Professional Documents
Culture Documents
net/publication/344725564
Secure and Efficient Mutual Authentication Protocol for Smart Grid under
Blockchain
CITATIONS READS
27 318
4 authors, including:
Chunhua Su
96 PUBLICATIONS 852 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Weizheng Wang on 14 November 2020.
Abstract
Smart grid has been acknowledged as the next-generation intelligent network that optimizes energy efficiency. Primarily
through a bidirectional communication channel, suppliers and users can dynamically adjust power transmission in real time.
Nonetheless, many security issues occur with the widespread deployment of smart grid, e.g., centralized register authority
and potential Distributed-Denial-of-Service (DDoS) attack. These existing problems threaten the availability of smart grid.
In this paper, we mainly focus on solving some identity authentication issues remained in the smart grid. Combined with
blockchain, Elliptic Curve Cryptography (ECC), dynamic Join-and-Exit mechanism and batch verification, a reliable and
efficient authentication protocol is proposed for smart meters and utility centers. Simultaneously, the provable security of
this protocol is assured by the computational hard problem assumptions. Experiment results show that our protocol has
achieved security and performance improvement compared with the other ECC related schemes.
Keywords Smart grid · Authentication · Blockchain · Elliptic Curve Cryptography (ECC) · Security · Privacy
Fig. 1 Comparison of the organizations of traditional power grid and smart grid
Although the two-way wireless communication channel can not crack this scheme. Despite the ECC scheme is
brings us many benefits, such as smart power management, able to make SG authentication more lightweight and
lower power generation costs. Due to the enlargement dependable, it remains some unsolved security issues in the
of data interaction, a potential adversary also has more ECC-based authentication methods. We comprehensively
probability of intruding into this channel. If the medium illustrate the current shortcomings in three points.
is hijacked, the transmitted messages between SM and Firstly, the crucial register authority (RA) is centralized.
UC could be interrupted, modified or eavesdropped. A If an adversary invades and takes full control of RA, all
widely known intrusion incident occurred in Ukraine Power the key pairs will be leaked. Then this adversary can
Grid in 2015 [3]. The hackers conducted cyberattacks on impersonate any SM or UC to intercept useful messages.
three power distributors, resulting in severe power outages. The disclosure of SM data is quite dangerous. According
Approximately 225,000 residents’ lives have been affected to data analysis of power consumption, the adversary could
for several hours. Concurrently, this catastrophic hack even master the daily life of target users [5].
also incurred substantial economic losses in Ukraine. This Secondly, most of the schemes do not consider concur-
serious security breach reminds us of the significance of rent authentication in the part of UC. They just suggest
communication security in SG systems. single authentication each time. As the speedy expansion
A series of cryptography-based authentication methods of SG, there will be millions of authentication happen
have been proposed for reliable communication in SGs. all around the world. Therefore, the UC model must be
Due to the lightweight and unbreakable features of the equipped with the batch verification technique. Otherwise,
Elliptic Curve Cryptography (ECC), ECC authentication the network delay is unavoidably.
methods are widely used among the related plans. ECC is an Thirdly, in some schemes [2, 6, 7], both SM and UC
approach to public-key cryptography based on the algebraic can not join and exit flexibly. Due to the occurrence of
structure of elliptic curves over finite fields. Compared abnormal events, SM may be passively disconnected to UC.
with other traditional cryptography, e.g., RSA and DSA, Nevertheless, this UC does not know the offline of SM,
ECC can provide the same security level with smaller key which continues to monitor the channel. Another possible
size (i.e., 256-bit ECC key is equivalent to 3,072-bit RSA case is that though SM and UC have perceived the malicious
key) [4]. Simultaneously, the discrete logarithm problem actions of RA, no one can initiatively quit. Both conditions
provided by ECC ensures that a polynomial-time adversary will result in unnecessary energy costs and potential risks.
