Inter
national
J
our
nal
of
Electrical
and
Computer
Engineering
(IJECE)
V
ol.
9,
No.
4,
August
2019,
pp.
2281
2295
ISSN:
2088-8708,
DOI:
10.11591/ijece.v9i4.pp2281-2295
r
2281
Modified
timed
efficient
str
eam
loss-tolerant
authentication
to
secur
e
po
wer
line
communication
Boyce
Sigweni,
Mmoloki
Mangwala,
J
oseph
Chuma
F
aculty
of
Engineering
and
T
echnology
,
Botsw
ana
International
Uni
v
ersity
of
Science
and
T
echnology
Department
of
Electrical
Computer
and
T
elecommunications
Engineering,
Botsw
ana
Article
Inf
o
Article
history:
Recei
v
ed
Sep
24,
2018
Re
vised
Mar
8,
2019
Accepted
Mar
12,
2019
K
eyw
ords:
Load
management
Po
wer
line
communication
Smart
meters
security
TESLA
ABSTRA
CT
This
paper
in
v
estig
ates
the
feasibility
of
T
imed
Ef
ficient
Stream
Loss-tolerant
Authen-
tication
to
serv
e
sec
urity
needs
of
Po
wer
Line
Communication
(PLC)
system.
PLC
netw
ork
has
been
identified
as
the
ideal
choice
to
function
as
the
las
t
mile
netw
ork,
deli
v
er
load
management
messages
to
smart
meters.
Ho
we
v
er
,
there
is
a
need
to
ad-
dress
the
security
concerns
for
load
management
messages
deli
v
ered
o
v
er
po
wer
line
communications.
The
ubiquitous
nature
of
the
po
wer
line
communicat
ion
infrastruc-
ture
e
xposes
load
management
systems
(LMS)
deplo
yed
o
v
er
it
to
a
security
risk.
Or
-
dinarily
,
PLC
net
w
ork
does
not
emplo
y
security
measures
on
which
the
smart
meters
and
data
concentrators
can
depend
on.
Therefore,
the
need
to
pro
vide
a
secure
mech-
anism
for
communication
of
load
management
system
messages
o
v
er
a
PLC
netw
ork.
In
LMS,
source
authentication
is
of
highest
priority
because
we
need
to
respond
only
to
messages
from
an
authenticated
source.
This
is
achi
e
v
ed
by
in
v
estig
ating
suitable
rob
ust
authentication
protocols.
In
this
paper
we
present
modifications
to
T
imed
Ef
fi-
cient
Stream
Loss-tolerant
Authentication
for
secure
aut
hentication
to
secure
messages
for
load
management
o
v
er
PLC.
W
e
sho
w
that
PLC
may
be
us
ed
to
securely
and
ef
fec-
ti
v
ely
deli
v
er
Load
Management
messages
to
smart
meters,
with
minimal
o
v
erhead.
Copyright
c
2019
Institute
of
Advanced
Engineering
and
Science
.
All
rights
r
eserved.
Corresponding
A
uthor:
Bo
yce
Sigweni,
Botsw
ana
International
Uni
v
ersity
of
Science
and
T
echnology
,
Pri
v
ate
Bag
16,
Botsw
ana.
Email:
sigwenib@biust.ac.bw
1.
INTR
ODUCTION
The
introduction
of
smart
meters
enables
electricity
suppliers
to
manage
electricity
demand
ef
fici
ently
,
by
implementing
load
management
systems
(LMS),
thus
coping
with
electricity
demand.
These
LMS
systems
forecast
the
demand
[1,
2,
3]
therefore
advising
on
mitig
ati
ng
steps.
This
demand
w
ould
be
in
terms
of
quantity
and
quality
–which
is
still
increasing
by
the
escalation
of
ne
w
and
more
electronic
de
vices
in
homes
as
popula-
tion
gro
ws.
Prior
to
Smart
grids,
po
wer
suppliers
could
not
suf
ficiently
e
xploit
the
adv
ances
in
communication
and
information
technol
o
gy
to
impro
v
e
the
electri
city
grid’
s
ef
ficienc
y
,
reliability
,
security
,
and
qualit
y
of
ser
-
vice
(QoS).
Smart
grid
addresses
all
these
desired
features
by
modernizing
the
electricity
grid
by
incorporating
of
communication
technologies
[4,
5].
The
term
“smart
grid”
has
been
e
xpanded
from
just
smart
meters,
to
more
focused
on
adv
anced
metering
infrastructure
(AMI)
[6].
Successful
implementation
of
electrical
load
management
system
via
smart
meters
requires
a
s
ecure
communication
channel
which
must
also
be
rob
ust
to
deli
v
er
load
management
commands
such
as
load
redistri-
b
ution,
dimming
of
lights
and
switching
of
f
of
hot
w
ater
ge
ysers.
While,
the
ef
fects
of
transferring
data
at
high
bit
rate
through
the
mains
netw
ork
generates
acceptable
radiated
emission
re
gulated
by
internat
ional
standards.
The
increment
in
s
peed
for
Ne
w
Generation
PLC
may
cause
higher
le
v
els
of
emissions
that
could
be
mitig
ated
J
ournal
homepage:
http://iaescor
e
.com/journals/inde
x.php/IJECE
Evaluation Warning : The document was created with Spire.PDF for Python.
2282
r
ISSN:
2088-8708
through
the
use
T
ime
Re
v
ersal
(TR)
technique
[7].
In
the
load
management
system
source
authentication
is
of
highest
priority
because
we
need
to
respond
only
to
messages
from
an
authenticated
source.
Pri
v
ac
y
is
not
a
priority
for
load
management
messages
because
the
y
are
broadcast
to
e
v
eryone
on
the
netw
ork
to
manage
the
load.
Therefore,
there
is
no
need
to
mak
e
load
management
messages
pri
v
at
e
through
encryption,
b
ut
there
is
a
need
to
respond
only
to
commands
from
authentic
sources
because
of
possible
attacks,
such
as
denial
of
service
(DOS)
[8]
elaborated
in
title-24
[9].
F
or
e
xample
—an
attack
er
could
f
alsify
data
thereby
transmitting
wrong
commands
to
smart
meters
–such
as
“electricity
demand
lo
w”
therefore
users
may
switch
on
non-essential
g
adgets.
This
could
cause
o
v
erloading
that
may
lead
to
grid
instability
or
e
v
en
po
wer
outages,
thus
defeating
the
sole
intended
purpose
of
load
management.
The
scheme
we
present
can
be
used
by
an
y
application
em-
plo
yed
on
PLC
netw
ork
to
authenticate
mess
ages
b
ut
it
is
hea
vi
ly
biased
to
w
ards
PLC
based
load
management
systems.
These
are
systems
that
emplo
y
data
concentrators
and
smart
meter
s
as
the
tw
o
primary
components.
Figure
1
sho
ws
a
typical
po
wer
line
communication
netw
ork
for
adv
anced
metering
infrastructure
(AMI).
Figure
1.
T
ypical
PLC
Netw
ork
[10]
The
rest
of
this
paper
is
or
g
anised
as
follo
ws;
In
section
2.
we
discuss
PLC
channel
characteris
tics,
follo
wed
by
its
security
threats,
risk
management
methods
and
mitig
ation
techniques.
