2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable
Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovations
A Lightweight Anonymous Mobile User
Authentication Scheme for Smart Grid
1st Bin Yang
School of Computer Software
Tianjin University
Tianjin, China
ybin@tju.edu.cn
3rd Xianjiao Zeng
Tianjin Key Laboratory of Advanced Networking (TANK)
Tianjin University
Tianjin, China
1348713825@qq.com
5th Yao Zhang
Tianjin Key Laboratory of Advanced Networking (TANK)
Tianjin University
Tianjin, China
708844250@qq.com
Abstract—Smart Grid (SG) technology has been developing
for years, which facilitates users with portable access to power
through being applied in numerous application scenarios, one of
which is the electric vehicle charging. In order to ensure the se-
curity of the charging process, users need authenticating with the
smart meter for the subsequent communication. Although there
are many researches in this field, few of which have endeavored
to protect the anonymity and the untraceability of users during
the authentication. Further, some studies consider the problem
of user anonymity, but they are non-light-weight protocols, even
some can not assure any fairness in key agreement. In this
paper, we first points out that existing authentication schemes
for Smart Grid are neither lack of critical security nor short
of important property such as untraceability, then we propose
a new two-factor lightweight user authentication scheme based
on password and biometric. The authentication process of the
proposed scheme includes four message exchanges among the
user mobile, smart meter and the cloud server, and then a security
one-time session key is generated for the followed communication
process. Moreover, the scheme has some new features, such as the
protection of the user’s anonymity and untraceability. Security
analysis shows that our proposed scheme can resist various
well-known attacks and the performance analysis shows that
compared to other three schemes, our scheme is more lightweight,
secure and efficient.
Index Terms—smart grid, cloud server, two-factor user authen-
tication, lightweight encryption, anonymous and untraceability
I. I NTRODUCTION
With the continuous progress of the rapid development of
social economy, science and technology, human beings are
more and more inseparable from the support and the help of
978-1-5386-9380-3/18/$31.00 ©2018 IEEE
DOI 10.1109/SmartWorld.2018.00152
2nd Guangquan Xu*
Tianjin Key Laboratory of Advanced Networking (TANK)
Tianjin University
Tianjin, China
losin@tju.edu.cn
4th Jia Liu
Tianjin Key Laboratory of Advanced Networking (TANK)
Tianjin University
Tianjin, China
304349145@qq.com
high-tech products in daily life. However, the normal use of
high-tech products cannot be separated from stable electric
power support, which means that human beings need strong
and reliable power supply. Driven by this huge demand for
electricity, Smart Grid (SG) is the inevitable product which
is attracting more and more attention from governments,
power companies and research institutions. In the last two
years, it has become the research focus in the field of power
transmission, control equipment and communication security
[1].
SG is a new type of power grid with advanced sensor
measurement technology, communication technology, infor-
mation technology, computer technology and control technol-
ogy, which based on the physical grid. Compared with the
traditional power grid, the most important point of smart grid
is data interaction. The data flow and the energy flow among
the SG is shown in Fig 1. Through the large data platform
with cloud computing technology, technicians can observe the
state of the power flow in the whole network, which makes
the grid more intelligent. The enhancement of data interaction
is a double-edged sword. While SG bringing many benefits to
the society, it faces more security problems [2] and challenges
[3]. For example, the protection of power grid user privacy, the
security of data communication, the authentication of power
grid equipment, the authentication of user identity, etc., and
the most critical issue is the authentication of SG. And recent
years, electric vehicle charging becomes one of the emerging
applications of SG [4], [5].
In this paper, to solve the security problem between the
smart meter and the user mobile, taking the architecture of
821
 QHZHQHUJ\
YHKLFOH tools to perceive the complex grids. However, our concern is
the issue of the user authentication under SG environment.
