pith. sign in

arxiv: 1907.08898 · v1 · pith:EYYIGOMInew · submitted 2019-07-21 · 💻 cs.NI · cs.CR

LiSA: A Lightweight and Secure Authentication Mechanism for Smart Metering Infrastructure

Sahil Garg , Kuljeet Kaur , Georges Kaddoum , Fran\c{c}ois Gagnon , Syed Hassan Ahmed , Dushantha Nalin K. Jayakody This is my paper

Pith reviewed 2026-05-24 18:44 UTC · model grok-4.3

classification 💻 cs.NI cs.CR
keywords smart metering infrastructureauthentication protocolelliptic curve cryptographysmart grid securitylightweight authenticationmutual authenticationkey agreementEVQV certificate
0
0 comments X

The pith

LiSA protocol achieves mutual authentication and session key security for smart metering with elliptic curve methods at 11.826 ms and 544 bits overhead.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper introduces LiSA, a lightweight authentication protocol for smart metering infrastructure that enables two-way communication between consumers and utility companies while addressing security threats on public networks. The protocol uses elliptic curve cryptography, relying on the hardness of the Elliptic Curve Qu Vanstone certificate mechanism together with the Elliptic Curve Diffie-Hellman Problem and Elliptic Curve Discrete Logarithm Problem, to deliver mutual authentication, anonymity, replay protection, and session key security. The authors claim it provides the highest security level compared to existing schemes while incurring the lowest computational and communicational costs, specifically 11.826 ms on the smart meter, 0.992 ms on the service provider, and 544 bits total for message transmission per session. A sympathetic reader would care because resource-constrained devices in smart grids need efficient protection against attacks without excessive processing or bandwidth demands.

Core claim

LiSA is a lightweight and secure authentication protocol for smart metering infrastructure in smart grid setups that employs Elliptic Curve Cryptography at its core to provide mutual authentication, anonymity, replay protection, session key security, and resistance against various attacks by exploiting the hardness of the Elliptic Curve Qu Vanstone certificate mechanism along with the Elliptic Curve Diffie Hellman Problem and Elliptic Curve Discrete Logarithm Problem, while achieving the highest level of security relative to existing schemes with the least computational and communicational overheads such as 11.826 ms and 0.992 ms execution times and 544 bits for message transmission.

What carries the argument

The LiSA authentication protocol built on Elliptic Curve Cryptography and EVQV certificates to establish secure sessions between smart meters and service providers.

If this is right

  • Smart meters and service providers can perform mutual authentication and establish session keys resistant to replay and other attacks.
  • The protocol keeps total message transmission at 544 bits per session, limiting bandwidth use in frequent data exchanges.
  • Computational overhead stays at 11.826 ms on the smart meter side and 0.992 ms on the service provider side.
  • The design supports resistance to various attacks while maintaining the claimed security advantages over prior schemes.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Widespread use could reduce exposure of energy consumption data to tampering on public networks.
  • The low-overhead design may apply to authentication needs in other utility or IoT systems with similar device constraints.
  • Real deployments would need to verify whether network conditions alter the reported execution times.
  • The protocol could be tested against additional attack models not covered in the initial analysis.

Load-bearing premise

The security properties of mutual authentication, anonymity, replay protection, and session key security actually follow from the hardness of ECDLP, ECDHP, and the EVQV certificate mechanism without new vulnerabilities arising in the protocol's specific message flows or implementation choices.

What would settle it

A concrete attack that breaks one of the listed security properties such as session key security or replay protection despite the elliptic curve problems remaining computationally hard, or benchmark measurements on standard hardware showing execution times or message sizes exceeding the reported 11.826 ms, 0.992 ms, and 544 bits.

Figures

Figures reproduced from arXiv: 1907.08898 by Dushantha Nalin K. Jayakody, Fran\c{c}ois Gagnon, Georges Kaddoum, Kuljeet Kaur, Sahil Garg, Syed Hassan Ahmed.

