so in AMI, an intermediate speed device called collector
which acts as forwarding agent for utility provider is used
for synchronization in speed.
Here we assume that there are only two entities viz. smart
meters and utility provider or collector which can identify the
smart meter and collect the data from smart meter and also
sends a demand response signal as required for smart grid for
necessary action for the smart meter.
We consider that control center i.e. utility provider cannot
compromise and any communication started by smart meter.
Control center verifies its identity as digital certificate at bootstrapping phase and then later when normal communication
starts. It may be also possible that smart meter can also verify
the identity of control center at bootstrapping phase as per
need of trust on control center. The network is not considered
as trusted by both smart meter and control center.
B. Security Functional Requirements
The lowest level of requirements in a protection profile constitutes the so-called security functional requirements
(SFRs). The minimum Cryptography support need for Asymmetric encryption and signing with Elliptic Curve Cryptography (ECC-256), Integrity checking with the Secure Hash
Algorithm (SHA-256) and symmetric encryption according to
Advanced Encryption Standard (AES-128). Mandatory use of
certified hardware security module (HSM), random number
C. Data assumption
We assume that in normal communication condition there
is a maximum one kilobyte of data (1 KB) is send by each
side in time interval of within one minute.


Bootstrapping protocol initiates when meter wakes up from

shut down or there is need for updating or signaling as demand
response. After bootstrapping protocol smart meter normally
sends own metering data to control center with symmetric
session key.

In this protocol we assume that a key is stored with

hardware security module at manufacturing time. We assume
that key is always secret and not be extracted either physical
attack or software attack. It resides in chip, if physically chip
is taken out it will assume that a stored key will we destroyed.
That key is also stored at securely first time at the control
center. Control center generates a public key pair and stored
in smart meter in encrypted form with smart meter key. That
public key of smart meter is also stored on the control center
Due to cryptographic overhead we only use public key
cryptography at bootstrapping phase, digital certificate verification for authentication, secret key exchange and renewal of a
public key pair. At that the time use of public key cryptography
sustains that overhead.
A secret is taken from the control center. That secret key
is exchanged with the help of public key cryptography, having
valid for very short period one day to two days. After that key
is expired and there is need of new key.
With the help of that secret key and smart meter key,
random number and timestamps, it generates a session key.
That session key is used for encryption of data. Session key
changes in every communication, it protects from man in
middle attack and replay attack.
We proposed a protocol for secure communication between
smart meter and control center in AMI. The proposed protocol
is analysed in security analyzer tool scyther and no security
attacks were discovered.
A. Assumptions
1. The first assumption is that smart meter key is securely
exchanged with control center before installation of smart
meter to customer premises. Here we can not take the security
concern of control center because it is not an open system. It
is also assumed that smart meter key is stored in the control
center is free from insider attacks and other attacks to steal
the smart meter key from databases.
2. The second assumption is that public key pair generated
in smart meter before installation and public keys of the
control center and smart meter is exchanged with physical
verification. Private keys of smart meter always taken as
in encrypted from with another password. If public key is
exchanged before installation securely it eliminate the need
of trusted third party for exchange of certificates.
3. If smart meter key is compromised then there is a
need of smart meter physical verification for smart meter
key exchange. Smart meter key makes a secure pipe where
all security parameters to be exchanged. So smart meter key
cannot be compromised in any circumstances. The smart
meter key is enough secure in smart meter because it resides
in chips and cannot be extracted. There is only one chance
for the smart meter key is compromised at control center
databases. But in our first assumption the control center is
enough secure to forge the key.
4. If there is a need for updatation of a public key pair
it can be exchanged with the help of previous public key pair.

Before exchange of Public key smart meter and control center

authenticate each other and then smart meter and control
center exchange the public key. Smart meter has ability to
generate the public key pair and hides own private key.

7. Smart meter calculates hash of all data in each step and

final hash value is sent to the control center.

