An Efficient Blockchain-based Hierarchical Authentication Mechanism for Energy Trading in V2G Environment

Vehicle-to-grid (V2G) networks have emerged as a new technology in modern electric power transmission networks. It allows bi-directional flow of communication and electricity between electric vehicles (EVs) and the Smart Grid (SG), in order to provide more sophisticated energy trading. However, due to the involvement of a huge amount of trading data and the presence of untrusted entities in the visiting networks, the underlying V2G infrastructure suffers from various security and privacy challenges. Although, several solutions have been proposed in the literature to address these problems, issues like lack of mutual authentication and anonymity, incapability to protect against several attack vectors, generation of huge overhead, and dependency on centralized infrastructures make security and privacy issues even more challenging. To address the above mentioned problems, in this paper, we propose a blockchain oriented hierarchical authentication mechanism for rewarding EVs. The overall process is broadly classified into the following phases: 1) System Initialization, 2) Registration, 3) Hierarchical Mutual Authentication, and 4) Consensus; wherein blockchain's distributed ledger has been employed for transaction execution in distributed V2G environments while Elliptic curve cryptography (ECC) has been used for hierarchical authentication. The designed hierarchical authentication mechanism has been employed to preserve the anonymity of EVs and support mutual authentication between EVs, charging stations (CSs) and the central aggregator (CAG). Additionally, it also supports minimal communicational and computational overheads on resource constrained EVs. Further, formal security verification of the proposed scheme on widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool validates its safeness against different security attacks.



There are no comments yet.


page 1


When Energy Trading meets Blockchain in Electrical Power System: The State of the Art

With the rapid growth of renewable energy resources, the energy trading ...

An Energy Efficient Authentication Scheme using Chebyshev Chaotic Map for Smart Grid Environment

As one of the important applications of Smart grid, charging between ele...

LiSA: A Lightweight and Secure Authentication Mechanism for Smart Metering Infrastructure

Smart metering infrastructure (SMI) is the core component of the smart g...

Blockchain-based Lightweight Authentication Mechanism for Vehicular Fog Infrastructure

With the increasing development of advanced communication technologies, ...

Harness the Power of DERs for Secure Communications in Electric Energy Systems

Electric energy systems are undergoing significant changes to improve sy...

Security Services Using Blockchains: A State of the Art Survey

This article surveys blockchain-based approaches for several security se...

B-ETS: A Trusted Blockchain-based Emissions Trading System for Vehicle-to-Vehicle Networks

Urban areas are negatively impacted by Carbon Dioxide (CO2 ) and Nitroge...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