Peer-to-Peer Netw. Appl.
a secure anonymous key distribution scheme for smart Most recently, Wang et al. [22] proposed a blockchain-
grid. The SM and service provider utilized identity-based based anonymous authentication with crucial management
encryption to authenticate each other. After successful for SG. They initiatively combines SG authentication
verification, an SK is generated for further communication. with blockchain, whereas we notice the RA in their
Although this scheme seems reliable and efficient, Odelu et protocol is centralized. The half decentralized scheme still
al. [15] noticed that Tsai et al.’s method [5] can not ensure can not mitigate some potential attacks or single point
SM secret credentials’ privacy and SK-security under failure. Thus, in this paper, we attempt to construct a
the Canetti-Krawczyk adversary (CK-adversary) model fully decentralized blockchain-based SG authentication.
[16]. Therefore, Odelu et al. [15] proposed an improved Untrusted RAs are connected to build up a blockchain.
authentication scheme for the SG by ECC-based EI-Gamal Furthermore, the transaction from SG and UC with issued
type signature technique. Odelu et al.’s method [15] has key pairs can trigger a smart contract to process function
successfully solved the potential privacy breach remained in requests and record critical data automatically. Besides, two
Tsai et al.’s scheme [5]. Nevertheless, the adopted bilinear novel strategies support for batch verification and dynamic
pairing operation in Odelu et al.’s scheme [15] augments participation.
some computation cost in the communication process.
When it comes to multifactor authentication, there are
likewise several classical schemes. For example, Chan 3 Preliminaries
et al. [17] proposed a two-factor cyber-physical device
authentication framework for SG. They incorporated the In this section, we first summarize the notations in Table 1.
conventional authentication factor into the contextual factor, Then the system model is illustrated in Fig. 2. Meanwhile,
effectively defending cyber-physical attacks in the SG two computational hard assumptions for security proof are
environment. Closely following, Wazid et al. [18] suggested also referred to. Finally, the detail of Schnorr Signature
a secure three-factor (i.e., user’s mobile device, user’s scheme is presented.
password and biometrics) user authentication scheme for
SG. The three factors combine fingerprint identification 3.1 System model
with password authentication, which brings high-level
security insurance for SG infrastructure. Simultaneously, Li 1. SMi represents the ith smart meter in the smart
et al. [19] also focus on the potential cyber-physical threats. grid, which firstly registers in the RA. After the
They proposed a provably anonymous and secure message correctness of issued keys from RA is verified, SMi
authentication scheme for SG. Unfortunately, Wu et al. [20] uses them to pass U Cj ’s authentication. Finally, SMi
pointed out Li et al.’s scheme [19] fails to prevent distributed can utilize SK exchanged to interact with U Cj for
DDoS and provide reliable mutual authentication. Although further communication.
multifactor authentication can bring us stronger secure 2. U Cj represents the j th utility center in the smart grid,
assurance, the communication process is sophisticated. which also needs to register in the RA. While issued
Concerning this point, an increasing number of keys are confirmed, U Cj proves its identity to SMi by
researchers turn to implement their SG authentication pro-
tocols on lightweight ECC without bilinear pairing. For
example, He et al. [6] presented a new key distribution Table 1 Notations
and authentication protocol, which is completely dependent
Notation Description
on ECC. Kumar et al. [21] suggested a novel ECC-based
authentication protocol for protecting demand response in G A general cyclic group
SG architecture. When the two-party identities are con- E(Fp ) An ellipitic curve (y 2 = x 3 + a · x + b mod p)
firmed, the SG and UC can utilize the SK agreement G A generator of Fp with the order q
for secure transmission. Garg et al. [4] designed another Ppub The system master public key
mutual authentication-based key agreement protocol, which k The system master private key
leverages hashed menezes-qu-vanstone key exchange mech- h1 , h2 Cryptographic hash functions
anism, ECC along with one-way hash functions. However, H I DSMi , H I DU Cj Hashed ID of SMi , U Cj
the interaction process of the aforementioned schemes is I PSMi IP address of SMi
relatively complicated, which needs two rounds at least.
