An Implicit Certificate-Based Lightweight Authentication Scheme for Power Industrial Internet of Things

WANG Sheng; ZHANG Linghao; TENG Yufei; LIU Hongli; HAO Junyang; WU Wenjuan

doi:10.11999/JEIT250457

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 >

WANG Sheng, ZHANG Linghao, TENG Yufei, LIU Hongli, HAO Junyang, WU Wenjuan. An Implicit Certificate-Based Lightweight Authentication Scheme for Power Industrial Internet of Things[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250457

Citation:

WANG Sheng, ZHANG Linghao, TENG Yufei, LIU Hongli, HAO Junyang, WU Wenjuan. An Implicit Certificate-Based Lightweight Authentication Scheme for Power Industrial Internet of Things[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250457

Citation:

WANG Sheng, ZHANG Linghao, TENG Yufei, LIU Hongli, HAO Junyang, WU Wenjuan. An Implicit Certificate-Based Lightweight Authentication Scheme for Power Industrial Internet of Things[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250457

PDF( 2273 KB)

An Implicit Certificate-Based Lightweight Authentication Scheme for Power Industrial Internet of Things

doi: 10.11999/JEIT250457 cstr: 32379.14.JEIT250457

WANG Sheng^{1, 2},
ZHANG Linghao^{1, 2},
TENG Yufei^{1, 2},
LIU Hongli^{1, 2},
HAO Junyang³,
WU Wenjuan^{4
,
,}

1.
State Grid Sichuan Electric Power Company Electric Power Research Institute, Chengdu 610000, China
2.
Sichuan Provincial Key Laboratory of Security and Operation for New-Type Power Systems, Chengdu 610000, China
3.
State Grid Tianfu Power Supply Company, Chengdu 610000, China
4.
Aostar Information Technologies Co., Ltd., Chengdu 610000, China

Funds: Scientific Research Foundation of State Grid Sichuan Electric Power Company (52199723002P)

Received Date: 2025-05-26
Accepted Date: 2025-11-12
Rev Recd Date: 2025-08-12

Available Online: 2025-11-18

Abstract

Abstract

Objective With the rapid advancement of technologies such as the Internet of Things, cloud computing, and edge computing, the Power Industrial Internet of Things (PIIoT) is evolving into a key infrastructure for smart electricity systems. In this architecture, terminal devices continuously collect operational data and transmit it to edge gateways for initial processing before forwarding it to cloud platforms for further intelligent analysis and control. Such integration significantly enhances operational efficiency, reliability, and security in power systems. However, the close coupling between traditional industrial systems and open network environments introduces new cybersecurity threats. Resource-constrained devices in PIIoT are particularly vulnerable to attacks, leading to data leakage, privacy breaches, and even the disruption of power services. Existing identity authentication mechanisms either incur high computational and communication overheads or fail to provide adequate security guarantees, such as forward secrecy or resistance to replay and man-in-the-middle attacks. Therefore, this study aims to design a secure and efficient identity authentication scheme tailored to the PIIoT environment. The proposed work addresses the urgent need for a solution that balances lightweight performance with strong security, especially for power terminals with limited processing capabilities. Methods To address this challenge, a secure and lightweight identity authentication scheme is proposed. Specifically, the scheme introduces implicit certificate technology during the device identity registration phase. This technique embeds public key authentication information into the signature, eliminating the need to transmit the full certificate explicitly during communication. Compared to traditional explicit certificates, implicit certificates feature shorter lengths and more efficient verification, thereby reducing overhead in both transmission and validation processes. Building upon this, a lightweight authentication protocol is constructed, relying only on hash functions, XOR operations, and elliptic curve point multiplications. This enables secure mutual authentication and session key agreement between devices while maintaining suitability for resource-constrained power terminal devices. Furthermore, a formal analysis is conducted to evaluate the security of the proposed scheme. The results demonstrate that it achieves secure mutual authentication, ensures the confidentiality and forward secrecy of session keys, and provides strong resistance against various attacks, including replay and man-in-the-middle attacks. Finally, comprehensive experiments are conducted to compare the proposed scheme with existing advanced authentication protocols. The results confirm that the proposed solution achieves significantly lower computational and communication overhead, making it a practical choice for real-world deployment. Results and Discussions The proposed scheme was evaluated through both simulation and numerical comparisons with existing methods. The implementation was conducted on a virtual machine configured with 8 GB RAM, an Intel i7-12700H processor, and Ubuntu 22.04, using the Miracl-Python cryptographic library. The security level was set to 128 bits, employing the ed25519 elliptic curve, SHA-256 as the hash function, and AES-128 for symmetric encryption. Table 1 presents the performance of the underlying cryptographic primitives. As shown in Table 2, the proposed scheme achieves the lowest computational cost, requiring only three elliptic curve point multiplications on the device side and five on the gateway side. This is substantially lower than traditional certificate-based schemes, which demand up to 14 and 12 such operations, respectively. Compared to other representative schemes, our method further reduces the device-side burden, improving its applicability in resource-constrained environments. Table 3 illustrates that the scheme also minimizes communication overhead, achieving the smallest message size (3456 bits) and requiring only three message exchange rounds, attributed to the use of implicit certificates. As depicted in Fig.6, the authentication phase exhibits the shortest runtime among all evaluated schemes—47.72 ms for devices and 82.88 ms for gateways—demonstrating the scheme’s lightweight nature and practical deployability in real-world Industrial Internet of Things scenarios. Conclusions This paper presents a lightweight and secure identity authentication scheme based on implicit certificates, specifically designed for resource-constrained terminal devices in the Power Industrial Internet of Things. By integrating a low-overhead authentication protocol with efficient certificate handling, the scheme achieves a balanced trade-off between security and performance. The protocol ensures secure mutual authentication, protects the confidentiality of session keys, and satisfies forward secrecy, all while maintaining minimal computational and communication overhead. Security proofs and experimental evaluations verify that the proposed solution outperforms existing methods in both security robustness and resource efficiency. It offers a practical and scalable approach to enhancing the security infrastructure of modern power systems.
- Power Industrial Internet of Things,
- Authentication,
- Key Negotiation,
- Implicit Certificate