Fouda et al. [14] proposed a lightweight message au-
LQWHOOLJHQW
thentication scheme as a basic yet crucial component for
KRXVH V\VWHP secure SG communication framework. It used the Diffie-
Hellman key establishment protocol and hash-based message
authentication scheme. Since smart meters (SM) and other
FKDUJLQJ power equipments are installed in fixed sites for use, the
VWDWLRQ
FLYLOV\VWHPV authentication information will not change because of the
different user identity, so it is impossible to achieve the
identity authentication of mobile users. Jo et al. [15] proposed
VPDUW lightweight privacy preserving metering protocols by design-
FRQWURO FHQWHU
ing a distributed authentication method to further increase the
speed of the message authentication process. The protocols
were found to authenticate reply messages quickly by using
FRDOILUHG
HOHFWULFLW the distributed verification method. He et al. [16] proposed
LQGXVWULDO a mechanism to efficiently resist Denial-of-Service (DoS)
V\VWHPV
attacks, and some suggestions to the security protocol were
designed for different application categories. They introduced
some novel mechanisms so that some security features such as
availability, privacy preservation, and scalability requirements
ZLQGJHQHUDWHG GLVWULEXWLQJ
can be met. Tsai and Lo [17] proposed an anonymous key
WUDQVPLVVLRQ
HOHFWULFLW VXEVWDWLRQ
V\VWHP V\VWHP distribution scheme for SG, the scheme can help the smart
(QHUJ\IORZ
meter and the service provider mutually authenticate with
'DWDIORZ each other using an identity-based signature and identity-based
encryption. But it cannot against the ephemeral secret leakage
Fig. 1. Smart Grid. attack, and it fails to provide the privacy of the smart meter.
Soon after, Odelu et al. [18] made some improvements to Tsai
and Lo’s protocol. Jo et al.’s protocols [19] aim at the privacy-
the SG into account , we propose a new idea to solve the user preserving in the SG. Saxena et al. propose an authentication
authentication, which called the multi-server authentication. and authorization scheme for mitigating outsider and insider
We propose a mutual authentication scheme among the user’s threats in the SG by verifying the user authorization and
mobile device, the smart meter and the cloud server, which is performing the user authentication together whenever a user
efficient as it only uses the lightweight encryption method. The accesses the devices [26]. Vaidya et al. propose a lightweight
scheme will help the user’s mobile devices and smart meters and efficient solution for Substation-level authentication using
communicate safely and reliably. And the infrastructure based server-aided verification mechanism, it can help IEDs and
on the cloud server can reduce latency, improve security and other resource-constrained devices authenticate by any remote
provide reliability in SG [6], [7]. users. [27] To a certain extent, their scheme can solve the
The paper is organized as follows. We provide a survey of authentication problem, however, neither of them has taken
some existing schemes in Section II. In Section III, we present into account the protection of the user’s untraceability.
the detail of our new user’s mobile device authentication Our scheme got inspiration from the protocol that He et
scheme in the scenario of the SG. Then we provide the security al. presented in [25], which is a secure and light-weight
analysis of our scheme in Section IV and the performance authentication scheme with user anonymity. This protocol
analysis of our scheme in Section V. We finally conclude this applies to mobile roaming scenarios, and it does not have
paper in Section VI. the ability to protect the user’s anonymity and untraceability
effectively. Simultaneously, it also has a bad effect against
II. R ELATED W ORK forgery attacks.
Overall, to overcome these drawbacks and limitations, we
Recently, a lot of researches have been done for the se- propose a new two-factor user authentication scheme based on
curity in the SG network, such as the device and network password and biometric for SG environment.
authentication [8], [9]. And the paper [10] aims at dynamic
price management, the paper [11] devotes to the attribute- III. M OBILE U SER AUTHENTICATION
based encryption scheme, the paper [12] exploits deep learning In this section, we propose a new authentication scheme
techniques to recognize the behavior features of false data for SG, where a user Ui and a smart meter SMj authenticate
injection attacks in real-time, the paper [13] used the big data each other through the cloud server CSK in the network. Fig 2
techniques random matrix theory and motivates data-driven shows the detail of the network model for a energy based SG

822
environment. After the successful authentication between the NT A and hand out it to all the cloud server through the
Ui and the SMj , a session key SKij will be established for asymmetric encryption system established.
their future secure communications.
B. Registration phase
To access SMj , Ui needs to register at the trusted authority
securely in person or via a secure channel. The steps of the
&ORXG6HYHU registration phase are given below.
8WLOLW\
FRPSDQ\ 1) Step REG1: Ui first chooses a unique identity ID and a
secure collision resistant hash function h (.)(We assume that
is SHA−3 [20] hash function), then Ui computes the IDi =
h (ID) and sends the registration request IDi , h (.) to the
trusted authority through a secure channel.
