CN105245326A - A secure communication method for smart grid based on combined cipher - Google Patents

Abstract

The invention discloses a method for safe communication of smart grid based on combined cipher. The present invention adopts a combined cipher, and uses a key pair to complete operations such as session key negotiation, encryption, and signature, and this method adopts an offline/online mode, which can be used in an environment such as a smart meter with limited storage space and computing power. Reduce required storage space and increase computing speed. A transfer station is set between the smart meter and the meter data management center (MDMS), and the private key corresponding to the meter, transfer station and MDMS is generated by the key generation center (PKG). The session key is first generated between the meter and the transfer station, and the session key is used to realize two-way authentication and communication. Then adopt the chain transmission method, after the transfer station collects the meter data within its jurisdiction, it performs some security operations and transmits it to the next transfer station adjacent to it, and so on, until it reaches MDMS.

Description

A secure communication method for smart grid based on combined cipher

technical field

The invention belongs to the technical field of secure communication, and in particular relates to a safe communication method between a smart meter and MDMS in a smart grid.

Background technique

As a product of the new era, the smart grid will completely replace the current grid architecture in the future and provide more reliable, safer and more convenient services for human life. A major feature of the smart grid is the realization of two-way communication between the user and the power company, so it can predict the energy demand of the user more objectively and avoid the waste caused by excessive power production. At the same time, with the increase and integration of communication, network loopholes in the smart grid also emerge as the times require. Realize smart stealing and smart tracking. One of the goals of the smart grid is to provide consumers with information about their energy consumption in near real-time. For example, consumers can get their energy consumption every hour, so that they can change their consumption habits in order to reduce electricity bills. Now Consumers can only see the consumption information for one month. However, this allows attackers to monitor and access these private information, and speculate on the user's living habits through the user's electricity consumption information, thereby achieving intelligent theft and tracking. In addition, the smart grid also needs to have integrity and authentication to prevent malicious users from tampering with communication messages and randomly sending messages, thereby posing threats to the smart grid. Therefore, in order to protect the confidentiality, integrity and authentication of information, the application of cryptography in smart grid has become a research hotspot.

Traditional cryptographic systems require different cryptographic algorithms to use different key pairs. For example, one key pair is used for encryption and another key pair is used for signature. However, in practical applications, people hope to use the same key pair in different cryptographic systems to implement encryption and signature systems to apply to the system environment with limited storage resources and computing power, that is, the emergence of combined public key cryptosystems. . This cryptosystem breaks the traditional principle of key splitting, uses a key pair for different cryptosystems, such as encryption and signature, and ensures the independent security of these two cryptosystems. Therefore, combined public key cryptography is not a simple combination of encryption system and signature system. The use of combined public key cryptography can effectively reduce the storage of keys, the storage of public key certificates, and the time required for public key certificate verification, so this cryptography has a wide range of applications in environments with limited storage and computing resources. . However, the security problems brought by this method to the cryptosystem cannot be ignored. For example, the widely used RSA system, if only one key pair is used to implement encryption and signature, the originally secure encryption and signature system is no longer safe. In other words, once the same or related key pairs are used in independently secure cryptographic structures, their inherent security will be compromised.

Information integrity, confidentiality, and mutual authentication of users are key issues in smart grids. Integrity and authentication can be guaranteed through digital signatures, while confidentiality is mainly realized through encryption mechanisms. The smart grid can be roughly divided into three layers: control center, distribution station, and smart appliances. The distribution station and the smart appliances communicate through the network through the medium of the smart meter, and then the distribution station forwards the electricity demand information of the smart appliances to the control center, and finally the control center performs intelligent power distribution according to the user's electricity demand. The supervisory control and data acquisition system can protect the secure communication between the control center and the substation, but the communication between the substation and smart appliances is vulnerable to security attacks such as message forgery, tampering and eavesdropping. Therefore, the main goal of the current law is to address the security issues between the substation and smart appliances. For example, tamper-resistant devices are used to circumvent this security problem, but in this case only the distribution station can authenticate smart appliances, and key agreement cannot be achieved. And a lightweight message authentication protocol based on the computational Diffie-Hellman problem, which realizes two-way authentication and key agreement through Diffie-Hellman. In order to further strengthen the security, based on a mutual authentication and key establishment mechanism, the data collection center and the smart device can perform mutual authentication through the public key certificate of the data collection center and the shared long-term key in advance, but how to distribute the shared long-term key The technical problem of the key prevents the scheme from being widely promoted. In addition, the use of public key certificates, zero-knowledge authentication and access control technologies to achieve multi-factor authentication systems, authentication protocols based on elliptic curves, etc., and the use of symmetric cryptosystems to achieve both two-way authentication and confidentiality protocols, but this protocol A large number of key negotiation processes are required, and multiple authentications are required before communication.

