Upload
demeke-robi
View
4
Download
1
Embed Size (px)
Citation preview
6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview
http://timreview.ca/article/702 1/7
Search
PleaseLoginorRegister
HOME TOPICS UPCOMINGTHEMES ISSUEARCHIVE CONTRIBUTE ABOUT CONTACTUS
InthisissueEditorial:Cybersecurity(July2013)CybersecurityFutures:HowCanWeRegulateEmergentRisks?SecuringCanadasInformationTechnologyInfrastructure:Context,Principles,andFocusAreasofCybersecurityResearchPeertoPeerEnclavesforImprovingNetworkDefenceKeystoneBusinessModelsforNetworkSecurityProcessorsManagingCybersecurityResearchandExperimentalDevelopment:TheREVOApproachSecurityChallengesinSmartGridMeteringandControlSystemsQ&A.ShouldStartupsCareaboutApplicationSecurity?TIMLectureSeriesGreenBusinessModelstoChangetheWorld:HowCanEntrepreneursRidetheSustainabilityWave?
AboutthisarticleCitation:Fan,X.,&Gong,G.2013.Security Challenges in
Smart-Grid Metering and Control Systems.TechnologyInnovationManagementReview,3(7):4249.http://timreview.ca/article/702
Citethisarticle:BibTex RTF Tagged MARC XML RIS
Authorinformation
XinxinFanUniversityofWaterlooXinxinFanisaResearchAssociateintheDepartmentofElectricalandComputerEngineeringattheUniversityofWaterloo,Canada.HeholdsaPhDdegreeinElectricalandComputerEngineeringfromtheUniversityofWaterloo,aswellasaBScdegreeinAppliedMathematicsandanMEngdegreeinInformationSystemsandTelecommunicationEngineeringfromXidianUniversity,China.Hisresearchinterestsrangefromfastandsecuresoftwareandhardwareimplementationsofcryptographicalgorithmstothedesignandtheanalysisofsecurityprotocolsforwirelessandwirelinenetworks.
Morebythisauthor
GuangGongUniversityofWaterlooGuangGongisaProfessorintheDepartmentofElectricalandComputerEngineeringattheUniversityofWaterloo,Canada,andsheistheManagingDirectoroftheCentreforAppliedCryptographicResearchatUniversityofWaterloo.SheholdsaBScdegreeinMathematics,anMScdegreeinAppliedMathematics,andaPhDdegreeinElectricalEngineeringfromuniversitiesinChina.Dr.GonghasalsoheldafellowshipattheFondazioneUgoBordoni,inRome,Italy,andwasAssociateProfessorattheUniversityofElectricalScienceandTechnologyofChina.Herresearchinterestsareintheareasofsequencedesign,cryptography,andcommunicationsecurity.
Morebythisauthor
Login
Username*
Password*
Createnewaccount
July2013
SecurityChallengesinSmartGridMeteringandControlSystemsXinxinFan,GuangGong
DownloadthisarticleasaPDF
Aswemodernizethenationselectricinfrastructuretomakeitsmarter,moreefficient,andmorecapable,weneedtomakeitmoresecurefromendtoend.
GaryLockeU.S.AmbassadortoChinaandFormerSecretaryofCommerce
Abstract
Thesmartgridisanextgenerationpowersystemthatisincreasinglyattractingtheattentionofgovernment,industry,andacademia.Itisanupgradedelectricitynetworkthatdependsontwowaydigitalcommunicationsbetweensupplierandconsumerthatinturngivesupporttointelligentmeteringandmonitoringsystems.Consideringthatenergyutilitiesplayanincreasinglyimportantroleinourdailylife,smartgridtechnologyintroducesnewsecuritychallengesthatmustbeaddressed.Deployingasmartgridwithoutadequatesecuritymightresultinseriousconsequencessuchasgridinstability,utilityfraud,andlossofuserinformationandenergyconsumptiondata.Duetotheheterogeneouscommunicationarchitectureofsmartgrids,itisquiteachallengetodesignsophisticatedandrobustsecuritymechanismsthatcanbeeasilydeployedtoprotectcommunicationsamongdifferentlayersofthesmartgridinfrastructure.Inthisarticle,wefocusonthecommunicationsecurityaspectofasmartgridmeteringandcontrolsystemfromtheperspectiveofcryptographictechniques,andwediscussdifferentmechanismstoenhancecybersecurityoftheemergingsmartgrid.Weaimtoprovideacomprehensivevulnerabilityanalysisaswellasnovelinsightsonthecybersecurityofasmartgrid.
