# A Multi-Source Big Data Security System of Power Monitoring Network Based on Adaptive Combined Public Key Algorithm

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

- Inspired by the realistic implementations of SGCC (lack of efficient security countermeasures for massive IoT terminals/nodes) and the security threats faced by IoT and big data in smart grid, we propose a more efficient, effective, and easy-to-implement security system to provide end-to-end security, so that the risks such as malicious node injection, unauthorized access, and node tampering [14] are significantly lowered;
- To increase the efficiency of the security system, we upgraded the CPK algorithm with the adaptive key fragment and combination method, so that the key generation and updating process is adapted according to the number of connecting terminals;
- To eliminate the negative impact of malicious terminals, we propose an identity-based public key authentication protocol. The lightweight protocol can achieve the efficient secure access of massive terminals;
- To verify the easy-to-implement property of the proposed system, the system was experimentally implemented in a substation scenario where the full functions were tested. It shows that the system can be easily implemented with minor changes to the existing network.

## 2. Combined Public Key Algorithm

#### 2.1. Elliptic Curve Cryptography

#### 2.2. CPK System

## 3. Security System of Multi-Source Big Data in Power Monitoring Network

#### 3.1. System Architecture

- (1)
- The terminal agent sends the terminal’s identification information to the CPK module via the communication module. If the CPK module approves the application, it generates a key pair of that terminal and sends it to the terminal as well as the public key matrix.
- (2)
- While the terminal agent applies for access to a specific business application, the authentication process begins between the server-side authentication service module and terminal side authentication module. The details of the authentication process will be discussed in Section 3.2.
- (3)
- Once the terminal identity is verified, the negotiated symmetric key can be used in the following encrypted data transmission between server-side the encryption service module and the terminal-side encryption module. The encryption algorithm may use the (Advanced Encryption Standard (AES) or SM1, SM4 that are published by the State Cryptography Administration of China.
- (4)
- When the data transmission is done, the server sider security service will decrypt the data and send them to the intranet application servers.
- (5)
- During the above steps, the server-side adaptive service module monitors the status of connecting terminals and the current performance of CPK, and adjusts the parameters of the CPK module if necessary. The details of the adaptive service module will be discussed in Section 3.1.

#### 3.2. Adaptive Key Fragment and Combination Method

#### 3.3. Identity-Based Public Key Authentication Protocol

- (1)
- The client randomly generates a 128-bit seed, namely $rand$, and uses the current time to generate $timestamp$. In plaintext $M=rand+timestamp$, the hash value of $rand$ and $timestamp$ is calculated to obtain $H\left(M\right)$, and the client uses the private key to sign $H\left(M\right)$ to obtain $Sig{n}_{A}\left(H(M)\right)$. The identification $A$ of the client, the plaintext information $M$, and the signature $Sig{n}_{A}\left(H(M)\right)$ are taken as the information to be sent for the client. The client uses the public key matrix disclosed by CPK to map the server’s unique identifier to calculate the server’s public key $P{K}_{B}$. The client uses $P{K}_{B}$ to encrypt the information that needs to be sent, and the cipher text ${C}_{1}$ is expressed as shown in Equation (13):$${C}_{1}={E}_{P{K}_{B}}\left(A+M+Sig{n}_{A}\left(H(M)\right)\right)$$

- (2)
- After the server receives the cipher text ${C}_{1}$, it decrypts it with its private key $S{K}_{B}$, and obtains:$${D}_{S{K}_{B}}\left({C}_{1}\right)=\left(A+M+Sig{n}_{A}\left(H(M)\right)\right)$$

- (3)
- After receiving the cipher text ${C}_{2}$, the client uses their private key $S{K}_{A}$ to decrypt it to obtain $M\_S+Sig{n}_{B}\left(H\left(M\_S\right)\right)$. Then, the client uses the server public key $P{K}_{B}$ to verify whether the signatures $Sig{n}_{B}\left(H\left(M\_S\right)\right)$ and $H\left(M\_S\right)$ match. If it matches, the verification is successful. Otherwise, it fails, and the customer will be prompted with a warning that the authentication has failed. After passing the verification, the client gets $rand\_s$ and $timestamp\_s$, and reverses $rand\_s$ by bit to get $rand$. Additionally, check the timestamp $timestamp\_s$, judge the time of this session through the timestamp, and enter the next step within a reasonable range.
- (4)
- The client extracts $rand\_s$ and $timestamp\_s$ to obtain $H\left(M\_S\right)$, and then uses a fixed key $Key$ negotiated in advance to encrypt $H\left(M\_S\right)$ to obtain the session key ${K}_{S}$, which is expressed as$${K}_{S}={E}_{Key}\left(H\left(M\_S\right)\right)$$