Figure 1
Figure 1. Figure 1: A typical setup of LiSA. II. SYSTEM MODEL A typical schematic diagram of the proposed LiSA protocol is depicted in [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Phase II: Registration Phase. Step 2: Following this, the TTP computes its private (dT ) and public key (QT ) pairs. This is done in accordance with the following equations: dT ∈ Z ∗ q and QT = dT .P. Step 3: Next, a one-way hash function, i.e., (H0()) is selected. Step 4: Finally, the above mentioned parameters including < E, P, q, H0(), QT > are made public. B. Phase II: Registration Phase During this ph… view at source ↗
Figure 3
Figure 3. Figure 3: Phase III: Authentication & Key Exchange Phase. [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗
read the original abstract

Smart metering infrastructure (SMI) is the core component of the smart grid (SG) which enables two-way communication between consumers and utility companies to control, monitor, and manage the energy consumption data. Despite their salient features, SMIs equipped with information and communication technology are associated with new threats due to their dependency on public communication networks. Therefore, the security of SMI communications raises the need for robust authentication and key agreement primitives that can satisfy the security requirements of the SG. Thus, in order to realize the aforementioned issues, this paper introduces a lightweight and secure authentication protocol, "LiSA", primarily to secure SMIs in SG setups. The protocol employs Elliptic Curve Cryptography at its core to provide various security features such as mutual authentication, anonymity, replay protection, session key security, and resistance against various attacks. Precisely, LiSA exploits the hardness of the Elliptic Curve Qu Vanstone (EVQV) certificate mechanism along with Elliptic Curve Diffie Hellman Problem (ECDHP) and Elliptic Curve Discrete Logarithm Problem (ECDLP). Additionally, LiSA is designed to provide the highest level of security relative to the existing schemes with least computational and communicational overheads. For instance, LiSA incurred barely 11.826 ms and 0.992 ms for executing different passes across the smart meter and the service providers. Further, it required a total of 544 bits for message transmission during each session.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper proposes LiSA, a lightweight authentication and key agreement protocol for smart metering infrastructure in smart grids. It relies on elliptic curve cryptography, specifically the Elliptic Curve Qu-Vanstone (EVQV) certificate mechanism together with the hardness of ECDHP and ECDLP, to achieve mutual authentication, anonymity, replay protection, session-key security, and resistance to common attacks. The authors claim that LiSA attains the highest security level among comparable schemes while incurring the lowest overheads, with concrete figures of 11.826 ms and 0.992 ms for the respective passes and a total of 544 bits per session.

Significance. If the protocol flows and security arguments are shown to be sound, the work would supply a concrete, low-overhead candidate for resource-constrained smart-grid devices that rests on standard hardness assumptions rather than ad-hoc constructions. The explicit performance numbers are potentially useful for comparison, provided they are accompanied by reproducible measurement details and a clear security reduction or formal argument.

major comments (2)
  1. [Abstract] Abstract (and any security-analysis section): the central claim that the listed security properties follow directly from ECDLP, ECDHP and EVQV hardness without new vulnerabilities introduced by the concrete message flows is not supported by a reduction, formal proof, or even an informal but exhaustive case analysis of the protocol steps; this is load-bearing because an undetected flaw in nonce or certificate handling could invalidate all claimed properties without contradicting the underlying hardness assumptions.
  2. [Abstract] Performance claims: the reported timings (11.826 ms / 0.992 ms) and communication cost (544 bits) are presented without reference to the underlying platform, implementation language, or measurement methodology, making it impossible to verify that the overhead figures are obtained under conditions comparable to the schemes cited for comparison.
minor comments (1)
  1. Notation for the EVQV certificate and the precise roles of the smart meter and service provider in each pass should be introduced with a clear diagram or enumerated steps before any security or performance discussion.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript. We address the two major comments point by point below and will revise the manuscript to incorporate additional details where the concerns are valid.

read point-by-point responses

  1. Referee: [Abstract] Abstract (and any security-analysis section): the central claim that the listed security properties follow directly from ECDLP, ECDHP and EVQV hardness without new vulnerabilities introduced by the concrete message flows is not supported by a reduction, formal proof, or even an informal but exhaustive case analysis of the protocol steps; this is load-bearing because an undetected flaw in nonce or certificate handling could invalidate all claimed properties without contradicting the underlying hardness assumptions.