Introduction
Theterm"smartgrid"generallyreferstoanextgenerationpowergridinwhichthegeneration,transmission,distribution,andmanagementofelectricityareupgradedandautomatedbyincorporatingadvancedcomputingandcommunicationtechnologiesforimprovingtheefficiency,reliability,economics,andsafetyofthegrid.Looselyspeaking,asmartgridiscomposedofapowergridandatwowaycommunicationnetworkforinformationretrievalandmanagement.Whencomparedtolegacyandclosedpowercontrolsystems,thesmartgridisenvisionedtoestablishascalable,pervasive,andinteractivecommunicationinfrastructurewithnewenergymanagementanddemandresponsecapabilities.Duringthepastfewyears,smartgridmeteringandcontrolsystemshavebeenwidelydeployedthroughouttheworld.AccordingtoanewNavigantResearchreport(2013),theglobalmarketpotentialforsmartgridequipmentmanufacturersandsolutionproviderswillnearlydoubleby2020,reaching$73billioninannualrevenueand$461billionincumulativeprofit.
Asmartgridbringsgreatperformancebenefittothepowerindustryandenablesenduserstooptimizetheirpowerconsumptionhowever,theheavydependenceoncommunicationnetworkshasmadesmartgridsvulnerabletoawiderangeofcyberspacethreats.Forexample,ithasbeenshownthatsecuritybreachesinsmartgridscanresultinavarietyofseriousconsequences,fromblackoutsandphysicaldamageofinfrastructuretotheleakageofcustomerinformation.Consideringthevastscaleandcomplexarchitectureofasmartgrid,itisnotdifficulttounderstandthatthevulnerabilitiesassociatedwiththesmartgridcommunicationsystemmayalsobeenormous.Thosesecurityvulnerabilitiesneedtobeproperlyaddressedtoensurethatsmartgridsarenotonlysecureandfunctioncorrectly,butthattheyalsomaximizetheiradoptionandsuccessfullyfulfillthepromiseofsmartgridinvestment.
Althoughmostofthearchitectures,frameworks,androadmapsforsmartgridshavealreadybeendefinedbythegovernments,industry,andacademia,therearestillmanyimportantsecurityandprivacyissuesinsmartgridcommunications.Theseissuesarenowconsideredbygovernmentsandindustrytobeoneofthehighestprioritiesforsmartgriddesign,andtheymustberesolvedbeforesmartgridscanbeoperationallyreadyforthemarket.Inthisarticle,wewillpresentthehighlevelarchitectureofasmartgridmeteringandcontrolsystem,andwewilldescribetypicalcyberspaceattacksonsmartgridcommunications.Wealsowillsummarizethesecurityrequirements,reviewsomeexistingsolutions,andhighlightseveralimportantdirectionsalongthisemergingresearchline.
6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview
http://timreview.ca/article/702 2/7
Requestnewpassword
Login
RelatedarticlesTIMLectureSeriesTheInternetofEverything:Fridgebots,SmartSneakers,andConnectedCarsJ.Greene
RealTimeMobileCommunicationofPowerRequirementsforElectricVehiclesD.Smith
Theperiodicpowerrequirementsofanelectricvehiclearedifficulttopredictbecausethevehicle'slocation,theamountofchargeremaininginitsbatteries,andthetimingofitsnextchargearenotknown.Forclustersofelectricvehicles,theproblemismagnified,andthereisariskthatthedemandwillstrainandoverloadapowerutilitysinfrastructure.Operationalmanagersare...
TIMLectureSeriesEnergyEfficiencyandDataSecurityinModernDataCentresJ.Glowka
TIMLectureSeries:PrivacyandSecurityinaConnectedWorldD.King
OnMay7,2008,DouglasG.King,AssistantProfessorofSystemsandComputerEngineeringatCarletonUniversity,deliveredapresentationentitled"PrivacyandSecurityinaConnectedWorld".
TheTIMLectureSeriesprovidesaforumtopromotethetransferofknowledgefromuniversityresearchtotechnologycompanyexecutivesandentrepreneursaswellasresearchand...