(Both
crypto
and
non-
crypto).
T
imed
Ef
ficient
Stream
Loss-tolerant
Authentication
(TESLA)
scheme
is
presented
in
section
3.,
follo
wed
by
research
methodology
in
section
4.
Modification
to
TESLA
scheme
are
outlined
in
section
4.2.
Finally
,
performance
analysis
and
results
are
presented
in
section
5.
2.
B
A
CKGR
OUND
2.1.
PLC
channel
characteristics
In
PLC
systems,
a
transmit
signal
propag
ating
from
one
location
to
another
suf
fers
from
reflections
at
impedance
discontinuities
along
its
path.
Branching
and
impedance
appearing
at
the
termination
points
are
the
main
source
of
impedance
discontinuity
in
po
wer
line
netw
orks
(PLNs)
gi
vi
ng
rise
to
reflections.
These
mechanisms
are
illustrated
in
Figure
2.
Figure
2.
Propag
ation
mechanism
for
PLC
channels
[4]
Due
to
the
propag
ation
mechanisms
ef
fecti
v
e
in
both
en
vironments,
when
a
signal
is
emitted
by
a
transmitter
,
the
signal
recei
v
ed
at
the
recei
v
er
consists
of
attenuated,
delayed,
and
phase-shifted
replicas
of
the
transmit
signal
leading
to
time
dispersion.
In
communications
community
,
significance
of
time
dispersion
is
quantified
by
a
parameter
call
ed
root-mean-squared
(RMS)
delay
spread.
RMS
delay
spread
for
both
commu-
nication
mediums
is
to
be
discussed
in
a
more
detailed
w
ay
in
the
subsequent
sections.
Besides
time
dispersion
characteristic,
both
wireless
and
PLC
channels
are
time
selecti
v
e.
Mobility
(or
relati
v
e
motion
between
trans-
mitter
and
recei
v
er
from
a
broader
perspecti
v
e)
is
the
main
reason
behind
time
selecti
vity
of
wireless
channels,
whereas
the
reason
for
time
selecti
vity
in
PLC
channels
is
r
elated
to
the
v
arying
impedance
conditions
in
the
Int
J
Elec
&
Comp
Eng,
V
ol.
9,
No.
4,
August
2019
:
2281
–
2295
Evaluation Warning : The document was created with Spire.PDF for Python.
Int
J
Elec
&
Comp
Eng
ISSN:
2088-8708
r
2283
PLN
especially
at
the
termination
points.
T
ime
selecti
vity
is
a
no
t
her
aspect
that
the
study
will
focus
on
.
F
or
digital
communication
systems,
the
most
common
figure
of
merit
is
the
bit
error
rate
(BER)
which
is
directly
related
to
signal-to-noise
ratio
(SNR).
Being
a
function
of
SNR,
BER
can
be
computed
by
only
ha
ving
infor
-
mation
re
g
arding
amplitude
statistics
of
the
recei
v
ed
signal
and
the
noise
characteristics
in
the
communication
channel.
In
this
respect,
amplitude
statistics
and
the
noise
characteristics
of
wireless
and
PLC
channels
are
among
issues
that
the
study
has
focused
on.
Po
wer
line
communication
characteristics
such
as,
frequenc
y-distance-dependent
attenuation
in
lo
w
v
oltage
(L
V),
based
on
e
xtensi
v
e
measurements
is
defined
as:
A
(
f
;
d
)
=
exp((
a
0
a
1
f
k
)
d
)
(1)
where:
f
correspond
to
frequenc
y
of
the
signal,
d
is
the
distance
co
v
ered
by
the
signal
while
a
0
;
a
1
and
k
are
all
cable-dependent
parameters
e
xtracted
by
empirical
measurements
[4,
11]
2.1.1.
Multipath
characteristics
A
complete
characterization
of
the
PLC
channel
can
be
gi
v
en
by
its
channel
frequenc
y
response
(CFR)
as
follo
ws:[4,
11]
H
(
f
)
=
N
X
i
=0
"
K
Y
k
=1
ik
M
Y
m
=1
im
#
A
(
f
;
d
i
)
exp(
j
2
f
i
)
(2)
gi
v
en
that
the
t
otal
number
of
replicas
recei
v
ed
at
the
recei
v
er
is
considered
to
be
limited
to
N
[4,
11]
.
where:
K
and
M
represent
the
number
of
reflection
and
transmission
coef
ficients
correspond
to
the
reflection
coef
ficient
along
the
propag
ation
path,
is
the
transmission
coef
ficient
along
the
propag
ation
path
while
A
(
f
;
di
)
corresponds
to
the
frequenc
y
and
distance-dependent
attenuation
deri
v
ed
from
the
ph
ysical
characteristics
of
the
cable,
and
exp(
j
2
f
i
)
refers
to
the
phase
of
the
i
th
component
due
to
the
time
delay
.
Finally
,
it
is
w
orth
mentioning
that
multiplication
of
’
s
and
’
s
in
(2)
is
referred
as
the
reflection
f
actor
(
j
r
i
j
e
j
i
)
of
a
particular
propag
ation
path.
Note
that
i
,
the
time
delay
,
is
related
to
the
speed
of
propag
ation
within
the
communication
medium,
po
wer
line
cables
in
our
consideration
as
follo
ws:
i
=
d
i
p
r
c
0
(3)
where:
r
is
the
dielectric
constant
of
the
insulation
material
c
0
is
the
speed
of
light
in
v
acuum.
The
time-and
frequenc
y-v
arying
beha
viour
of
a
po
wer
-line
netw
ork
is
the
result
of
v
ariable
impedance
loads
connected
to
its
terminal
points.
An
y
signal
transmitted
through
such
a
netw
ork
is
subject
to
time-v
arying
multipath
f
ading
[12].
In
addition
to
this
basic
frequenc
y
domain-based
PLC
multipath
model,
there
are
other
characterization
approaches,
such
as
—A
matrix-based
approach
for
the
calculation
of
multipath
components
based
upon
the
presented
model
in
PLC
netw
orks
is
gi
v
en
in
[12,
13].
PLC
channel
models
that
are
based
on
treating
the
transmission
line
as
a
tw
o-port
netw
ork
are
gi
v
en
in
[14,
15,
16].
Besides
these
deterministic
models,
some
statistical
PLC
channel
characterization
ef
forts
re
g
arding
attenuation,
mult
ipath-related
parameters,
and
so
forth,
that
consider
the
PLN
as
a
black
box
without
dealing
with
its
attrib
utes
s
uch
as
cable
characteristics,
netw
ork
topology
,
and
so
forth
are
presented
in
[17].
Each
of
these
channel
modeling
approaches
has
some
adv
antages
and
disadv
antages.
F
or
instance,
all
attrib
utes
of
the
PLN
such
as
the
netw
ork
topology
,
cable
distance-frequenc
y-dependent
attenuation
characteristics,
and
termination
impedance
conditions
must
all
be
kno
wn
prior
to
computation
if
a
frequenc
y
or
transmission
line
theory-based
approach
is
to
be
adopted.
