Clear Sky Science
Evidence-based, jargon-light explanations

Clear Sky Science · en

A collaborative multi-party encryption for mitigating man-in-the-middle attacks in smart grid and energy IoT systems

· Back to index

Keeping the Lights On and the Data Safe

Modern energy systems increasingly resemble sprawling computer networks. Smart meters in homes, rooftop solar panels, and grid controllers constantly talk to one another, making the power system more efficient but also more exposed to hackers. One of the scariest threats is the man-in-the-middle attack, where an intruder secretly sits between devices, reading or even altering messages. This paper introduces a new way to scramble data so that many devices work together to keep eavesdroppers out—aimed especially at the lightweight, low‑power gadgets that now fill our energy networks.

Figure 1
Figure 1.

Why Ordinary Locks Are Not Enough

Traditional online security often relies on each device having its own pair of keys: one to lock data and one to unlock it. Methods like RSA and ElGamal, which protect much of today’s web traffic, are powerful but can be heavy for tiny sensors and smart meters with limited computing power and battery life. They also assume that keys are handed out and managed correctly, often by some trusted central authority. In decentralized energy systems—where devices may be owned by different companies or households—that assumption breaks down. Attackers can exploit weak devices, intercept key exchanges, or replay old messages to confuse control systems.

A Shared Lock Built on the Journey

The study proposes a different style of protection tailored for smart grids and energy‑focused Internet of Things (IoT) networks. Instead of every device holding a complete private key, all the devices along a communication path collaboratively build a single, temporary master key for that specific transaction. The destination starts the process by sending out a seed value. Each intermediate node along the route adds its own secret ingredient, stacking these contributions into a nested, layered key. By the time the message reaches the sender, this key embodies the entire route’s participation. The sender then uses it to encrypt the message in one step and attaches a second encrypted piece that acts like a reversible breadcrumb trail for decryption.

Unwrapping the Message in Reverse

When the sender transmits the protected data, it travels back through the same chain of intermediate nodes. Each node peels off its own contribution in the opposite order in which the key was built—a first‑in, last‑out process. If any node is missing or an intruder has tampered with the stacked key or the ciphertext, the mathematical undoing no longer lines up and the final message cannot be reconstructed. At the very end, the destination checks a hidden cryptographic fingerprint of the message to confirm that nothing was changed in transit. This design turns attempts to alter the traffic into decryption failures instead of silent compromises, strongly limiting what a man‑in‑the‑middle attacker can achieve.

Figure 2
Figure 2.

Lightweight Protection for Tiny Devices

Because the heavy cryptographic lifting is spread across the route, low‑end IoT devices can contribute only small random values instead of computing and managing their own full key pairs. Experiments on a standard computer and a Raspberry Pi show that encryption time stays low even as more nodes join the collaboration, while decryption time grows roughly in proportion to the number of participants. This is acceptable in many energy systems, where powerful gateways or control centers do the bulk of the decryption work. Message sizes increase linearly with each added encryption layer but remain manageable for real‑world deployments. Compared with traditional RSA‑style schemes, the new method offers stronger built‑in protection against man‑in‑the‑middle attacks and collusion by partial groups of compromised nodes, without depending on a central key server.

Building Trust Through Many Paths

The authors also explore how to boost reliability when some nodes or routes fail. Instead of relying on a single chain of devices, the sender can create multiple independent routes, each with its own collaboratively built key and ciphertext. The destination then tries to decrypt messages from several paths and accepts the first one that works, much like sending the same letter through different couriers and trusting whichever arrives intact. This multi‑route approach greatly improves the odds that at least one path survives faults or denial‑of‑service attacks, at the cost of extra communication and energy use. The scheme is shown, under widely used theoretical threat models, to keep messages confidential and to detect tampering, though it still relies on additional mechanisms to guarantee uninterrupted communication.

What This Means for Future Energy Networks

In simple terms, this work turns the path that a message travels through the grid into its own shield. Every device along the way helps to lock the data, and all of them must cooperate to unlock it again. That makes it far harder for an unseen intruder to read or alter control commands without being noticed, even when some devices are small, cheap, and imperfectly protected. While more testing in real‑world smart grids is still needed—and future versions will likely incorporate defenses against quantum computers—the scheme offers a promising blueprint for keeping next‑generation energy systems both connected and secure.

Citation: Alfawair, M. A collaborative multi-party encryption for mitigating man-in-the-middle attacks in smart grid and energy IoT systems. Sci Rep 16, 13201 (2026). https://doi.org/10.1038/s41598-026-43856-3

Keywords: smart grid security, energy IoT, multi-party encryption, man-in-the-middle attack, lightweight cryptography