FullText(HTML)

References(28)

References

[1]	LIU Mengxiang, TENG Fei, ZHANG Zhenyong, et al. Enhancing cyber-resiliency of DER-based smart grid: A survey[J]. IEEE Transactions on Smart Grid, 2024, 15(5): 4998–5030. doi: 10.1109/TSG.2024.3373008.
[2]	DEHGHANPOUR K, WANG Zhaoyu, WANG Jianhui, et al. A survey on state estimation techniques and challenges in smart distribution systems[J]. IEEE Transactions on Smart Grid, 2019, 10(2): 2312–2322. doi: 10.1109/TSG.2018.2870600.
[3]	SAHANI N, ZHU Ruoxi, CHO J H, et al. Machine learning-based intrusion detection for smart grid computing: A survey[J]. ACM Transactions on Cyber-Physical Systems, 2023, 7(2): 11. doi: 10.1145/3578366.
[4]	HU Chunqiang, LIU Zewei, LI Ruinian, et al. Smart contract assisted privacy-preserving data aggregation and management scheme for smart grid[J]. IEEE Transactions on Dependable and Secure Computing, 2024, 21(4): 2145–2161. doi: 10.1109/TDSC.2023.3300749.
[5]	PAGANINI P. Sodinokibi ransomware operators hit electrical energy company light S. A. [EB/OL]. https://securityaffairs.com/105477/cyber-crime/sodinokibi-ransomware-light-s-a.html, 2020.
[6]	DONG Jingnan, XU Guangxia, MA Chuang, et al. Blockchain-based certificate-free cross-domain authentication mechanism for industrial internet[J]. IEEE Internet of Things Journal, 2024, 11(2): 3316–3330. doi: 10.1109/JIOT.2023.3296506.
[7]	DAS A K, SHARMA P, CHATTERJEE S, et al. A dynamic password-based user authentication scheme for hierarchical wireless sensor networks[J]. Journal of Network and Computer Applications, 2012, 35(5): 1646–1656. doi: 10.1016/j.jnca.2012.03.011.
[8]	LEE J Y, LIN Weicheng, and HUANG Yuhung. A lightweight authentication protocol for internet of things[C]. Proceedings of the 2014 International Symposium on Next-Generation Electronics (ISNE), Kwei-Shan Tao-Yuan, China, 2014: 1–2. doi: 10.1109/ISNE.2014.6839375.
[9]	BRAEKEN A. Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability[J]. Computer Networks, 2020, 181: 107424. doi: 10.1016/j.comnet.2020.107424.
[10]	GHANI A, MANSOOR K, MEHMOOD S, et al. Security and key management in IoT‐based wireless sensor networks: An authentication protocol using symmetric key[J]. International Journal of Communication Systems, 2019, 32(16): e4139. doi: 10.1002/dac.4139.
[11]	BADAR H M S, QADRI S, SHAMSHAD S, et al. An identity based authentication protocol for smart grid environment using physical uncloneable function[J]. IEEE Transactions on Smart Grid, 2021, 12(5): 4426–4434. doi: 10.1109/TSG.2021.3072244.
[12]	ZHANG Yunru, HE Debiao, VIJAYAKUMAR P, et al. SAPFS: An efficient symmetric-key authentication key agreement scheme with perfect forward secrecy for industrial internet of things[J]. IEEE Internet of Things Journal, 2023, 10(11): 9716–9726. doi: 10.1109/JIOT.2023.3234178.
[13]	ABBASINEZHAD-MOOD D and NIKOOGHADAM M. Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications[J]. Future Generation Computer Systems, 2018, 84: 47–57. doi: 10.1016/j.future.2018.02.034.
[14]	GARG S, KAUR K, KADDOUM G, et al. Secure and lightweight authentication scheme for smart metering infrastructure in smart grid[J]. IEEE Transactions on Industrial Informatics, 2020, 16(5): 3548–3557. doi: 10.1109/TII.2019.2944880.
