Customized Certificate Revocation Lists for IEEE 802.11s-based Smart Grid AMI Networks Kemal Akkaya∗ , Khaled Rabieh† , Mohamed Mahmoud† , Samet Tonyali‡ ∗ Department
of Electrical & Computer Engineering, Florida International University, Miami, FL 31174
[email protected] of Electrical & Computer Engineering, Tennessee Tech University, Cookeville, TN 38505 USA
[email protected]—
[email protected] ‡ Department of Computer Science, Southern Illinois University, Carbondale, IL 62901 USA
[email protected] † Department
Abstract—Public-key cryptography (PKC) is widely used in Smart Grid (SG) communications to reduce the overhead of key management. However, PKC comes with its own problems in terms of certificate management. Specifically, certificate revocation lists (CRLs) need to be maintained and distributed to the smart meters (SMs) in order to ensure security of the communications. The size of CRLs may grow over time and eventually may introduce additional delay, bandwidth and storage overhead when various applications are run on SG. In this paper, we propose novel algorithms for creating customized CRLs with reduced size for IEEE 802.11s-based Advanced Metering Infrastructure (AMI) networks. Rather than maintaining a hugesize single CRL that introduces unnecessary search time and storage, the idea is to cluster/group SMs within the AMI network and create CRLs based on these groups. The grouping is mainly done in such a way that they bring together the SMs that will be very likely to communicate so that the CRLs will be kept local to that group. To this end, we propose two novel grouping algorithms. The first algorithm is a bottom-up approach which is based on the existing routes from the SMs to the gateway. Since the SMs will be sending their data to the gateway through the nodes on the route, this forms a natural grouping. The second approach is a top-down recursive approach which considers the minimum spanning tree of the network and then divides it into smaller subtrees. Via grouping, the length of the CRL for each SM and the corresponding distribution overhead can be reduced significantly. Simulation results have shown that our approach can maintain a balance between the size of the CRL and the number of signatures generated by CAs while guaranteeing security of the communications.
I. I NTRODUCTION Current power grid in the US is going through a major transformation to provide several new services/applications by creating an underlying two-way communication infrastructure [1], [2]. Through the deployment of smart meters (SMs) and smart data collections techniques, a Smarter Grid (SG) is being formed. One part of the SG initiative that is currently being implemented is the AMI, which provides two-way communication between the utility company and consumers’ SMs. The utility companies can use this AMI to monitor power demands over short periods, provide more accurate billing as well as utilize dynamic pricing to facilitate the reduction of peak demand [2]. There has been a lot of proposals for building the underlying communication infrastructure for SG AMI applications [2]. One of the options is to use wireless communications based on several technologies such as Zigbee, RF Mesh, Wireless
LAN and the newly approved IEEE 802.11s mesh standard [3]. In any case, the communication needs to be secured since wireless networks are easy targets for the attackers. Therefore, a lot of security mechanisms were proposed in the recent years to address various security challenges for the wireless communication infrastructure of SG [4]. These works all assume the availability of keys at the SMs. While using symmetrickey based solutions have advantages in terms of performance, these solutions require the creation, distribution and renewal of keys frequently which brings a lot of overhead to the utilities since the underlying network size for AMI would be very large. Hence, a lot of utilities opt to adapt asymmetric-key or (or public-key cryptography (PKC))-based solutions which has less overhead in terms of key management. While PKC is a viable option to be used in SG communications, it still poses challenges in terms of certificate management. The keys need to be certified by Certification Authorities (CAs) and thus the overhead of maintaining certificates cannot be underestimated. In particular, the certificate revocation is a big problem to PKC that has the potential to impact the performance significantly. Certificate revocation is performed due to various reasons and once a certificate is revoked by the CA, it needs to be put in a list called CRL and distributed to the related parties which will be using this certificate. Thus, each SM needs to check the validity of the certificate used to sign a message before it can verify the signature. CRLs are typically created for every node in the network and can be accessible at a public server. In the case of SG AMI applications, the ability of a SM to access the server of the CA is not possible due to communication overhead and lack of Internet accesibility of the SMs. Therefore, CRL should be distributed to the SMs in advance so that it will be available locally at each SM for signature verification coming from other SMs. While it is possible to distribute a single CRL for all the SMs in the AMI network (or even in a city), this may not be needed since SMs will mostly be communicating with the gateway. As time passes, the CRL size may grow significantly and thus becomes a major overhead in terms of search and storage at the SMs. Given that SMs will not have a lot of resources in terms of CPU and storage, it does not make sense to use a single CRL for the whole network. It will be beneficial to reduce the size of the CRLs for SG AMI networks. This reduced size will also help in keeping the CRL
