Authentication of smart grid communications using quantum

The electric grid is evolving from an electrical network composed primarily of large centralized fossil fuel plants to a more distributed infrastructure, which includes renewable and energy storage type plants. Wind, photovoltaic (PV), and energy storage system (ES) technologies have observed significant cost reductions as they have continued to mature and reach mass production1,2,3. These technologies are now being adopted more frequently into the emerging electric smart grid, both in large and small deployments.

Renewable power plant installations can now be found on the scale of hundreds of kilowatts(kW) to megawatts (MWs) of potential power generation. These generation plants are a composite of many small generation resources, all interconnected with an electrical network known as a collector system4,5,6. An example layout for a PV plant with a supplementary ES system is shown in Fig. 1a. At each resource within the power plant, power electronic converter (PEC) systems with intelligent controllers are used to perform conversion and control of the power produced by both the PV modules and ES technology. These systems support several operational modes and communications protocols via an integrated communications module. System coordination is performed through a plant supervisory control and data acquisition (SCADA) system. Key to the deployment of these renewable plants is the ability for the SCADA system to communicate with the resources to establish operational capabilities and optimization strategies. Hence, secure and reliable two-way communications are critical to these systems7,8,9.

Within a conventional SCADA system, a supervisory system, a human-machine interface (HMI), a communications network, a master terminal unit (MTU), remote terminal units (RTUs), and field devices. Hence, the communications network enables connectivity between the systems. Moreover, a SCADA communications network can be divided into four types: (1) monolithic systems that are isolated and do not interact with one another, (2) distributed systems that communicate over a local area network (LAN), (3) networked systems that operate in multiple sites and communicate over a wide area network (WAN), and (4) Internet of things (IoT) systems that are connected to cloud computing for widescale implementation and computational resource availability. Furthermore, the need for reliable, efficient, and continuous connectivity between the SCADA elements has led to the development of many different communications protocols. Some protocols have been designed to consider the processing power and communications requirements of industrial applications, while others focused on speed. Consequently, many protocols were designed without integrated security services such as authentication and encryption. While the SCADA system in the monolithic and distributed models can operate in isolation on private links, utilities are looking to use available or existing communication infrastructure such as WANs and IoT to reduce costs which are often shared with other entities or service providers. Consequently, communications in these models are vulnerable to cyberattacks. For instance, the well-known ethernet-based SCADA communication protocols such as DNP3, EtherCat, Powerlink, Foundation Fieldbus HSE, and Modbus do not offer any authentication security mechanism. On the other hand, protocols such as DNS3-SA, IEC-60870, IEC-61850, and PROFINET implement security measures based on digital signatures. Table 1 shows the characteristics of these protocols, and a comprehensive review of SCADA communication protocol and their security can be explored in10.

In addition to these standard communication protocols, IoT protocols such as message queuing telemetry transport (MQTT), data distribution service (DDS), hypertext transfer protocol (HTTP), constrained application protocol (CoAP), and advanced message queuing protocol (AMQP) can be implemented in SCADA systems for machine-to-machine (M2M) communications. MQTT11 is a valuable protocol in the context of the IoT. MQTT has been utilized by companies such as IBM, Microsoft, and Amazon to operate as a message server that connects cloud applications and IoT devices. In comparison to SCADA systems, this protocol is similar to those often used in that data is frequently sought from other stations. One advantage of MQTT is that the protocol can be used with edge devices to integrate with older systems. Control stations and remote devices may be detached and communicate only over MQTT. Therefore, this simplifies peer-to-peer communications and relieves control stations of middleware duties. For this reason, MQTT has been recently explored and prototyped for SCADA systems12,13,14,15,16,17,18.

As presented in19, SCADA systems have been the target of many attacks that can impact the reliability of the communications network. These attacks include eavesdropping, man-in-the-middle, masquerade, virus and worms, trojan horses, and denial-of-service. These attacks have targeted the various levels of SCADA networks including the application layer, session layer, network transport layer, data link layer, and physical layers, with varying success rates. Therefore, electric utilities and generation plants are applying many different approaches to secure the information flow. These methods include adopting considerations of privacy/confidentiality, integrity, authentication, and trusted computing19,20,21.

Figure 1
figure 1

(a) Example of photovoltaic plant construction with voltage collector system (black) and communications network (blue). Architecture concept for (b) Specific and (c) General communications and control. CM: Communications module. LV: Low voltage. MV: Medium voltage. PE: Power electronic. PV: Photovoltaic. SCADA: Supervisory control and data acquisition.