6PDUWPHWHU
2) Step REG2: When the trusted authority receives the
registration from the Ui , the trusted authority computes the
&KDUJLQJVWDWLRQ T Ki = h (IDi ||Ri ) and the SKi = h(IDi ||NT A ), where the
8VHUZLWK Ri is random values generated by the trusted authority and
0RELOHGHYLFH
the NT A is generated during the phase of Pre-deployment.
'DWDIORZ
(QHUJ\IORZ After that, the trusted authority generates a set of pseudo-IDS
P ID = {pid1 , pid2 ...}, pidj ∈ P ID.Then T A computes the
Fig. 2. The network model for SG environment. pidj = T Ki ⊕ (IDi ||mi )NT A , the mi is one of a series of
secret random number generated by the trusted authority and
There are four entities to be involved: the trusted authority is used for deriving the pseudo-ID pidj . We note that every mi
(T A), the cloud server (CS), the user’s mobile device (M D) is different from others and the mi do not need to be stored.
and the smart meter (SM ). The scheme includes six phases: At last, the trusted authority sends a smart card to the M Di
1) Pre-deployment; 2) Registration phase; 3) Login phase; in a secure channel, which includes {T Ki , SKi , h (.) , P ID}.
4) Authentication phase; 5) Session key update phase; 6) 3) Step REG3: After the M Di receives the smart card, it
Password and biometric change phase; The notations listed asks the user to enter a password P Wi and imprint personal
in Table I are used in our scheme. We assumed that all the biometrics BIOi at the sensor of M Di , then the M Di
network entities are synchronized with their clocks. computes the RP Wi = h (P Wi ||ni ) and applies the fuzzy
extractor probabilistic generation function Gen (.) to generate
TABLE I the secret biometric key σi and the corresponding public
N OTATION USED IN THIS PAPER parameter τi . The ni is a random secret generated by the
M Di . The detail of the function Gen (.) and the Rep (.) will
Notation Description be found in [24]. Next, the M Di will compute:
TA Trusted authority
Ui , SMj ith user and j th smart meter SKi ∗ = h (IDi ||RP Wi ||σi ) ⊕ SKi (1)
M D, IDi , P Wi Ui ’s mobile device, identity and password
TA Timestamp generated by an entity A CIi = h (IDi ||RP Wi ||σi ) ⊕ T Ki (2)
(X)K Encrypting a message X using a symmetric key K BIi = h (IDi ||σi ) ⊕ ni (3)
EK (X) Encrypting a message X using a asymmetric key K
h (.) A one-way hash function Hi = h (T Ki ) (4)
|| A concatenation operator
⊕ XOR operator Finally, the M Di replaces T Ki , SKi with the {BIi , CIi , Hi }
Gen (.) Fuzzy extractor probabilistic generation procedure and the SKi ∗ , simultaneously, the M Di enters the
Rep (.) Fuzzy extractor deterministic reproduction procedure
σi Biometric secret key of Ui τi to the smart card. So the smart card contains
τi Public reproduction parameter of Ui {BIi , CIi , Hi , SKi ∗ , h (.) , P ID, τi } now.
C. Login phase
When the user approach to the smart meter, and he/she
A. Pre-deployment want his/her automobile to get charged, so he/she needs to
In this phase, each smart meter chooses a private key SSM , get the authentication from the SM through CS before the
and each cloud server chooses a private key SCS , and then they SM begins to provide charging service. The following steps
compute the public key PSM and the PCS , then the CertSM are executed in the login phase by the M Di .
for the smart meter and the CertCS for the cloud server 1) Step L1: The M Di first asks the user Ui to provide
should be certified by the trusted authority. The certificate his/her identity IDi , and then asks the user to input password
Cert contains the identity ID and the public key P . In this P Wi ∗ into the M Di by the mobile device’s peripherals.
paper, we suggest that the Elliptic Curve Cryptosystem (ECC) Finally it let the user imprint his/her biometric BIOi ∗ at the
will be used in the asymmetric encryption part. Meanwhile, sensor of the M Di . After that, the MD will obtain the user’s
the trusted authority will generate a l-bits secret random values input {IDi , P Wi ∗ , BIOi ∗ }.