With the rapid proliferation of Information and Communication Technologies (ICT), smart grids (SGs) are gaining tremendous attention. It uses bi-directional flow of information and electrical energy to create an intelligent and widely distributed automated energy networks. As an important component, Vehicle-to-Grid (V2G) networks have emerged, wherein electric vehicles (EVs) interacts with SGs, especially for energy trading. Here, EVs with surplus energy perform charge and discharge operations in order to balance the power demand of SGs [1]. However, due to the association of vehicle mobility, charging and discharging operations, and limited communication range, the information shared across EVs and other V2G entities face significant security and privacy risks. Thus, EVs, which play a key role in energy transportation and management, may not be willing to participate in energy trading. In order to encourage EVs in energy trade-off, it is prevalent to design a secure, efficient, and reliable authentication mechanism for energy trading in V2G setups.
Recently, several cryptographic schemes based on authentication, physical layer protection, and encryption have been proposed for SGs. For example, Odelu et al. [2] proposed a secure authenticated key agreement scheme for SG, which provides privacy and session-key security under the Canetti-Krawczyk adversary model. Eiza et al. [3] designed an efficient, secure and privacy-preserving proxy mobile IPv6 (PMIPv6) protocol to address the security and privacy concerns of mobile IP communications in V2G networks. In a similar direction, Wu et al. [4] utilized elliptic curve cryptography (ECC) to propose a secure and lightweight agreement mechanism for SG. In order to assure the confidentiality and integrity of V2G connections, Abdallah and Shen [5] designed a lightweight authentication and privacy-preserving scheme where EVs are allowed to generate their own pseudonym identities for protecting their private information. Likewise, Kumar et al. [6] designed a hybrid cryptography based authentication and key agreement scheme to facilitate mutual trust between the legitimate entities in smart energy networks. In order to provision the authentication between EVs and smart meters, Wazid et al. [7] devised a three-factor user authentication scheme for SG environments based on lightweight cryptographic primitives such as one-way hash functions, bitwise XOR operations and ECC. Similarly, Gope and Sikdar [8] used physically uncloneable functions and one-way hash functions to develop a privacy-aware authenticated key agreement scheme for SG communications. In order to address the security and privacy issues in the V2G networks, Shen et al. [9] proposed a robust key agreement protocol by leveraging hash functions and bitwise exclusive-OR operations.
Although several authentication schemes have been proposed, most of them are deemed unfit for resource constrained V2G setups since they depend on public-key cryptosystems, cannot ensure security against insider attacks, lacks anonymity, incur high communication and computation costs, and moreover suffer from problems like single point of failure and privacy leakage [10]. In order to support an adequate level of security in V2G setups, a promising blockchain technology has been introduced because of its high potential to support decentralization, anonymity, trust, and integrity, with a moderate cost. It is a peer-to-peer (P2P) distributed ledger technology that maintains transactional data across several systems in a verifiable and permanent manner. It adopts multiple means such as data encryption, automated scripts, distributed consensus, time stamping, and economic incentives in order to improve the security, intelligence, storage, and management while solving the problems of high costs and inefficiency, that are common in traditional centralized energy trading systems.
In this direction, several authors used blockchain for solving the security and privacy concerns in decentralized SG environments. For example, Guan et al. [11] proposed a blockchain based privacy-preserving and data aggregation scheme for secure communications in SG, where Bloom filter was adopted to realize the fast authentication. Likewise, Wang et al. [12] designed an efficient anonymous rewarding scheme which employs digital signature, ring signature, encryption, blockchain, and Monero to satisfy the security requirements of V2G networks. In a similar direction, Liu et al. [13] devised a cross-domain authentication scheme, where consortium blockchain and SM9, an identity-based cryptographic algorithm, was employed to provide the required level of security and privacy in V2G networks. In order to address the security and privacy challenges caused by untrusted parties, Li et al. [14] proposed a consortium blockchain based solution for secure energy trading in Industrial Internet of Things (IIoT). Moreover, they also proposed a credit-based payment scheme to support a fast and frequent P2P trading of energy; wherein Stackelberg game was used to decide the optimal pricing strategy. Similarly, Kang et al. [15] also deployed a consortium blockchain technology to address the security and privacy issues in P2P energy trading among EVs. Likewise, Aitzhan and Svetinovic [16] also addressed the security and privacy issues of energy trading data using blockchain, multi-signatures, and anonymous message propagation streams. Although several schemes have been proposed in the literature, they may not work well due to the lack of mutual authentication between a communicating parties and inability to preserve their anonymity. Thus, in this paper we employ a combination of ECC and blockchain for secure and anonymous energy trading in V2G setups.

I-a Contributions

Key contributions of this research work are illustrated below:

  • We present an effective blockchain based hierarchical authentication mechanism for secure and anonymous energy trading in V2G setups. Here, blockchain’s distributed ledger is employed for transaction execution in distributed V2G environments while ECC is used for hierarchical authentication.

  • The hierarchical authentication mechanism has been designed to preserve the anonymity of EVs and support mutual authentication between the EVs, charging stations (CSs) and central aggregator (CAG). Additionally, it also supports minimal communicational and computational overheads on resource constrained EVs.

  • We also justify the performance of the proposed scheme on the widely acceptable AVISPA tool and establish the reduced burden on EVs for participating in secure V2G energy trading mechanism.

I-B Organization

The rest of the manuscript is structured in accordance with the following sequence: Section II presents the high level description of the proposed system model followed by the proposed scheme in Section III. The detailed security analysis of the proposed scheme along with extensive performance assessment are presented in Section IV. Finally, Section V concludes the proposed work.

Ii System Model

This section illustrates the high level view of the considered V2G scenario with different entities helping in forming and maintaining the distributed ledger.