5. If demand response is sent by the control center for

shut down or change of pricing value or similar signal in that
smart meter must authenticate the control center and then
proceed for demanding operation of the control center.

Session key is generates with help of nonce, time stamp

and secret key. One of example for session key generation as-

B. Security protocol at bootstrapping phase

Proposed Protocol has seven steps. Protocol shown in figure
1, smart meter (I) is taken as initiator and control center
(R) in place of data collector or utility provider. k(I,R) is
smart meter key. pk(I) and pk(R) are public key of smart
meter and control center. sk(I) and sk(R) are private key of
smart meter and control center respectively. SKey is secret key
which is exchange between smart meter and the control center.
H() denote the hash function. Here {content}key denotes the
content is encrypted with that key.

Step 6 and 7 are optional. It depends on cryptographic

overhead which can sustain by smart meter and control center.

Ci = H(Mi CDAT E N i N r)
sessionkeyi = H(ksmartmetrkey Ci counti )
Here CDATE = current date
Mi = M eterN umber
counti is a counter is taken as security parameter which is exchanged during protocol running period. It can be continuously
increases on both sides, smart meter and control center.


Scyther is a tool for the formal analysis of security protocols under the perfect cryptography assumption, in which
it is assumed that all cryptographic functions are perfect: the
adversary learns nothing from an encrypted message unless
he knows the decryption key. The tool can be used to find
problems that arise from the way the protocol is constructed.
This problem is undecidable in general, but in practice many
protocols can be either proven correct or attacks can be found
We analyse the proposed protocol with Scyther security
protocol verification tool and found no attack within bounds
(figure 2).

Fig. 1: Security protocol at bootstrapping phase

Protocol Description
1. Smart meter sends nonce Ni and own identity I to control
2. Control center receives nonce Ni and identity I, send own
nonce Nr with nonce Ni with identity R.
Step 1 and 2 are Handshaking processes.
3. Smart meter sends own certificate as {I, pk(I)}sk(I) with
it hash H({I, pk(I)}sk(I)) to control center.
4. After verification of certificate of smart meter control
center send own certificate as {R, pk(R)}sk(R) and its hash
H({R, pk(R)}sk(R)) to smart meter.
Step 3 and 4 are Authentication process.
5. After mutual authenticate on by smart meter and control
center, smart meter generates a secret key Skey and its hash
H(skey). Skey is encrypted with control center public key
pk(R) and a whole string is encrypted again with private key
sk(I) of smart meter and send to control center.
6. Control center calculates hash of all data in each step and
final hash value is sent to smart meter.

Fig. 2: Initial Experiment Result

A. Security of the proposed protocol

The Protocol is enough secure when smart meter key is
not compromised. There is no chance of attacker to penetrate
the network and get the data as man in the middle attack
and replay attack. If smart meter key is compromised then
Authentication seems to be compromised as Intruder just
copies it and forwards to the receiver. In this case sender can
not predict that it has come from actual receiver or Intruder.
But in next step when control center demands for secret key
In this case intruder can not send the secret key in absence of
private key of smart meter. But here is one chance is that if
Intruder copies the previous encrypted key then it can use as
secret key attack with previous key. Since secret key does not

frequently change so if control center makes database of hash

of secret key and able to verify whether it is previous key or
not, then it helps survivability from attacks. Since secret key
is not compromised then there is no chance of compromise
of session key so protocol remains free from attack. So the
protocol is also secure for insider attack even if smart key is


E. Smart meter program

Smart meter socket program runs on ubuntu 12.04 LTS.
Its sends signal for communication with certain port. For time
calculation we measure clock time at beginning and end of
program. The difference of clock time gives time elapsed to
run the protocol. The program is waiting for signals so network
bandwidth also affects the performance of protocol. Table
II has 11 reading of time taken by smart meter program at
bootstrapping phase when it communicate with control center.

