Analysis and improvement of a privacy-preserving authentication scheme for smart metering infrastructure in smart grid

Entity authentication and key exchange are fundamental prerequisites for ensuring the security of various emerging smart networks. However, most existing classical schemes are vulnerable to attacks from quantum computers. Recently, Prateek et al proposed a privacy-preserving mutual authentication scheme for smart metering infrastructure in smart grids. The authors claimed that their scheme is unconditionally secure and could resist various known security attacks, including impersonation attacks, eavesdropping attacks, and replay attacks. However, in this article, we demonstrate that there are serious security flaws in the proposed scheme. First, the scheme fails to ensure that two legitimate parties can reliably share a common session key, leading to a potential authentication failure. Second, an eavesdropper can exploit entangle-measure attacks to obtain partial information about the shared session key. Additionally, due to the inherent randomness of quantum measurements, the session key shared between two entities in each session is unpredictable. Consequently, the session keys distributed across different sessions may not be identical, further contributing to authentication failure. Finally, we provide an improvement to address these security flaws while preserving the original scheme's advantageous features.