    Authors: We agree that the manuscript would benefit from a more detailed security argument. The protocol was designed so that all claimed properties reduce to the hardness of ECDLP, ECDHP, and the EVQV mechanism, with message flows constructed to avoid introducing additional attack surfaces. However, the current version provides only a high-level argument rather than an exhaustive step-by-step informal analysis. In the revised manuscript we will add a dedicated informal security analysis section that examines each protocol message, including nonce freshness, certificate validation, and session-key derivation, to confirm that no new vulnerabilities arise from the concrete flows. revision: yes

  2. Referee: [Abstract] Performance claims: the reported timings (11.826 ms / 0.992 ms) and communication cost (544 bits) are presented without reference to the underlying platform, implementation language, or measurement methodology, making it impossible to verify that the overhead figures are obtained under conditions comparable to the schemes cited for comparison.

    Authors: We acknowledge that the implementation environment and measurement methodology were not described. The reported figures were obtained via simulation on a standard embedded platform using a well-known ECC library, but these details were omitted from the manuscript. In the revision we will add a new subsection detailing the hardware platform, programming language, cryptographic library version, and timing measurement approach (including how the two passes were isolated) so that the numbers can be reproduced and compared fairly with related schemes. revision: yes

Circularity Check

0 steps flagged

No significant circularity; security claims rest on standard external hardness assumptions.

full rationale

The paper presents LiSA as a protocol whose security properties (mutual authentication, anonymity, replay protection, session key security) are asserted to follow directly from the established hardness of ECDLP, ECDHP, and the EVQV certificate mechanism. No equations, parameters, or performance metrics are shown to be fitted to the target claims and then re-labeled as predictions. No self-citations are invoked as load-bearing uniqueness theorems, and no ansatz or renaming of known results is used to derive the central claims. The derivation chain is therefore self-contained against external cryptographic benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on the unproven assumption that the chosen elliptic-curve problems remain hard and that the protocol messages correctly realize the stated security properties; no free parameters or invented entities are introduced in the abstract.

axioms (2)
  • domain assumption Hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP) and Elliptic Curve Diffie-Hellman Problem (ECDHP)
    Security of mutual authentication, session keys, and attack resistance is predicated on these problems remaining computationally intractable.
  • domain assumption Correct realization of the Elliptic Curve Qu-Vanstone (EVQV) certificate mechanism in the protocol flows
    The abstract invokes EVQV for anonymity and authentication without detailing how it is embedded.

pith-pipeline@v0.9.0 · 5817 in / 1383 out tokens · 20773 ms · 2026-05-24T18:44:43.460034+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

24 extracted references · 24 canonical work pages

  1. [1]

    A Game of Ince ntives: An Efficient Demand Response Mechanism using Fleet of Electr ic V ehicles,

    K. Kaur, S. Garg, N. Kumar, and A. Y . Zomaya, “A Game of Ince ntives: An Efficient Demand Response Mechanism using Fleet of Electr ic V ehicles,” inProceedings of the 1st International W orkshop on Future Industrial Communication Networks . ACM, 2018, pp. 27–32

    work page 2018

  2. [2]

    DROpS: A Demand Response Optimization Scheme in SDN-enabl ed Smart Energy Ecosystem,

    G. S. Aujla, S. Garg, S. Batra, N. Kumar, I. Y ou, and V . Shar ma, “DROpS: A Demand Response Optimization Scheme in SDN-enabl ed Smart Energy Ecosystem,” Information Sciences, vol. 476, pp. 453–473, 2019

    work page 2019

  3. [3]

    Smart Grid Metering Networks: A Survey on Security, Privacy and Op en Research Issues,

    P . Kumar, Y . Lin, G. Bai, A. Paverd, J. S. Dong, and A. Marti n, “Smart Grid Metering Networks: A Survey on Security, Privacy and Op en Research Issues,” IEEE Communications Surveys & Tutorials , 2019, DOI: 10.1109/COMST.2019.2899354

    work page doi:10.1109/comst.2019.2899354 2019

  4. [4]

    Smart M eter Data Privacy: A Survey,

    M. R. Asghar, G. Dn, D. Miorandi, and I. Chlamtac, “Smart M eter Data Privacy: A Survey,” IEEE Communications Surveys & Tutorials , vol. 19, no. 4, pp. 2820–2835, 2017

    work page 2017

  5. [5]

    An Adaptive Grid Frequency Support Mechanism for Energy Management in Cloud Data Centers,