Statistical
models
can
be
emplo
yed
if
an
y
information
re
g
arding
the
netw
ork
attrib
utes
cannot
be
acquired
a
priori.
Ho
we
v
er
,
an
e
xtensi
v
e
measurement
campaign
may
be
required
in
order
to
dra
w
statistically
meaningful
conclusions
from
the
data
sets
obtained
from
v
arious
netw
orks
with
dif
ferent
topologies.
Modified
timed
ef
ficient
str
eam
loss-toler
ant...
(Boyce
Sigweni)
Evaluation Warning : The document was created with Spire.PDF for Python.
2284
r
ISSN:
2088-8708
2.2.
Security
thr
eats
A
threat
to
a
Po
wer
Line
communication
system
is
an
y
malicious
occurrence
that
w
ould
ha
v
e
an
unde-
sirable
ef
fect
on
the
assets
and
resources
associated
with
the
po
wer
line
communication.
Netw
ork
threats
tak
e
adv
antage
of
the
distrib
uted
aspects
of
information
transmission
[18,
19]
and
[20].
Amoroso
[21]
cate
gorized
threats
to
a
communication
system
as
follo
ws:
(a)
Denial
of
Service
(DoS)
threat:
The
DoS
threat
arises
when
access
to
the
po
wer
line
communication
chan-
nel
is
intentionally
block
ed
as
a
result
of
malicious
actions
tak
en
by
an
attack
er
.
F
or
e
xample,
someone
could
flood
the
data
concentrators
with
junk
commands
—therefore
pre
v
enting
load
management
mes-
sages
to
be
deli
v
ered
to
smart
meters.
(b)
Inte
grity
threat:
The
inte
grity
thre
at
in
v
olv
es
unauthorized
change
to
information
stored
for
e
xample
on
a
smart
meter
(meter
reading
for
billing
purposes)
or
in
transit
between
the
data
concentrator
and
smart
meter
.
(c)
Disclosure
Threat:
This
in
v
olv
es
the
dissemination
of
pri
v
ate
information.
Protection
of
po
wer
line
com-
munication
system
ag
ainst
unintended
disclosure.
2.3.
Risk
management
methods
Security
risk
for
PLC
based
load
management
programs
can
be
assessed
using
a
risk
management
approach
[9].
This
is
whereby
assets
that
need
protection
are
identified
and
their
sensiti
vity
to
attack
analysed.
There
is
a
need
to
identify
a
possible
source,
strength
and
intent
of
threats,
as
well
as
enumerating
vulnera-
bilities
and
finally
determining
appropriate
mitig
ation
methods.
Hence,
the
need
for
anomaly
detection
and
monitoring
[22].
2.3.1.
P
otential
attacks
Se
v
eral
attack
scenarios
were
considered
to
determine
vulnerabilities,
assets
and
threats.
The
follo
w-
ing
are
some
of
the
attacks
on
a
load
management
system
[18]:
(a)
An
attack
er
could
block
load
reduction
commands,
therefore
pre
v
enting
the
required
reduction
percentage.
Therefore,
resulting
in
forced
load
shedding
or
black
outs.
(b)
An
attack
er
could
broadcast
incorrect
synchronisation
time,
which
can
cause
e
v
ents
to
occur
at
wrong
times,
either
earlier
or
later
than
scheduled.
(c)
An
attack
er
could
modify
the
softw
are
set-point
for
air
-conditioning
unit
in
the
smart
meter
so
that
it
appears
to
be
dra
wing
l
ess
or
no
po
wer
.
This
action
results
in
command
for
load
reduction
being
ignored
by
the
smart
meter
,
therefore
the
unit
is
not
switched
of
f
nor
ha
v
e
its
po
wer
reduced.
(d)
An
attack
er
could
switch
ON
all
the
appliances
(heaters,
air
cons)
controlled
through
the
smart
meter
for
load
management,
causing
an
une
xpected
and
e
xcessi
v
e
load,
leading
to
possible
black
outs
or
e
v
en
grid
instability
.
(e)
In
order
to
anno
y
the
public,
an
attack
er
could
switch
of
f
the
air
conditioning
units
or
set
temperature
thermostat
to
uncomfortable
le
v
els.
(f)
By
flooding
the
netw
ork
with
multiple
requests
for
time
synchronisation,
the
attack
er
can
cause
Denial-
of-Service.
In
the
ne
xt
subsection
we
look
at
non-cryptographic
and
cryptographic
mitig
ation
techniques,
so
that
we
can
e
xplore
w
ays
as
to
ho
w
these
potential
attacks
could
be
mitig
ated
in
PLC
load
management
system.
2.4.
Mitigation
techniques
The
focus
tends
to
be
cryptograph
y
as
the
primary
defence
ag
ainst
attacks
when
the
security
of
infor
-
mation
systems
is
in
question.
Due
to
the
unique
characteristics,
constraints
and
design
of
the
PLC
based
load
management
system,
it
presents
an
opportunity
to
consider
se
v
eral
non-cryptographic
methods.
2.4.1.
Non-cryptographic
mitigation
techniques
The
ideologies
in
v
olv
ed
in
non-cryptographic
mitig
ation
techniques
methods
are
outlined
in
[9]
and
these
include:
(a)
Depending
on
pre
v
ention
(ph
ysical
barrier
around
smart
meters)
as
well
as
detection
(temper
alert
)
mech-
anisms
as
deterre
nts.
Intrusion
detection
system
that
could
be
emplo
yed
on
the
netw
ork;
consists
of
recei
v
ers
placed
on
strate
gic
locations
where
the
y
w
ould
compare
transmitted
data
with
data
the
y
are
recei
ving
to
identify
bogus
transmitters
Int
J
Elec
&
Comp
Eng,
V
ol.
9,
No.
4,
August
2019
:
2281
–
2295
Evaluation Warning : The document was created with Spire.PDF for Python.
Int
J
Elec
&
Comp
Eng
ISSN:
2088-8708
r
2285
(b)
Reducing
the
capability
of
an
attack
er
by
making
the
system
a
v
ailable
only
at
certain
times
or
responds
to
e
xternal
commands
after
some
random
time.
Therefore,
if
an
attack
er
does
something,
it
will
only
tak
e
ef
fect
after
some
time.
Essentially
,
by
that
time
the
breach
w
ould
ha
v
e
been
detected
(as
discussed
in
the
pre
vious
point)
and
acted
upon.
The
capability
of
an
intruder
to
do
damage
could
be
further
reduced
by
setting
the
safe
set-point
for
de
vices
if
one
is
changing
settings
remotely
via
commands.
F
or
e
xample
one
cannot
set
the
temperature
to
unsafe
le
v
els
(too
lo
w
or
too
high)
remotely
.
(c)
Pre
v
enting
messages
that
will
result
in
load
increase
to
be
sent
remotely
,
that
is,
the
system
must
not
be
able
to
send
commands
to
smart
meters
to
switch
appliances
on.
If
appliances
ha
v
e
been
remotely
switched
of
f,
the
customer
could
manually
switch
them
on,
or
ha
v
e
appliances
fitted
with
a
de
vice
that
is
set
to
check
the
smart
meters’
mode.