Theremainderofthisarticleisorganizedasfollows.First,wepresentthefundamentalarchitectureandfunctionalitiesofasmartgridmeteringandcontrolsystem.Next,wefocusonthesecurityrequirementsforsmartgridcommunications,followedbyasurveyofcurrenteffortsmadebytheindustryandacademiatosecurethesmartgridnetworksanddevices.Finally,weproposeseveralresearchareasanddirectionsinsmartgridsecurityanddrawsomeconclusions.
Architecture
Atypicalsmartgridmeteringandcontrolsystem,asillustratedinFigure1,consistsofacollectionofmeters/sensorsandcontrollers/actuatorsthatcommunicatewithasubstation/dataconcentrator,aconsumerortechnician,andvariousthirdpartyentities.Thecommunicationamongdifferentnetworkentitiesisrealizedbyhighspeedwiredorwirelesslinksoracombinationthereof.Asmartgridmeteringandcontrolsystemhasalayerednetworkstructurethroughwhichitcollectsdataandcontrolsthedeliveryofelectricity.
Figure1.ArchitectureofatypicalSmartgridmeteringandcontrolsystem
Themainfunctionalitiesofeachcomponentinasmartgridmeteringandcontrolsystemareasfollows:
1. Utilitycompany:connectstothesubstationnetworkthroughthewideareanetwork(WAN)interfaceandthecommunicationchannelmightbeWiFi,satellite,4GLTE,WiMax,etc.Theutilitycompanyisresponsibleforprocessingalarmsandalerts,managingthemeterdata,andgeneratingbills.Moreover,itmayalsoprovideawebportalthatallowscustomerstoviewtheirmonthlyenergyconsumptionandbills.
2. Substation/dataconcentratornetwork:consistsofanumberofsmartmetersinacertainareaaswellasadatacollector.TheconnectionbetweensmartmetersandthedatacollectormightthroughWiFi,ZigBee,powerlinecarrier(PLC),etc.Typically,thesmartmetersformawirelessmeshnetworkandforwardthemeterreadingstothedatacollectorthroughmultihopcommunications.Thedatacollectorthentransmitstheaccumulateddatatotheutilitycompany.
3. Homeareanetwork(HAN):providestheconsumeraccesspointstocontrolandmonitortherealtimepowerconsumption.TheHANcontainsahomegatewaythatreceivesthepowerconsumptiondatafromthesmartmeteranddisplaysitonhouseholder'sdevices(e.g.,laptop,tablet,smartphone).Furthermore,thehomegatewaymaysendthepowerconsumptiondatatoathirdpartyforothervalueaddedservices(e.g.,efficiencyadvice,supplierselection).TheHANalsoincludesacontrollerthatenableshouseholderstoremotelycontrolthestatusoftheirhomeappliances.
4. Smartmeter:iscomposedofamicrocontroller,ametrologyboard,andacommunicationboard.Underthecontrolofthemicrocontroller,themetrologyboardmeasurestherealtimepowerconsumption,andthemeterdataistransmittedtoboththesubstationnetworkaswellasthehomeareanetworkthroughthecommunicationboard.TheconnectionbetweenthesmartmeterandhomeappliancesmaybethroughWiFi,ZigBee,Ethernet,HomePlug,WirelessMBus,etc.Thesmartmetermayalsocontainadisconnectionfunctionthat(ifenabled)allowsutilitycompaniesorcustomerstoremotelyconnectordisconnectthehomeappliancesandservices.
5. Thirdparty:reliesonaccuratemeterreadingstoprovidevalueaddedservicesforhouseholders,includingpowerefficiencyadvice,supplierselection,etc.Thoseserviceswillhelphouseholderstomanagetheirpowerusageinacosteffectiveway.
Requirements
Theconventionalpowergridiscomposedofdedicatedpowerdevicesthatformclosednetworkswithreliableandpredicablecommunicationlinks.Incontrast,asmartgridmeteringandcontrolsystemreliesonadvancedwiredandwirelesscommunicationnetworks,therebyinheritingalloftheweaknessesandpotentialcyberspacevulnerabilitiesofgeneralcommunicationnetworks.Thesmartgridmeteringandcontrolsystemisbecominganincreasinglycommontargetforcyberspaceattacks,andstrongandrobustsecuritymechanismsareparamountforthepreventionoffinancialfraud,environmentalaccidents,andahostofotherpotentiallydisastrousincidents.Inthissection,we
6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview
http://timreview.ca/article/702 3/7
discussthemajorsecurityconcernsandrequirementsforsmartgridmeteringandcontrolsystems.