[15]	CHAUDHRY S A, NEBHAN J, YAHYA K, et al. A privacy enhanced authentication scheme for securing smart grid infrastructure[J]. IEEE Transactions on Industrial Informatics, 2022, 18(7): 5000–5006. doi: 10.1109/TII.2021.3119685.
[16]	HU Shunfang, CHEN Yanru, ZHENG Yilong, et al. Provably secure ECC-based authentication and key agreement scheme for advanced metering infrastructure in the smart grid[J]. IEEE Transactions on Industrial Informatics, 2023, 19(4): 5985–5994. doi: 10.1109/TII.2022.3191319.
[17]	WU Yapeng, GUO Hua, HAN Yiran, et al. A security-enhanced authentication and key agreement protocol in smart grid[J]. IEEE Transactions on Industrial Informatics, 2024, 20(9): 11449–11457. doi: 10.1109/TII.2024.3399915.
[18]	WANG Zhihao, HUO Ru, and WANG Shuo. A lightweight certificateless group key agreement method without pairing based on blockchain for smart grid[J]. Future Internet, 2022, 14(4): 119. doi: 10.3390/fi14040119.
[19]	SHAHIDINEJAD A, ABAWAJY J, and HUDA S. Highly-secure yet efficient blockchain-based CRL-free key management protocol for IoT-enabled smart grid environments[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 6738–6750. doi: 10.1109/TIFS.2024.3423724.
[20]	STINSON D R and STROBL R. Provably secure distributed schnorr signatures and a (t, n) threshold scheme for implicit certificates[C]. Proceedings of the 6th Australasian Conference, ACISP 2001, Sydney, Australia, 2001: 417–434. doi: 10.1007/3-540-47719-5_33.
[21]	BRAEKEN A, CHIN Jijian, and TAN S Y. ECQV-IBI: Identity-based identification with implicit certification[J]. Journal of Information Security and Applications, 2021, 63: 103027. doi: 10.1016/j.jisa.2021.103027.
[22]	BLANCHET B. Modeling and verifying security protocols with the applied pi calculus and ProVerif[J]. Foundations and Trends® in Privacy and Security, 2016, 1(1/2): 1–135. doi: 10.1561/3300000004.
[23]	ZHENG Yue, LIU Wenye, GU Chongyan, et al. PUF-based mutual authentication and key exchange protocol for peer-to-peer IoT applications[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(4): 3299–3316. doi: 10.1109/TDSC.2022.3193570.
[24]	DAS A K, WAZID M, YANNAM A R, et al. Provably secure ECC-based device access control and key agreement protocol for IoT environment[J]. IEEE Access, 2019, 7: 55382–55397. doi: 10.1109/ACCESS.2019.2912998.
[25]	LI Sensen, ZHANG Tikui, YU Bin, et al. A provably secure and practical PUF-based end-to-end mutual authentication and key exchange protocol for IoT[J]. IEEE Sensors Journal, 2021, 21(4): 5487–5501. doi: 10.1109/JSEN.2020.3028872.
[26]	ZHANG Shiwen, YAN Ziwei, LIANG Wei, et al. BCAE: A blockchain-based cross domain authentication scheme for edge computing[J]. IEEE Internet of Things Journal, 2024, 11(13): 24035–24048. doi: 10.1109/JIOT.2024.3387934.
[27]	LIU Zewei, HU Chunqiang, RUAN Conghao, et al. An enhanced authentication and key agreement protocol for smart grid communication[J]. IEEE Internet of Things Journal, 2024, 11(12): 22413–22428. doi: 10.1109/JIOT.2024.3381379.
[28]	方案安全性验证源码: https://github.com/chengqi1223/ALC-BLA. (查阅网上资料,未找到本条文献信息,请确认).