- (5)
- Negotiation of the session secret key. The server obtains the hash value $H\left(M\_S\right)$ of $rand\_s$ and $timestamp\_s$, encrypts $H\left(M\_S\right)$ with the symmetric key $Key$ negotiated in advance, obtains the session key ${K}_{S}$, which is used to decrypt the cipher text ${C}_{3}$. The server matches its $rand\_s$ with the decrypted information. If they agree, the key negotiation is successful. Both parties use ${K}_{S}$ as the session key for this communication. The server uses ${K}_{S}$ to encrypt $rand\_s+1$ to obtain ${C}_{4}$ as shown in Equation (18) and returns it to client:$${C}_{4}={E}_{{K}_{S}}\left(rand\_s+1\right)$$
- (6)
- After receiving ${C}_{4}$, the client uses the session key ${K}_{S}$ of this communication to decrypt, and compares the result with $rand\_s+1$. If it matches, the key negotiation is successful. The communication parties use $rand\_s+1$ as the starting number of the communication packet to avoid replay attacks.

## 4. Experimental Results and Analysis

#### 4.1. Data Authentication Time Analysis

#### 4.2. Key Generation Quantity Analysis

#### 4.3. Key Update Rate Analysis

#### 4.4. Data Security Analysis

## 5. Implementation of the Proposed System in Power System

## 6. Conclusions

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Conflicts of Interest

## References

- Ganguly, P.; Nasipuri, M.; Dutta, S. Challenges of the Existing Security Measures Deployed in the Smart Grid Framework. In Proceedings of the 2019 IEEE 7th International Conference on Smart Energy Grid Engineering (SEGE), Oshawa, ON, Canada, 12–14 August 2019; pp. 1–5. [Google Scholar]
- Morello, R.; De Capua, C.; Fulco, G.; Mukhopadhyay, S.C. A Smart Power Meter to Monitor Energy Flow in Smart Grids: The Role of Advanced Sensing and IoT in the Electric Grid of the Future. IEEE Sens. J.
**2017**, 17, 7828–7837. [Google Scholar] [CrossRef] - Liu, J.; Zhao, Z.; Ji, J.; Hu, M. Research and application of wireless sensor network technology in power transmission and distribution system. Intell. Converg. Netw.
**2020**, 1, 199–220. [Google Scholar] [CrossRef] - Khan, F.; Siddiqui, M.A.B.; Rehman, A.U.; Khan, J.; Asad, M.T.S.A.; Asad, A. IoT Based Power Monitoring System for Smart Grid Applications. In Proceedings of the 2020 International Conference on Engineering and Emerging Technologies (ICEET), Lahore, Pakistan, 22–23 February 2020; pp. 1–5. [Google Scholar]
- Hu, J.; Vasilakos, A.V. Energy Big Data Analytics and Security: Challenges and Opportunities. IEEE Trans. Smart Grid
**2016**, 7, 2423–2436. [Google Scholar] [CrossRef] - Huang, C.; Huang, Q.; Wang, D. Stochastic Configuration Networks Based Adaptive Storage Replica Management for Power Big Data Processing. IEEE Trans. Ind. Inform.
**2020**, 16, 373–383. [Google Scholar] [CrossRef] - Shobol, A.; Ali, M.H.; Wadi, M.; TüR, M.R. Overview of Big Data in Smart Grid. In Proceedings of the 2019 8th International Conference on Renewable Energy Research and Applications (ICRERA), Brasov, Romania, 3–6 November 2019; pp. 1022–1025. [Google Scholar]
- He, X.; Ai, Q.; Qiu, R.C.; Huang, W.; Piao, L.; Liu, H. A Big Data Architecture Design for Smart Grids Based on Random Matrix Theory. IEEE Trans. Smart Grid
**2017**, 8, 674–686. [Google Scholar] [CrossRef] - Wu, J.; Ota, K.; Dong, M.; Li, J.; Wang, H. Big Data Analysis-Based Security Situational Awareness for Smart Grid. IEEE Trans. Big Data
**2018**, 4, 408–417. [Google Scholar] [CrossRef][Green Version] - Zhao, J.; Kamwa, I. Guest Editorial: Next Generation of Synchrophasor-based Power System Monitoring, Operation and Control. IET Gener. Transm. Distrib.
**2020**, 14, 3943–3944. [Google Scholar] - Liu, H.; Wang, Y.; Chen, W.G. Anomaly detection for condition monitoring data using auxiliary feature vector and density-based clustering. IET Gener. Transm. Distrib.
**2020**, 14, 108–118. [Google Scholar] [CrossRef] - Koziel, S.; Hilber, P.; Westerlund, P.; Shayesteh, E. Investments in data quality: Evaluating impacts of faulty data on asset management in power systems. Appl. Energy
**2021**, 281, 116057. [Google Scholar] [CrossRef] - Smith, M.D.; Paté-Cornell, M.E. Cyber Risk Analysis for a Smart Grid: How Smart is Smart Enough? A Multiarmed Bandit Approach to Cyber Security Investment. IEEE Trans. Eng. Manag.
**2018**, 65, 434–447. [Google Scholar] [CrossRef] - Andrea, I.; Chrysostomou, C.; Hadjichristofi, G. Internet of Things: Security vulnerabilities and challenges. In Proceedings of the 2015 IEEE Symposium on Computers and Communication (ISCC), Larnaca, Cyprus, 6–9 July 2015; pp. 180–187. [Google Scholar]
- Wang, Z.; Liu, Y.; Ma, Z.; Liu, X.; Ma, J. LiPSG: Lightweight Privacy-Preserving Q-Learning-Based Energy Management for the IoT-Enabled Smart Grid. IEEE Internet Things J.