Effortsfromstandardsbodiesandorganizations
Anumberoforganizationshavebeenactivelyworkingonthedevelopmentofsmartgridsecurityrequirements,asillustratedinBox1.Amongexistingsmartgridstandardizationefforts,theNISTFrameworkandRoadmapforSmartGridInteroperabilityStandardsanditsInteragencyReport,GuidelinesforSmartGridCyberSecurity(NISTIR7628),representthemostcomprehensivecoverageofcyberspacesecurityrequirementsinthesmartgrid.
Box1.Examplesoforganizationsworkingonsmartgridrequirements
ElectricPowerResearchInstitute(EPRI)InternationalSocietyofAutomation(ISA)IEEE14022000InternationalElectrotechnicalCommission(IEC)NationalEnergyBoard(NEB,Canada)NorthAmericanElectricalReliabilityCorporationCriticalInfrastructureProtection(NERCCIP)NationalInstituteofStandardsandTechnology(NIST)
Allstandardsbodiesconsistentlyspecifythreehighlevelsmartgridsecurityobjectives:availability,integrity,andconfidentiality.However,eventhoughthestandardsbodiesdefinethesecurityrequirementsbasedonafairlycomprehensivesetofusecasesinthepowerindustry,thereisstillaconsiderablegapbetweenunderstandingthesecurityrequirementsinthestandardsandapplyingthemtodesignasecuresmartgridmeteringandcontrolsystem.Itisextremelyimportantfordesignersandpractitionersofsmartgridstogaindeepunderstandingaboutawiderangeofmaliciousattackstothesmartgrid,asdetailedbelow.
Availability
Availabilityreferstoensuringtimelyandreliableaccesstoinformation,whichistheprimarysecuritygoalofasmartgridmeteringandcontrolsystem.Maliciousattackstargetingavailabilitycanbeconsideredasdenialofserviceattacks,whichintendtodelay,block,orevencorruptthecommunicationinthesystem.Inparticular,duetotheextensiveadoptionofwirelesscommunicationtechnologiesinthesmartgrid,ajammingattackthatfillsthewirelessmediumwithnoisesignalshasbecomethemosttypicalformofphysicallayerattack.Thejammingattackisabletodeferthetransmissionofmessagesandtodistortthetransmitteddatasignal.Asaresult,thelegitimatereceivercannotrecovermessagesoutofthedamageddatapackets.Jammingattacksaremorerelevantandseriousinthesmartgridthanotherthanothernetworkingsystems,becausethesmartgridinvolvesessentialresourcesforpeopleseverydaylives.Ontheotherhand,manymaninthemiddleattackscanbelaunchedonlywhenthefullorpartialcommunicationchannelscanbejammed.Examplesincludejammingtheninsertingfalselocationinformationandjammingthendelayingthetransmission.Becausethenetworktrafficinthesmartgridisgenerallytimecritical,itiscrucialtoevaluatetheimpactofdenialofserviceattacksandtodesignefficientandeffectivecountermeasurestosuchattacks.
Integrity
Integrityreferstopreventingordetectingthemodificationordestructionofinformationbyunauthorizedpersonsorsystems.Maliciousattackstargetingtheintegrityofasmartgridattempttostealthilymanipulatecriticaldatasuchasmeterreadings,billinginformation,orcontrolcommands.Recentresearch(Liuetal.,2011)hasdemonstratedthatanewclassofattacks,calledfalsedatainjectionattacks,arehighlyviableagainstthestateestimationinelectricalpowergrids.Basedontheassumptionthatanattackerhascompromisedoneorseveralsmartmetersandisabletoaccessthecurrentpowersystemconfigurationinformation,suchattackscansuccessfullyinjectarbitrarybogusdataintothemonitoringcentre,andatthesametime,passthedataintegritycheckingusedincurrentstateestimateprocesses.Integrityprotectioncanbeachievedbyauthentication,certification,andattestation.Morespecifically,thesmartdevicesandsubstationmustauthenticateeachothersidentitytothwartimpersonation.Datacertificationofamessagepreventsmodificationofdataduringtransmission.Dataauthenticationwithnonrepudiationgoesbeyondcertificationbypreventingthesenderfromclaimingthatitdidnotsendthedata.Substationsuseattestationtoconfirmthatthememorycontents(codeanddata)onasmartdevicehavenotbeenmodified.Thesecurityservicesrelatedtointegrityareusuallyimplementedusingpublickeycryptography,whichrequiresatrustedthirdpartythathostsakeymanagementservice.