SigSMi , SigU Cj Signature of SMi , U Cj
The schemes mentioned above have well addressed
t Acceptable temporal threshold
most of the key distribution and authentication issues,
but centralized SG architecture is still an open problem.
Peer-to-Peer Netw. Appl.
using the related data. At last, U Cj can employ SK to Elliptic Curve Discrete Logarithm (ECDL) assumption :
communicate with SMi . Given an element X ∈ G. It is not possible for any
3. RAk represents the kth register authority in the smart probabilistic polynomial time (P.P.T) adversary A to figure
grid, which relays SMi ’s and U Cj ’s function requests out X = x · G, where x ∈ Zp∗ .
to the smart contract. Once the access is permitted, the
RAk returns the corresponding public key and signature Elliptic Curve Computational Diffie-Hellman (ECCDH)
to the registrant. If the RAk is suspected as a malicious assumption Given two elements X = x · G, Y = y · G,
node, the SMi and U Cj can switch to another RAk for where X, Y ∈ G. It is not possible for any probabilistic
validation again. polynomial time (P.P.T) adversary A to figure out x · y · G.
4. SC represents the smart contract existed in this
protocol. SC processes the requests from RAk and 3.3 Schnorr signature scheme
issues public key and signature of SMi and U Cj . The
initialized data of this system is also stored in the SC. The Schnorr Signature is considered as the simplest digital
Only the authorized user can retrieve some private data. signature without losing provably secure in a random oracle
However, the signature verification function is public model. The detailed step of this algorithm is illustrated as
for anyone. follows (Suppose we have two users—Alice (sender) and
5. BC represents blockchain in this protocol, which is Bob (receiver)):
maintained by RAk .
3.3.1 Signature generation
3.2 Computational hard assumptions
1. Alice generates a nonce r (an arbitrary number used
In our protocol, we use two computational hard assumption only once in a cryptographic communication)
for scheme construction. The detailed definition is presented 2. Alice obtains a public key R by multiplying r and G,
as follows. where is R = r · G.
Peer-to-Peer Netw. Appl.
3. Alice sends message m, R and her public key P = k · G query for participants. The second requirement is
to the Bob, where k is private key selected by Alice. user registration. The third requirement is signature
verification. The last requirement is user logout.
3.3.2 Signature verification
4 Proposed protocol
will be declined. Then this function selects a ran- 1. SMi firstly selects a random number a ∈ Zp∗ and
dom number rSMi ∈ Zq∗ , computes RSMi = rSMi · computes A = a · G, V1 = SigSMi · a. Afterward, SMi
G, eSMi = h1 (Ppub ||RSMi ||H I DSMi ). Signature of sends {RSMi , A, t1 , H I DSMi , V1 } to U Cj , where t1 is
SMi : SigSMi = k + rSMi · eSMi is generated by using current timestamp.
Schnorr’s signature scheme. Finally, the SigSMi and 2. When current timestamp t1 is fresh (t1 − t1 ≤ t),
RSMi are retrieved by SMi through the same RAk U Cj invokes SignatureVerify function to check the
again. correctness of received signature. Only if the SigSMi
4. If SMi or U Cj observes the abnormal activity of RAk , ?
is admitted by SC, SM begins to verify V1 · G2 =
it can change the connetction to another RAk at any A · (h1 (Ppub ||RSMi ||H I DSMi ) · RSMi + Ppub ). If
time. this equation does not hold, the U Cj terminates the
5. Before formal authentication, SMi verifies the valid- authentication. Otherwise, U Cj chooses a random
?
ness of its own signature SigSMi · G = Ppub + eSMi · number b ∈ Zp∗ then computes B = b · G, SKU Cj =
RSMi . h2 (A||B)⊕SigSMi and V2 = SigU Cj ·A·B⊕SigSMi . At
6. The registration process of U Cj is similar to SMi . last, U Cj transmits {B, SKU Cj , V2 , t2 } to SMi , where
Therefore, the steps are omitted here. t2 is current timestamp.