distribution overhead low. This paper proposes two novel mechanisms to customize the CRLs for SG AMI networks based on the groups of SMs that need to communicate. The basic idea is to form CRLs for each group and use a single CRL within a group to reduce the delay and storage overhead. We identify the groups in AMI networks based on the communications patterns among the SMs. Typically, each SM needs to follow a path to the gateway and thus will have the need to talk to each of these nodes within its path. This pattern is motivated from the AMI applications where SMs power data are collected regularly. There is other communication pattern which necessitates the communication of an SM with its immediate neighboring SMs (i.e., the SMs within 1-hop distance). Our algorithm assumes the availability of shortest paths from each SM to the gateway due to use of IEEE 802.11s that already creates such paths. The first approach is a bottom-up approach and first identifies the leaf SMs which do not act as relays for the other SMs. Note that the paths from these leaf SMs will include all the SMs’ paths to the gateway. When these paths are identified, we determine the shortest paths which share same SMs along their paths. We strive to group these paths within the same group since the SMs on these paths have also high chance of interaction among themselves due to geographical proximity. To maintain some balance among the size of the groups, we put a threshold on the number of leaf SMs that can be added to a group when creating groups. The second approach is a top-down approach and aims to bring consistency among the number of created groups for different topologies. Basically, the idea is to determine the minimum spanning tree (MST) of the network and create another subMST each rooted by one of the children SMs of the gateway. Each sub-MST will be considered as a group but since there is a maximum threshold on the size of the group, the groups exceeding this threshold will be further divided into sub-MSTs in a recursive manner. We implemented the proposed approach under ns-3 [5] and assessed the performance with respect to traditional way of creating and distributing CRLs. The results indicate that the proposed approach can significantly reduce the CRL size with limited message overhead for distribution. We also observed that the performance of the proposed approaches are very similar but the second approach generates groups with lower standard deviation. This paper is organized as follows. In the next section, we summarize the related work. Section III provides the preliminaries about the topic and defines the problem. Section IV presents the proposed approaches along with the algorithm pseudo-codes. Section V investigates the distribution mechanisms of CRLs once the groups are formed. In Section VI, we assess the performance of the proposed approach. Finally, Section VII concludes the paper. II. R ELATED W ORK Certificate revocation is one of the most important components of the PKC. It has been studied in the context of the
wireline Internet [6]. A survey and discussions on revocation methods’ tradeoffs is provided in [7]. Regarding the handling of CRLs in wireless networks, there is a number of works as detailed below. For instance, Wasef et al. [8] have proposed a decentralized revocation scheme for vehicular ad hoc networks (VANETs). The scheme is based on a pairing-based threshold scheme and a probabilistic key distribution technique. It enables a group of well-behaving vehicles to revoke a misbehaving vehicle. Raya et al. [9] proposed a technique to revoke the tamperproof device. The technique is useful when all the certificates of a vehicle are to be revoked. The CA sends a message to the tamper-proof device to command it to stop all the security functions. It is not cost efficient to use tamper-proof devices with smart meters. In [10], to complement the security services provided by PKI, the authors introduce complementary security mechanisms that can meet location privacy, efficient authentication, and distributed and fair revocation. They also propose a mechanism for mitigating the effect of the denial of service attacks in VANETs. In PKC-based authentication schemes, the revocation status of the message sender’s certificate should be verified before verifying the sender’s signature. In [11], the authors have proposed an expedite message authentication protocol. It replaces the time-consuming CRL checking process by an efficient revocation checking process using a keyed hash message authentication code (HMAC), but CRLs should still be formed and distributed. Crpeau et al. [12] propose a certificate revocation scheme for wireless ad hoc networks. The scheme not only provides a measure of protection against false accusation attacks, but it also aims to eliminate the window of opportunity whereby revoked certificates can be used to access network services. In [13], H. Guo et al. propose a batch authentication protocol for vehicle to smart grid communication. Instead of verifying individual packets, the aggregator verifies the received responses by only one signature verification. Existing works on AMI network security such as [14] propose the use of a PKI and digital signatures but do not provide any mechanisms for certificate revocation, even though it is a required component of any PKI-based solution. In [15], it is mentioned that the SMs have a remote disconnect switch. The main role of the disconnect switch is to disconnect the service on customers who default on their payments. The authors proposed a PKC scheme to prevent attackers from making use of this feature and interrupting the citizens’ electricity supply. However, they did not address the certificate revocation issues in their protocol. Different aspects of certificate revocation problem in SG applications were discussed in [16] without providing a solution to SG AMI Networks. To the best of our knowledge, studying certificate revocation in SG AMI Networks has not been well studied yet. In [17], Khurana et al. have discussed the main security issues in SG. The authors have identified public key management as a challenge due to the system scalability and complexity. In [18], the authors study the problem of secure key management for the SG and proposed a novel
used in our grouping algorithm. Note that we use SG NAN and SG AMI Networks interchangeably throughout the paper. B. Certificates and CRLs
