Correcting "PALK: Password-based anonymous lightweight key agreement framework for smart grid"

Abstract

Very recently in 2020, Khan et al. proposed an authentication scheme (PALK) for the smart grid infrastructure. Based on elliptic curve cryptography (ECC), symmetric hash functions and block cipher based encryption/ decryption operations, the scheme was argued to work efficiently and securely in smart grid based infrastructure. However, in this paper, we prove that PALK has incorrect login and authentication phase; mainly, due to a superficial ECC operation involving the multiplication of two points over the curve. Moreover, in the scheme of Khan et al. the responding entity without knowing any clue of the initiator, uses the public key of the initiator for the completion of the authentication process, which is also not possible in the presence of multiple communicating devices. These design flaws lead to the situation, where the smart grid entities are unable to complete even a single cycle of authentication. Finally, we propose a quick solution to fix the pertinent flaws of the PALK. The security and correctness of the proposed solution iPALK is proved using formal BAN logic, automated tool ProVerif along with a brief discussion on the correctness of the scheme. The performance comparisons also show that the iPALK not only provides the correctness, but it is more efficient in terms of computation and communication costs.