823
 2) Step L2: The M Di first extracts the biometric key
σi ∗ = Rep (BIOi ∗ , τi ), then M Di figures out the ni ∗ =
BIi ⊕ h (IDi ||σi ∗ ), RP Wi ∗ =h (P Wi ∗ ||ni ∗ ), T Ki ∗ =
h (IDi ||RP Wi ∗ ||σi ∗ ) ⊕ CIi and Hi ∗ = h (T Ki ∗ ). After the
computations, M Di checks whether the Hi ∗ = Hi holds or
not. If it holds, the user passes both password and the biometric
verification. Otherwise, the session will be terminated.
3) Step L3: At the final of the phase, the IDi computes the
SKi = h(IDi ||RP Wi ||σi ) ⊕ SKi ∗ while generating a times-
tamp TM D and a secret random number χ0 . Then the M Di
computes the L = h (TM D ⊕ SKi ) as the user’s temporary
key and generates the E = (h (IDi ) ||IDSM ||χ0 )L .Then the
M Di chooses one of the unused pseudo identities pidj ∈
P ID to compute the s = pidj ⊕ T Ki ∗ . After that, the
IDi sends a login message m1 = {s, E, TM U } to the smart
meter which the user wants to get charged. We note that
the symmetric encryption algorithm we used at this paper is
Advanced Encryption Standard (AES).
D. Authentication phase
This phase (shown in Fig 3) helps establish a session key
between user and the smart meter. After the SM receiving the
login message m1 , the following steps are executed.
1) Step ACK1: SM first checks the timeliness of TM D
by the condition |TM D − TM D ∗ | < ΔT , where ΔT is the
maximum transmission delay be defined in advance and the
TM D ∗ is the time when the m1 arrive at the SM . If it holds,
the SM computers the n = s ⊕ IDCS , where the IDCS is
the identity ID of the cloud server that the SM belonging
to. Then it signs the message h(n, E, TM D , TSM , CertSM )
using its private key, where the TSM is a timestamp generated
by the SM . Finally, the SM sends the message m2 =
{n, E, TM D , TSM , ESSM (h(n, E, TM D , TSM , CertSM )),
CertSM } to the cloud server.
2) Step ACK2: With the message m2 arriving at the CS,
the CS verifies the timestamp TSM using the procedure
introduced in Step ACK1. Then it checks whether the cer-
tification CertSM is valid or not. At the last, it verifies the
signature using SM ’s public key. If among the three TSM ,
CertSM or the signature is invalid, the CS will drop the
message. Otherwise, the CS computes the n ⊕ IDCS to get
the (IDi ||mi )NT A .The CS decrypts (IDi ||mi )NT A with the
NT A stored formerly, so that the CS will get the user’s identity
IDi . Subsequently, the CS verifies whether the user is a legal
user through the IDi . If it is invalid, the CS will terminate
the execution.
3) Step ACK3: In this step, the session key will be es-
tablished and sent to the corresponding SM . Firstly, the CS
generates L = h (TM D ⊕ h(IDi ||NT A )) and it uses the L
to decrypt the E, then the CS will obtain h (IDi ), IDSM
and χ0 . After performing the above operation, CS checks the
IDSM and the identity stored in CertSM . If it does not hold,
the session will be terminated. Otherwise, the CS computes
the W = EPSM (h (n ⊕ IDCS ) ||χ0 ) and signs the message
ESCS (h (W, TCS , CertCS )), where the TCS is a timestamp
generated by the CS. Subsequently, CS sends the message
824
m3 = {W, TCS , CertCS , ESCS (h(W, TCS , CertCS ))} to the
corresponding SM .
4) Step ACK4: After receiving the m3 from the CS,
the SM checks the timestamp TCS and verifies the signa-
ture using the CS ’s public key. If one of them do not
meet the validity requirements, the message will be rejected.
Otherwise, the SM decrypts the W using its private key
to obtain the h (n ⊕ IDF S ) and χ0 . Thus, SM can com-
pute the session key k = h (h (n ⊕ IDCS ) ||χ0 ) and the
m4 = (T CertM D ||h (χ0 ||ρ0 ) ||ρ0 )k , where the T CertM D is
a message that includes lifetime and other information of the
session and the ρ0 is a random number generated by the CS.
At last, the SM sends the m4 to the M Di .
