Location authentication through Power Line Communication: Design, protocol, and analysis of a new out-of-band strategy

摘要

We propose using Power Line Communication (PLC) as a second channel for data origin authentication, and we present a system architecture and protocol for doing so taking advantage of existing infrastructure for communicating over power lines. Our system connects a user's computer to a secure electric meter in his building via a secure Human Authorization Detector (HAD). The electric meter, which has a unique secret identifier and encryption key, communicates securely with the trusted Power Grid Server (PG) through PLC. Upon request from an Internet Application Server (AS), the user sends a location certificate to the AS, obtained via PLC from the PG and signed by the PG. Because PLC requires physical access to the electric meter, our system offers fine-grain location authentication. Unlike movable modems and dongles, the meter is permanently attached to the user's building. The user authorizes or denies certificate requests and deliveries by reading the HAD's display and pushing a button on the HAD, thus protecting against the possible threat of malware on the user's computer maliciously requesting or forwarding location certificates unauthorized by the user. Our system provides strong location authentication useful to many online applications, such as banking and SCADA systems. PLC offers finer-grain location authentication than do cellular telephones. Furthermore, the power grid is deployed widely and is highly reliable, even in many places where cellular telephone and GPS signals are obstructed or unavailable. We present our architecture and Power line Location Authentication Protocol (PLAP) in sufficient detail to permit further implementation and analysis.