Confidentiality
Confidentialityreferstoprotectingpersonalprivacyandproprietaryinformationfromunauthorizedaccess.Maliciousattackstargetingconfidentialityaimatobtainingdesirableinformation(e.g.,powerusage,customersaccountinformation)througheavesdroppingoncommunicationchannelsina
6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview
http://timreview.ca/article/702 4/7
smartgridmeteringandcontrolsystem.Althoughsuchattackshavenegligibleeffectsontheoperationofthesystem,thetransmissionoffinegrainedconsumptiondatabysmartmetershasraisedconcernsaboutprivacy.Research(Quinn,2009)hasshownthattheconsumptiondatacollectedbysmartmetersreflectstheuseofallelectricappliancesbyinhabitantsinahouseholdovertime,anditallowscriminalstomakeinferencesaboutthebehaviours,activities,orpreferencesofthoseinhabitants.Thoseprivacyissuesneedtobeaddressedappropriatelytoreducecustomersfearsaboutpotentialleakagesoftheirinformation.Somebestpracticesrelatingtoprivacyhavebeenproposedforthedesignofsmartgrids(Cavoukian,2010).Anemergingtrendisforthesmartmeterstoaggregateusagedataforbillingpurposesandsupportloadbalancingandothermonitoringfunctionsthroughpeertopeerprotocolsthatpreservetheconsumersprivacy.
CurrentApproaches
BasedonthesecurityguidelinesspecifiedbytheNISTandotherstandardsbodies,bothindustryandacademiahavemadeeffortstoaddressthechallengingsecurityissuesinsmartgridmeteringandcontrolsystemsbyemployingvariouscryptographictechniques.Here,wegiveanoverviewofseveralexistingcybersecuritysolutionsproposedbyindustryandacademiaforsmartgridcommunications.
Cybersecuritysolutionsfromindustry
In2007alargestakeholdercommunitywasassembledbytheZigBeeAlliancetoaddressthesecurityissuesinthesmartgridthiscommunitydevelopedwhatisknownastheZigBeeSmartEnergyProfile(SEP).TheZigBeeSEPhasbeenwidelyadoptedasthecommunicationinfrastructureinhomeareanetworks.Regardingtothesecurity,theZigBeeSEPspecifiesthateachsmartmetershouldbeequippedwithanEllipticCurveQuVanstone(ECQV)implicitcertificatebeforedeployment.TheECQVcertificateismuchsmallerthanatraditionalX.509certificate,anditbindsametersMACaddressandmanufactureidentifiertoanECCkeypair.AlthoughtheECQVcertificateissuancehasbeenaddressed(Certicom),thecertificaterenewalandrevocationprocessesarenotdefinedintheZigBeeSEP.
Forsupervisorycontrolanddataacquisition(SCADA)systems,NIST(2010)suggestsAES,SHA1,andRSA,andIEC62351specifiesRSA1024.However,itisnowknownthatRSAisapoorchoiceforSCADAnetworksbecauseofthehighcomputationcostofRSAencryptionandthelimitedcomputingpowerofSCADAdevices.TheStandardsCouncilofCanadaandtheEuropeanUnionalsodefinecybersecurityrequirementsforsmartgrids,butdonotspecifyasuiteofcryptographicalgorithmstomeettherequirements,exceptthattheStandardsCouncilofCanadaspecifiesthatSHAbeusedasthesecurehashfunction.Itremainsanopenresearchproblemtofindasetofcryptographicalgorithmsthatprovidetherightcombinationofsecurityandimplementabilityforthesmartgridmeteringandcontrolsystem.