If
the
demand
is
lo
w
,
the
y
could
automatically
s
witch
on.
Note
that
this
w
ould
be
a
one
w
ay
communication
as
the
smart
meter
w
ould
not
communicate
or
control
these
de
vices,
the
smart
meter
can
only
switch
of
f
the
appliance
b
ut
cannot
turn
it
on
or
instruct
the
de
vice
to
turn
the
appliance
on.
2.4.2.
Cryptographic
mitigation
techniques
There
are
man
y
cryptographic
mitig
ation
techniques
a
v
ailable
to
secure
PLC
for
smart
meters.
These
include
Distrib
uted
Netw
ork
Protocol
(DNP3)
[23],
[24],
X.509
[25],
RSA
[26],
and
TESLA
[27].
All
these
techniques
ha
v
e
dif
ferent
capabilities
and
limitations.
F
or
e
xample;
digitally
signing
each
pack
et
using
X.509
pro
vides
proficient
data
source
authentication.
Unfortunately
,
it
incurs
a
high
o
v
erhead
in
terms
of
time
needed
to
sign
and
v
erify
and
also
in
terms
of
required
bandwidth.
Signature
v
erification
through
X.509
is
compu-
tationally
costly
.
Therefore,
smart
meters
with
their
modest
computation
capabilities
w
ould
be
o
v
erwhelmed
trying
to
v
erify
the
signatures.
F
or
e
xample,
if
an
attack
er
floods
the
netw
ork
with
f
ak
e
pack
ets
containing
theoretically
a
rob
ust
signature.
These
are
some
of
the
reasons
X.509
may
not
ne
suitable
for
the
system.
Security
pro
vided
by
X.509
is
also
not
completely
inf
allible.
Some
researchers
ha
v
e
e
xploited
some
of
its
weaknesses,
e.g.
[26]
demonstrated
that
tw
o
certificates
containing
identical
signatures
can
be
constructed
using
a
collision
attack
on
the
MD5
hash
function.
Distrib
uted
Netw
ork
Protocol
(DNP)
secure
authentication
may
not
be
suitable
for
securing
commu-
nication
o
v
er
PLC
for
smart
meters
due
to
its
k
e
y
management
and
specialisation
e
v
en
though
it
may
be
used
on
smart
grid
[28].
Orte
g
a
et
al
proposed
for
the
DNP3
o
v
er
TCP/IP
for
smart
grid
application.
This
is
not
fea-
sible
for
PLC
due
the
follo
wing:
DNP
Session
K
e
y
is
periodical
ly
changed
and
used
to
calculate
the
HMA
Cs.
The
Update
k
e
y
occupies
the
second
le
v
el
and
is
used
for
encryption
of
the
Session
k
e
y
before
it
is
sent
to
the
remote
de
vice.
F
or
load
management
on
PLC,
DNP
w
ould
place
a
lar
ge
processing
o
v
erhead[29].
Another
dra
wback
of
DNP
Secure
Authentication
if
it
is
used
on
PLC
netw
ork
to
authenticate
load
management
mes-
sages
between
smart
meters
and
data
concentrators,
is
that
when
Update
k
e
ys
are
compromised
or
corrupted,
or
if
the
custodian
of
the
k
e
y
lea
v
es
the
or
g
anisation,
the
po
wer
supplier
has
no
choice
b
ut
to
dispatch
personnel
to
the
remote
de
vices
to
change
the
Update
k
e
y
.
Thousands
or
e
v
en
millions
of
smart
meters
are
connected
on
the
grid,
therefore
pending
remote
do
wnload
of
Update
K
e
ys,
practical
systems
are
restricted
to
perhaps
hundreds
of
de
vices.
DNP
Secure
Authentication
utilises
16-bit
v
alues
for
addresses
and
user
numbers,
thus
presenting
a
scalability
challenge.
Challenge-Handshak
e
Authentication
Protocol
(CHAP)
in
a
smart
grid
system
that
includes
smart
meters
is
not
feasible
[30].
In
the
ne
xt
section
we
therefore
present
TESLA
as
the
most
ef
fecti
v
e
scheme
that
may
be
emplo
yed
to
ef
ficiently
secure
PLC
for
load
management.
TESLA
in
its
modified
form
can
authenticate
pack
ets
immediately
and
due
to
its
lo
w
computational
and
per
-pack
et
communication
o
v
erhead.
3.
TIMED
EFFICIENT
STREAM
LOSS-T
OLERANT
A
UTHENTICA
TION
(TESLA)
TESLA
is
widely
used
to
authenticate
broadcast
messages
[31,
32],
such
as
DoS
attack-tolerant
TESLA-based
broadcast
authent
ication
protocol
in
Internet
of
Things
[33].
W
e
first
present
an
o
v
ervie
w
of
TESLA
by
outlining
properties
that
mak
e
TESLA
suitable
for
securing
PLC
for
load
management
systems.
W
e
then
discuss
threat
model
and
security
guarantee
and
the
modification
to
TESLA
needed
to
secure
load
man-
agement
through
PLC.
These
modifications
include,
using
indirect
time
synchronisation
for
loose
time
syn-
chronisation
to
combat
the
DoS
threat
and
instantaneous
authentication
to
pre
v
ent
delay
.
W
e
selected
TESLA
for
securing
PLC
for
load
management
based
on
its
follo
wing
properties:
Low
per
-pac
k
et
communication
o
verhead
:
The
calculation
of
MA
C
utilises
the
n
m
parameter
[27],
which
is
the
length
of
the
truncated
output
of
the
function.
The
n
m
v
alues
depend
on
the
MA
C
function
Modified
timed
ef
ficient
str
eam
loss-toler
ant...
(Boyce
Sigweni)
Evaluation Warning : The document was created with Spire.PDF for Python.
2286
r
ISSN:
2088-8708
selected,
hence,
per
-pack
et
communication
o
v
erhead
can
be
as
lo
w
as
80
bits.
Low
computation
o
verhead
:
The
primary
reason
for
the
use
of
smart
meters
is
to
sa
v
e
electricity
.
Smart
meters
ha
v
e
limited
or
lo
w
processing
po
wer
which
sa
v
es
electricity
.
Hence,
TESLA
is
ideal
because
of
its
authentication
protocol,
which
is
not
po
wer
hungry
.
It
in
v
olv
es
one
hash
computation
done
on
the
message
and
one
MA
C
function
computation
done
on
the
k
e
y
and
message
per
pack
et.
Therefore,
TESLA
requires
minimal
computational
ef
fort,
therefore
can
be
managed
by
smart
meters
and
data
concentrators.
No
r
eceiver
-side
b
uf
fering
:
Ev
ery
pack
et
will
be
authenticated
as
soon
as
it
arri
v
es
at
the
recei
v
er;
therefore,
there
is
no
need
for
pack
et
b
uf
fering
at
the
recei
v
er
.
P
ack
et
loss
tolerance:
All
pack
ets
recei
v
ed
within
their
time
interv
al
will
be
authenticated
e
v
en
if
the
preceding
pack
et
w
as
lost.