Fig. 1 depicts the systematic diagram of the proposed scheme with different components of the considered ecosystem and their corresponding execution steps. As evidenced from the figure, the considered setup is comprised of four core entities namely-EVs, CSs, CAG, and the blockchain network. The fleet of EVs are distributed energy sources that help in maintaining the SG’s stability either by injecting or withdrawing energy from the grid. These V2G services help in stabilizing the SG’s operations in both peak and off-peak hours. Hence, SG imparts incentives to the EVs for participating in the regulatory process. On the other hand the EVs’ charge and discharge their respective batteries at dedicated charging points available at the CS level. These CSs are equipped with smart meters (to keep track of the amount of energy withdrawn/injected) and record the current electricity prices. Thus, CSs know the amount of rewards that needs to be paid to an EV for participating in the regulatory mechanism and is responsible for generating the related transactions. Above all, the CAG is the central authority that validates the transactions created by CSs and maintains the entire blockchain network (with the help of CSs). Additionally, it is also responsible for registering legitimate a nd illegitimate EVs and CSs. Here, the blockchain network helps in transmitting the rewards to designated EVs in a secure and anonymous manner.

Fig. 1: Systematic diagram of the proposed scheme.

The foremost step in the proposed V2G energy-trading process is the system initialization wherein CAG releases the public parameters for implementing the cryptographic functions. In the next step, EVs and CSs register themselves with the CAG and obtain their respective pseudo identity. These identities of EVs correspond to their address on the global ledger. Additionally, the CAG is also responsible for generating public-private key pairs for all EVs, CSs and itself. For secure energy trading, the CSs accept an EV’s request to participate post successful mutual authentication between itself, the EV and the CAG. Once the authenticity is established, the CS provides charging/discharging services to the designated EV and generates the corresponding reward results. The results are transferred to the CAG which verifies the transaction and writes a block to the ledger using the practical byzantine fault tolerance (PBFT) mechanism. With consensus establishment, the reward is transferred to the designated EV and a receipt is sent to the EV by the CS.

Iii Proposed Scheme

The overall process of blockchain based hierarchical authentication mechanism for rewarding EVs can be broadly classified into the following phases: 1) System Initialization, 2) Registration, 3) Hierarchical Mutual Authentication, and 4) Consensus. The detailed information about these phases is summarized as follows:

Phase 1: System Initialization Phase

During this phase, the CAG prepares the V2G environment for subsequent phases as follows:

Step 1: The CAG selects an elliptic curve with base point and a large prime number .

Step 2: Using the above parameters, the CAG generates its private key . Following this, the CAG employ a ECC multiplicative operation over to generate its public key as follows: .

Step 3: The CAG publishes all the public parameters including: , , , , and the one-way collision resistant hash function .

Phase 2: Registration

This phase involves the registration of the legitimate EVs and CSs at the CAG level over a secure channel. The process of registering an EV and a CS is identical. Hence, this sub-section elaborates the registration process for the EV. The pictorial representation of this process can be found in Fig. 2.

-Generates time stamp
-Extracts and from
-Check the availability of in
its repository
-Allocates unique Id to EV
-Generates a random secret key ()
-Computes its public key
-Stores and
-Saves and
Fig. 2: An illustration of the EV’s registration process.

Step 1: EV selects an identity for uniquely presenting itself. This identity could be EV’s license number or it vehicle identification number issued by the auto-mobile company. Next, the EV generates the current time stamp and computes the token .

Step 2: The value of the token is then transmitted to the CAG over the secure channel.

Step 3: Upon receiving the token value, the CAG extracts and . Following this, it validates the time stamp and proceeds further only if it is within the permissible range.

Step 4: The CAG verifies the existence of in its repository and revocation list. A match found in its repository indicates that the EV has been registered earlier. On the other hand, a match in the revocation list denotes that the EV is illegitimate and should not be registered. In either cases, the connection is terminated.

Step 5: In this step, the CAG accepts the EV’s request for registration and generates a public-private key pair ( & ) for it using ECC.

Step 6: The CAG also computes a pseudo identity for the EV as follows: . Finally, the computed keys and pseudo identity are trasmitted to the EV over the secure channel.

Step 7: The CAG stores the and values; while EV stores the and values.

