On the Security of Lightweight and Escrow-Free Certificate-Based Data Aggregation for Smart Grid
Jianhong Zhang, Chenghe Dong
Abstract
Recently, to eliminate complex certificate maintenance and key escrow issue, Verma et al. proposed the first certificate-based(CB-based) data aggregation scheme for smart grids, in which a lightweight CB-based signature is proposed to ensure the integrity of the transmitted data. Although they claimed that the proposed certificate-based signature scheme is secure against attacks by a malicious certification authority (CA), unfortunately, by analyzing the security of Verma et al.'s scheme, we show that their scheme is insecure. It can not provide data integrity since a malicious CA can forge a message's signature in the name of any entity. After giving the corresponding attacks, we analyze the reasons for producing such attacks and provide the corresponding suggestions to overcome them.