5) Step ACK5: Finally, the M Di receives the m4 , and it
generates the k using the s and the χ0 , which are stored in its
RAM. So it can decrypt the m4 to obtain the T CertM D and
the ρ0 . Meanwhile, the M Di can computer the h (χ0 ||ρ0 ),
which χ0 is stored in its RAM. And the M Di compares it
with the h (χ0 ||ρ0 ) received. If it does not hold, the SM is not
certified, and the M Di will terminate the process. Otherwise,
the M Di has finished the authentication to the SM by the
CS and a session key is established between the M Di and
the SM .
IV. S ECURITY A NALYSIS
This section shows the ability of our protocol to resist
various well-known attacks, and it is essential to offer a secure
communication environment in SG. We follow the well-know
random oracle model to prove the safety of our scheme. The
interaction of adversaries and protocol participants is achieved
through the query of the oracles, which mimics the adversary’s
ability in real attacks. For more details on the threat model,
please refer to [22].
A. Our scheme achieves the mutual authentication mecha-
nism.
1) : In the absence of symmetric encryption keys and the
password are security, the attacker cannot impersonate the user
to cheat the SM .
To accomplish this goal, the attacker need to obtain the
correct value of the s by querying the random oracle. In our
design, the s adopts password-based symmetric encryption
protection. CS can extract IDi from s and verify its validity.
This means that the calculation using the wrong encryption
key can be detected. Therefore, the probatilistic advantage for
an attacker to successfully forging this message is csend
|D| , and
csend is the times of the attacker performs send queries, and
|D| is the size of the password dictionary. This probability is
unavoidable in the password-based protocol.
2) : Without obtaining the symmetric encryption key, no
attacker can imitate to generate a common session key with
the mobile user in the last step.
Assume that an attacker can forge an effective
(T CertSK ||h (χ0 ||ρ0 ) ||ρ0 )k to communication with the
mobile user without obtaining a symmetric encryption key
and a password. There are two ways for the attacker to achieve
 0RELOH'HYLFH0' 6PDUW0HWHU60 &ORXG6HUYHU&6

0^V (  708 `
*HQHUDWH 70'  F
­Q (  70'  760  &HUW60  °½
&RPSXWH 6. L K  ,'L __ 53:L __ V L  † 6. L 0 °® ¾
°¯ (660  K  Q (  70'  760  &HUW60   °¿
/ K 70' † 6. L  &KHFN _ 70'  70' _ '7 "
(QFU\SW (  K  ,'L  __ ,'60 __ F   &RPSXWH Q V † ,')6
/
&KRRVH SLG M  3,' *HQHUDWH 760 9HULI\ 760  &HUW60 
&RPSXWH V SLG M † 7. L 6LJQ K  Q (  70'  760  &HUW60 
(660  K  Q (  70'  760  &HUW60  
&RPSXWH Q † ,'&6
'HFU\SW  ,'L __ PL  1 7$

9HULI\ " ,'L

&RPSXWH / K 70' † K ,'L __ 17$  
9HULI\ 7&6  (6&6  K :  7&6  &HUW&6   'HFU\SW (  K  ,'L  __ ,'60 __ F  
/
&RPSXWH N K  K  V  __ F   &KHFN " ,'60
'HFU\SW : (3  K  Q † ,'&6  __ F  
'HFU\SW 7&HUW0' __ K  F  __ U  __ U  60 *HQHUDWH 7&6
N
&RPSXWHDQGYHULI\ K  F  __ U  *HQHUDWH 7&HUW0'  U  &RPSXWH : (3  K  Q † ,'&6  __ F  
60

&RPSXWH N K  K  Q † ,'&6  __ F   6LJQ (6  K :  7&6  &HUW&6  

&6
(QFU\SW 7&HUW0' __ K  F  __ U   __ U

­°:  7&6  &HUW&6  ½°

0 ® ¾
0 7&HUW0' __ K  F  __ U  __ U N ¯° 6&6 
( K :  7&6  &HUW&6  ¿
Fig. 3. The process of the mutual authentication.
this purpose, One is that when an attacker does a Hash hash
query and it happens to be k, the probability advantage is
cHash
, or the attacker uses the random oracle to generate the
2l
c
k, the probability advantage is cHash
2l
· SendAgent
|D| .They all can
be ignored.