**2020**, 7, 3935–3947. [Google Scholar] [CrossRef] - Baek, J.; Vu, Q.H.; Liu, J.K.; Huang, X.; Xiang, Y. A Secure Cloud Computing Based Framework for Big Data Information Management of Smart Grid. IEEE Trans. Cloud Comput.
**2015**, 3, 233–244. [Google Scholar] [CrossRef] - Hossain, E.; Khan, I.; Un-Noor, F.; Sikander, S.S.; Sunny, M.S.H. Application of Big Data and Machine Learning in Smart Grid, and Associated Security Concerns: A Review. IEEE Access
**2019**, 7, 13960–13988. [Google Scholar] [CrossRef] - Deng, S.; Chen, F.; Dong, X.; Gao, G.; Wu, X. Short-term load forecasting by using improved GEP and abnormal load recognition. ACM Trans. Internet Technol.
**2021**, 21, 1–28. [Google Scholar] - Jiang, Y.; Zhang, Y.; Xu, A.; Kuang, X.; Meng, J.; Chu, H. An Overview: Data Security Mechanism of Power Terminal in Edge Computing. In Proceedings of the 2020 IEEE International Conference on Energy Internet (ICEI), Sydney, NSW, Australia, 24–28 August 2020; pp. 22–27. [Google Scholar]
- Chen, X.; Liang, W.; Zhou, X.; Jiang, D.; Kui, X.; Li, K. An Efficient Transmission Algorithm for Power Grid Data Suitable for Autonomous Multi-Robot Systems. Inf. Sci.
**2021**, 572, 543–557. [Google Scholar] [CrossRef] - Liu, R.; Zheng, Y.; Yang, Y.; Chao, Y.; Li, Y.; Yan, Y. Research on Secure Access Technology of Electric Power Wireless Private Network Based on Hybrid Encryption. In Proceedings of the 2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), Chongqing, China, 18–20 June 2021; pp. 69–74. [Google Scholar]
- Ni, J.; Zhang, K.; Lin, X.; Shen, X.S. Balancing Security and Efficiency for Smart Metering Against Misbehaving Collectors. IEEE Trans. Smart Grid
**2019**, 10, 1225–1236. [Google Scholar] [CrossRef] - Hong, J.; Liu, B.; Sun, Q.; Li, F. A combined public-key scheme in the case of attribute-based for wireless body area networks. Wirel. Netw.
**2019**, 25, 845–859. [Google Scholar] [CrossRef] - Zhang, F.; Zhang, Z.; Guan, P. ECC2: Error Correcting Code and Elliptic Curve based Cryptosystem. Inf. Sci.
**2020**, 526, 301–320. [Google Scholar] [CrossRef] - Cowan, A. The distribution of multiples of real points on an elliptic curve. J. Number Theory
**2020**, 211, 530–544. [Google Scholar] [CrossRef][Green Version] - Jin, H.; Lee, H. Solving discrete logarithm problems faster with the aid of pre-computation. Discret. Appl. Math.
**2019**, 267, 93–119. [Google Scholar] - Do, T.T.; Le, K.; Hoang, T.; Lea, H.; Cheung, N.M. Simultaneous Feature Aggregating and Hashing for Compact Binary Code Learning. IEEE Trans. Image Process.
**2019**, 28, 4954–4969. [Google Scholar] [CrossRef] - Zhang, S.; Chen, Z.K.; Shi, R.H.; Liang, F.Y. A novel quantum identity authentication based on Bell states. Int. J. Theor. Phys.
**2020**, 59, 236–249. [Google Scholar] [CrossRef] - Zia, M.; Ali, R. Cryptanalysis and improvement of blind signcryption scheme based on elliptic curve. Electron. Lett.
**2019**, 55, 457–459. [Google Scholar] [CrossRef] - Cui, Y.; Yao, Y.; Xu, G.N. Research of Ubiquitous Power Internet of Things Security Authentication Method Based on CPK and RIFD. In Proceedings of the 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Chongqing, China, 12–14 June 2020; pp. 1519–1523. [Google Scholar]
- Chen, D.; Zhang, N.; Cheng, N.; Zhang, K.; Qin, Z.; Shen, X. Physical Layer based Message Authentication with Secure Channel Codes. IEEE Trans. Dependable Secur. Comput.
**2020**, 17, 1079–1093. [Google Scholar] [CrossRef][Green Version] - Yang, C.; Zhang, H.; Su, J. Quantum key distribution network: Optimal secret-key-aware routing method for trust relaying. China Commun.
**2018**, 15, 33–45. [Google Scholar] [CrossRef] - Xia, Z.; Zhou, H.; Gu, K.; Yin, B.; Zeng, Y.; Xu, M. Secure Session Key Management Scheme for Meter-Reading System Based on LoRa Technology. IEEE Access
**2018**, 6, 75015–75024. [Google Scholar] [CrossRef] - Wu, D.; Luo, X.; Shang, M.; He, Y.; Wang, G.; Zhou, M. A Deep Latent Factor Model for High-Dimensional and Sparse Matrices in Recommender Systems. IEEE Trans. Syst. Man Cybern. Syst.
**2021**, 51, 4285–4296. [Google Scholar] [CrossRef] - Wu, D.; Shang, M.; Luo, X.; Wang, Z. An L
_{1}-and-L_{2}-Norm-Oriented Latent Factor Model for Recommender Systems. IEEE Trans. Neural Netw. Learn. Syst.**2021**. [Google Scholar] [CrossRef] - Luo, X.; Zhou, M.; Li, S.; Wu, D.; Liu, Z.; Shang, M. Algorithms of Unconstrained Non-Negative Latent Factor Analysis for Recommender Systems. IEEE Trans. Big Data
**2021**, 7, 227–240. [Google Scholar] [CrossRef]

