Web-engineered ECC-based Group Key Protocol for Secure and Scalable Metering Communication
DOI:
https://doi.org/10.13052/jwe1540-9589.2473Keywords:
Web of Things, group key negotiation, elliptic curve cryptography, CoAP/REST APIs, secure smart metering, Web interoperabilityAbstract
This paper presents a Web-native group key negotiation framework for secure and scalable communication in smart metering networks. Leveraging lightweight elliptic curve cryptography (ECC), the proposed protocol supports dynamic group membership, forward and backward secrecy, and resistance to impersonation and replay attacks – without relying on persistent sessions or centralized trust brokers. Unlike traditional TLS- or MQTT-based approaches, our design adopts stateless REST and CoAP messaging, enabling seamless integration with constrained IoT devices and cloud-native microservice platforms. We architect a modular system comprising smart meters, a secure gateway, and a REST-compliant backend, each aligned with Web of Things (WoT) standards. Group keys are established through a contributory ECC-based exchange that ensures decentralized key computation and rekeying across heterogeneous nodes. The gateway acts as a protocol adapter, translating CoAP messages into REST APIs while enforcing cryptographic policy and interoperability with tools such as Node-RED, Eclipse Leshan, and AWS IoT Core. Performance analysis shows that our protocol achieves group key negotiation in under 450 ms for 25 nodes with message sizes below 220 bytes, outperforming traditional LKH and centralized DH schemes by 30–40% in latency and bandwidth usage. Real-world case studies demonstrate successful deployment in rural microgrids and urban energy-sharing networks. By aligning cryptographic rigor with Web engineering principles, this work offers a practical and extensible solution for secure group communication in emerging energy and IoT infrastructures.
Downloads
References
G. R. Barai, S. Krishnan, and B. Venkatesh, “Smart metering and functionalities of smart meters in smart grid – A review,” in 2015 IEEE Electrical Power and Energy Conference (EPEC), London, ON, Canada, 2015, pp. 138–143. https://ieeexplore.ieee.org/document/7379940.
M. Behrangrad, “A review of demand side management business models in the electricity market,” Renewable and Sustainable Energy Reviews, vol. 47, pp. 270–283, 2015, ISSN 1364-0321. https://doi.org/10.1016/j.rser.2015.03.033.
A. Ghasempour, “Internet of Things in smart grid: Architecture, applications, services, key technologies, and challenges,” Inventions, vol. 4, no. 1, p. 22, 2019.
G. Liang, S. R. Weller, and J. Zhao, “Review of False Data Injection Attacks Against Modern Power Systems,” IEEE Trans. Smart Grid, vol. 8, no. 4, pp. 1630–1638, 2017.
J. Katz and Y. Lindell, Introduction to Modern Cryptography, 2nd ed., CRC Press, 2014.
R. Roman, P. Najera, and J. Lopez, “Securing the Internet of Things,” Computer, vol. 44, no. 9, pp. 51–58, 2011.
N. Saxena et al., “Authentication Protocols for Internet of Things: A Comprehensive Survey,” Computer Communications, vol. 160, pp. 220–249, 2020.
M. Nabeel and E. Bertino, “Privacy preserving delegated access control in public clouds,” IEEE Trans. Knowl. Data Eng., vol. 26, no. 9, pp. 2268–2280, 2014.
C. Wang, S. Li, M. Ma, X. Tong, Y. Zhang, and B. Zhang, “A novel and efficient ECC-based authenticated key agreement scheme for smart metering in the smart grid,” Electronics, vol. 11, no. 20, p. 3398, 2022. https://doi.org/10.3390/electronics11203398.
H. AlMajed and A. AlMogren, “A secure and efficient ECC-based scheme for edge computing and Internet of Things,” Sensors, vol. 20, no. 21, p. 6158, 2020. https://doi.org/10.3390/s20216158.
U. Chatterjee, S. Ray, M. K. Khan, et al., “An ECC-based lightweight remote user authentication and key management scheme for IoT communication in context of fog computing,” Computing, vol. 104, pp. 1359–1395, 2022. https://doi.org/10.1007/s00607-022-01055-8.
W. Huang, “ECC-based three-factor authentication and key agreement scheme for wireless sensor networks,” Scientific Reports, vol. 14, p. 1787, 2024. https://doi.org/10.1038/s41598-024-52134-z.
B. Hammi, A. Fayad, R. Khatoun, S. Zeadally, and Y. Begriche, “A lightweight ECC-based authentication scheme for Internet of Things (IoT),” IEEE Systems Journal, vol. 14, no. 3, pp. 3440–3450, Sept. 2020. doi:10.1109/JSYST.2020.2970167.
P. Porambage, A. Braeken, C. Schmitt, A. Gurtov, M. Ylianttila, and B. Stiller, “Group Key Establishment for Enabling Secure Multicast Communication in Wireless Sensor Networks Deployed for IoT Applications,” IEEE Access, vol. 3, pp. 1503–1511, 2015. doi:10.1109/ACCESS.2015.2474705.
W3C, “Web of Things (WoT) Thing Description 1.1,” W3C Recommendation, 5 Dec 2023. https://www.w3.org/TR/wot-thing-description11/.
W3C, “Web of Things (WoT) Architecture 1.1,” W3C Recommendation, 5 Dec 2023. https://www.w3.org/TR/wot-architecture11/.
Z. Shelby, K. Hartke, and C. Bormann, “The Constrained Application Protocol (CoAP),” RFC 7252, IETF, June 2014.
C. Bormann and P. Hoffman, “Concise Binary Object Representation (CBOR),” RFC 8949, IETF, Dec 2020.
D. Guinard et al., “From the Internet of Things to the Web of Things: Resource Oriented Architecture and Best Practices,” in Architecting the Internet of Things, Springer, 2011.
F. Paganelli, S. Turchi, and D. Giuli, “A Web of Things framework for RESTful applications and its experimentation in a smart city,” IEEE Systems Journal, vol. 10, no. 4, pp. 1412–1423, Dec. 2016. doi:10.1109/JSYST.2014.2354835.
S. Cirani et al., “A scalable and self-configuring architecture for service discovery in the Internet of Things,” IEEE Internet Things J., vol. 1, no. 5, pp. 508–521, 2014.
IEC 62351-8: Power system management and associated information exchange – Data and communications security – Part 8: Role-based access control, IEC, 2018.
J. Granjal et al., “Security for the Internet of Things: A survey of existing protocols and open research issues,” IEEE Commun. Surv. Tutor., vol. 17, no. 3, pp. 1294–1312, 2015.
A. Rahman, S. Roy, M. S. Kaiser, and M. S. Islam, “A lightweight multi-tier S-MQTT framework to secure communication between low-end IoT nodes,” in Proc. 2018 5th International Conference on Networking, Systems and Security (NSysS), Dhaka, Bangladesh, 2018, pp. 1–6. doi:10.1109/NSysS.2018.8631379.
Y. Sun, W. Trappe, and K. J. R. Liu, “A scalable multicast key management scheme for heterogeneous wireless networks,” IEEE/ACM Trans. Netw., vol. 12, no. 4, pp. 653–666, 2004.
P. Kumar, A. Gurtov, M. Sain, A. Martin, and P. H. Ha, “Lightweight authentication and key agreement for smart metering in smart energy networks,” IEEE Transactions on Smart Grid, vol. 10, no. 4, pp. 4349–4359, July 2019. doi:10.1109/TSG.2018.2857558
M. Aazam, S. Zeadally, and K. A. Harras, “Fog computing and smart gateway-based communication for cloud of things,” Future Generation Computer Systems, vol. 74, pp. 111–126, 2017.