3. Before SMi proves V1 , it needs to check (t2 − t2 ≤
Correctness: If the above parameters are not tampered
t), where t2 is current timestamp. If time does
by A , we can obtain the following equation to identify:
not expire, just like aforementioned steps, the cor-
rectness of SigU Cj should be identified by invoking
SigSMi · G = (k + rSMi · eSMi ) · G SignatureV erify function. Subsequently, SMi veri-
?
= k · G + rSMi · eSMi · G fies V2 = a · B · (Ppub + h1 (Ppub ||RU Cj ||H I DU Cj ) ·
= Ppub + eSMi · RSMi . (1) RSMi ) ⊕ SigSMi . If verification is successful, SMi dis-
?
tinguishes SKU Cj ⊕SigSMi = h2 (A||B). If session key
agreement is achieved, SKSMi = h2 (A||B) ⊕ SigSMi
and SKU Cj are remarked as further communication
keys for SMi , U Cj , respectively.
Correctness : From the above equations, we can verify:
V1 · G2 = A · (h1 (Ppub ||RSMi ||H I DSMi ) · RSMi + Ppub )
= A · (eSMi · RSMi + Ppub )
= a · G · (eSMi · RSMi + Ppub )
= a · (eSMi · rSMi + k) · G2
= SigSMi · a · G2 . (2)
The mechanism of DataRetrieve function and Sig- The Dynamic Join-and-Exit Mechanism can be referred
natureVerify function can be referred to Algorithm 3, to Algorithm 5 and Algorithm 6.
Algorithm 4.
n
n
V1 · G =
2
V1 · a · (eSMi · RSMi + Ppub ) · G
i=1 i=1
n
n
= V1 · a · eSMi · RSMi + Ppub · G
i=1 i=1
Peer-to-Peer Netw. Appl.
n
n ((V1 −V1 )·+a ·eSM
·rSMi
−a·eSM ·rSM )
i
i i
= V1 · A · eSMi · RSMi + Ppub · G. (4) The a−a is the answer
i=1 i=1 to the instance. This situation violates the Elliptic
Curve Discrete Logarithm (ECDL) Assumption we
have defined before, hence it is not possible for any
5 Security analysis probabilistic polynomial time (P.P.T) adversary A to
break up this authentication. The similar steps for
In this section, we list several common security requirements SMi − to − U Cj authentication. If A exists in the
for the smart grid authentication. Based on the most recent interaction process, we can find the following equation
researches [23–27], we illustrate our proposed protocol holds.
about how to satisfy the mentioned requirements in detail.
(V2 − V2 ) = A · b · G · (eU Cj · rU Cj + k) ⊕ SigSMj
– Decentralization: To prevent any part from taking
−A · b · G · (eU
Cj · rU Cj + k) ⊕ SigSMj
full control of SG, we construct a decentralized
authentication protocol with the aid of blockchain. = (A·b·G · eU Cj · rU Cj −A · b · G · eU
Cj · rU Cj
According to the famous phenomenon—51% attack +A · b · G · k − A · b · G · k) ⊕ SigSMj
in the blockchain, if the A tries to manipulate the
= (A · B · eU Cj · rU Cj − A · B · eU
Cj · rU Cj
system, which requires him to seize computation power:
HA +A · B · G · k − A · B · G · k) ⊕ SigSMj
Ht ≥ 51%, where HA , Ht mean the A ’s computation
power and total computation power, respectively. Due = A · (B · eU Cj · rU Cj − B · eU
Cj · rU Cj )
to the consensus mechanism such as Pow and PoS in +A · k · G · (B − B ) ⊕ SigSMj . (8)
blockchain, it is rarely difficult for an adversary to
own such enormous computation power to break our
protocol. Transforming the Eq. 8, we can obtain
– Mutual authentication: Firstly, SMi −to−U Cj authen-
(V2 −V2 ) ⊕ SigSMj −A·(B ·eU Cj ·rU Cj −B ·eU
Cj ·rU Cj )
tication, suppose that A can forge a valid authenti- a·k·G = .