Contents of the invention

The purpose of the present invention is to propose a combination password-based smart grid electricity information protection method to ensure safe and reliable communication between the smart meter and MDMS.

A smart grid security communication method based on combined ciphers, comprising the following steps:

Step 1: Set up n (n is greater than 1) transfer stations, and each transfer station corresponds to more than one smart meter; only one transfer station in the n transfer stations communicates directly with the meter data management center MDMS, and the n transfer stations For chain communication;

Step 2: Each entity (including smart meters, transfer stations and MDMS) generates a corresponding public key according to its own identity ID and sends it to the key generation center PKG. PKG generates a private key based on the public key sent by each entity and passes it through a secure channel. sent to the corresponding entity;

Step 3: hop-by-hop link transmission for secure communication between smart meters and MDMS:

Step 3-1: Generate the session key of the smart meter and the corresponding transfer station: the smart meter is based on the public key of the corresponding transfer station to the first preset key negotiation message (usually can be set as the identity identifier of the smart meter and the corresponding transfer station , key negotiation parameter w, time stamp TM1 and other information) to encrypt and send the ciphertext to the corresponding transfer station, after the transfer station decrypts the second preset key negotiation message based on the public key of the smart meter, encrypt and send For the smart meter, the second preset key negotiation message includes the first preset key negotiation message, which can usually be set as the identity identifier of the smart meter and the corresponding transfer station, key negotiation parameters w, v and time stamp TM1, TM2, etc.; obtain the session key of the smart meter and the corresponding transfer station based on the second preset key negotiation message, for example, based on the combined public key cryptography and Diffie-Hellman protocol of the identity identifier of the entity (smart meter, transfer station) Carry out secure key negotiation to generate corresponding session keys;

Step 3-2: The smart meter encrypts the data of the meter based on the session key and sends it to the corresponding transfer station. The transfer station performs verification based on the session key. If the verification is successful, execute step 3-3;

Step 3-3: Encrypt the received meter data based on the MDMS public key to obtain the local ciphertext;

Determine whether the current transfer station is the transfer station with the largest number of communication hops with MDMS (it can be judged by the identifier of the transfer station, for example, sequentially number all transfer stations, the transfer station with the largest number communicates directly with MDMS, and the transfer station with the smallest number communicates directly with MDMS The number of communication hops is the largest, or it can also be judged based on whether there are signatures sent by other transfer stations and/or transfer station ciphertexts on the current transfer station), if not, the transfer station ciphertext of the current transfer station is the local ciphertext If so, then based on the public key of the last hop transfer station (transmission direction from the transfer station with the largest communication hops with MDMS to MDMS), the signature and transfer station ciphertext sent by it are verified, and if the verification is passed, then The transfer station ciphertext of the current transfer station is the local ciphertext and the transfer station ciphertext received; based on the private key of the current transfer station, the transfer station ciphertext is signed and sent together with the transfer station ciphertext to the next hop transfer stand;

Step 3-4: Repeat steps 3-3 until the corresponding signature and transfer station ciphertext are sent to MDMS; MDMS verifies the received signature and transfer station ciphertext based on the public key of the transfer station that directly communicates with it. If passed, the local ciphertext of each transfer station is decrypted based on the MDMS private key to restore the meter data of each smart meter.

Based on the above steps, the present invention adopts a combined public key cryptosystem, which can effectively reduce the number of keys stored by users. Compared with PKI-based combined ciphers, users do not need to verify the validity of public key certificates, and at the same time reduce the cost of storing and maintaining certificates. Compared with symmetric cryptography, identity-based cryptography can avoid a large number of key agreements.

Further, the present invention can also set the secure communication between MDMS and the smart meter, so as to realize the two-way secure communication between the smart meter and the MDMS, that is, the present invention also includes step 4: hop-by-hop link transmission for secure communication between the MDMS and the smart meter: MDMS encrypts the control message based on the public key of each transfer station to obtain the corresponding control ciphertext, and then signs each control ciphertext based on the private key of MDMS and sends it together with each control ciphertext to the transfer station directly communicating with it; The current transfer station stores the signature and control ciphertext corresponding to the local end, and sends the non-corresponding signature and control ciphertext of the local end to the transfer station of the previous hop (transmission direction from MDMS to the smart meter), until n transfer stations and The transfer station with the largest number of MDMS communication hops; each transfer station verifies the signature corresponding to the local end based on the MDMS public key. The meter's session key sends control to each corresponding smart meter.