4G Network
Fig. 1: SG AMI implemented using a 802.11s-based NAN key management scheme. The proposed key management scheme combines symmetric key technique and elliptic curve public key technique. Metke et al. [19] survey the existing key security technologies for extremely large and wide-area communication networks and study their applicability for the smart grid. Based on studying the security requirements as well as the scale of the smart grid, the authors strongly believe that the PKC is the most effective key management solution for securing the SG. III. P RELIMINARIES
Certificates are issued by a CA and sent to the gateway for distribution to SMs. When a certificate is issued, its validity is limited by an expiration date. Note that verification of the expiration date of a certificate is necessary but not sufficient evidence for its validity. This is because there are other reasons that cause a certificate to be revoked before its expiration. These reasons include but not limited to compromisation of the private keys, compromisation of the CA, stopping of the payments by the customer, etc. If a certificate is revoked, all the messages authenticated by the certificate should be ignored. Therefore, an additional check is required to determine a certificate’s revocation status during signature verification. In order to perform this check, CAs create CRLs and publish them regularly. Specifically, this is a list of revoked certificates which can be looked up for determining the validity of a certificate. Typically, a CRL contains the serial numbers of all revoked certificates along with their revocation dates. This CRL is signed by the CA and updated from time to time. The most recent version of the CRL is made available to all the potential nodes that will be using it. In the case of SG NANs, this CRL needs to be accessible by all the SMs.
A. Underlying Infrastructure
C. Problem Definition
SG has a communication infrastructure that consists of 3 major subnetworks: home area networks (HANs), neighborhood area networks (NANs) and WANs. Meter data collection and communication with the homes is done through the NANs by considering several wired and wireless underlying network technologies [1]. In this paper, we consider a NAN implemented using a wireless infrastructure based on IEEE 802.11s mesh networking standard. IEEE 802.11s is the standard for bringing multi-hopping capability to wireless LANs. The nodes in 802.11s mesh are given names based on their roles. All nodes are Mesh Points (MP) and are able to provide connectivity at the data link layer between other MPs. If an MP also provides connectivity to another network such as the Internet, it is called a Mesh Portal Point (MPP). An MP becomes a Mesh Access Point (MAP) if it provides access to wireless clients which are referred to as Mesh Station (Mesh STA). In our NAN, all the smart meters (SMs) will act as MPs/MAPs. There will also be some additional nodes acting as relay MPs when there is no SM available. Note that we may have Mesh STAs from HANs that can connect with SMs and have them act as MAPs. The gateway node which will be connected to the utility will be MPP. The connection can be via WiMax or 4G. A CA is assumed to be communicating with the utility for certificate generation and management. A sample NAN is depicted in Fig. 1. In this NAN, the MPs will send their readings to MPP using mesh path selection and forwarding mechanisms of 802.11s called Hybrid Wireless Routing Protocol (HWMP). The paths from each SM to gateway will be available and thus will be
The problem of certificate revocation introduces a lot of overheads with the increased network size. In SG, the SMs form a large-scale NAN and it is not feasible to have CRLs stored on a remote server for accessibility. Therefore, it is wise to distribute these CRLs to the SMs to accelerate the checking process. This indicates that a CRL should be available locally at every SM. Nonetheless, the communication pattern in SG AMI applications is in such a way that typically SMs do not communicate with each other frequently. SMs send power data to a data collector (i.e., gateway) or SMs exchange messages among themselves in 1-hop distance. Therefore, there will be a lot of SMs which do not communicate at all and thus do not need to check their certificates’ revocation status. Hence, shorter CRLs could be used to save time. Our problem can be defined as follows: “Given a NAN with n SMs and their paths to a gateway, group the SMs in such a way that SMs within each group communicate with each other with the highest possibility”. Note that there are two extreme cases which are not desirable in the context of SG. • A single CRL is generated for the whole network (or city). The CA will issue only one signature but the CRL will be too long due to storing the serial numbers of revoked certificates. This can be broadcast to all SMs. Since the CRL size is long, this introduces additional processing and distribution delay, consumes a lot of bandwidth for distribution and requires additional storage. • One CRL for each of the SMs based on its neighbors. In this way, the CRL length will be equal to the number of
neighbors of an SM and thus the processing delay will be short. However, the CA needs to generate n signatures if there are n SMs in the network. The update and dissemination of this CRL introduces a lot of message overhead. In addition, this solution does not guarantee end-to-end verification among an SM and gateway since the only secure interaction will be among the neighbors. We propose a solution that stays in the middle of the above approaches in terms of the CRL size. Our goal is to identify the group of nodes which need to communicate and create a CRL for each group like this. In this way, we guarantee that SMs can communicate with others securely based on the needs of the applications. This creates a balance among the size of the CRL and the number of signatures needed from the CA as well. IV. G ROUP - BASED APPROACHES
Fig. 2: Example on creating groups based on the routes to the gateway using bottom-up approach.
