*4.4. Key Management*

A key is a bit of code encrypting and decrypting the message. Each key has a specific length of code. A strong encryption process requires a high key size [76]. In cryptography, private keys, session keys, and public kesy are frequently used. Below, different HAN models are discussed to illustrate how they used the cryptographic techniques.

In [55], a HAN sends its consumption to the NAN gateway, which is a trusted service provider and an interface between the HAN and utility provider. A NAN is distributed over a village, city, and sometimes over a residential or commercial area. The communication between the utility provider and the SM takes place via a gateway. The gateway should communicate with the SM in an offline mode. However, the proposed scheme establishes a session key using mutual authentication between the SM and gateway.

In HAN, appliances are arranged in two groups [77]. The first group is for one-way communication devices such as light bulbs, chargers, etc., while the second one consists of two-way communication appliances, e.g., electric vehicles, AC, etc. Before deployment, every smart appliance is assigned with an ID and master key. On the basis of the master key, the group header assigns a unique key and group controller key to every smart appliance and SM. The appliances encryp<sup>t</sup> their consumption using a unique key and send it to the group controller, which forwards it to the SM for further processing and verification. This

scheme prevents man-in-the-middle attacks, Sybil attacks, and replay attacks, but ignores key updating.

Similarly, a cloud-based security scheme is proposed in [33] for smart homes, where home appliances are categorized into two different groups. Appliances which performs simple basic functions are placed in group 1. Group 2 contains controllable and monitoring devices which have two-way communication. Both groups have a group header. In this architecture, the SMs are not considered as the part of the smart home. The SM is considered as part of the AMI smart grid. Group headers are responsible for communicating with a home managemen<sup>t</sup> system or cloud server. HMS is placed in a local cloud, which is controlled by a remote or simple device. Before deployment, every appliance and group header is assigned an ID. Using this ID, HMS generates a group key and shares it with the appliances and the group controller. Appliances use groups to further generate a unique key for communication inside the group. Every appliance before sending consumption or control signals, encrypts the data with unique key that is automatically generated by HMS.

IEC 61850 standard transmits a message in the time limit of 4 ms, which was more suitable than the existing schemes. To overcome the time bounded activity and privacy issues in existing schemes some proposals have been outlined. In [78], an authentication scheme is proposed, which comprises two phases: registration and key agreement. In the registration phase, a secure channel is established between the substation and data center, while in the key agreemen<sup>t</sup> phase—on the basis of a secure channel—unique session keys are created for communication and authentication. In the key agreemen<sup>t</sup> phase, the substation and data center authenticate each other and then a unique session key is established on the basis of passed parameters, i.e., certificate, ID, random number, and time stamp.

**Summary:** Table 4 presents the summary of key generation, key updating, and key sharing in [33,55,77–79] schemes. Schemes in [77,78] update their secret keys, but in the schemes discussed in [33,55,79], the secret keys remain the same.


**Table 4.** Comparative analysis of key managemen<sup>t</sup> schemes.

**Table 4.** *Cont.*