Security Test | Our System | Our System without Adaptive Service | Reference [21] |
---|---|---|---|

Anti-forgery | ✓ | ✓ | ✓ |

Anti-eavesdropping | ✓ | ✓ | ✓ |

Anti-tampering | ✓ | ✓ | ✓ |

Anti-repudiation | ✓ | ✓ | ✓ |

Anti-interference | ✓ | ✓ | ✓ |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Jiang, C.; Huang, C.; Huang, Q.; Shi, J.
A Multi-Source Big Data Security System of Power Monitoring Network Based on Adaptive Combined Public Key Algorithm. *Symmetry* **2021**, *13*, 1718.
https://doi.org/10.3390/sym13091718

**AMA Style**

Jiang C, Huang C, Huang Q, Shi J.
A Multi-Source Big Data Security System of Power Monitoring Network Based on Adaptive Combined Public Key Algorithm. *Symmetry*. 2021; 13(9):1718.
https://doi.org/10.3390/sym13091718

**Chicago/Turabian Style**

Jiang, Chengzhi, Chuanfeng Huang, Qiwei Huang, and Jian Shi.
2021. "A Multi-Source Big Data Security System of Power Monitoring Network Based on Adaptive Combined Public Key Algorithm" *Symmetry* 13, no. 9: 1718.
https://doi.org/10.3390/sym13091718