groups will include SMs sharing same routes. For handling the neighborhood communications, we will determine adjacent groups and distribute CRLs to the nodes which have links to multiple groups.
A. Motivation To understand the communication patterns among the SMs in a SG NAN, we consider the needs of three major applications: AMI, Demand Response (DR), and plug-in hybrid electric vehicles (PHEVs). In AMI, each SM sends its power reading to a gateway node periodically through multi-hop routes using the 802.11s-based NAN. In such a case, one major issue is that each SM and gateway need to ensure that the packet has been sent by legitimate sources. For instance, let us assume that SMA wants to send data to the gateway and the packet should be relayed by the SMs SMB and SMC . After receiving the packet, the gateway needs to ensure that the packet has been sent by SMA . Without this verification, any node can impersonate other SMs and send data under its name. In addition, relays SMB and SMC should verify that they are relaying packets for a legitimate node. Without this verification, outsider attackers can send bogus packets to overwhelm the network. For these purposes, SMB and SMC must verify SMA ’s signature. In this scenario, SMB , SMC and the gateway need the revocation information of SMA so that if SMA ’s certificate is revoked, they should not relay or accepts its packets. This leads us to the conclusion that these SMs on the same route to the gateway should have a CRL which will include all the SMs’ revoked certificate information. Therefore, it will be wise to put all these nodes in the same group when creating CRLs. The communication pattern due to other mentioned applications can be different though. For instance, in case of DR or PHEV, the SMs will act as sources or relays which communicate with each other. For DR, an SM will need to talk to its neighbors that are accessible possibly within 1-hop communication to exchange information and agree on power usage at that time. For PHEV, an SM will route data to another SM in the neighborhood which will require communication with its 1-hop neighbors (and obviously with PHEVs). This necessitates creating groups within the neighborhood of an SM which will have CRLs for the members of that group only. Combining these facts, we propose a grouping approach for CRL creation (i.e., one CRL for each group). Basically, the
B. Route-based Grouping The idea of our grouping approach is based on the routes from each leaf SM to the gateway. A leaf SM is the one that does not act as a relay for any of the other SMs in the network as part of the routes. We know that 802.11s standard already provides the routes from each SM to the gateway. Since leaf SMs are at the edge of the network, collecting the routes of these leaf SMs will cover the routes of every single SM in the network as shown in Fig. 2. Our centralized algorithm which can be run at the utility company or gateway first starts by determining the routes of the leaf nodes in the NAN and stores all the routes with their lengths in descending order. Each route has a leaf SM as the starting node and lists the node’s identifier (ID) of the next hop until the gateway. For each route in the list, our approach determines the other routes which share a node (i.e., branches) with this route. Our goal is to put the nodes which follow shared routes into the same group. Consider the example in Fig. 2. The leaf SMs in this network are numbered as SM2 , SM3 , SM7 , SM10 , SM12 , SM13 , SM14 and SM16 respectively. The routes to the gateway from these leaf SMs are listed as follows: • Route 2: 2-1-Gateway and length = 2 hops • Route 3: 3-1-Gateway and length = 2 hops • Route 7: 7-6-4-Gateway and length = 3 hops • Route 10: 10-9-8-Gateway and length = 3 hops • Route 12: 12-11-8-Gateway and length = 3 hops • Route 13: 13-11-8-Gateway and length = 3 hops • Route 14: 14-11-8-Gateway and length = 3 hops • Route 16: 16-15-5-4-Gateway and length = 4 hops We can see that Routes 2 and 3 share node SM1 . So we can group them together (Group 1). Similarly, Routes 7 and 16 share node SM4 so we can also group them together too (Group 2). Finally, Routes 10, 12, 13 and 14 share the node SM8 which can be grouped under Group 3. To provide load balancing among the groups, we also define a threshold for the maximum number of leaf SMs that can be in a single group. In this way, we can prevent the cases