In order to further adapt to the working environment where the computing power of each entity in the smart grid is limited, improve the system processing speed, and ensure the real-time performance of the smart grid, in step 3 of the present invention, when processing encryption and signature, the server can be set for offline correspondence The calculation process of encryption and signature, and send the calculation results to the corresponding entities (such as smart meters, transfer stations) to calculate the corresponding encryption and signature results online.

In summary, owing to adopting above-mentioned technical scheme, the beneficial effect of the present invention is:

(1) The combined public key cryptosystem is used in the smart grid, which ensures the authentication and confidentiality of the smart grid communication, and effectively reduces the number of storage keys in the smart grid.

(2) Combining the offline/online cryptographic system improves the processing speed of the communication process and ensures the real-time performance of the smart grid.

Description of drawings

Fig. 1 is a schematic diagram of network topology of an embodiment;

Fig. 2 is a schematic diagram of a secure communication process of an embodiment.

detailed description

In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the implementation methods and accompanying drawings.

Example 1

Referring to Figure 1, n transfer stations are set up, and each transfer station is marked with j, and each transfer station is used for multiple smart meters (Meter1, Metern, Meterm, etc. in Figure 1); only one transfer station in n transfer stations The station communicates directly with the meter data management center MDMS (the transfer station n shown in the figure), and the n transfer stations communicate in a chain.

The system parameters are set by the PKG, so as to generate the key pair and key agreement process based on the identity environment of each entity in the smart grid:

(1) Set system parameters and generate the required key pair.

Given a cyclic additive group G ₁ with order prime q, G ₂ is a cyclic multiplicative group with the same order. P is a generator in the group G ₁ , and e: G ₁ ×G ₁ →G ₂ is a bilinear map. Define four secure hash hash functions H ₃ : {0,1} ^* → {0,1} ^M , Where M represents the plaintext length, Represents the multiplicative cyclic group modulo q (the elements in the group do not include 0). PKG randomly selected As the master key, calculate P _pub =sP, g=e(P,P), PKG public system parameters (G ₁ ,G ₂ ,P,P _pub ,g,e,H ₁ ,H ₂ ,H ₃ ,H ₄ ), and save the master key s.

Each entity in the smart grid (smart meter, transfer station, and MDMS) sends its own identity information ID∈{0,1} ^* to PKG, and PKG provides each entity in the smart grid with the system parameters and master key s generated above. An entity generates a public-private key pair (Q _ID , S _ID ), where the private key S _ID = (Q _ID +s) ^-1 P, the public key Q _ID = H ₁ (ID), and finally PKG sends the private key through a secure channel to the corresponding entity.

(2) Key negotiation process

Referring to FIG. 2 , before the smart meter communicates with the MDMS, the smart meter and the transfer station need to perform key negotiation to generate a shared session key. Smart meter i randomly selects key negotiation parameters And calculate wP, then use the public key Q _j of the transit station j to encrypt the key agreement message (i||j||wP||TM ₁ ) and send the ciphertext to the transit station j. Where i and j represent the identity information of smart meter i and transfer station j respectively, and TM ₁ represents the time stamp. In transit, j uses his own private key S _i (that is, S _i =S _ID =(Q _ID +s) ^-1 P) to decrypt and recover wP, and then randomly selects key negotiation parameters And calculate vP, and then use the public key Q _i of smart meter i (that is, Q _i =Q _ID =H ₁ (ID)) to the key agreement message (i||j||w||vP||TM ₁ || TM ₂ ) to encrypt and send the ciphertext to the smart meter i, where TM ₂ represents the time stamp. Smart meter i uses its own private key S _i to decrypt and recover the message, and wP can ensure that the key negotiation with it is the transfer station j. Finally, the smart meter i can generate the session key K _i,j =w(vP) according to the values of w and vP, and the relay station j can generate the session key K _i,j =v(wP) according to the values of v and wP. In order to ensure that the transfer station j communicates with the smart meter i, the smart meter i can use the shared session key K _i,j to encrypt and send it to the transfer station j. This ensures two-way authentication.

