*4.3. User Authentication*

Authentication is a process of associating the incoming activation requests with the already set authentication rights [71]. These authentication rights are stored in file systems or databases. When any device sends its consumption to the SM based on the designed schemes, the system allows or denies the request.

In [72], a scheme is designed, which is based on elliptic curve cryptography and consists of three phases, i.e., system-setup phase, registration phase, and key agreemen<sup>t</sup> and authentication phase. Initially, in the system setup phase, the trust anchor shares the system parameters using an elliptic curve and publishes these parameters. In the registration phase, the trust anchor generates the private key for both the SM and the SP using Schnorr's signature. After registration, the SM and SP communicate directly without the involvement of a trust anchor. In the last phase, the SM and SP automatically generate a session key and authenticate each other via session and private keys.

In [15], data source authentication and data aggregation are performed for a particular residential area over a defined time period while ensuring the privacy of each user's data aggregation and fault tolerance. This scheme provides a high level of control over data collection and the processing phase in addition to verifying the integrity of the data and validates the data source.

To eradicate computations and communication resources, a lightweight authentication scheme is presented in [73], which is based on a physically-unclonable function. Before any communications, the SM and neighborhood gateway authenticate each other. The SM sends the ID to the neighborhood gateway. The neighborhood gateway checks the SM ID in its database and creates two random numbers, concatenates these numbers with the time stamp, and the result is XoRed with R-response and sent to the SM. The SM authenticates the neighborhood gateway for further communications.

In [21], an SG is divided into three layers. The CC lies in the middle layer and is responsible for generating system parameters, user registrations, and the verification of data. The SM is placed at the lowest layer and monitors/sends real-time consumption; therefore, it is prone to data being tampered or manipulated.


**Table 2.** Comparative analysis of CIA models and anonymity.

Similarly, in [74], elliptic curve cryptography is used to authenticate the entities in the SG to preserve the communication between them over a public and insecure channel. First of all, TTP generates all system parameters and then authenticates the SG device and UC in an offline mode. The scheme is robust against certain attacks; however, the pre-loaded system information may affect the computation power of the smart devices.

In [75], the authors have proposed a scheme to achieve anonymity for the SM to avail all the services provided by the UC, without the involvement of TTP. TTP is only responsible for the registration phase, and its role is limited. The SM is supposed to send the consumption report and control signals to UC, which is an aggregator as well as controller for monitoring the energy consumption trends. Authentication will take place between the UC and the SM.

**Summary:** Table 3 contains a summary of the analyzed techniques for authentication. In [21,74,75], the SM and CC authenticate each other but the appliances are not authenticated. In [72], only the CC performs authentication; the SM and appliance are just relay nodes. Similarly, [74,75] are prone to cyber security attacks and require higher computational cost.

**Table 3.** Summary of authentication schemes.