    K. Kaur, S. Garg, N. Kumar, G. S. Aujla, K. K. R. Choo, and M. S. Obaidat, “An Adaptive Grid Frequency Support Mechanism for Energy Management in Cloud Data Centers,” IEEE Systems Journal , 2019, DOI: 10.1109/JSYST.2019.2921592

    work page doi:10.1109/jsyst.2019.2921592 2019

  6. [6]

    En-OsCo: Energy-aware Osmotic Computing Framework using Hyper- heuristics,

    K. Kaur, S. Garg, G. Kaddoum, S. H. Ahmed, and D. N. K. Jayak ody, “En-OsCo: Energy-aware Osmotic Computing Framework using Hyper- heuristics,” in Proceedings of the ACM MobiHoc W orkshop on Perva- sive Systems in the IoT Era . ACM, 2019, pp. 19–24

    work page 2019

  7. [7]

    SDN-enabled Multi-Attribute-based Secure Communicatio n for Smart Grid in IIoT Environment,

    R. Chaudhary, G. S. Aujla, S. Garg, N. Kumar, and J. J. Rodr igues, “SDN-enabled Multi-Attribute-based Secure Communicatio n for Smart Grid in IIoT Environment,” IEEE Transactions on Industrial Informat- ics, vol. 14, no. 6, pp. 2629–2640, 2018

    work page 2018

  8. [8]

    Privacy-Aware Smart Meteri ng: A Survey,

    S. Finster and I. Baumgart, “Privacy-Aware Smart Meteri ng: A Survey,” IEEE Communications Surveys & Tutorials , vol. 17, no. 2, pp. 1088– 1101, 2015

    work page 2015

  9. [9]

    An Efficient Blockchain-Based Hierarchical Authenticati on Mecha- nism for Energy Trading in V2G Environment,

    S. Garg, K. Kaur, G. Kaddoum, F. Gagnon, and J. J. P . C. Rodr igues, “An Efficient Blockchain-Based Hierarchical Authenticati on Mecha- nism for Energy Trading in V2G Environment,” in IEEE International Conference on Communications W orkshops (ICC W orkshops), S hang- hai, China , May 2019

    work page 2019

  10. [10]

    Key Management Systems for Smart Grid Advanced Metering Infrastructure: A Survey,

    A. Ghosal and M. Conti, “Key Management Systems for Smart Grid Advanced Metering Infrastructure: A Survey,” IEEE Communications Surveys & Tutorials , pp. 1–1, 2019, DOI: 10.1109/COMST.2019.2907650

    work page doi:10.1109/comst.2019.2907650 2019

  11. [11]

    A Privacy-Preserving S mart Metering Scheme using Linkable Anonymous Credential,

    F. Diao, F. Zhang, and X. Cheng, “A Privacy-Preserving S mart Metering Scheme using Linkable Anonymous Credential,” IEEE Transactions on Smart Grid , vol. 6, no. 1, pp. 461–467, 2015

    work page 2015

  12. [12]

    A Ke y Man- agement Scheme for Secure Communications of Information Ce ntric Advanced Metering Infrastructure in Smart Grid,

    K. Y u, M. Arifuzzaman, Z. Wen, D. Zhang, and T. Sato, “A Ke y Man- agement Scheme for Secure Communications of Information Ce ntric Advanced Metering Infrastructure in Smart Grid,” IEEE Transactions on Instrumentation and Measurement , vol. 64, no. 8, pp. 2072–2085, 2015

    work page 2072

  13. [13]

    An Ultra-Li ghtweight and Secure Scheme for Communications of Smart Meters and Nei gh- borhood Gateways by Utilization of an ARM Cortex-M Microcon - troller,

    D. Abbasinezhad-Mood and M. Nikooghadam, “An Ultra-Li ghtweight and Secure Scheme for Communications of Smart Meters and Nei gh- borhood Gateways by Utilization of an ARM Cortex-M Microcon - troller,” IEEE Transactions on Smart Grid , vol. 9, no. 6, pp. 6194–6205, 2018

    work page 2018

  14. [14]

    Identit y based Key Distribution Framework for Link Layer Security of AMI Netwo rks,

    V . Seferian, R. Kanj, A. Chehab, and A. Kayssi, “Identit y based Key Distribution Framework for Link Layer Security of AMI Netwo rks,” IEEE Transactions on Smart Grid , vol. 9, no. 4, pp. 3166–3179, 2018

    work page 2018

  15. [15]