(3) Smart meter reading transmission process

Smart meter i uses its meter data m (user electricity consumption information) and the session key K _i,j generated in the above process to generate a message authentication code E represents a symmetric encryption algorithm, the subscript is used to identify the smart meter i and the transfer station j and the corresponding session key K _i,j , and then send (m||c) to the transfer station j, and the transfer station j uses the shared Session key calculation If c'=c, the verification is successful; otherwise, the meter data sent by the smart meter is discarded. Transit Zhan j encrypts and then signs all the meter data that has been verified successfully. Calculate U _j ＝uP, R _j ＝g ^x , β _j ＝H ₃ (R), T _1j ＝a ^-1 xP, T _2j ＝x(b+s)P, and then convert the offline ciphertext φ=(u, x,a,b,U _j ,R _j ,T _1j ,T _2j ,β _j ) to transfer station j, transfer station j uses MDMS public key Q _MD to calculate online ciphertext t _1j =a(Q _MD -b )modq,t _2j =H ₂ (m,R _j ,U _j ,T _1j ,T _2j ,t _1j )x+umodq,c _j =β _j ⊕m. The local ciphertext of transfer station j is σ _j =(U _j ,T _1j ,T _2j ,t _1j ,t _2j ,c _j ). If the transfer station identifier j is equal to 1, the local ciphertext is directly used as the transfer station ciphertext; otherwise, the transfer station j uses the public key of the transfer station j-1 to send the message (h _j-1 , θ _{j -1} ,S' _j-1 ) and (σ ₁ ||σ ₂ ||…||σ _j-1 ) are verified, and if the verification is successful, the signature processing is performed, otherwise discarded. The specific steps are: transfer station j calculates S _j-1 = θS' _j-1 , If h _j-1 ＝H ₄ (σ ₁ ||σ ₂ ||…||σ _j-1 ,r _j-1 ,S' _j-1 ), accept the signature (h _j-1 ,θ _j-1 ,S' _j-1 ) and uniformly sign the local ciphertexts of the first j transit stations, that is, the local ciphertexts of the first to j transit stations are used as the transit station ciphertexts of the transit station j, and then the current transit station's The ciphertext of the transfer station is signed: firstly, the security server calculates the offline signature, randomly selects the parameter l, Calculate r _j =g ^l , S' _j =αSK _j , and then send the offline signature δ=(l,α ^-1 ,r _j ,S' _j ) to the transfer station j, and the transfer station j calculates the online signature h _j =H ₄ (σ ₁ ||σ ₂ ||…||σ _j ,r _j ,S' _j ), θ _j =(x+h)α ^-1 modq, then the signature (h _j ,θ _j ,S' _j ) and ciphertext (σ ₁ ||σ ₂ ||…||σ _j ) are sent to the transfer station j+1. Subsequent transfer stations then perform similar operations until the last transfer station n in the link transfers the data to the MDMS.

MDMS verifies and decrypts the received data. The specific steps are: MDMS first uses the public key Q _n of the nth transfer station to verify the signature (h _n , θ _n , S' _n ), and calculates S _n = θ _n S' _n , If h _n ＝H ₄ (σ ₁ ||σ ₂ ||…||σ _n ,r _n ,S' _n ), accept the ciphertext (σ ₁ ||σ ₂ ||…||σ _n ), and use Its own private key SK _MD decrypts each ciphertext respectively. Taking σ _j =(U _j ,T _1j ,T _2j ,t _1j ,t _2j ,c _j ) as an example, MDMS calculates R=e(T _2j +t _1j T _1j ,SK _MD ), m _j =c _j ⊕ H ₃ (R), H=H ₂ (m _j ,R,U _j ,T _1j ,T _2j ,t _1j ), if R ^H =e(t ₂ PU,P) is satisfied, the message m _j is accepted, where m _j represents the electric meter data sent by each smart electric meter corresponding to the transfer station j.

(4) Control information transmission process

MDMS transmits control messages to smart meters is a reverse process of the above process. MDMS first uses the public key of the transfer station to encrypt the control message and signs the ciphertext with its own private key and then passes it to the transfer station n. The transfer station n first sends the ciphertext and signature of the first n-1 transfer stations to The hop-by-hop link transmission method is transmitted to the previous transfer station n-1, and the transfer station n-1 similarly transmits the ciphertext and signature of the first n-2 transfer stations to the previous transfer station, and so on. Up to the first transfer station in the chain. After receiving the ciphertext and signature, each transfer station first uses the MDMS public key to verify the signature and decrypts it with its own private key, and finally uses the session key shared with the smart meter to forward the control message to each meter.

