Correcting "PALK: Password-based anonymous lightweight key agreement framework for smart grid"
Abstract
Very recently in 2020, Khan et al. proposed an authentication scheme (PALK) for the smart grid infrastructure.
Based on elliptic curve cryptography (ECC), symmetric hash functions and block cipher based encryption/
decryption operations, the scheme was argued to work efficiently and securely in smart grid based infrastructure.
However, in this paper, we prove that PALK has incorrect login and authentication phase; mainly, due to a
superficial ECC operation involving the multiplication of two points over the curve. Moreover, in the scheme of
Khan et al. the responding entity without knowing any clue of the initiator, uses the public key of the initiator for
the completion of the authentication process, which is also not possible in the presence of multiple communicating devices. These design flaws lead to the situation, where the smart grid entities are unable to complete even
a single cycle of authentication. Finally, we propose a quick solution to fix the pertinent flaws of the PALK. The
security and correctness of the proposed solution iPALK is proved using formal BAN logic, automated tool
ProVerif along with a brief discussion on the correctness of the scheme. The performance comparisons also show
that the iPALK not only provides the correctness, but it is more efficient in terms of computation and communication costs.
Volume
125Collections
The following license files are associated with this item: