US 12,425,202 B2
Authentication of smart grid communications using quantum key distribution
Muneer Alshowkan, Oak Ridge, TN (US); Philip G. Evans, Clinton, TN (US); Michael Starke, Knoxville, TN (US); and Nicholas A. Peters, Knoxville, TN (US)
Assigned to UT-Battelle, LLC, Oak Ridge, TN (US)
Filed by UT-Battelle, LLC, Oak Ridge, TN (US)
Filed on Sep. 29, 2023, as Appl. No. 18/478,376.
Claims priority of provisional application 63/411,646, filed on Sep. 30, 2022.
Prior Publication US 2024/0113870 A1, Apr. 4, 2024
Int. Cl. H04L 9/08 (2006.01)
CPC H04L 9/0858 (2013.01) [H04L 9/0869 (2013.01)] 37 Claims
OG exemplary drawing
 
1. A system for authenticating messages transmitted through a public network between devices of a power grid, the system comprising:
a first device of the power grid, the first device comprising a first processor and a first memory, the first memory operatively connected to the first processor, the first memory configured to store a plurality of shared quantum-based secret keys received from a quantum key distribution (QKD) system and a plurality of values generated from quantum-based random numbers from a quantum-random number generator (QRND), respectively;
a second device of the power grid spatially separated from, and communicatively coupled through the public network with, the first device, the second device comprising a second processor and a second memory, the second memory operatively connected to the second processor, the second memory configured to store a plurality of shared quantum-based secret keys received from the QKD system;
wherein the first processor of the first device is configured to:
select one of the plurality of values and produce an initialization vector from the selected quantum-based random number for a specific transmission;
obtain at least one unencrypted message for transmission over the public network;
select one of the plurality of stored shared quantum-based secret keys from the first memory and produce a sender challenge using the at least one unencrypted message, the selected quantum-based key and the produced initialization vector; and
cause the transmission, over the public network, of a packet containing a payload that includes the at least one unencrypted message, the initialization vector, and the sender challenge, and
wherein the second processor of the second device is configured to:
receive, over the public network, the packet transmitted by the first device;
produce a receiver challenge using the at least one unencrypted message and the initialization vector received in the payload, and a corresponding quantum-based secret key from among the stored shared quantum-based secret keys in the memory of the second device;
verify whether the receiver challenge matches the sender challenge received in the payload, and if so
indicate that the at least one unencrypted message received in the payload is authentic.