(B − B ) · G
cation message {RSMi , A, t1 , H I DSMi , V1 }. According
(9)
to the forking lemma [28], adversary A runs the ora-
cle model with the same input randomness again. The
model returns different hash oracle answers. Subse- It is obvious that this equation breaches the Ellip-
quently, the corrupted SMi counterfeits {RSM , A , t1 ,
i
tic Curve Computational Diffie-Hellman (ECCDH)
H I DSM , V1 } to pass U Cj ’s verification, i.g., V1 ·G2 = Assumption. In conclusion, there are no potential attack-
i
A · (h1 (Ppub ||RSM
||H I DSM
) · RSM + Ppub ). Thus, ers in the mutual authentication process.
i i i
we obtain the following – SK agreement: Owing to the successful mutual authen-
tication, there are no potential adversaries who can
(V1 − V1 ) · G = a · (eSMi · RSMi + Ppub ) − a impersonate any side. Thus, only the real SMi and U Cj
·(eSMi
· RSMi
+ Ppub ) can get the fair results computed by Diffie-Hellman key
= a · eSMi ·RSMi + a · Ppub − a · eSM
i
exchange, SKU Cj ,SMi = h2 (A||B) ⊕ SigSMi .
·RSM − a · Ppub – Fully anonymity: All the ids of SMi and U Cj are
i
hashed, H I DSMi /U Cj = h1 (I DSMi /U Cj ). Besides,
= a · eSMi · RSMi − a · eSM
· RSM
i i throughout the whole process, the referred computation
+Ppub (a − a ). (5) breaches nothing about the real identity.
Transforming the Eq. 5, we can obtain – Perfect forward secrecy: Because the exchanged A, B
is a one-time secret key, which gives assurances
(a − a ) · Ppub = (V1 − V1 ) · G + a · eSM
i for previously transmitted messages. SK will not be
·RSMi
− a · eSMi compromised even if the private keys of the SM and UC
= ((V1 − V1 ) + a · eSM
· rSM are compromised.
i i
– DDoS Attack (Malicious Registration): Every RAk
−a · eSMi rSMi ) · G. (6)
maintains a database about the IP and access time of
Moving (a −a ) to the right side of equation, we can get the visitors. As long as the DDoS attack happens, the
RAk can decline the malicious request for the first
((V1 −V1 ) · +a · eSM
· rSM − a · eSMi · rSMi ) time. Furthermore, whenever the registration function
Ppub = i i
·G.
a − a is invoked by any RAk , the smart contract modifier
(7) function will check whether the same address exists
Peer-to-Peer Netw. Appl.
Mutual authentication
SK communication
Anonymity ×
Forward secrecy
Replay mitigation
Impersonation attack resistance × ×
MITM attack defence × ×
DDoS prevention × × ×
RA decentralization × × ×
Batch verification × × ×
Dynamic join-and-exit × × ×
: the protocol supports this feature. ×: the protocol does not support this feature
in the smart contract. A double defense strategy met by most protocols, other than He et al. [6]. Most
prevents the occurrence of DDoS attacks and malicious of the aforementioned researches overlooked the necessity
registration. of privacy protection, both SG and U C use the original
– Repaly attack: According to the specification of the ID for communication directly. This action could leak the
collaborative authentication phase, both sides will user information indeliberately in the future. Subsequently,
check the freshness of the message in every information the Impersonation Attack Resistance and MITM Attack
exchange (t2 − t2 ≤ t). We can conclude that our Defence are not supported by Tsai et al. [5], Odelu et al.
