An Authenticated Key Establishment Protocol with Perfect Forward Secrecy in Smart Grids

In smart grids, messages exchanged between service providers and smart meters should be authenticated and confidential to prevent threats due to their insecurity. Hence, it is imperative to design a secure authentication and key exchange scheme to create a session key for secure and authenticated transmission of messages. In this paper, we show that the mutual authentication and key establishment protocol presented by Sureshkumar et al. in 2020, which is based on elliptic curve cryptography (ECC), fails to satisfy forward secrecy, while they claimed that it provides perfect forward secrecy. In addition, it will be demonstrated that it is not secure against stolen database attacks of a service provider, which leads to the smart meter impersonation attack and session key exposure.Moreover, we prove that it fails to achieve security against known sessionspecific temporary information attacks. Next, an improved authenticated key establishment protocol to address these vulnerabilities has been proposed. Then, we analyze its security with informal and formal methods, such as BurrowAbadi-Needham (BAN) logic and ProVerif. Finally, with the comparison of security features and computation and communication overhead, we show that it outperforms baseline papers.