F-Pro: a Fast and Flexible Provenance-Aware Message Authentication Scheme for Smart Grid

Abstract

Successful attacks against smart grid systems often exploited the insufficiency of checking mechanisms — e.g., commands are largely executed without checking whether they are issued by the legitimate source and whether they are transmitted through the right network path and hence undergone all necessary mediations and scrutinizes. While adding such enhanced security checking into smart grid systems will significantly raise the bar for attackers, there are two key challenges: 1) the need for real-time, and 2) the need for flexibility — i.e., the scheme needs to be applicable to different deployment settings/communication models and counter various types of attacks. In this work, we design and implement F-Pro, a transparent, bump-in-the-wire solution for fast and flexible message authentication scheme that addresses both challenges. Specifically, by using a lightweight hash-chaining-based scheme that supports provenance verification, F-Pro achieves less than 2 milliseconds end-to-end proving and verifying delay for a single or 2-hop communication in a variety of smart grid communication models, when implemented on a low-cost BeagleBoard-X15 platform.