Table 1 SCADA communications protocols and their characteristics. C/S: Client/Server communications model.

Solutions for ensuring the privacy and integrity of the communicated data include utilizing encryption and authentication. Both encryption and authentication schemes use cryptographic algorithms and secret keys. However, the two general schemes are different: encryption converts a message plaintext to a ciphertext to protect the information, whereas authentication is the attribute of confirming a message is genuine and has not been altered during transmission.

Currently, many popular cryptographic solutions, such as public-key cryptography, are based on hard-to-solve mathematics using assumptions based on potentially available computing resources22,23. One of the major advantages of public-key cryptography is enabling messages to be encrypted and/or authenticated with a “public” key (i.e., known to all) which in turn can only be decrypted and/or signed with a “private” key (i.e., kept secret). The generation of the public-private key pair leverages the aforementioned mathematics. To continually improve security of this type of cryptography, the secret key size must increase with available computational capabilities24. This can be a challenge for devices deployed in the field as the availability of computational resources (i.e., memory size and processing capability) is typically fixed during deployment or when the device is constructed. Hence, without detrimentally increasing latency or potentially being put out of service—as the processing demand increases—devices in the field must be replaced25,26.

In contrast, private-key cryptography—where a single key performs both encryption and decryption tasks—can be implemented very efficiently in hardware27, while exhibiting low computational overhead with deterministic latency. However, the challenge is all keys must be securely distributed to all parties prior to use, typically by a trusted courier, resulting in all keys being at risk of discovery during transit. From this perspective, quantum key distribution (QKD) approaches offer considerable promise: keys for private-key cryptography schemes can be established between parties—even over communication channels controlled by an adversary—in a provably secure manner28. Arguably, QKD is one of the most mature quantum applications available23. The fundamental technology has already been observed to be transitioning from research laboratories to commercial products. Combined with information-theoretic security protocols29, QKD offers future-proof security: proven to be safe regardless of the technological development in computing, quantum or otherwise23.

Quantum Key Distribution describes a variety of techniques whereby quantum states are used to establish a shared random key between two spatially separated parties, commonly referred to as Alice and Bob in cryptographic parlance. BB8430 is the most well-known QKD protocol, yet others exist which leverage different encoding schemes31,32 as well as entanglement33. QKD is not a cryptographic mechanism—it is a method to distribute correlated random bit strings for later use in any application, including well-known symmetric cryptography schemes such as the Advanced Encryption Standard (AES), Blowfish, and others. The commercial QKD system used in this paper implements an entanglement-based protocol33. It generates keys that are pulled into a higher layer to authenticate smart grid communications.

Securing a simulated power grid communications network using QKD was presented in34 and using real time digital simulator (RTDS) microgrid testbed in35 while theoretical approaches to improve the power grid physical security using quantum computing were explored in36. Previously, QKD has been applied in a trusted relay testbeds37,38,39,40,41,42,43 as well as a fiber loop-back on a utility network44. Following the initial utility demonstration, a four-node QKD trusted relay network on a utility fiber infrastructure showed the interoperability between diverse QKD systems that worked together to deliver secure keys across the critical energy infrastructure45 using the one-time-pad encryption technique. In43 the secret keys were further used to encrypt banking communication systems via the AES-128 protocol. Hence, authentication—which is a fundamental cryptographic security service—of typical network communications was not demonstrated in any previous work to secure the power grid communications as the secret keys in the trusted relay experiments were used only for encryption of distributed keys to relay them between the network nodes.

Our main objective is to achieve in principle information-theoretic authentication in smart grid communications. Our specific implementation uses the publish-subscribe paradigm, which is popular for smart grid data, and in particular the MQTT protocol. We develop a detailed methodology, practical design, and integrate several heterogeneous components on each publisher-subscriber link in the deployed energy delivery infrastructure. The major challenges to realizing authentication are the commodity SCADA microcontrollers’ limited resources, as well as their integration with a QKD system and the quantum random number generators (QRNG). Additionally, a further challenge we solve is how to manage the random numbers and the secret keys over the distributed devices.