Superior
ass
ur
ance
of
authenti
city
:
Pr
o
vidi
ng
the
cryptographic
and
timi
ng
assumptions
are
enforced
as
the
recei
v
er
has
a
high
pledge
of
authenticity
,
therefore,
the
system
pro
vides
a
formidable
authenticity
.
Scalability
:
There
are
no
ackno
wledgement
s
after
the
initial
set-up
connection
has
been
es
tablished,
therefore,
during
normal
communication
data
flo
ws
only
from
the
sender
to
the
recei
v
er
.
This
entails
that
the
sender’
s
authentication
o
v
erhead
is
not
dependent
on
the
number
of
recei
v
ers;
making
the
scheme
v
ery
scalable.
F
or
instance
it
will
allo
w
one
data
concentrator
to
communicate
with
man
y
smart
meters
as
per
the
current
set-up
for
load
management
were
one
data
concentrator
can
ha
v
e
o
v
er
1000
smart
meters
connected
to
it
[34].
3.1.
Thr
eat
model
and
security
assurance
Smart
meters
are
installed
in
customer
homes,
therefore,
the
o
wners
ha
v
e
unlimited
access
to
smart
meter
in
the
pri
v
ac
y
of
their
homes.
In
addition,
customers
also
ha
v
e
unrestricted
access
to
the
PLC
channel
through
po
wer
points
in
their
houses
where
the
y
plug
their
appliance
s.
W
e
present
a
modified
TESLA
that
is
secure
ag
ainst
a
formidable
adv
ersary
who
by
virtue
of
being
able
to
access
the
channel
and
de
vice
has
the
follo
wing
capabilities:
(a)
The
challenger
has
a
right
to
use
to
a
f
ast
netw
ork
with
insignificant
delay
.
(b)
The
challenger
can
listen
in,
capture,
retransmit,
drop,
hold-up,
and
modify
pack
ets
thereby
ha
ving
full
control
o
v
er
the
PLC
channel.
(c)
The
challenger’
s
computational
resources
may
be
v
ery
formidable,
b
ut
not
unbounded.
In
particular
,
this
means
that
the
adv
ersary
can
perform
ef
ficient
computations,
such
as
computing
a
reasonable
number
of
pseudo-random
function
applications
and
MA
Cs
with
ne
gligible
delay
.
Nonetheless,
the
adv
ersary
cannot
in
v
ert
a
pseudo-random
function
(or
distinguish
it
from
a
random
function)
with
non-ne
gligible
probability
.
3.1.1.
Security
assurance
The
security
assurance
with
this
modified
TESLA
scheme
is
that
the
recei
v
er
should
not
accept
an
y
message
M
j
as
authentic
e
xcept
for
when
M
j
w
as
sent
by
the
alle
ged
sender
.
This
security
assurance
includes
protection
ag
ainst
message
duplication
through
message
numbering
and
time-stamping
and
we
also
address
denial-of-service
(DoS)
attacks.
4.
RESEARCH
METHODOLOGY
4.1.
Repeated
measur
es
design
W
e
used
repeated
design
measures
for
this
study
because
of
—Reduction
in
the
v
ariance
of
results.
This
allo
ws
statistical
inference
to
be
made
with
fe
wer
runs
and
man
y
e
xperiments
can
be
completed
more
quickly
,
as
fe
wer
cases
need
to
be
trained
to
complete
an
entire
e
xperiment.
This
enables
us
to
monitor
ho
w
message
size
change
o
v
er
time
for
both
requests
and
response
messages.
Stra
w-man
reference
design
for
demand
response
information
e
xchange
[35]
i
s
used
to
present
a
guide
to
ho
w
security
is
pro
vided
through
implementation
of
the
proposed
authentication
protocol,
in
the
enabling
services
layer
of
the
load
management
infrastructure.
The
message
is
sent
do
wn
the
stack
to
the
security
layer
which
performs
a
hash
computation
on
the
message
and
k
e
y
and
then
sends
t
he
hashed
message
o
v
er
the
PLC
netw
ork
[36].
When
the
security
layer
at
the
recei
v
er
recei
v
es
the
hashed
message
from
the
PLC
and
authenticates
it
using
disclosed
k
e
y
or
MA
C
(
i.e.
HMA
C-MD5).
If
authentication
is
successful
the
message
is
sent
up
to
the
application
layer
otherwise
it
is
discarded.
The
ne
xt
subsection
sho
w
who
modification
are
made
on
TESLA
for
PLC
security
.
Int
J
Elec
&
Comp
Eng,
V
ol.
9,
No.
4,
August
2019
:
2281
–
2295
Evaluation Warning : The document was created with Spire.PDF for Python.
Int
J
Elec
&
Comp
Eng
ISSN:
2088-8708
r
2287
4.2.
TESLA
modification
f
or
PLC
The
original
TESLA
is
modified
in
se
v
eral
w
ays
to
mak
e
it
ef
ficient
and
practically
suitable
for
PLC
netw
ork
for
Load
Management
via
use
of
Data
concentrators
and
smart
meters.
Smart
meters
are
connected
to
the
data
concentrator
from
dif
ferent
distances
because
some
houses
are
close
to
the
distrib
ution
transformer
while
others
are
quite
a
distance
a
w
ay
.
Therefore,
the
first
modification
is
the
use
of
the
authentication
chains
with
dif
ferent
disclosure
delays
to
cater
for
the
dif
ferent
distances
of
the
smart
meters
from
the
data
concen-
trator
.
Secondly
,
we
present
the
technique
to
support
Instantaneous
Authentication,
implying
that
the
recei
v
er
w
ould
be
able
to
authenticate
a
pack
et
immediately
upon
arri
v
al
without
delay
.
A
data
concentrator
can
be
con-
nected
to
man
y
smart
me
ters.
F
or
e
xample,
Echelon
NES
data
concentrator
[34]
can
connect
o
v
er
1000
smart
meters,
and
o
v
er
4000
other
de
vices.
Therefore,
there
is
the
a
need
for
modifications
to
address
the
scalability
issue
and
vulnerability
,
both
due
to
time
synchronisation
protocol.
In
the
ne
xt
sub-sections,
the
issue
of
smart
meters
being
at
dif
f
erent
distances
a
w
ay
from
the
data
concentrator
resulting
in
dif
ferent
netw
ork
delays
is
addressed
by
emplo
ying
a
space
optimisation
method
whereby
the
data
concentrator
uses
se
v
eral
TESLA
instances
for
one
stream.
T
o
successfully
address
this
issue
we
ha
v
e
to
look
into
time
synchronisation
and
attend
to
the
k
e
y
management
techniques
as
well
as
address
the
vulnerability
that
could
rise
from
use
of
these
methods
and
techniques
and
ho
w
to
eradicate
or
minimise
them.
4.2.1.
Optimal
Disclosur
e
Delay
and
T
ime
Inter
v
al
P
arameters
The
follo
wing
parameters
must
be
determined
by
the
sender
for
optimal
performance
as
per
the
re-
quirements
of
PLC
based
load
management.