Phase 3: Hierarchical Mutual Authentication

During this phase, the EV mutually authenticates the CAG using the CS before commencing any transaction. The proposed authentication mechanism relies on inexpensive ECC, one-way hash functions, and concatenation operations, and is referred to as the hierarchical authentication mechanism. The detailed execution process is illustrated in Fig. 3 and described in detail as follows:

-Select a random number
-Generate time stamp
-Extract , and
-Generate time stamp
-Validate time stamp
-If same, EV is marked authentic; else tear down the connection
-Select a random number
-Generate time stamp
                                                             -Validate time stamp and
                                                             -If same, CS and EV are marked authentic; else connection
                                                             -Generate time stamp
-Validate time stamp
-If same, CAG is marked authentic; else tear down the connection
-Validate time stamp
-If same, CAG is marked authentic; else tear down the connection
Fig. 3: An illustration of the proposed mutual authentication phase based on hierarchical approach.

Step 1: This phase is initiated by the

, moment

connects to the charging point at the CS and begins to charge or discharge its battery for effective demand response and ancillary services. In order to initiate the process, the CS selects a random number and generates a time stamp . Subsequently, it computes using ECC multiplicative operation over and . Finally, the CS generates the first message and relays the same to the EV for further processing.

Step 2: On receiving , the EV extracts the pseudo identity of the CS () along with and . It then validates if it is within the permissible time frame. Using this, the EV computes using its private key and received . Next, it generates the time stamp and computes two tokens for authenticating the CS () and the CAG (), respectively.

Step 3: Finally, the transmits the message to the CS with the following tokens .

Step 4: The CS initiates the process to check the authenticity of the EV as follows. Initially, its validates the time stamp and proceeds only if its within the permissible time window. Next, it computes the intermediate authentication token and compares its value with the received token . A matched value establishes the authenticity of the EV and a mismatch indicates a malicious entity leading to connection termination.

Step 5: In the former scenario, the CS continues with the authentication process and proceeds with generating an authentication token for the CAG as follows. Firstly, it generates a random number and then computes and . Next, it generates the time stamp and using the above mentioned values computes a token for CAG to authenticate the CSs . Its values is equivalent to . It is worth mentioning here that this token also encapsulates the authentication token for the CAG transmitted by the EV. Finally, the CS transmits message to the CAG with  , and  tokens.

Step 6: In response to the received message, the CAG initially validates the and . It next computes the intermediate authentication tokens and . Finally, it cross verifies the correctness of against . Identical values, establish the authenticity of both the EV and CS, and the process proceeds further; otherwise the connection is terminated.

Step 7: In this step, the CAG generates a token for the EV and CS, referred as using time stamp and token . Next it relays the message to the CS.

Step 8: The CS then validates the received time stamp and correctness of the authentication token . Valid result prove the authentication of the CAG and the received token are then transmitted to the for further processing along with .

Step 9: The EV repeats the above process and mutually validates the authenticity of the CAG with the received token.

Phase 4: Consensus Mechanism

The proposed secure and anonymous energy trading mechanism employ the advantages of the PBFT consensus mechanism for maintaining the global ledger. The transaction of reward to the participating EVs from the utility is accomplished in accordance with the following steps:

Step 1: In the considered V2G scenario, it is assumed that the CSs are equipped with sufficient computational and communicational resources; wherein CSs have the ability to write a block to the ledger.

Step 2: Let us assume, a total of CSs are registered with the CAG. Amongst these CSs, one is selected as the “Speaker” and rest are marked as “Congressmen”. The primary role of the “Speaker” is to organise the consensus mechanism while staying away from the voting process involved in consensus. The selected speaker is liable to conduct consensus for approximately turns. The selection of the speaker amongst the available CS candidates is based on the following rule: . Here, the variables and refer to the selected speaker and height of the current block, respectively.

Step 3: After successful authentication and availing V2G services, the CS relays the transaction details to the CAG; which then broadcast the details to all the CSs on the blockchain network. The CSs then store the transaction details in their respective memories prior to transferring them to the ledger.

Step 4: Post time intervals, the block containing the transaction details is created which then undergoes the voting process carried out by the speaker. In the initial run, the speaker request congressmen to cast their votes.

Step 5: Following this, the congressmen casts their respective votes. On the basis of the received response from congressmen, the speaker reaches a consensus to finally publish the block with the transaction details on the global ledger.

Iv Results and Discussion

In this section, the performance of the proposed scheme is extensively assessed in terms of different evaluation metrics such as security features support, formal security verification, and computational and communicational overhead analysis. The detailed description is mentioned as follows.