Algorithm 1 BottomUpGrouping(Routes[]) 1: Sort the Routes[] 2: For all Routes[i].GID = -1 3: cnt = length.Routes[] 4: while i < cnt do 5: if Route[i].GID == -1 then 6: Route[i].GID = i 7: Group[i]++ //Increase the group node count 8: j =i+1 9: for all j < cnt do 10: if Route[j].GID -1 and SharedNode(Route[i], Route[j]) then 11: Route[j].GID = i 12: if length.Group[i] < T hreshold then 13: Group[i]++ 14: end if 15: end if 16: end for 17: i++ 18: else 19: i++ 20: end if 21: end while
where all the routes are shared and only one group is created. Obviously, this is not desirable since we are trying to reduce the size of the CRLs for efficiency. At the end of this process, each SM will have a group ID and for each group ID, a single CRL would be created at the CA. The pseudo-code for grouping of the routes is provided in Algorithm 1. In this algorithm, Routes[] is an array of lists. Route[i] represents the ith route with its elements being a list of SM IDs. Group[] is a hash map which has SM IDs and SM count in it. Group[i] represents the SMs which have the group ID as i. If a meter is broken or revoked, the gateway runs the grouping algorithm for all the meters or for subset to exclude the meter from the current groups. C. Recursive Grouping The previous algorithm is a bottom-up approach which considers the routes from each SM to the Gateway. In this subsection, we propose a second algorithm which follows a top-down approach in a recursive manner. This will start from the root and divide the tree into subtrees in a recursive manner until a certain size of trees are created. In this algorithm, we consider the minimum spanning tree (MST) of the network and work on that tree for grouping. If a certain subtree size is greater than a predefined threshold, then the algorithm is recursively run on that subtree (i.e., MST subtree). In this way, we aim to come up with more load balanced and deterministic process for the grouping. Specifically, if there are K 1-hop neighbors for the gateway, for each of these neighbors, the algorithm will create a group (see the SM1 , SM4 and SM10 in Fig. 3). All the SMs that have a route passing through one of these K nodes will be
Algorithm 2 TopDownGrouping (Routes[], Gateway) 1: For all 1-hop neighbors of Gateway: Onehop[j].GID = -1 2: Sort all Routes[] to Gateway 3: For all Routes[i].GID = -1 4: while Onehop[j] is in Routes[i] do 5: if Route[i].GID == -1 then 6: Route[i].GID = i 7: Group[i]++ //Increase the group node count 8: if length.Group[i] < T hreshold then 9: Group[i]++ 10: j = i + 1 //Next one hop SM 11: else 12: while length.Group[i] > T hreshold do 13: Gateway = SM[j] //apply recursively 14: TopDownGrouping(Routes[], Gateway) 15: end while 16: end if 17: i++ 18: else 19: i++ 20: end if 21: end while
added to the corresponding group. If the number of nodes in a group is greater than a definite threshold T , then the algorithm is applied recursively on that specific group assuming that the 1-hop neighbor acts as a gateway for its subtree (e.g., SM4 in Fig. 3). The recursive method stops when the number of SMs in all groups is less than the threshold T . The pseudo-code for this recursive algorithm is provided in Algorithm 2. V. D ISTRIBUTION OF CRL S While the distribution of CRLs is not a frequent process, it can still pose an overhead in particular if there is traffic on the NAN due to various activities in addition to AMI. Therefore, the distribution of CRLs should be done in an efficient manner. A. Proposed Distribution Approach One obvious solution to distribute the CRLs is to send each SM the CRLs via the routes available from the gateway. This
Fig. 3: Creating groups based on the recursive top-down approach.