Besidesindustryalliancesandstandardsbodies,thereareanumberofmanufacturersofsmartdevicesforSCADAnetworksandmetersforsmartgrids.Implementationdetailsforthesedevicesaregenerallyconsideredproprietaryinformation,butafewgeneralizationscanbemade.Thecryptographicalgorithmsareimplementedinsoftwareonalowpower16bitmicroprocessor.RSA1024orECC256/384isusedforpublickeyservices.SymmetrickeyservicesuseAES128orAES256.Somedevicesusespreadspectrummodulation.Mostsmartdevicemanufacturersimplementthesecurityservicesthemselves.Afewcompanieshaveahardwaresecuritymodule(HSM)orsimilarproductthatisindependentofaspecificsmartdevice.SafeNetsPKIHSMprovidespublickeycryptographywithRSA1024andECC256/384,andsymmetrickeycryptographywithAES256toperformattestation,keymanagement,encryption/decryption,andbilling.GEDigitalEnergymakesafamilyofwirelessrouterswithAES128designedtoconnecttosmartmetersandcontrollers.WithinCanada,TofinoSecuritysIndustrialSecuritySolutionisaserversidesoftwareprogramcombinedwithsecuritydevicesthatactaswiredaccesspointswithencryptionformetersandactuators.BentekSystemsSCADALinkSMX900isamodularwirelessremoteterminalunit/modemthatsupportsspreadspectrumcommunication,butdoesnotappeartohaveanyfacilitiesforencryption,authentication,etc.
Cybersecuritysolutionsfromacademia
Acriticalcomponentofsmartgridsecurityiskeymanagement,whichwillensuretheconfidentiality,authenticity,andintegrityofdevicesandcommunicationswithinthegrid.Mostpreviousresearchfocusedondesigningcryptographicprotocolstoprovidecertainsecurityfunctionalities.
Efficientimplementationsofencryptionschemesareessentialforprovidingconfidentialityinasmartgrid.Anexperimentalstudyabouttheperformanceofasymmetrickeycipher(i.e.,DESCBC)andapublickeycipher(i.e.,RSA)onanintelligentelectronicdevice(IED)calledTS7250hasbeenconducted(WangandLu,2013),wheretheIEDisusedforsendingthetransformerstatusandreceivingcommandsfromthecontrolcentre.TheseexperimentalresultsshowthatthecomputationalabilityofanIEDbecomesabottleneckforthedelayperformancewhenperformingasymmetrickeycryptography.TheseauthorsalsosuggestedthatasymmetrickeyapproachismoresuitableforrealtimeIEDcommunicationsinpowerdistributionandtransmissionsystems.
6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview
http://timreview.ca/article/702 5/7
Authenticationiscrucialtoprotecttheintegrityofdataanddevicesinthesmartgrid.Duetothelimitedcomputationalcapabilitiesofdevices,stringenttimingrequirements,andhighdatasamplingratesinthesmartgrid,traditionalauthenticationschemesmightnotbeapplicable.Moreover,besidessupportingbasicdataanddeviceauthentication,multicastauthenticationisanotherdesirablefeatureduetothemulticastnatureofthesmartgridcommunication.Anumberofauthenticationschemeshavebeenproposedintheliteratureforsmartgrids.SzilagyiandKoopman(2009and2010)proposedflexibleandlowcostmulticastauthenticationschemesforembeddedcontrolsystems.Thebasicideaistoverifytruncatedmessageauthenticationcodes(MACs)acrossmultiplepackets,therebyachievingagoodtradeoffamongauthenticationcost,delayperformance,andtolerancetoattacks.Wangandcolleagues(2009)proposedafastmulticastauthenticationschemefortimecriticalmessagesinthesmartgrid.Theirschemeisbasedonanefficientvariantofaonetimesignature(OTS)scheme.Althoughtheproposedschemeisefficientintermsofcomputation,thepublickeysizeinanOTSbasedschemeisquitelarge(i.e.,ontheorderof10KB).Hence,bothcommunicationandstorageoverheadaresignificantinthiscase.Luandcolleagues(2012)conductedanempiricalstudyforafewdataoriginauthenticationschemesinsubstationautomationsystems(SAS).TheseauthorscomparedtheperformanceofRSA,MAC,andOTSonasmallscaleSASprototypeandconcludedthattheexistingauthenticationschemescannotbeapplieddirectlyintotheSASduetoinsufficientperformanceconsiderationsinresponsetoapplicationconstraints.