3) : In the event that an attacker does not obtain pre-shared
asymmetric keys, the scheme can defense of the fraud between
the smart meter and the cloud server.
If this happened, which means that an attacker can calculate
the valid signature information through random oracle queries.
This contradicts the mathematical problem of ECDLP (Elliptic
Curve Discrete Logarithm Problem).
B. Our scheme can provide user with anonymity and untrace-
ability.
For obvious reasons, it is desirable to keep the user’s identity
and movement secrets. But in the He et al.’s scheme [25],
they only considered the identity’s security, the login message
including the identity is fixed for all authentication process.
The attacker can trace the user’s movement and the current
whereabouts if the attacker can get enough the login mes-
sage [23].
Our scheme’s protection of the user identity likes the
scheme of the He et al. [25], the identity anonymity of the
825
 °
users is obtained by hash function and symmetric encryption
technique. There are two ways for an attacker to obtain NT A .
One is to get it directly through a direct query to a random
|D| , where the |D| is
oracle, the probability advantage is csend
the bit length of the key, and the other is to obtain the hash
value through a hash query, the probability advantage is chash2l
.
So the probability of an attacker breaking the anonymity is
|D| + 2l , which is negligible.
csend chash
More importantly, our scheme can keep the user’s move-
ment secrets using the one-time-alias feature (P ID), every
time when the user login, the message sent to the smart meter
is different, and the real IDi is hidden in the pidj , which can
only be decrypted by the cloud server. Even if the smart meter
is controlled by the attacker and he/she can get the pidj , he/she
cannot trace the user’s movement. Therefore, our scheme can
achieve the feature of strong anonymity and untraceability.
C. Our scheme can prevent the reply attack.
Suppose an attacker A intercepts the messages, m1 =
{s, E, TM D }, m2 = {n, E, TM D , TSM , ESSM h(n, E, (TM D
, TSM , CertSM )), CertSM }, m3 = {W, TCS , CertCS , ESCS
(h(W, TCS , CertCS ))} and m4 = (T CertM D ||h(χ0 ||χ))k
during the login and authentication phase, and then tries to
send these messages again after some time. Since the m1 ,
m2 and m3 include time-stamp TM D , TSM and TCS , the TABLE III
T HE RUNNING TIME OF THE NOTATIONS USED FOR COMPUTATION COST
validation of the timestamps can result in these messages to ANALYSIS .
be abandoned, meanwhile, when the M D receives the m4 ,
it will decrypt and verify the h (χ0 ||χ), which is different in Notation Description Time/ms
Ts a symmetric encryption/decryption operation 0.527
every authentication process. If the A replays the m4 of former Tcert a certificate generation operation 2.861
authentication process, it will be denied, and if A replays m4 Tcert ver a certificate verification 1.417
of current authentication process, it does not make any sense. Tas a asymmetric encryption/decryption operation 2.714
Th a one-way hash operation 2.859
Hence, our scheme provides the replay attack protection. TM the operation under multiplication group 7.043
TP pairing function 25.856
D. Our scheme can prevent the exotic attack.
Our scheme can resist off-line password guessing attack.
We assume that the attacker obtains the secret information
stored in the smart card {BIi , CIi , Hi , SKi ∗ , h(.), P ID, τi }. compared in the Table. IV. From the table you can see that the
In the smart card, the RP Wi appearances twice, SKi ∗ = computational costs of the proposed scheme are almost equal
h (IDi ||RP Wi ||σi ) ⊕ SKi and CIi = h (IDi ||RP Wi ||σi ) ⊕ to the He et al.’s scheme, even a little lower than it. And
T Ki Obviously, the attacker cannot launch an off-line pass- compared with the other two authentication scheme under the
word guessing attack without knowing the IDi and the σi . In SG environment, our scheme is much more efficient than them.