These
parameters
are
(
T
int
),
the
interv
al
duration
which
usually
ranges
from
100
milliseconds
to
1
second
e
xpressed
in
milliseconds
and
the
k
e
y
disclosure
delay
(
d
d
)
which
is
the
w
aiting
time
before
the
k
e
y
is
disclosed.
A
good
choice
of
T
int
and
d
d
is
essential
for
the
ef
ficienc
y
of
the
scheme.
F
or
e
xample,
if
the
product
of
T
int
and
d
d
is
too
lar
ge,
it
causes
an
e
xcessi
v
e
delay
in
the
process
of
authentication,
and
when
it
is
too
lo
w
,
it
will
den
y
most
recei
v
ers
the
opportunity
to
v
erify
pack
ets.
The
parameters
T
int
and
d
d
must
not
be
altered
throughout
the
durat
ion
of
a
session
to
pre
v
ent
introduction
of
vulnerabilities.
4.2.2.
Optimal
T
ime
Inter
v
al
T
o
determine
the
optimal
time
interv
al
duration,
the
sender
w
ould
di
vide
the
time
into
st
andardised
interv
als
of
duration
T
int
.
The
numbering
for
the
time
interv
al
s
tarts
at
0
and
incremented
successi
v
ely
.
An
unsigned
32-bit
inte
ger
is
used
to
store
the
interv
al
inde
x.
Therefore,
the
wrapping
to
0
can
only
tak
e
place
after
2
32
interv
als
thus
making
the
system
to
be
v
ery
scalable.
F
or
e
xample,
if:
T
int
=
0
:
5
seconds,
then
the
wrapping
will
only
happen
after
0
:
5
2
32
=
2147483648
s
,
which
translates
to
approximately
just
o
v
er
68
years
before
wrapping
to
0
can
tak
e
place
[27].
4.2.3.
Optimal
Disclosur
e
Delay
T
o
determine
the
optimal
disclosure
delay
in
v
olv
es
a
trade-of
f.
This
is
because
smart
meters
that
are
close
to
the
data
concentrator
ha
v
e
lo
w
netw
ork
delay
,
hence,
demand
short
k
e
y
disclosure
delays
because
it
results
in
short
authentication
delays.
Unfortunately
,
using
a
short
k
e
y
disclosure
delay
means
that
smart
meters
that
are
f
ar
from
the
data
concentrator
(with
long
netw
ork
delay)
will
not
be
accommodated
because
most
of
their
pack
ets
will
arri
v
e
outside
the
set
period
hence
violating
the
set
security
condition.
Therefore,
the
y
will
be
discarded
without
authent
ication.
Emplo
ying
a
long
k
e
y
disclosure
delay
will
resul
t
in
unneces
sary
delay
in
authentication
for
smart
meters
close
to
the
data
concentrator
.
It
is
important
to
note
that
the
security
aspect
of
the
system
is
not
af
fected
whether
long
or
short
k
e
y
discl
osure
delay
is
used.
This
is
mainly
a
performance
f
actor
,
and
performance
is
v
ery
important
for
ef
fecti
v
e
Load
Management.
Ho
w
the
system
will
perform
depends
hea
vily
on
the
c
h
oi
ce
of
the
k
e
y
disclosure
delay
.
W
e
illustrate
ho
w
to
determine
a
k
e
y
disclosure
delay
(
d
d
)
for
a
system
using
indirect
time
synchronisation.
W
e
do
that
by
pro
ving
that
if
the
round
trip
time
(
R
tt
)
is
a
suf
ficient
upper
bound
time
between
the
smart
meter
and
data
concentrator
,
then
the
optimal
choice
for
d
d
is
as
follo
ws;
d
d
=
D
S
R
+
"
T
int
+
1
(4)
where:
T
int
is
the
duration
of
the
interv
al,
D
S
R
is
a
suf
ficient
upper
bound
on
netw
ork
delay
for
pack
ets
tra
v
ersing
from
sender
Modified
timed
ef
ficient
str
eam
loss-toler
ant...
(Boyce
Sigweni)
Evaluation Warning : The document was created with Spire.PDF for Python.
2288
r
ISSN:
2088-8708
to
recei
v
er
and
"
T
ime
synchronisation
error
sum
for
both
sender
to
recei
v
er
T
o
deri
v
e
the
disclosure
delay
we
first
ha
v
e
to
mak
e
sure
it
does
not
mak
e
pack
ets
to
violate
the
security
conditions.
W
e
tak
e
into
account
a
pack
et
P
j
created
in
the
time
interv
al
I
i
and
the
k
e
y
will
be
disclosed
d
d
time
interv
als
later
,
when
the
pack
et
P
j
at
the
recei
v
er
its
local
time
is
gi
v
en
as
equal
to
l
T
R
,
thus
the
security
condition
is
that:
d
d
>
l
T
R
+
T
n
T
int
I
i
(5)
where:
T
int
is
the
duration
of
the
interv
al,
T
n
is
the
be
ginning
of
the
n
th
time
interv
al
and
T
ime
synchronisation
error
sum
(full
round-trip
time).
W
e
use
the
assumption
the
pack
et
P
j
w
as
sent
when
the
senders’
local
time
w
as
l
T
S
,
hence:
l
T
S
<
T
int
=
(
I
i
T
int
)
+
T
n
+
T
int
,
therefore
the
round
trip
time
R
tt
=
D
S
R
+
D
R
S
,
with
D
R
S
denoting
the
netw
ork
delay
from
the
recei
v
er
to
the
sender
.
Using
the
deri
v
ation
from
Perrig
et.
al.
[37]
referring
to
Figure
3,
Resulting
in
eqn
D
S
R
=
l
S
R
+
l
T
S
.
Finally
we
ha
v
e
a
tight
bound
for
d
d
satisfying
equation
4
and
this
d
d
af
fords
most
pack
ets
the
opportunity
to
meet
the
set
security
condition
and
the
recei
v
er
w
ould
not
ha
v
e
to
w
ait
longer
than
necessary
before
authenticating
the
pack
ets.
The
optimal
d
d
does
not
solv
e
the
issue
that
smart
meters
are
at
dif
ferent
distances
a
w
ay
from
the
data
concentrator
.
It
is
just
the
best
time
for
meters
at
one
particular
distance.
T
o
address
this
issue,
one
approach
w
ould
be
to
use
multiple
TESLA
instances
and
treat
them
independently
each
with
its
o
wn
k
e
y
,
hence
d
d
.
Unfortunately
this
approach
results
in
unmanageable
communication
o
v
erhead
because
of
this
multiple
k
e
ys
for
each
instance.
In
the
ne
xt
section
we
present
an
optimisation
that
reduces
the
space
o
v
erhead
of
multiple
instances
by
using
the
same
k
e
y
chain
with
a
dif
ferent
k
e
y
schedule
for
all
instances
[27].
R
t
3
t
2
t
1
t
S
t
∆
δ
Figure
3.
Recei
v
er
and
Sender
delays
[37]
4.2.4.
Multiple
concurr
ent
TESLA
instances
The
core
idea
for
this
technique
is
to
mak
e
use
of
the
same
k
e
y
b
ut
a
dif
ferent
schedule
for
all
instances
as
an
alternati
v
e
to
utilising
one
self-determining
k
e
y
chain
for
each
instance.