Theheterogeneouscommunicationarchitectureofthesmartgridhasmadethekeymanagementparticularlychallenging,anditisnotpracticaltodesignauniversalkeymanagementschemefortheentiresmartgrid.Thesimplestwayistouseasinglekeysharedbyallthemetersinthesmartgrid.However,thissolutionwillcausethesinglepointoffailureduetothelackofatamperproofmoduleinsmartmeters.Beaverandcolleagues(2002)proposedanelementarykeyestablishmentschemecalledSKEforSCADAsystems.Whereasthemasterslavecommunicationsaresecuredbysymmetrickeyschemes,thepeertopeercommunicationsareprotectedbypublickeyschemes.However,theschemeproposedbytheseauthorsdoesnotsupportefficientmulticastandbroadcastauthenticationinthesmartgrid.Dawsonandcolleagues(2006)proposedSKMA,akeymanagementschemeforSCADAsystems.Theseauthorsintroducedakeydistributioncentre(KDC)andeachnodemaintainstwotypesoflongtermkeys:nodetoKDCandnodetonode.AsessionkeyinSKMAisgeneratedusingthenodetonodekey.Unfortunately,SKMAdoesnotconsiderissuesofmulticast,
keyupdate,andrevocation.ChoiandcolleaguesdescribedASKMA(2009)andASKMA+(2010)forkeymanagementinSCADAsystems,respectively.Bothschemesaredesignedbasedontheusageofalogicalkeyhierarchy(LKH),whichisabletoachieveefficientkeymanagementamongallnodes.Inparticular,ASKMAsupportsbothmulticastandbroadcastauthenticationandtheperformancehas
beenfurtherimprovedinASKMA+.
Althoughmanyencryption,authentication,andkeymanagementschemeshavebeenproposed,theirperformancedoesnotseemtofulfillthestringenttimingrequirementsofthesmartgrid.Therefore,finegrainedandadvancedsecurityprotocolsstillneedtobedevelopedforprotectingdifferentcommunicationnetworksinsmartgrids.
Inasmartgrid,theutilitycompanyneedstherealtimepowerconsumptiondataforplanningpurposesaswellasforprovidingaccurateandauthenticbilling.Fortheutilitycompany,thecorrectnessofthecalculatedbillsisthemostimportantissue.However,fromthecustomersperspective,privacyisthemainconcern.Researchershavedesignedprivacypreservingbillingprotocolsusingadvancedcryptographictechniquessuchaszeroknowledgeproofandhomomorphicencryption.Bohilandcolleagues(2010)proposedaprivacymodelforsmartmetering,inwhichatrustedthirdpartyproxyisintroducedtocollectmeterreadingsfromindividualcustomersandaggregatedatabeforeforwardingittotheutilitycompany.Lateron,GarciaandJacobs(2012)proposedtheuseofhomomorphicencryptiontopreventtheutilitycompanyfromaccessingthepowerconsumptiondataofindividualhouseholds.Usingthoseadvancedcryptographictechniques,utilitycompaniesonlyreceivethecommitmentsoftherealtimepowerconsumptioninsteadoftherawdatafromsmartmeters,andcustomerscanprovetotheutilitycompanythatautilitybillhasbeencorrectlygenerated.
Besidesresearchintoaddressinggeneralprivacyconcernsforthesmartgrid,anumberofresearchershavebeenfocusingondesigningandimplementingprivacypreservingbillingprotocols.Rialandcolleagues(2011)proposedaprivacypreservingbillingprotocolinwhichthepowerconsumptiondataissenttotheuseralongwithotherinformationfromthesmartmeter,andtheusercomputesthebillbasedonthepricingpolicyduringeachbillingperiod.Afterthat,theusersendstheproofofcorrectcomputationtotheutilitycompany,whereahomomorphiccommitmentschemehasbeenusedtoconstructtheproof.Kursaweandcolleagues(2011)presentedasetofprotocolsthatcanbeusedtoprivatelycomputeaggregatemetermeasurementsoverdefinedsetsofmeterswithoutrevealinganyadditionalinformationabouttheindividualmeterreadings.Moreover,theirprotocolsalsoallowfordetectionoffraudandleakageaswellasnetworkmanagementandstatisticalprocessingofmetermeasurements.MolinaMarkhamandcolleagues(2012)implementedtheprivacypreservingbillingprotocolproposedbyRialonaMSP430basedmicrocontrollerandverifiedthefeasibilityofdesigningprivacypreservingsmartmetersusinglowcostmicrocontrollers.
