A Hybrid Cryptography Scheme for NILM Data Security
Round 1
Reviewer 1 Report
The requested changes have been entered in the correct way.
Now the article is in a good form, the topics are treated well with an exhaustive introduction, and the innovative component is interesting.
The article is ready and mature for publication.
Author Response
Thank you very much for your encouragement.
Reviewer 2 Report
The paper has been corrected and improved. My suggestions from the previous review have been mostly considered. I have some additional comments, however.
1) Your reply about CTR mode from the cover letter is very interesting. In my opinion it should be included in the paper as well. Thus, potential questions and doubts will be avoided.
2) In this reply about CTR mode it is stated that: "In case of transmission error, if the integrity check fails, the sender will be immediately informed to resend the data. At this time, the receiver reinitializes the AES-CTR module and resynchronizes the counter, which is set to 0.".
I am concerned about some new potential security flaw. An intruder is able to intentionally introduce transmission error to set the counter to zero at any time. Thus, an intruder is able to force that different messages will be encrypted with the same counter value. It means that CTR mode is effectively reduced to ECB mode, which is not safe. Many attacks are possible is such case, e.g. replay attacks. Could you please discuss such a possibility in the paper?
3) I agree with your reply about the novelty of the contribution. In my opinion it should be also clearly pointed in the paper, e.g. in the introduction.
4) Some figures are still too small and unclear.
5) Some minor typos should be corrected, e.g. "Encrption" (Fig.4), "Cenerate" (Fig. 7), "commuicate" (Fig. 8), missing space in line 355 "MCUwas", unnecessary space in line 152 "system )", capital letter in line 51 "The Promulgation" and in line 227 "encryption Algorithm".
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.
Round 1
Reviewer 1 Report
This article is an interesting application of cryptography.
It would be appreciate the introduction of other algorithms of symmetric encryption and/or key exchange and/or the introduction of an alternative signature system instead of hash-based authentication (maybe in a futute development section not present in current version).
But the results and choices described in the Conclusions section are very interesting then, in my opinion, the work after some small improvements in the language and typography is worthy of publication.
Reviewer 2 Report
1) The paper should be checked / proofread by a native speaker. Some parts are currently hard to understand. There are some mistakes and grammar errors.
2) Figures include too small and almost unreadable texts. Unfortunately enlarging of the figures probably will not help, some parts should be redrawn.
3) There are some unclear or speculative sentences, e.g. in lines 151-152:
"NILM data transmission, cannot be the same as the main power grid, using an independent power dedicated communication network, which means better cyber security."
This sentence is unintelligible to me. Moreover the influence on cyber security is speculative and should be explained / justified.
In lines 393-395:
"According to the principle of CTR mode, each group of encrypted data is encrypted once without any error transmission, so it is safe and reliable."
Again the sentence is unintelligible. Is data encrypted without errors, or transmitted? Why the transmission is believed to be error free? What about resynchronisation of the counters in CTR mode in case of transmission errors?
4) How the identity of the power supplier is verified in the point A of the proposed key distribution algorithm (line 295-296)? It is stated that: "Power supplier sends the public key PK to electricity consumers. At this time, hackers can intercept PK;". What about the man-in-the-middle attack? What if an intruder sends his own public key, pretending to be legitimate power supplier?
5) Novelty of contribution is unclear to me. Hybrid encryption schemas, where asymmetrical cryptography is used to distribute session keys for symmetrical encryption are commonly known. Hash based authentication codes for integrity checking are also widely used. The novelty should be more clearly pointed out in the paper.