He et al.’s scheme, the password’s security only depends on
the IDi , which can easily be obtained by the attackers using TABLE IV
C OMPARISON OF THE COMPUTATIONAL COST
the social engineering. But in our scheme, the password’s
security depends on the IDi and the σi . Even if the attacker Scheme Computational cost/ms
Ours 14Th +4Ts +2Tcert +2Tcert ver +2Tas =56.117
can obtain the RP W , he/she cannot guess the real password He et al. (2011) 18Th +5Ts +2Tcert +2Tcert ver +2Tas =68.081
P Wi because of the RP Wi ∗ = h (P Wi ∗ ||ni ∗ ). Saxena et al.(2016) 9Th +14TM +TP +2Ts =151.243
Vaidya et al.(2011) 21Th +14TM +Tcert +Tcert ver =162.919
V. P ERFORMANCE ANALYSIS
In this section, we compare the performance of our pro-
posed scheme with He et al.’s scheme [25], Saxena et al.’s Conclusively, because our protocol uses only lightweight
scheme [26] and Vaidya et al.’s scheme [27]. cryptography algorithms such as symmetric, asymmetric,
Table. II presents the comparison among our scheme and XOR, etc., our protocol is more efficient than other protocols
the other three schemes in terms of the security property. As under the SG. We improve the security of the protocol under
we can see in the table, our scheme is more security than other the premise of ensuring the computational efficiency, it is
three schemes. As mentioned earlier, our scheme can provide much better than He et al. [25]’s scheme, Saxena et al. [26]’s
strong user anonymity and the untraceability, but the He et scheme and Vaidya et al. [27]’s scheme. It is more suitable
al.’s scheme cannot. And our scheme applies the biometrics for authentication services in SG environment.
in the registration phase and the login phase, which improve VI. C ONCLUSION
the security of the scheme.
In this paper, a new remote user authentication scheme
TABLE II
is presented for the cloud server architecture based SG en-
C OMPARISON SECURITY PROFERTIES . vironment. The proposed scheme is inspired by the He et
al.’s scheme [25], we have made some improvements for
Property He et al. Ours Saxena et al. Vaidya et al.
(2011) (2016) (2011) the enhancement in security and applicability. The proposed
S1 No Yes No No scheme is thoroughly analyzed and it shows that the scheme
S2 No Yes No No has the ability to defend various known attacks. It is proved
S3 No Yes No No
S4 No Yes Yes Yes that our scheme highly improves security without sacrificing
S5 Yes Yes Yes Yes the original efficiency compared with the He et al.’s scheme
S6 Low High High Middle and other two schemes in the SG environment. Moreover, it
S7 Low High Low Low
supposes some new functionality features and it is lightweight
S1: Strong User Anonymity;S2: Untraceability; S3: Application of biometrics; compared with other existing schemes in the SG environments.
S4: Robust against forgery attacks;S5: Robust against replay attacks; S6:
Robust against exotic attacks; S7: Overall security impact However, our work is not enough to monitor the overall
security of SG. In the near future, we will expand and optimize
We have implemented the operations in Table. III on a note- our agreement and it can accommodate other Internet of
book PC, (Lenove Y400 with a I5-3230M 2.6Ghz x 4 CPU, Things (IoT) scenarios beyond the SG.
8G bytes memory and the ubuntu16.04 operating system). The
ACKNOWLEDGEMENT
description and the running time of those operations is listed
in Table. III. This work has been partially sponsored by the National
The computational costs for the authentication and key Science Foundation of China (No. 61572355, U1736115),the
agreement phase of our scheme and other three schemes are Tianjin Research Program of Application Foundation and

826
Advanced Technology under grant No. 15JCYBJC15700, and [25] He, D.: A strong user authentication scheme with smart cards for
wireless communications[J]. Computer Communications 34(3), 367–374
the Fundamental Research of Xinjiang Corps under grant No. (2011)
2016AC015. [26] Saxena, N.: Authentication and Authorization Scheme for Various User
Roles and Devices in Smart Grid[J]. IEEE Transactions on Information
Forensics & Security 11(5), 907–921 (2016)
R EFERENCES [27] Vaidya, B., Makrakis, D.: Provisioning Substation-level authentication
in the smart grid networks[C]. In: Wilson, D., Keeler, N. (eds.) Military
[1] Molzahn, D.K.: A Survey of Distributed Optimization and Control Communications Conference 2011, pp. 1189–1194. IEEE(2011).