means, the gateway needs to initiate a separate unicasting for each SM in the network. While this approach can introduce additional traffic, it is inevitable since broadcasting is not an option due to its unreliability. In fact, even if there is a single network-wide CRL, this cannot be broadcast either since the broadcast will require acknowledgement (ACK) from each SM which is not possible unless it is a unicast. Nonetheless, our group-based approaches eliminate some of the unicasts since the SMs on the routes to the leaf SMs already share the same CRL with the leaf SM. Therefore, it is sufficient to unicast to each leaf SM rather than unicasting to every single SM in the network. The SMs on the routes will retain a copy of the CRL (if it is not already stored on the SM) when forwarding it towards the leaf SMs. Referring to Fig. 2 that uses bottom-up grouping approach, unicasting the CRL to SM16 and SM7 would be enough to reach other members of Group 2. There is no need to unicast separately to the other members of Group 2. In this case, SM4 will retain the copy of the CRL passing through it twice. For the topdown approach, the same case applies. For instance, in Fig. 3, unicasting to SM6 , SM8 and SM9 is enough to reach all members of Group 3.1 and Group 3.2. In this case, SM4 will retain a copy of both CRL 3.1 and CRL 3.2. B. Maintaining Multiple CRLs As a result of the grouping, there will be some groups which are totally disjoint from the rest of the network. This means none of the SMs in these groups have any links with the rest of the network. An example group is shown in Fig. 2 where Group 1 is disjoint from the rest of the groups. For such groups, it totally makes sense to have a single CRL that includes the revocation information of only the SMs in that group. However, this will not always be the case, especially if the network is in a densely populated area. There will be a lot of different groups which will have links among their members. In other words, there will be SMs which have neighbors that belong to a different group than themselves. For instance, in Fig. 2 Groups 2 and 3 have a link that connects them (SM6 and SM9 ). In that case, when SM6 would like to communicate with SM9 , checking the CRL of Group 2 will not be sufficient since the SM9 ’s removed certificates would be stored in Group 3. Therefore, SM6 will need to have the CRL of Group 3 available locally. Same is valid for SM4 and SM5 in Fig. 3 which are in different groups bit share a link. To address this problem, we propose to use multiple CRLs at the SMs which are likely to communicate with SMs in other groups. Specifically, after the groups are created, each SM will communicate with its 1-hop neighbors and collect their group IDs. If there are SMs with different group IDs, then their CRLs will be exchanged among these SMs. If the groups IDs all match, then there is no need to exchange CRLs. This step will be performed once the grouping is completed. It will be done completely in a distributed manner and will only add 1 more message transmission to the CRL distribution overhead.
VI. E XPERIMENTAL E VALUATION A. Experiment Setup We consider random NAN topologies consisting of varying number of SMs. All these topologies are connected topologies generated by a utility program developed in house. We assumed a transmission range of 120m and an area of 800x800m. A gateway is selected randomly among the nodes which can be at any location. We assumed that IEEE 802.11s is the underlying protocol to provide communication among the SMs and the gateway. The proposed approach is developed under ns-3 simulator [5] which has a built-in implementation of 802.11s. The computations for grouping is done at the gateway and distributed via unicasting to each of the SMs. We opted to follow this distribution since current 802.11s standard does not support multicasting capability. Two sets of experiments were conducted to assess the grouping performance as well as the distribution performance. The experiments are repeated for 30 different topologies for significance. B. Performance Metrics and Baselines The following performance metrics are considered for assessing the proposed approach. • Size of the CRL: This indicates the data size for the CRL. The size of the CRL is important for storage and search efficiency. • Signature Overhead: This metric indicates the number of signatures computed by the CA. • CRL Message Overhead: This indicates the number of messages required to distribute the CRLs. • CRL Delay: This metric indicates the time the CRL takes to be distributed to all SMs. We compare our approach with two baselines. The first approach considers a single CRL for all the SMs in the network (S-CRL). The second approach considers a CRL based on the neighborhood list of each SM (N-CRL). Thus each SM will get a different CRL. Our route-based bottomup (BU) approach is shown as Group-based BU CRL (GBUCRL) and the recursive top-down (TD) approach is shown as GTD-CRL in the experiment results. C. CRL Size Comparison We conducted experiments to measure the CRL size for different number of nodes under different topologies in the worst case for S-CRL the size is always 1. For N-CRL, the size is the number of neighbors of a node. We get the average of all the nodes in the network. The size of the CRL is based on the assumption that 20% of the certificates are revoked and thus we assumed 20% of the total SM count as the CRL size. The group size threshold is also picked as 20% of the total SM count. The results are shown in Table I. Based on the results, we observe that G-CRL certificate size in average is significantly less than the current approach and N-CRL which is the most important metric in terms of storage overhead and search delay. Furthermore, the size of the CRL in G-CRL is almost fixed even if the network scales.