The above is only a specific embodiment of the present invention. Any feature disclosed in this specification, unless specifically stated, can be replaced by other equivalent or alternative features with similar purposes; all the disclosed features, or All method or process steps may be combined in any way, except for mutually exclusive features and/or steps.

Claims (7)

1. A smart grid security communication method based on combined cipher, is characterized in that, comprises the following steps: Step 1: Set up n transfer stations, each of which corresponds to more than one smart meter; only one transfer station in the n transfer stations communicates directly with the meter data management center MDMS, and the n transfer stations communicate in a chain, where n is greater than 1; Step 2: Each entity generates a corresponding public key according to its own ID and sends it to the key generation center PKG. PKG generates a private key based on the public key sent by each entity and sends it to the corresponding entity through a secure channel. The entities include Smart meters, transfer stations and MDMS; Step 3: hop-by-hop link transmission for secure communication between smart meters and MDMS: Step 3-1: Generate the session key of the smart meter and the corresponding transfer station: the smart meter encrypts the first preset key negotiation message based on the public key of the corresponding transfer station and sends the ciphertext to the corresponding transfer station, and the transfer station decrypts it Then encrypt the second preset key negotiation message based on the public key of the smart meter and send it to the smart meter, the second preset key negotiation message includes the first preset key negotiation message; based on the second The preset key negotiation message obtains the session key of the smart meter and the corresponding transfer station; Step 3-2: The smart meter encrypts the data of the meter based on the session key and sends it to the corresponding transfer station. The transfer station performs verification based on the session key. If the verification is successful, execute step 3-3; Step 3-3: Encrypt the received meter data based on the MDMS public key to obtain the local ciphertext; Judging whether the current transfer station is the transfer station with the largest number of communication hops with MDMS, if not, the transfer station ciphertext of the current transfer station is the local ciphertext; if so, based on the public key of the previous transfer station The signature and the transfer station ciphertext are verified. If the verification is passed, the transfer station ciphertext of the current transfer station is the local ciphertext and the received transfer station ciphertext; Sign the ciphertext of the transit station based on the private key of the current transit station, and send it to the next-hop transit station together with the transit station ciphertext; Step 3-4: Repeat steps 3-3 until the corresponding signature and transfer station ciphertext are sent to MDMS; MDMS verifies the received signature and transfer station ciphertext based on the public key of the transfer station that directly communicates with it. If passed, the local ciphertext of each transfer station is decrypted based on the MDMS private key to restore the meter data of each smart meter. 2. The method according to claim 1, further comprising step 4: hop-by-hop link transmission for secure communication between MDMS and smart meters: MDMS encrypts the control message based on the public key of each transfer station to obtain the corresponding control ciphertext, and then signs each control ciphertext based on the private key of MDMS and sends it together with each control ciphertext to the transfer station directly communicating with it; The current transfer station stores the signature and control ciphertext corresponding to the local end, and sends the signature and control ciphertext corresponding to the local end to the previous hop transfer station until the transfer station with the largest number of communication hops with MDMS among the n transfer stations; Each transfer station verifies the signature corresponding to the local end based on the MDMS public key. If the verification is passed, the control ciphertext is decrypted based on the local private key to restore the control message, and finally the control is sent to each station based on the session key with the smart meter. Compatible with smart meters. 