Algorithms for Electric Power Systems[J]. IEEE Transactions on Smart
Grid 8(6), 2941–2962 (2017)
[2] Iacovella, F.: Cluster Control of Heterogeneous Thermostatically Con-
trolled Loads Using Tracer Devices[J]. IEEE Transactions on Smart Grid
8(2), 528–536 (2017)
[3] Saxena, N.: Network Security and Privacy Challenges in Smart Vehicle-
to-Grid[J]. IEEE Wireless Communications 24(4), 88–98 (2017)
[4] Yu ,R.: Balancing Power Demand Through EV Mobility in Vehicle-
to-Grid Mobile Energy Networks[J]. IEEE Transactions on Industrial
Informatics 12(1), 79–90 (2016)
[5] Khan, A.A.: Cognitive Radio for Smart Grids: Survey of Architectures,
Spectrum Sensing Mechanisms, and Networking Protocols[J]. IEEE
Communications Surveys & Tutorials 18(1), 860–898 (2016)
[6] Guan, Z.: Achieving Efficient and Secure Data Acquisition for Cloud-
supported Internet of Things in Smart Grid[J]. IEEE Internet of Things
Journal 4(6), 1934–1944 (2017)
[7] Chekired, D.A.: Smart Grid Solution for Charging and Discharging
Services Based on Cloud Computing Scheduling[J]. IEEE Transactions
on Industrial Informatics 13(6), 3312–3321 (2017)
[8] Li, H.: An Efficient Merkle-Tree-Based Authentication Scheme for
Smart Grid[J]. IEEE Systems Journal 8(2), 655–663 (2014)
[9] Nicanfar, H.: Efficient Authentication and Key Management Mecha-
nisms for Smart Grid Communications[J]. IEEE Systems Journal 8(2),
629–640 (2014)
[10] Baharlouei, Z.: Efficiency-Fairness Trade-off in Privacy-Preserving Au-
tonomous Demand Side Management[J]. IEEE Transactions on Smart
Grid 5(2), 799–808 (2014)
[11] Liu, D., Li, H.: Achieving Multi-Authority Access Control with Efficient
Attribute Revocation in smart grid[C]. In: Farzad, S., Abbas, J. (eds.)
IEEE International Conference on Communications 2014, pp. 634–
639.IEEE(2016).
[12] He, Y.: Real-time Detection of False Data Injection Attacks in Smart
Grid: A Deep Learning-Based Intelligent Mechanism[J]. IEEE Transac-
tions on Smart Grid 8(5), 2505–2516 (2017)
[13] He, X.: A Big Data Architecture Design for Smart Grids Based on
Random Matrix Theory[J]. IEEE Transactions on Smart Grid 8(2), 647–
686 (2017)
[14] Fouda, M.M.: A Lightweight Message Authentication Scheme for Smart
Grid Communications[J]. IEEE Transactions on Smart Grid 2(4), 675–
685 (2011)
[15] Jo, H.J.: Efficient and Privacy-Preserving Metering Protocols for Smart
Grid Systems[J]. IEEE Transactions on Smart Grid 7(3), 1732–1742
(2016)
[16] He, D.J: An Enhanced Public Key Infrastructure to Secure Smart Grid
Wireless Communication Networks[J]. IEEE Network 28(1), 10–16
(2014)
[17] Tsai, J.L.: Secure Anonymous Key Distribution Scheme for Smart
Grid[J]. IEEE Transactions on Smart Grid 7(2), 906–914 (2016)
[18] Odelu, V.: An Efficient Merkle-Tree-Based Authentication Scheme for
Smart Grid[J]. IEEE Systems Journal PP(99), 1–1 (2016)
[19] Jo, H.J.: Efficient and Privacy-Preserving Metering Protocols for Smart
Grid Systems[J]. IEEE Transactions on Smart Grid 7(3), 1732–1742
(2016)
[20] Bertoni, G :The Keccak Refere,January,2011,http://Keccak.noekeon.org
[21] Wu, C.C.: A Secure Authentication Scheme with Anonymity for Wire-
less Communications[J]. IEEE Communications Letters 12(10), 722–
723 (2008)
[22] Xu, J.: An efficient mutual authentication and key agreement protocol
preserving user anonymity in mobile networks[J]. Computer Communi-
cations 34(3), 319–325 (2011)
[23] Gope, P.: Robust Biometrics-Based Authentication Scheme for Multi
server Environment[J]. Journal of Network & Computer Applications
62(C), 1–8 (2016)
[24] He, D.: An Efficient Merkle-Tree-Based Authentication Scheme for
Smart Grid[J]. IEEE Systems Journal 9(3), 816–823 (2015)

827