TABLE I: CRL size in average. Network size 100 200 300 400 500
S-CRL 20 40 60 80 100
N-CRL 4 6.8 9.6 11.4 15.8
GBU-CRL 1.4 1.6 1.7 1.7 1.7
GTD-CRL 1.3 1.6 1.7 1.7 1.8
TABLE II: Signature count for the CA. Network size 100 200 300 400 500
S-CRL 1 1 1 1 1
N-CRL 16 31 50 61 80
GBU-CRL 3.3 5.4 8.3 11.1 12.9
GTD-CRL 3.6 6 8.8 10.9 13
Fig. 5: Comparing GBU-CRL and GTD-CRL in terms of signature count.
Fig. 4: Comparing GBU-CRL and GTD-CRL in terms of CRL size. Fig. 6: Comparing GBU-CRL and GTD-CRL in terms of CRL size D. Signature Count Comparison
standard deviation.
We also counted the number of signatures required at the CA for all approaches. The results shown in Table II indicate that our approach requires much fewer signatures than NCRL. In addition, the signature count does not increase linearly which indicates its scalability. E. Comparison of GBU-CRL and GTD-CRL In this subsection, we compare the performance of the proposed grouping approaches GBU-CRL and GTD-CRL in more details. We have already observed that the signature count and CRL size for these approaches are very similar under the assumption of 20% revoked certificates ratio. To have a deeper look, we changed the group size threshold to 10% from 20% as well. The results for the CRL and signature size comparison did not reveal any beater as seen in Figs. 4 and 5. With the increased node count, the performance of both approaches are very similar with some minor fluctuations that do not show any superiority for both approaches. Therefore, we looked at the standard deviation for the CRL and signature sizes. As can be seen from the standard deviation in Figs. 6 and 7, the CRL size variations are again very similar. However, we observed that GTD-CRL is much better compared to GBUCRL when the CRL count is considered. Basically, the sizes of the groups created in this approach are not fluctuating very much from one topology to another which can provide more load-balanced and consistent groups if the utility has many
Fig. 7: Comparing GBU-CRL and GTD-CRL in terms of signature count standard deviation.
different neighborhood topologies. This can be attributed to the fact that the approach focuses on subdividing in a recursive manner considering the sub MSTs of the main MST. F. CRL Distribution Overhead Finally, we conducted experiments to assess the distribution overhead of the approaches. We counted the number of messages required to distribute all CRLs to every SM as well as three other performance metrics. Since both of the group-based approaches follow the same CRL distribution strategy as discussed earlier, their overhead will be same.
TABLE III: Message overhead for CRL distribution. Network size 100 200 300 400 500
S-CRL 229 511 765 1065 1366
N-CRL 229 511 765 1065 1366
G-CRL 241 503 757 1032 1307
TABLE IV: Other metrics for CRL distribution. Approach S-CRL N-CRL G-CRL
Average Delay (sec) 0.61 0.53 0.30
Completion Time (sec) 1.08 1.01 0.32
PDR (%) 94.87 94.99 94.36
Throughput (Kilobit/sec) 5.74 4.33 2.12
results indicate that G-CRL can reduce the CRL size significantly which helps reducing the search delay and the storage overhead in resource limited SMs. In addition, group-based approach keeps the CRL distribution message overhead comparable to the traditional approach while reducing the delay for transmission of CRLs. The proposed approach does not bring any additional burden to the nodes since the computations can be done at the gateway or utility. ACKNOWLEDGEMENT This work is supported in part by US National Science Foundation under the grant number 1318872. R EFERENCES
These approaches are shown as G-CRL, in the Tables. The other metrics we considered are: 1) average packet delay from gateway to all SMs; 2) completion time for CRL distribution; 3) packet delivery ratio (PDR) from gateway to all SMs; and 4) total throughput at all SMs. For S-CRL, we did not use broadcasting while it is an option to be implemented. This is because it cannot be used with TCP as we are using TCP for our approaches in order to guarantee packet delivery. In these experiments, we did not take into consideration the size of the CRL since it will not have an impact on the message overhead and its impact on delay is neglected. The message overhead for the three approaches is shown in Table III. Note that for G-CRL, we also considered the exchange of CRLs among the neighbors which added an additional message for each SM. The results indicate that GCRL can reduce the message overhead compared to N-CRL and S-CRL due to using grouping. To asses the performance in terms of the other metrics, we