While a review of the challenges of using QKD in the context of smart grid communications has been explored in46, here we highlight the challenges related to securing the SCADA communications and the concepts developed to accomplish this task in our demonstration. One challenge with using public networks like WANs in the smart grid is that the networking infrastructure is often shared. A challenge arises when data leaves the utility network and becomes vulnerable to cyberattacks. A network design must be developed to provide authentication and verification services to real-time outgoing and incoming communications messages. The lack of integrated security services—such as authentication and encryption—is another challenge associated with many existing SCADA communications protocols. As a result, these protocols are also susceptible to cyberattacks. Although some protocols rely on computationally intensive public-key digital signatures for authentication, the length of their secret keys must be increased to maintain their security over time. Devices in the field often face this challenge because the computational resources available after deployment are often fixed. Moreover, SCADA systems utilize specialized microcontrollers with limited resources that may be incapable of performing the intensive calculations required for public-key cryptography as key sizes increases. Therefore, equipment in the field must be upgraded to prevent communications delays and outages. This is a challenge for devices that are deployed in remote locations and are intended to operate for a long time.

To overcome these challenges, we present specialized and generalized architectures in which QKD secret keys protect SCADA communications. The generalized approach can be applied for proprietary protocols, including many-to-many communications scenarios. The specialized network architecture intends to operate effectively for open-source point-to-point communication protocols. Utilizing the open-source MQTT protocol—which can be used for an edge device and can be integrated with older systems—is a concept that provides flexibility in terms of communications and security. Consequently, a compatible, lightweight, and information-theoretic authentication protocol can be incorporated into MQTT and operated on the SCADA microcontrollers, reliably performing authentication and verification services. Furthermore, we solve the latency challenges with private-key cryptography, in which a single key performs encryption and decryption functions with minimal computing overhead and delays. Using quantum key distribution (QKD) techniques, secure keys for private-key cryptography schemes can be established between participants. We integrate QKD keys in information-theoretically secure protocols to provide a future-proof authentication that is secure and independent of the advancement of classical or quantum computing technology. Therefore, our computationally efficient approach is able to overcome the challenges associated with limited computing resources as the key size increases in public-key cryptography. We compare the execution time of our technique to the public-key cryptography counterpart, demonstrating its feasibility for smart grid applications and showing how QKD can benefit grid communications.

In this paper, we achieve our objective by using QKD secret keys to authenticate communications of integrated power electronics energy resources in electric grid infrastructure. This work is the first time quantum secret keys have been used to authenticate smart grid communications. More specifically, (a) QKD secret keys have been applied over the IoT protocol MQTT for supporting DER communications, (b) the developed software design to utilize and manages secret keys established by a commercial Qubitekk quantum key distribution system to authenticate M2M communications, and (c) the platform has been applied in a real utility setting (at EPB in Chattanooga Tennessee, between a data center and an electrical substation connected via an optical fiber). We first lay the foundation of our developed approach in the next section and then provide a detailed description of our system and methods used to solve the challenges in the following sections.

Message encryption and authentication in QKD – Galois message authentication

The concept of provably secure authentication was introduced in47 using a secret key that is longer than the message itself. Carter and Wegman showed it is possible to use a secret key shorter than the message to achieve information-theoretic authentication48. Later, using a block cipher, it was shown by Brassard that a shorter secret key could be expanded and used for the Carter-Wegman authentication scheme49. Galois/Counter Mode (GCM) is a state-of-the-art parallelizable symmetric-key cryptographic protocol based on the Carter-Wegman authentication scheme50; it offers information-theoretic encryption and authentication. The Galois Message Authentication Code (GMAC) is the GCM standalone authentication scheme, i.e., where the message does not need to be encrypted. The National Institute of Standards and Technology (NIST) approved GCM and GMAC in 2007 via NIST SP 800-38D standard51 which is also part of the federal information processing standards (FIPS).

There are three inputs to the GMAC: (1) the message to be authenticated, (2) an initialization vector (IV), also referred to as a nonce, and (3) a secret key. The output is the message authentication code (MAC). As expected in symmetric-key algorithms, GMAC assumes a fundamentally secure key exchange between the sender and the receiver. GMAC allows reusing a secret key to authenticate more than one message; however, it prohibits using it with the same nonce51. Currently, the acceptable block ciphers recommended by NIST are AES-128, AES-192, and AES-25652. For the nonce, the acceptable size is 96 and 128-bits. The length of the output message authentication code is 128 bits. The authentication process is initiated by a sender (Alice) who wants to send an authenticated message to a receiver (Bob). A new secret key, a nonce, and the original message are then supplied to the GMAC, which outputs the message authentication code. Alice sends the original message, the nonce, and the MAC to Bob but keeps the secret key a secret. Upon receipt, Bob then forwards Alice’s message, nonce, and MAC along with the corresponding secret key to the GCM verification algorithm, whose output is a simple statement: true if the message is authentic or false if not.

Computers and Technology