It
w
orks
as
follo
ws;
all
instances
for
a
stream
share
the
same
k
e
y
chain
and
the
same
time
interv
al
period.
That
is
each
time
interv
al
I
i
,
is
associated
with
the
corresponding
k
e
y
K
i
,
in
the
pro
vided
k
e
y
chain.
Therefore,
we
can
e
xpect
K
i
to
be
re
v
ealed
in
the
time
interv
al
I
i
.
Figure
4
depicts
an
e
xample
of
ho
w
multiple
instances
could
be
arranged
to
be
used
for
concurrent
TESLA
instances.
In
this
case
there
are
tw
o
TESLA
instances,
ha
ving
a
k
e
y
disclosure
time
of
one
interv
al
and
the
other
fi
v
e
interv
als
[27].
In
Figure
4
the
bottom
ro
w
of
k
e
ys
sho
ws
the
k
e
y
re
v
ealing
plan.
It
sho
ws
which
k
e
y
is
re
v
ealed
at
which
time
interv
al.
The
top
and
middle
ro
ws
of
k
e
y
sho
w
the
k
e
y
schedule
of
the
tw
o
instances,
the
latter
being
the
first
instance
while
the
former
being
the
second
instance.
F
ollo
wing
this
method,
the
sender
needs
only
to
disclose
Int
J
Elec
&
Comp
Eng,
V
ol.
9,
No.
4,
August
2019
:
2281
–
2295
Evaluation Warning : The document was created with Spire.PDF for Python.
Int
J
Elec
&
Comp
Eng
ISSN:
2088-8708
r
2289
one
k
e
y
chain
inspite
of
ho
w
man
y
instances
are
used
concurrently
.
This
technique
al
lo
ws
space
sa
ving.
F
or
e
xample,
if
each
k
e
y
is
16
bytes
long,
then
for
a
stream
with
n
concurrent
instances,
this
method
will
conserv
e
16(
n
-
1)
bytes
per
pack
et
and
for
small
pack
ets
such
as
the
ones
used
for
PLC
Load
Management.
This
is
a
significant
sa
ving.
Using
concurrent
instances
also
helps
in
achie
ving
scalability
.
One
issue
to
consider
is
the
vulnerability
of
the
TESLA
due
to
the
mechanism
emplo
yed
for
the
k
e
y
chain
reconstruction
at
the
recei
v
er
.
First,
the
recei
v
er
must
check
if
the
k
e
y
chain
arri
v
ed
within
the
stipulated
time
interv
al.
If
that
time
has
e
xpired
then
the
pack
et
is
discarded
els
e
the
recei
v
er
will
try
to
v
erify
the
k
e
y
re
v
ealed
in
the
pack
et
by
putting
into
operation
the
pseudo-random
function
until
the
v
ery
last
committed
k
e
y
chain
v
alue.
This
operation
can
be
e
xploited
by
an
attack
er
who
w
ould
timestamp
their
pack
et
with
a
time
f
ar
in
the
future.
Therefore,
when
the
recei
v
er
checks
if
the
time
has
e
xpired
it
will
find
that
the
time
is
still
v
alid
and
therefore
attempts
to
v
erify
the
k
e
y
,
pre
v
enting
it
from
v
erifying
the
le
gitimate
pack
ets.
That
results
in
denial
of
service
for
deserving
pack
ets.
A
no
v
el
approach
to
deal
with
this
is
to
ha
v
e
lo
wer
and
upper
time
limits
for
pack
ets
so
that
if
a
pack
et
is
sent
with
future
timestamp
it
is
dropped
[27].
Figure
4.
Recei
v
er
and
Sender
k
e
y
delays
[37]
4.3.
PLC
TESLA
instantaneous
authentication
Basic
TESLA
requires
the
recei
v
er
to
b
uf
fer
pack
ets
before
the
y
can
be
authenticated.
This
is
becaus
e
the
sender
sends
the
k
e
y
required
for
authentication
at
a
later
stage.
This
delayed
authentication
is
not
suitable
for
Load
Management
because
monitoring
and
control
command
actions
need
to
be
carried
out
in
real-time.
F
or
e
xample,
if
the
grid
is
e
xperiencing
some
instability
,
the
information
must
be
relayed
immediately
to
the
control
centre
without
delay
.
Also,
if
the
load
e
xceeds
supply
and
needs
to
switch
of
f
non-critical
b
ut
high
po
wer
consuming
de
vices
such
as
heaters,
that
action
must
happen
immediately
without
delay
or
there
will
be
the
risk
of
po
wer
outages
while
w
aiting
for
the
command
to
switch
of
f
de
vices
to
be
authenticated.
This
delayed
authentication
also
causes
storage
problems,
requiring
data
conce
n
t
rators
and
smart
m
e-
ters
to
ha
v
e
lar
ge
memories
to
store
these
pack
ets
while
the
y
are
w
aiting
to
be
authenti
cated.
The
other
disad-
v
antage
of
this
delayed
authentication
is
that
it
mak
es
the
system
to
be
vulnerable
to
Denial-of-Service
attack.
It
is
because
of
the
reasons
abo
v
e
that
modific
ations
to
the
original
TESLA
are
required
so
that
pack
ets
can
be
authenticated
instantaneously
upon
arri
v
al
with
no
delay
.
Therefore,
this
eliminates
the
need
for
b
uf
fering
at
the
recei
v
er
side,
thus
reducing
the
risk
of
DoS
attack
where
the
attack
er
floods
the
recei
v
er
with
spurious
pack
ets.
As
it
w
ould
be
seen
later
in
this
section,
this
modification
comes
at
a
cost
of
at
least
one
e
xtra
hash
per
pack
et
and
the
need
for
b
uf
fering
at
the
sender
side.
This
is
acceptable
since
it
does
not
induce
the
risk
of
DoS
(by
flooding),
or
introduce
significant
delay
.
In
this
method,
sender
b
uf
fering
replaces
recei
v
er
b
uf
fering.
The
sender
b
uf
fers
pack
ets
during
one
disclosure
delay
so
that
it
can
put
the
hash
v
alue
of
the
data
of
the
ne
xt
pack
et
in
an
earlier
pack
et.
Therefore,
the
instant
the
earlier
pack
et
is
authenticated
the
ne
xt
pack
et
will
be
authenticated
as
soon
as
it
arri
v
es
at
the
recei
v
er
through
its
hash
v
alue
that
w
as
contained
in
the
earlier
pack
et
thus
achie
ving
instant
authentication
with
no
more
delays.
T
o
simplify
the
illustration
of
ho
w
this
is
achie
v
ed,
we
assume
that
the
sender
will
send
out
a
constant
number
n
of
pack
ets
per
time
interv
al.
Figure
5
sho
ws
ho
w
a
pack
et
for
the
message
se
gment
M
j
in
the
interv
al
T
j
is
constructed.
The
hash
v
alue
of
the
ne
xt
message
M
j
+
v
d
is
appended
to
the
current
message,
that
is
H
(
M
j
+
v
d
)
is
appended
to
M
j
.
