基于SM2/SM3的智能电表身份认证协议
An Identity Authentication Protocol for Smart Meters Based on SM2/SM3
摘要: 针对智能电网高级计量基础设施中智能电表面临的身份伪造、数据窃听与篡改等安全威胁,以及现有认证方案在计算开销、密钥管理、会话密钥独立与国密算法体系化应用等方面的不足,本文提出了一种基于SM2与SM3的双阶段混合身份认证协议。该协议采用“分层–混合”密码架构,将高开销的SM2椭圆曲线公钥运算限制于设备初始注册阶段,用于实现强安全的双向身份认证与长期主密钥协商;在日常高频通信阶段,则完全基于SM3-HMAC与SM4对称加密实现轻量级重认证与会话密钥动态派生,达到长期密钥仅用于认证、短期密钥专用于加密的密钥分离与纵深防御效果。协议无需实时在线可信第三方,规避了单点故障与性能瓶颈。通过仿真环境下的功能测试、性能测试及安全攻击测试,结果表明:日常会话阶段电表侧计算耗时仅3.39 ms,较第一阶段降低约65%,通信开销仅169 Byte;协议能够有效抵抗假冒、重放及篡改攻击,并满足会话密钥独立性。形式化分析(ProVerif)进一步验证了协议的机密性与双向认证属性。与现有代表性方案相比,本协议在实现国密算法(SM2/SM3/SM4)体系化合规应用的同时,在安全性与计算/通信效率之间取得了更优平衡,为智能电网的自主可控安全建设提供了可行的技术参考。
Abstract: In response to the security threats such as identity forgery, data eavesdropping and tampering faced by smart meters in the advanced metering infrastructure of smart grids, as well as the deficiencies of existing authentication schemes in terms of computational overhead, key management, forward secrecy and systematic application of national cryptographic algorithms, this paper proposes a two-stage hybrid identity authentication protocol based on SM2 and SM3. This protocol adopts a “layered-hybrid” cryptographic architecture, restricting the high-overhead SM2 elliptic curve public key operation to the initial device registration stage to achieve strong two-way identity authentication and long-term master key negotiation; in the daily high-frequency communication stage, it is completely based on SM3-HMAC and SM4 symmetric encryption to achieve lightweight re-authentication and dynamic derivation of session keys, achieving the effect of key separation and depth defense where long-term keys are only used for authentication and short-term keys are exclusively used for encryption. The protocol does not require a real-time online trusted third party, avoiding single point of failure and performance bottlenecks. Through functional tests, performance tests and security attack tests in a simulation environment, the results show that the calculation time on the meter side in the daily communication stage is only 3.39 ms, about 65% lower than the first stage, and the communication overhead is only 169 bytes; the protocol can effectively resist spoofing, replay and tampering attacks, and meet forward secrecy. Formal analysis (ProVerif) further verifies the confidentiality and two-way authentication properties of the protocol. Compared with existing representative schemes, this protocol achieves a better balance between security and computational/communication efficiency while realizing the systematic compliance application of national cryptographic algorithms (SM2/SM3/SM4), providing a feasible technical reference for the autonomous and controllable security construction of smart grids.
文章引用:舒昕沂, 高新萌. 基于SM2/SM3的智能电表身份认证协议[J]. 计算机科学与应用, 2026, 16(6): 75-89. https://doi.org/10.12677/csa.2026.166210

参考文献

[1] Zhu, H., Li, D., Sun, Y., Chen, Q., Tian, Z. and Song, Y. (2024) Optimization of SM2 Algorithm Based on Polynomial Segmentation and Parallel Computing. Electronics, 13, Article No. 4661. [Google Scholar] [CrossRef
[2] 付元元, 高献伟, 董秀则. 基于FPGA的SM2加解密算法的优化设计[J]. 北京电子科技学院学报, 2022, 30(3): 71-80.
[3] 王明登, 严迎建, 郭朋飞, 等. 基于RISC-V指令扩展方式的国密算法SM2、SM3和SM4的高效实现[J]. 电子学报, 2024, 52(8): 2850-2865.
[4] 区永通, 陈重辰, 谭浩彬, 等. 基于SM3算法的智能配电网报文安全认证方法[J]. 机电工程技术, 2024, 53(2): 263-266.
[5] Tsai, J.L. and Lo, N.W. (2016) Secure Anonymous Key Distribution Scheme for Smart Grid. IEEE Transactions on Smart Grid, 7, 906-914.
[6] Odelu, V., Das, A.K., Wazid, M., et al. (2018) Provably Secure Authenticated Key Agreement Scheme for Smart Grid. IEEE Transactions on Smart Grid, 9, 1900-1910.
[7] Mohammadali, A., Sayad Haghighi, M., Tadayon, M.H. and Mohammadi-Nodooshan, A. (2018) A Novel Identity-Based Key Establishment Method for Advanced Metering Infrastructure in Smart Grid. IEEE Transactions on Smart Grid, 9, 2834-2842. [Google Scholar] [CrossRef
[8] Kumar, P., Gurtov, A., Sain, M., Martin, A. and Ha, P.H. (2019) Lightweight Authentication and Key Agreement for Smart Metering in Smart Energy Networks. IEEE Transactions on Smart Grid, 10, 4349-4359. [Google Scholar] [CrossRef
[9] Abbasinezhad-Mood, D. and Nikooghadam, M. (2018) An Anonymous ECC-Based Self-Certified Key Distribution Scheme for the Smart Grid. IEEE Transactions on Industrial Electronics, 65, 7996-8004. [Google Scholar] [CrossRef
[10] Gope, P. and Sikdar, B. (2021) A Privacy-Aware Reconfigurable Authenticated Key Exchange Scheme for Secure Communication in Smart Grids. IEEE Transactions on Smart Grid, 12, 5335-5348. [Google Scholar] [CrossRef
[11] Badar, H.M.S., Mahmood, K., Akram, W., Ghaffar, Z., Umar, M. and Das, A.K. (2023) Secure Authentication Protocol for Home Area Network in Smart Grid-Based Smart Cities. Computers and Electrical Engineering, 108, Article ID: 108721. [Google Scholar] [CrossRef
[12] 王清. 智能电网的认证与密钥协商协议研究[D]: [硕士学位论文]. 西安: 西安电子科技大学, 2023.
[13] 国家密码管理局. GM/T 0002-2012. SM2椭圆曲线公钥密码算法[S]. 北京: 中国标准出版社, 2012.
[14] 国家密码管理局. GM/T 0003-2012. SM3密码杂凑算法[S]. 北京: 中国标准出版社, 2012.
[15] 陈锐, 李冰, 朱家乐, 等. HMAC-SM3/SHA256算法的低开销硬件结构设计[J]. 电子器件, 2023, 46(4): 888-894.
[16] 国家密码管理局. GM/T 0004-2012. SM4分组密码算法[S]. 北京: 中国标准出版社, 2012.
[17] 张跃飞, 袁征, 冯笑, 等. 面向电力物联网设备的基于PUF的轻量级认证协议[J]. 计算机应用研究, 2025, 42(5): 1541-1548.
[18] 王圣宝, 周鑫, 文康, 等. 适用于智能电网的三方认证密钥交换协议[J]. 通信学报, 2023(2): 210-218.
[19] 喇元, 赵继光, 张伟. 基于SM9门限签名的电力终端安全认证方案[J]. 电力科学与技术学报, 2022, 37(4): 183-188, 226.
[20] 王胜, 张凌浩, 滕予非, 等. 基于隐式证书的电力工业互联网轻量级身份认证方案[J]. 电子与信息学报, 2026, 48(2): 597-606.