LSEG: A Lightweight and Secure Key Exchange Protocol for Smart Grid Communication
Amna Zafar, Muhammad Asfand Hafeez, Arslan Munir
TL;DR
The paper tackles secure, low-overhead authentication for resource-constrained smart-grid IoT devices. It presents LSEG, a lightweight certificate-based protocol that unifies digital signing and key exchange by leveraging a bijective birational mapping between Ed25519 and X25519, HKDF-based initial key derivation, and ASCON128a for efficient AEAD. The approach provides mutual authentication, forward secrecy, and robust resistance to impersonation, replay, MiTM, insider, and DoS attacks, with formal security proofs in the random oracle model and practical validation on Raspberry Pi and a desktop system. Empirical results show sub-5.5 ms execution and a compact 1024-bit communication cost, demonstrating suitability for real-time smart-grid deployments and scalable edge security. The work highlights a balanced design that combines certificate-based trust, lightweight cryptography, and provable security guarantees to secure smart-grid communications at scale.
Abstract
The increasing deployment of the Internet of Things (IoT) edge devices in modern smart grid environments requires secure and efficient communication protocols specifically designed for resource-constrained environments. However, most existing authentication schemes either impose excessive computational overhead or lack robustness against advanced cyber threats, making them unsuitable for resource-limited smart grid deployments. To address these limitations, this paper proposes a lightweight authentication and secure key exchange protocol for smart grid (LSEG) environments. The proposed LSEG protocol utilizes a unified elliptic curve key pair, enabled by birational mapping between Ed25519 and Curve25519, for signing and key exchange. Initial keys are derived using the hash based message authentication code (HMAC) based key derivation function (HKDF), while ephemeral key pairs, generated through the Elliptic Curve Diffie Hellman Ephemeral (ECDHE), are used in each session to ensure forward secrecy. Session communication is protected using ASCON128a, a lightweight, NIST-standardized, authenticated encryption algorithm. Formal security proofs in the random oracle model validate the security properties of LSEG, including mutual authentication, forward secrecy, and resistance to impersonation, replay, and man in the middle attacks. Experimental results on both Raspberry Pi and Intel Core i9-based systems demonstrate practical efficiency, achieving execution times under 5.5 milliseconds on embedded hardware and a communication cost of only 1024 bits for the protocol's message exchanges. The results demonstrate that LSEG effectively balances security, efficiency, and compliance, making it a scalable solution for secure communication in smart grid infrastructures.