    A Unified Approach for Comp ression and Authentication of Smart Meter Reading in AMI,

    Y . Lee, E. Hwang, and J. Choi, “A Unified Approach for Comp ression and Authentication of Smart Meter Reading in AMI,” IEEE Access , vol. 7, pp. 34 383–34 394, 2019

    work page 2019

  16. [16]

    Hard ware- Oriented Authentication for Advanced Metering Infrastruc ture,

    M. Mustapa, M. Y . Niamat, A. P . D. Nath, and M. Alam, “Hard ware- Oriented Authentication for Advanced Metering Infrastruc ture,” IEEE Transactions on Smart Grid , vol. 9, no. 2, pp. 1261–1270, 2018

    work page 2018

  17. [17]

    A Novel Identity-Based Key Estab lish- ment Method for Advanced Metering Infrastructure in Smart G rid,

    A. Mohammadali, M. Sayad Haghighi, M. H. Tadayon, and A. Mohammadi-Nodooshan, “A Novel Identity-Based Key Estab lish- ment Method for Advanced Metering Infrastructure in Smart G rid,” IEEE Transactions on Smart Grid , vol. 9, no. 4, pp. 2834–2842, 2018

    work page 2018

  18. [18]

    Lig htweight Authentication and Key Agreement for Smart Metering in Smar t Energy Networks,

    P . Kumar, A. Gurtov, M. Sain, A. Martin, and P . H. Ha, “Lig htweight Authentication and Key Agreement for Smart Metering in Smar t Energy Networks,” IEEE Transactions on Smart Grid , vol. 10, no. 4, pp. 4349– 4359, 2019

    work page 2019

  19. [19]

    An Anonymou s ECC- Based Self-Certified Key Distribution Scheme for the Smart G rid,

    D. Abbasinezhad-Mood and M. Nikooghadam, “An Anonymou s ECC- Based Self-Certified Key Distribution Scheme for the Smart G rid,” IEEE Transactions on Industrial Electronics , vol. 65, no. 10, pp. 7996– 8004, 2018

    work page 2018

  20. [20]

    Efficient and Prova bly Secure Key Agreement for Modern Smart Metering Communications,

    A. Braeken, P . Kumar, and A. Martin, “Efficient and Prova bly Secure Key Agreement for Modern Smart Metering Communications,” Ener- gies, vol. 11, no. 10, p. 2662, 2018

    work page 2018

  21. [21]

    Blockchain-Based Lightweight Authentication Mechanism for V ehic- ular Fog Infrastructure,

    K. Kaur, S. Garg, G. Kaddoum, F. Gagnon, and S. H. Ahmed, “Blockchain-Based Lightweight Authentication Mechanism for V ehic- ular Fog Infrastructure,” in IEEE International Conference on Commu- nications W orkshops (ICC W orkshops), Shanghai, China , May 2019

    work page 2019

  22. [22]

    SDN based Secure and Privacy-preserving Scheme for V ehicu lar Net- works: A 5G Perspective,

    S. Garg, K. Kaur, G. Kaddoum, S. H. Ahmed, and D. N. K. Jaya kody, “SDN based Secure and Privacy-preserving Scheme for V ehicu lar Net- works: A 5G Perspective,” IEEE Transactions on V ehicular Technology, 2019, DOI: 10.1109/TVT.2019.2917776

    work page doi:10.1109/tvt.2019.2917776 2019

  23. [23]

    Provably Sec ure Au- thenticated Key Agreement Scheme for Smart Grid,

    V . Odelu, A. K. Das, M. Wazid, and M. Conti, “Provably Sec ure Au- thenticated Key Agreement Scheme for Smart Grid,” IEEE Transactions on Smart Grid , vol. 9, no. 3, pp. 1900–1910, 2018

    work page 1900

  24. [24]

    An Anonymous Authentication and Key Establish Scheme for Smart Grid: FAu th,

    Y . Chen, J.-F. Mart´ ınez, P . Castillejo, and L. L ´ opez, “An Anonymous Authentication and Key Establish Scheme for Smart Grid: FAu th,” Energies, vol. 10, no. 9, p. 1354, 2017

    work page 2017