Smart Grid technology with the help of Information Technology (IT) adds many benefits to the traditional grids, but security concerns and especially privacy preserving of users is still a major practical issue. Establishing a secure and reliable communication channel between smart meters and service provider can guarantee data privacy in AMI network. This secure channel can be established with data encryption using a session key which is generated during an authentication scheme. This scheme should be enough lightweight to implement on resource constrained smart meters in delay sensitive AMI network. In this work, we analyze proposed PUF-based authenticated key agreement scheme by Gope et al. and show that their scheme is vulnerable in CK-adversary model and does not provide session key secrecy and backward secrecy. We propose an end-to-end PUF-based key agreement scheme between smart meters and service provider in AMI network which is secure against physical tampering attack and also it provides security in CK-Adversary model for ephemeral leakage attack. Our scheme imposes low communication and computational costs to smart meters. We analyze the security of our proposed scheme against popular attacks and verify its security by using widely accepted scyther tool.

中文翻译：

---

基于轻量级安全性PUF的智能电网认证密钥协商方案

在信息技术（IT）的帮助下，智能电网技术为传统电网带来了许多好处，但是安全问题，尤其是用户的隐私保护仍然是一个主要的实际问题。在智能电表和服务提供商之间建立安全可靠的通信通道可以保证AMI网络中的数据私密性。可以使用在身份验证方案期间生成的会话密钥通过数据加密来建立此安全通道。该方案应足够轻巧，以在对延迟敏感的AMI网络中在资源受限的智能电表上实施。在这项工作中，我们分析了Gope等人提出的基于PUF的认证密钥协商方案。并表明他们的方案在CK对手模型中易受攻击，并且不提供会话密钥保密性和后向保密性。我们提出了智能电表和AMI网络中服务提供商之间基于端到端的基于PUF的密钥协商方案，该方案可抵御物理篡改攻击，并在CK-Adversary模型中为临时泄漏攻击提供安全性。我们的方案使智能电表的通信和计算成本降低。我们分析了我们提出的方案针对流行攻击的安全性，并使用了广泛接受的scyther工具来验证其安全性。