BlockSLAP scheme can resist the replay attack. [15]. Although Tsai et al. [5] and Odelu et al. [15] imported
some advanced cryptographic and computational hard
assumptions to construct feasible schemes, a malicious actor
6 Performance evaluation can still pretend him as a relay/proxy into a communication
session between people or systems. Except for our protocol,
In this section, we compare performance of our scheme all remaining protocols cannot provide the services of DDoS
with Tsai et al. [5], Odelu et al. [15], He et al. [6] from prevention, RA decentralization, Batch verification, and
multi-perspective analysis. Dynamic Join-and-Exit. Our protocol includes nearly all the
potential security and function demands from the user side.
6.1 Security and functionality performance Thus, combined with multiple state-of-art techniques (e.g.,
comparison blockchain, ECC, Schnorr Signature), a more secure and
efficient mutual authentication protocol is proposed for SG.
In Table 2, we choose some common features to compare
our proposed protocol with the related protocols Tsai et 6.2 Computation overhead
al. [5], Odelu et al. [15], He et al. [6]. The basic security
needs such as Mutual Authentication, SK Communication, In Jia et al.’s scheme [29], the mobile device is simulated
Anonymity, Forward Secrecy, and Replay Mitigation are on a Google Nexus One smart phone with 2 GHz ARM
Tsai et al. [5] 4Tm + Te + 5Th + Ta 3Tm + Te + 5Th + 2Tb + Ta 7Tm + 2Te + 10Th + 2Tb + 2Ta
Odelu et al. [15] 3Tm + Te + 6Th + 3Ta 2Tm + Te + 6Th + 2Tb + 3Ta 5Tm + 2Te + 12Th + 2Tb + 6Ta
He et al. [6] 4Tm + 5Th + Ta 6Tm + 6Th + 2Ta 10Tm + 11Th + 3Ta
Our proposed 4Tm + 2Th + Ta 6Tm + 2Th + Ta 10Tm + 4Th + 2Ta
Tm : ECC point multiplication; Te : exponentiation operation; Th : one-way hash function; Tb : Bilinear pairing; Ta : group addition
Peer-to-Peer Netw. Appl.
vehicular ad hoc networks. IEEE Trans Inf Forens Secur 27. Su C, Santoso B, Li Y, Deng RH, Huang X (2015) Universally
10(12):2681–2691 composable rfid mutual authentication. IEEE Trans Depend
9. Nakamoto S (2019) Bitcoin: a peer-to-peer electronic cash system. Secure Comput 14(1):83–94
Technical report Manubot 28. Pointcheval D, Stern J (2000) Security arguments for digital
10. Huang H, Zhou S, Lin J, Zhang K, Guo S (2020) Bridge signatures and blind signatures. J Cryptol 13(3):361–396
the trustworthiness gap amongst multiple domains: a practical 29. Jia X, He D, Kumar N, Choo K-KR (2019) A provably secure
blockchain-based approach. In: Proceedings of the 11th IEEE and efficient identity-based anonymous authentication scheme for
international conference on communications (ICC), pp 1–6 mobile edge computing. IEEE Syst J 14(1):560–571
11. Wang W, Su C (2020) Ccbrsn: a system with high embedding
capacity for covert communication in bitcoin. In: IFIP interna- Publisher’s note Springer Nature remains neutral with regard to
tional conference on ICT systems security and privacy protection. jurisdictional claims in published maps and institutional affiliations.