A. Security feature evaluation

The proposed blockchain based hierarchical authentication mechanism supports the following security features: mutual authentication, anonymity of CSs, EVs and CAG, unforgeability, unlinkability and limited operations for the EVs. Further, it also provides replay protection with forward secrecy and prevents identity spoofing.

B. Formal security verification

In order to validate the safeness of the designed hierarchical authentication protocol (as detailed in Phase 3 of the proposed scheme), it has been subjected to an open source suite of applications named AVISPA. The tool is extensively used by the research community to validate and verify the security goals of any designed protocol against a rich source of attack vectors provided by AVISPA’s back-ends namely-on the fly model checker (OFMC), CL-based attack searcher (CL-AtSe), SAT-based model checker (SATMC), and tree automata-based protocol analyzer (TA4SP). Additionally, AVISPA is also employed to trace any security flaw in the designed protocol and devise different methods to remove it. Further, AVISPA accepts the input in the form of a role-based language known as high level protocol specification language (HLPSL). Using this language, the different entities involved in the designed protocol are expressed as different roles which interact amongst each other to trigger different transactions. For instance, in the considered scheme, EVs, CSs and CAG were portrayed as different roles and the execution flow, as depicted in Fig. 3, as different transactions. The result of executing these transactions on OFMC and CL-AtSe back-ends lead to the “Safe” results as shown in Fig. 4. This clearly indicates that the proposed hierarchical authentication mechanism based on blockchain is safe to be executed on real-time test beds.

% OFMC % Version of 2006/02/13 SUMMARY SAFE DETAILS BOUNDED_NUMBER_OF_ SESSIONS PROTOCOL /home/span/Hierarchical.if GOAL as_specified BACKEND OFMC COMMENTS STATISTICS parseTime: 0.00s searchTime: 0.32s visitedNodes: 40 nodes depth: 4 plies SUMMARY SAFE DETAILS BOUNDED_NUMBER_OF_ SESSIONS TYPED_MODEL PROTOCOL /home/span/Hierarchical.if GOAL As Specified BACKEND CL-AtSe STATISTICS Analysed : 0 states Reachable : 0 states Translation: 0.24 seconds Computation: 0.00 seconds
Fig. 4: Evaluation of mutual authentication based on hierarchical approach on AVISPA.

C. Analysis of Computation and Communication Overhead

In this section, we analysis the computational and communication overhead across the three entities involved in the mutual authentication process based on hierarchical approach. It is evident from the description given in Section III that EVs, CSs and CAG participate in hierarchical authentication for mutually authenticating each other before the services could be availed/provided by the EVs and rewards could be granted in return. In the overall process, the considered entities incur computational and communicational expenses. Hence, this section elaborates the same in detail. The computational expenses incurred by the EVs, CSs and CAG could be attributed to the number of cryptographic operations performed in the overall process. Here, the most significant operation encompasses ECC multiplication (ECM) operations followed by one-way hash (Hash) operations. Fig. 5 depicts the relative comparison between the chosen entities on the basis of number of ECM and Hash operations. It is evident from the obtained results that the least number of cryptographic operations are executed by the resource constrained EVs and computationally busy CAG followed by the CS.

Fig. 5: Overhead analysis.

On the other hand, the communication overhead is expressed in terms of the number of incoming tokens. The higher the number of incoming tokens, the higher is the communicational cost. The related results have been highlighted in Fig. 5 which clearly indicate that the EVs experience the least communication overhead followed by CS and then by CAG. Thus, it can be summarized that the designed hierarchical authentication mechanism not only guarantees enhanced security support but also imposes less overheads on the battery powered EVs.

V Conclusion

With the increasing penetration of EVs in SG scenarios, distributed V2G services have witnessed a major blow in the last couple of years. Recent research statistics indicate that the efficient use of a fleet of EVs is detrimental in managing grid fluctuations. Towards this end, the need to design an efficient and secure energy trading mechanism is of utmost importance. Thus, in this paper, we proposed a blockchain based hierarchical authentication mechanism; wherein the global ledger helps in the secure and anonymous dispatch of rewards to the participating EVs. On the other hand, the proposed hierarchical mechanism helps establish the mutual authenticity of EVs, CSs and the CAG and is a novel attempt in this direction. Further, the obtained results indicate that the proposed mechanism is suitable for V2G scenarios and is apt for resource constrained EVs as it leads to reduced communicational and computational expenses.