The
sender
then
calculates
the
MA
C
v
alue
o
v
er
the
k
e
y
K
i
together
with
H
(
M
j
+
v
d
)
to
get
M
AC
(
K
i
;
D
j
)
where
D
j
=
H
(
M
j
+
v
d
)
jj
M
j
(note
that
jj
means
that
messages
are
concatenated).
Modified
timed
ef
ficient
str
eam
loss-toler
ant...
(Boyce
Sigweni)
Evaluation Warning : The document was created with Spire.PDF for Python.
2290
r
ISSN:
2088-8708
j
M
)
(
v
d
j
M
H
+
)
,
(
'
j
i
D
K
M
A
C
d
i
K
−
v
d
j
M
+
)
(
2
v
d
j
M
H
+
)
,
(
'
v
d
j
d
i
D
K
M
A
C
+
+
i
K
j
P
v
d
j
P
+
j
D
v
d
j
M
2
+
)
(
3
v
d
j
M
H
+
)
,
(
2
'
2
v
d
j
d
i
D
K
M
A
C
+
+
d
i
K
+
v
d
j
P
2
+
Figure
5.
Instantaneous
P
ack
et
Authentication[36]
W
ith
reference
to
Figure
5,
the
technique
for
instantaneous
authentication
for
the
pack
et
P
j
+
v
d
is
as
follo
ws;
P
j
incorporates
a
hash
of
the
data
M
j
+
v
d
and
this
data
is
in
P
j
+
v
d
and
if
P
j
has
been
authenticated
it
implies
that
H
(
M
j
+
v
d
)
is
also
authentic.
Therefore
,
the
message
M
j
+
v
d
is
authenticated
immediately
,
hence
using
the
same
technique.
The
ne
xt
pack
et
P
j
+2
v
d
w
ould
also
be
authenticated
immediately
,
so
will
the
ne
xt
pack
et.
If
a
pack
et
is
lost
or
discarded
then
the
ne
xt
pack
et
w
ould
not
be
authenticated
immediately
b
ut
w
ould
be
authenticated
later
through
its
MA
C
v
alue.
F
or
e
xample,
if
P
j
w
as
lost
or
discarded,
then
P
j
+
v
d
w
ould
not
be
authenticated
immediately
b
ut
will
be
authenticated
as
soon
as
the
ne
xt
pack
et
P
j
+2
v
d
arri
v
es.
.
It
will
be
authenticated
t
hrough
its
MA
C
v
alue
because
upon
arri
v
al
pack
ets
disclose
the
k
e
y
of
the
pre
vious
pack
et,
therefore
P
j
+2
v
d
w
ould
disclose
the
k
e
y
K
i
+
d
which
w
as
used
for
P
j
+
v
d
MA
C
v
alue,
therefore
P
j
+
v
d
w
ould
then
be
authenticated.
Delayed
authentication
can
be
easily
be
o
v
ercome
by
incorporating
hashes
of
multiple
future
messages.
This
can
easily
be
done
in
PLC
Load
Management
because
all
the
messages
and
their
sequence
of
transmission
is
kno
wn.
This
is
a
technique
similar
to
Ef
ficient
Multi-chained
Stream
Signature
(EMSS)
[38],
and
the
introduced
message
o
v
erhead
is
ne
gligible.
Using
multiple
hashes
eliminat
es
the
need
to
send
pack
ets
at
a
constant
rate
which
is
dif
ficult
in
a
hostile
en
vironment
lik
e
PLC.
4.3.1.
Indir
ect
time
synchr
onisation
f
or
load
management
via
PLC
Complicated
time
synchronisation
protocols
are
a
v
ailable
b
ut
the
y
require
considerable
m
anagement
o
v
erhead,
these
are
protocols
such
as
the
Netw
ork
T
ime
Protocol
(NTP)
[39],
whi
ch
ha
v
e
a
high
comple
xity
and
attain
properties
electrical
load
management
via
PLC
do
not
in
v
olv
e.
Loose
time
synchronisation
is
an
essential
component
in
TES
LA
b
ut
also
a
security
Achilles’
heel,
due
to
the
mechanism
for
time
synchronisation
which
mak
es
the
system
vulnerable
to
DoS
through
netw
ork
flooding
wi
th
requests
for
synchronisation.
It
is
for
this
reason
t
hat
we
present
a
modified
TESLA
time
synchronisation
protocol
that
is
simple
and
yet
secure,
that
will
meet
the
modest
requirements
of
Load
Management
via
smart
metering
through
a
PLC
channel.
The
sender
(data
concentrator)
and
each
recei
v
er
(
smart
meter)
must
synchronise
independently
se-
curely
through
an
e
xternal
time
reference,
when
Indirec
t
T
ime
Synchronisation
(ITS)
is
used.
T
o
achie
v
e
this
synchronisation
se
v
eral
options
are
a
v
ailable:
(a)
Senders
and
recei
v
ers
could
synchronise
via
NTPv3,
NTPv4
(Netw
ork
T
ime
Protocol
v
ersion3
/4)
[39]
or
SNTPv4
(Simple
Netw
ork
T
i
me
Protocol
v
ersion
4)
hierarch
y
of
serv
ers
[40].
Unfortunately
,
this
cannot
be
adopted
for
synchronisation
of
smart
meters
and
data
concentrators
because
for
load
management
via
PLC
the
g
ate
w
ay
for
smart
meters
is
the
data
concentrator;
therefore,
smart
meters
cannot
ha
v
e
an
independent
path
direct
to
the
serv
ers.
(b)
The
s
econd
option
which
w
ould
guarantee
direct
access
for
both
sender
and
recei
v
er
to
e
xternal
time
reference
w
ould
be
for
the
sender
and
recei
v
er
to
synchronise
via
a
GPS
system
or
an
y
simil
ar
de
vice
that
can
pro
vide
a
high
precision
time
reference.
Unfortunately
,
spoofing
attacks
on
the
GPS
system
ha
v
e
been
reported
[41]
therefore
the
le
v
el
of
security
required
for
PLC
load
management
cannot
be
guaranteed
when
synchronisation
is
achie
v
ed
through
GPS.
(c)
The
other
option,
we
adopt
for
PLC
based
load
management
system
is
whereby
a
dedicated
hardw
are
is
embedded
in
each
recei
v
er
and
the
sender
that
pro
vides
a
clock
that
has
a
time-drift
that
is
ne
gligible
in-terms
of
the
time
accurac
y
requirement
for
TESLA.
T
o
deal
with
this
insignificant
clock
drift
an
yw
ay
,
the
de
vice
mak
es
it
possible
for
the
sender
and
recei
v
er
to
ha
v
e
their
embedded
clock
to
be
synchronised
with
the
of
ficial
time
reference
periodically
.
This
can
be
done
during
equipment
servicing
interv
al
or
after
a
period
of
kno
wn
maximum
allo
wed
clock
drift
and
thereafter
left
to
be
autonomous.
That
is,
the
de
vice
w
ould
continuously
consult
its
internal
clock
which
has
minimal
clock
drift.
Int
J
Elec
&
Comp
Eng,
V
ol.
9,
No.
4,
August
2019
:
2281
–
2295
Evaluation Warning : The document was created with Spire.PDF for Python.