A. Implementation environment
The implementation has two component corresponding to
smart meter and control center. We assume that smart meter
has a data generator which calculate energy usage and other
electrical parameter. The data generator produces uniformly
distributed active power consumption data with matching time
stamps over tested period of time. Details of implementation
environment listed in Table I.

Operating System
Programming language
Asymmetric chiper
Symmetric cipher
Hash function
Digital Signature

Smart meter
ubuntu 12.04 LTS
RSA(2048 bit)
AES (128 bit)
SHA256 (256 bit)

Control center
Kali Linux 3.4.2
RSA(2048 bit)
AES (128 bit)
SHA256 (256 bit)

TABLE I: Implementation Environment

B. Experimental Setup
We modeled control center as Intel i5 cpu 4200 3.1 GHZ
with 2GB RAM machine running KALI Linux and Intel Atom
N570 1.66 GHZ with 2GB RAM running ubuntu 12.04 LTS as
smart meter. For Communication TCP/IP with 1 Gbs LAN connectivity is used. We have written a socket program for smart
meter and also for control center in python. We use pycrypto
library for cryptographic operation. Performance of program
calculation is done by python time function timeit.timeit().
C. Cryptographic Overhead calculation
In following experiments we focus on performance of smart
meter. We want to calculate cryptographic overhead come
when bootstrapping protocol runs on smart meter. Smart meter
and control center runs on one of the port after communication
releases the port. Our analysis only focus on performance of
protocol with different machines. It is an ideal environment
and we can assume a similar time is to take when real smart
meter and control center work.
D. Performance Calculation
Performance of program Calculation is done by python
time function timeit.timeit(). Time function timeit.timeit is
benchmark for time calculation. The clock give time elapsed
to run the protocol with different time calculation functions.
CPU spent time calculation done by time.clock() function.
Wall clock calculation is done by time.time() function. CPU
% is percentage of cpu utilization that instant when program
is running.

SL. No.

Program time

CPU time

Wall Clock time



TABLE II: Smart meter time calculation (in sec.)

Average time consumed by smart meter to run proposed
protocol is found to be 0.009 sec. It is calculated when smart
meter communicates with control center. It may increase by
a small value when control center communicates with large
number of smart meters.
F. Control center program
Control center socket program runs on Kali Linux. It
receives signal for communication with certain port. For time
calculation we measure clock time at beginning and end of
program. The difference of clock time gives time elapsed to run
the protocol. Table III has 10 reading of time taken by control
center program at bootstrapping phase when it communicate
with smart meter.
SL. No.

Program time

CPU time

Wall Clock time



TABLE III: Control center time calculation (in sec.)

Average time consumed by Control center to run proposed
protocol is found to be 0.000356 sec. It is calculated when
control center communicates with smart meter. It may also

slightly increase when control center needs to communicates

with large number of smart meters.






Fig. 3: Smart meter program output





Fig. 4: Control center program output




This proposed protocol is useful in securing the communication between smart meter and smart grid. This protocol
is based on four keys and is sufficient to tolerate any attack
found in AMI infrastructure. It is an ideal key management
system. The proposed protocol not only authenticates the
control center and smart meter but also securely exchange
the session key between them for secure communication. The
protocol is secure and no attacks were found during its security
analysis. The average time taken taken by smart meter and
control center to run the protocol were found to be 0.009 sec
and 0.000356 secs respectively which very less compared to
many existing protocols. This protocol can be implemented
irrespective of knowledge of processor speed, memory, and
security algorithm. If processor speed and memory is enough
then we can take larger key length for enhanced security, but
if processor speed and memory is not enough then we may
take shorter key length by continuously changing the secret
key taken from smart meter within short interval of time.


Nian Liu, Jinshan Chen, Lin Zhu, Jianhua Zhang and Yanling He A Key
Management Scheme for Secure Communications of Advanced Metering
Infrastructure in Smart Grid IEEE transactions on industrial electronics,
VOL. 60, NO. 10, OCTOBER 2013.
Zhong Fan, Parag Kulkarni, Sedat Gormus, Costas Efthymiou, Georgios
Kalogridis, Mahesh Sooriyabandara, Ziming Zhu, Sangarapillai Lambotharan, and Woon Hau Chin Smart Grid Communications: Overview
of Research Challenges, Solutions, and Standardization Activities IEEE
communications surveys tutorials, VOL. 15, no. 1, 2013.