Springer, pp 324–337
12. Zhang L, Zhang Z, Wang W, Waqas R, Zhao C, Kim S, Chen
H (2020) A covert communication method using special bitcoin
addresses generated by vanitygen. CMC-Comput Mater Contin Weizheng Wang received his
65(1):597–616 B.S. degree in software engi-
13. Li Z, Yang Z, Xie S, Chen W, Liu K (2019) Credit-based payments neering from Yangzhou Uni-
for fast computing resource trading in edge-assisted internet of versity, Jiangsu, China, in
things. IEEE Internet Things J 6(4):6606–6617 2019. He is currently pursu-
14. Singh A, Parizi RM, Zhang Q, Choo K-KR, Dehghantanha ing the M.S. degree at the
A (2020) Blockchain smart contracts formalization: approaches School of Computer Science
and challenges to address vulnerabilities. Comput Secur 88: and Engineering, the Uni-
101654 versity of Aizu, Fukushima,
15. Odelu V, Das AK, Wazid M, Conti M (2016) Provably secure Japan. His current research
authenticated key agreement scheme for smart grid. IEEE Trans interests include applied cryp-
Smart Grid 9(3):1900–1910 tography, blockchain technol-
16. Canetti R, Krawczyk H (2001) Analysis of key-exchange ogy and IoT system.
protocols and their use for building secure channels. In:
International conference on the theory and applications of
cryptographic techniques. Springer, pp 453–474
17. Chan AC-F, Zhou J (2014) Cyber–physical device authentication
Huakun Huang received
for the smart grid electric vehicle ecosystem. IEEE J Sel Areas
the bachelor’s degree from
Commun 32(7):1509–1517
the Guangzhou University,
18. Wazid M, Das AK, Kumar N, Rodrigues JJPC (2017) Secure
Guangzhou, China, in 2014
three-factor user authentication scheme for renewable-energy-
and 2016, and Ph.D. degree in
based smart grid environment. IEEE Trans Ind Inf 13(6):3144–
Computer Science and Engi-
3153
neering from the University
19. Li X, Wu F, Kumari S, Xu L, Sangaiah AK, Choo K-KR (2019) A
of Aizu, Japan, in 2019. He
provably secure and anonymous message authentication scheme
is currently a research fellow
for smart grids. J Parallel Distrib Comput 132:242–249
with the University of Aizu.
20. Wu L, Wang J, Zeadally S, He D (2019) Anonymous and efficient
His research interests mainly
message authentication scheme for smart grid. Secur Commun
include blockchain, Internet of
Netw, 2019. Hindawi
Things (IoT), intelligent edge
21. Kumar N, Aujla GS, Das AK, Conti M (2019) Eccauth: a secure
computing, signal processing,
authentication protocol for demand response management in a
and machine learning.
smart grid system. IEEE Trans Ind Inf 15(12):6572–6582
22. Wang J, Wu L, Choo K-KR, He D (2019) Blockchain based
anonymous authentication with key management for smart grid
edge computing infrastructure. IEEE Trans Ind Inf 16(3):1984–
1992. IEEE Lejun Zhang received his
23. Lin C, He D, Huang X, Khan MK, Choo K-KR (2020) Dcap: M.S. degree in computer sci-
a secure and efficient decentralized conditional anonymous ence and technology in Harbin
payment system based on blockchain. IEEE Trans Inf Forens Institute of Technology and
Secur 15:2440–2452 the Ph.D. degrees in com-
24. Ma S, Yi D, He D, Zhang J, Xie X (2020) An efficient puter science and technology
nizk scheme for privacy-preserving transactions over account- at Harbin Engineering Uni-
model blockchain. IEEE Trans Dependable Secure Comput. versity, now he is a profes-
https://doi.org/10.1109/TDSC.2020.2969418 sor at Yangzhou University.
25. Feng Q, He D, Zeadally S, Khan MK, Kumar N (2019) A survey His research interests include
on privacy protection in blockchain system. J Netw Comput Appl computer network, social net-
126:45–58 work analysis, dynamic net-
26. Lu Z, Yeh K-H, Hancke G, Liu Zhe, Su C (2018) Security work analysis and information
and privacy for the industrial internet of things: an overview of security.
approaches to safeguarding endpoints. IEEE Signal Process Mag
35(5):76–87
Peer-to-Peer Netw. Appl.