3. The method according to claim 1 or 2, wherein, in step 3-1, the first preset key negotiation message includes the identity identifier of the smart meter and the corresponding transfer station, the key negotiation parameter w and time stamp TM ₁ , the second preset key negotiation message includes the identity identifiers of the smart meter and the corresponding transfer station, key negotiation parameters w, v, and time stamps TM ₁ , TM ₂ . 4. The method according to claim 1 or 2, characterized in that, in step 3, when processing encryption and signature, the set server performs the calculation process of corresponding encryption and signature offline, and sends the calculation result to the corresponding entity The corresponding encryption and signature results can be calculated online. 5. The method according to claim 4, wherein the specific processes of offline encryption, online encryption, decryption, offline signature, online signature and authentication involved in each entity are: Offline encryption: the server randomly selects parameters And calculate U=uP, R=g ^x , β=H ₃ (R), T ₁ =a ^-1 xP, T ₂ =x(b+s)P, and the offline ciphertext φ=(u,x, a,b,U,R,T ₁ ,T ₂ ,β) are sent to the sender of the corresponding ciphertext; Online encryption: Given (m, ID, φ), the sender calculates t ₁ = a(H ₁ (ID)-b) modq, t ₂ = H ₂ (m, R, U, T ₁ , T ₂ , t ₁ ) x+umodq, Then send the generated ciphertext σ=(U,T ₁ ,T ₂ ,t ₁ ,t ₂ ,c) to the decryption end; Decryption: Given (σ, ID, S _ID ), the receiver receiving the corresponding ciphertext calculates R=e(T ₂ +t ₁ T ₁ , S _ID ), H＝H ₂ (m,R,U,T ₁ ,T ₂ ,t ₁ ), if R ^H ＝e(t ₂ PU,P), output m, otherwise reject; Offline signature: The server randomly selects the parameter l, And calculate r=g ^l , S'=αS _ID , and then send the offline ciphertext δ=(l,α ^-1 ,r,S') to the sender of the corresponding signature; Online signature: given (ID, δ), the sender calculates h = H ₄ (m, r, S'), θ = (l+h) α ^-1 modq, and generates a signature σ = (h, θ, S' ) and sent to the corresponding receiver; Authentication: Given (m, ID, σ), the receiving end calculates S=θS', r=e(S,H ₁ (ID)P+P _pub )g ^-h , if h=H ₄ (m,r, S') The receiving end accepts the signature, otherwise rejects; in, Represents the multiplicative cyclic group modulo q, P represents the generator of the q-order additive cyclic group G ₁ , g=e(P,P), where the bilinear map e is: G ₁ ×G ₁ →G ₂ , G ₂ represents Cyclic group of q factorial method, hash function hash function Hash function H ₃ : {0,1} ^* → {0,1} ^M , hash function Where M is the preset plaintext length, s represents the system master key, m represents the meter data of the smart meter, ID represents the identity identifier of the corresponding entity, and S _ID represents the private key of the corresponding entity. 6. The method according to claim 5, characterized in that, in step 3-3, the specific process of obtaining the local ciphertext is: The off-line ciphertext φ _j = (u,x,a,b,U _j ,R _j ,T _1j ,T _2j ,β _j ) is calculated by the security server and sent to the transfer station j, where j represents the identifier of the current transfer station, U _j =uP, R _j =g ^x , β _j =H ₃ (R), T _1j =a ^-1 xP, T _2j =x(b+s)P; Transit station j calculates online ciphertext based on MDMS public key Q _MD t _1j =a(Q _MD -b)modq, t _2j =H ₂ (m,R _j ,U _j ,T _1j ,T _2j ,t _1j )x +umodq, Thus the local ciphertext is obtained: σ _j =(U _j ,T _1j ,T _2j ,t _1j ,t _2j ,c _j ); Transit station j uses the public key of transit station j-1 to sign (h _j-1 ,θ _j-1 ,S' _j-1 ) and transit station ciphertext (σ ₁ ||σ ₂ ||… ||σ _j-1 ) for verification: calculate S _j-1 ＝θS' _j-1 , If h _j-1 ＝H ₄ (σ ₁ ||σ ₂ ||…||σ _j-1 ,r _j-1 ,S' _j-1 ), the verification is passed; The transfer station ciphertext of transfer station j is (σ ₁ ||σ ₂ ||…||σ _j ), and it is signed: the offline signature is calculated by the security server, and the parameter l is randomly selected, Calculate r _j =g ^l , S' _j =αSK _j , and then send the offline signature δ=(l,α ^-1 ,r _j ,S' _j ) to the transfer station j, and the transfer station j calculates the online signature h _j =H ₄ (σ ₁ ||σ ₂ ||…||σ _j ,r _j ,S' _j ), θ _j =(l+h)α ^-1 modq, then the signature (h _j ,θ _j ,S' _j ) and transfer station ciphertext (σ ₁ ||σ ₂ ||…||σ _j ) are sent to transfer station j+1; In steps 3-4, MDMS verifies and decrypts the received signature and the ciphertext of the transfer station. The specific steps are: _{MDMS signs (h n ,θ n , S} ' _n ) to verify, calculate S _n =θ _n S' _n , If h _n =H ₄ (σ ₁ ||σ ₂ ||...||σ _n , r _n , S' _n ), each local ciphertext is decrypted based on the private key SK _MD of MDMS. 7. The method according to claim 6, wherein in step 4, the specific step of the MDMS transmitting the control message to the smart meter is the inverse process of steps 3-3 and 3-4 in claim 6.