NIST framework and roadmap for smart grid interoperability standards .

Proc. of IEEE International Conference on Smart Grid Communication
(Smart- GridComm), 2009.
A. Hahn and M. Govindarasu Cyber attack exposure evaluation framework for the smart grid, IEEE Trans. Smart Grid, vol. 2, no. 4, pp.835
-843 2011 .
Y. Ye, Q. Yi and S. Hamid A secure and reliable in-network collaborative communication scheme for advanced metering infrastructure in
smart grid, Proc. IEEE WCNC, pp.909 -914 2011.
R. Shein Security measures for advanced metering infrastructure components, Proc. APPEEC, pp.1 -3 2010.
Z. M. Fadlullah , M. M. Fouda , N. Kato , A. Takeuchi , N. Iwasaki
and Y. Nozaki Toward intelligent machine-to-machine communications
in smart grid, IEEE Commun. Mag., vol. 49, no. 4, pp.60 -65 2011.
L. Veltri et al., A novel batch-based group key management protocol applied to the Internet of Things, Ad Hoc Netw. (2013),
Rakesh Bobba, Himanshu Khurana, Musab AlTurki and Farhana Ashraf
PBES: A Policy Based Encryption System with Application to Data
Sharing in the Power Grid, ACM 2009.
G. N. Ericsson Cyber security and power system communicationEssential parts of a smart grid infrastructure, IEEE Trans. Power Del., vol.
25, no. 3, pp.1501 -1507 2010.
Amit Aggarwal, Swathi Kunta, and Pramode K.Verma, A Proposed
Communications Infrastructure for the Smart Grid IEEE 2010.
Acar T., M. Belenkiy, C. Ellison, L.Nguyen, Key Management in Distributed Systems,Extreme Computing Group, Microsoft Research, Microsoft, Key Lifecycle Management.pdf, 2011.
Nabeel, M., Zage, J., Kerr, S., Bertino, E., Kulatunga, N. A., Navaratne,
U. S., Duren M. Cryptographic Key Management for Smart Power
Grids-Approaches and Issues. arXiv preprint arXiv:1206.3880. 2012.
Khurana, Himanshu, Mark Hadley, Ning Lu, and Deborah A. Frincke.
Smart-grid security issues. Security Privacy, IEEE 8, no. 1 (2010):
McLaughlin, Stephen, Dmitry Podkuiko, Sergei Miadzvezhanka, Adam
Delozier, and Patrick McDaniel. Multi-vendor penetration testing in the
advanced metering infrastructure. In Proceedings of the 26th Annual
Computer Security Applications Conference, pp. 107-116. ACM, 2010.
Hsu, Ping-Hai, Wenshiang Tang, Chiakai Tsai, and Bo-Chao Cheng.
Two-layer security scheme for AMI system in Taiwan. In Parallel
and Distributed Processing with Applications Workshops (ISPAW), 2011
Ninth IEEE International Symposium on, pp. 105-110. IEEE, 2011.
David von Oheimb IT Security architecture approaches for Smart
Metering and Smart Grid Siemens Corporate Technology, Munich,
Germany, 2012.
Andres Molina-Markham, Prashant Shenoy, Kevin Fu, Emmanuel Cecchet, David Irwin Private Memoirs of a Smart Meter ACM , 2010.
Breaking Down Silos: the value of a standards-based approach to smart
metering and smart grid Utilities White Paper, CISCO, October 2013. or
Ruj Sushmita, and Amiya Nayak. A Decentralized Security Framework for Data Aggregation and Access Control in Smart Grids. IEEE
Transaction (2013): 1-10.
Scyther User manual.,