conducted experiments by creating a grid-based topology with 100 nodes due to space constraints. This was also to reduce interference among the nodes so that we can eliminate the effects of it on the performance metrics for fair comparison of approaches. The results are depicted in Table IV. According to these results, we observe that G-CRL can provide better delay and completion time than other approaches. Again this is due to the fact that our approach only transmits to leaf SMs. The throughput is also much less compared to others indicating that our approach consumes much less bandwidth for CRL distribution. VII. C ONCLUSION In this paper, we proposed a group-based algorithm for creating and distributing the CRLs in an 802.11s-based NAN. The SMs that are part of the NAN are grouped based on the possibility of interaction which is mostly through the routes to the gateway node. Our approach strives to put all the SMs on the same path to the same group so that they use the same CRL when communicating. In addition, we allow an SM to maintain multiple CRLs in order to communicate with its immediate neighborhood which is also highly possible due to characteristics of different applications on NAN. We implemented the proposed G-CRL approach in ns-3 simulator that runs a draft version of 802.11s. The experiment
[1] N. Saputro, K. Akkaya, and S. Uludag, “A survey of routing protocols for smart grid communications,” Computer Networks, vol. 56, no. 11, pp. 2742 – 2771, 2012. [2] W. Wang, Y. Xu, and M. Khanna, “Survey paper: A survey on the communication architectures in smart grid,” Comput. Netw., vol. 55, pp. 3604–3629, October 2011. [3] M. Souryal, C. Gentile, D. Griffith, D. Cypher, and N. Golmie, “A methodology to evaluate wireless technologies for the smart grid,” in Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on, oct. 2010, pp. 356 –361. [4] N. Saputro and K. Akkaya, “On preserving user privacy in smart grid advanced metering infrastructure applications,” Security and Communications Networks, to appear. [5] “Network simulator - ns - 3,” http://www.isi.edu/nsnam/ns/index.html. [6] R. Housley, W. Polk, W. Ford, and D. Solo, “Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile,” RFC 3280, 2002. [7] P. Zheng, “Tradeoffs in certificate revocation schemes,” SIGCOMM Computing Communication Review, vol. 33, no. 2, p. 103112, 2003. [8] A. Wasef and X. Shen, “Edr: Efficient decentralized revocation protocol for vehicular ad hoc networks,” Vehicular Technology, IEEE Transactions on, vol. 58, no. 9, pp. 5214–5224, Nov 2009. [9] M. Raya, P. Papadimitratos, I. Aad, D. Jungels, and J.-P. Hubaux, “Eviction of misbehaving and faulty nodes in vehicular networks,” IEEE J. Sel. Areas Commun., vol. 25, no. 8, p. 15571568, 10 2007. [10] A. Wasef, R. Lu, X. Lin, and X. Shen, “Complementing public key infrastructure to secure vehicular ad hoc networks,” Wireless Communications, IEEE, vol. 17, no. 5, pp. 22–28, October 2010. [11] A. Wasef and X. Shen, “Emap: Expedite message authentication protocol for vehicular ad hoc networks,” Mobile Computing, IEEE Transactions on, vol. 12, no. 1, pp. 78–89, Jan 2013. [12] C. Cr´epeau and C. R. Davis, “A certificate revocation scheme for wireless ad hoc networks,” Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 54–61, 2003. [13] H. Guo, Y. Wu, F. Bao, H. Chen, and M. Ma, “Ubapv2g: A unique batch authentication protocol for vehicle-to-grid communications,” Smart Grid, IEEE Transactions on, vol. 2, no. 4, pp. 707–714, Dec 2011. [14] A. Beussink, K. Akkaya, I. F. Senturk, and M. Mahmoud, “Preserving consumer privacy on ieee 802.11s-based smart grid ami networks using data obfuscation,” Proc. of IEEE INFOCOM Workshop on Communications and Control for Smart Energy Systems, Toronto, 2014. [15] R. Anderson and S. Fuloria, “Who controls the off switch?” First IEEE International Conference on Smart Grid Communications (SmartGridComm), pp. 96–101, Oct 2010. [16] M. Mahmoud, J. Misic, and X. Shen, “Efficient public-key certificate revocation schemes for smart grid,” Proc. of IEEE Global Communication Conference (IEEE GLOBECOM’13), Atlanta, GA, USA, December 9-13 2013. [17] H. Khurana, M. Hadley, N. Lu, and D. Frincke, “Smart-grid security issues,” IEEE Security and Privacy, vol. 8, no. 1, pp. 81–85, 2010. [18] D. Wu and C. Zhou, “Fault-tolerant and scalable key management for smart grid,” IEEE Transactions on Smart Grid, vol. 2, no. 2, pp. 375 – 381, June 2011. [19] A. Metke and R. Ekl, “Security technology for smart grid networks,” IEEE Transactions on Smart Grid, vol. 1, no. 1, pp. 99–107, June 2010.