6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview
http://timreview.ca/article/702 6/7
FutureOutlook
Thesmartgridmeteringandcontrolsystemconsistsofheterogeneouswiredandwirelessnetworksanddevicesfromvariousdomains.Eachsubsysteminthesmartgridcurrentlyfollowsthedifferentstandardsandregulationsandhasdistinctsecurityrequirements.Inparticular,thesmartgridfacesuniquechallengesstemmingfromthecombinationofstringentsecurityrequirements,limitedcomputationalresources,timecriticalmessagedeliveryandresponses,andtheuseofheterogeneousnetworkswithmultipleauthenticationandprotectionmechanisms.Althoughalotofeffortshavebeenmadebyindustryandacademiatoaddressawiderangeofsecurityissuesinthesmartgrid,therearestillmanychallengesthatneedtobetackledbeforesmartgridscanbewidelydeployed.Fromtheviewpointofcryptographictechnique,wehighlightseveralresearchareasanddirectionsthatneedtobefurtherinvestigated.
Alightweightciphersuiteforsmartgriddevices
Thetightcostandresourceconstraintsinherentinmassdeploymentsofsmartgriddevicesbringforwardimpendingrequirementsforimplementingalightweightciphersuitethatcanperformstrongauthenticationandencryption,andprovideothersecurityfunctionalities.Previousresearchhasshownthatusingclassicalcryptographicalgorithmsthataredesignedforfullfledgedcomputershasbecomethebottleneckinmanysmartgridapplications.Inordertomeetthestringenttimerequirementsinasmartgrid,itishighlydesirabletostandardizeasetoflightweightsymmetrickeyandasymmetrickeyciphersforsecuringsmartgridapplications.
Advancedkeymanagementforsmartgridnetworks
Encryptionandauthenticationarecrucialcryptographicprocessesinasmartgrid,becausetheyprotectdataintegrityandconfidentiality,andanefficientkeymanagementschemeisthefoundationthatensuresthesecureoperationofasmartgrid.Becauseasmartgridiscomposedofheterogeneouscommunicationnetworksandinvolvessymmetrickeyandasymmetrickeycryptosystems,alargesetofcryptographickeysneedtobemanagedinanefficientmanner.Asophisticatedkeymanagementframeworkneedstobedesignedtodealwithsecurityservicesaswellastheseamlesshandoverofthoseservicesacrossdifferentsubsystemsinthesmartgrid.
Privacypreservingoperationsinsmartgridnetworks
Smartgridcommunicationshaveraisedseriousconcernsaboutuserprivacyduetothepossibilityofinferringcustomersbehaviourandhabitsfromthedetailedenergyusageinformation,whichcanleadtopotentialrisksthatconsumerswouldbevulnerabletocriminalactivitiesandpersonalinformationleakage.Advancedprivacypreservingsecurityschemesneedtobedevelopedandintegratedintosmartgridnetworkstoenableutilitycompaniestoperformtheregularbusinessoperationssuchascustomerbillingonlyusingaggregatedpowerconsumptioninformation.Therealtimepowerconsumptiondatashouldonlybeaccessiblebyindividualcustomers.
Conclusion
Smartgridmeteringandcontrolsystemsholdenormouspromiseforimprovingefficiency,convenience,andsustainability.However,thecomplicatedandheterogeneoussystemarchitecturehasmadesecuringthesmartgridparticularlychallenging.Cybersecurityinthesmartgridmeteringandcontrolsystemisanimportantandrapidlyevolvingareathathasattractedattentionfromgovernment,industry,andacademia.Inthisarticle,weintroducedthehighlevelarchitectureofasmartgridmeteringandcontrolsystem,detailedthesystem'ssecurityrequirements,summarizedtherecenteffortsfromindustryandacademia,andhighlightedseveralareasanddirectionsforfurtherresearch.Ourobjectiveistoshedsomelightoncybersecurityinthesmartgridandtotriggertheclosecollaborationsamonggovernment,industry,andacademia.
Basedonourdiscussioninthisarticle,itisclearthatimplementinganintegratedandfinegrainedsecuritysolutionthatisabletoaddresspotentialsecurityandprivacyissuesineachsubsystemofasmartgridiscriticaltoguaranteeitssuccessfuldeployment.Moreover,thedesignofsecuritysolutionsshouldtakeintoaccountthesalientfeaturesofthesmartgridaswellastheunderlyingpowersystem.Lookingtothefuture,thejointeffortsfromindustryandacademiawillmaketheeraofsmartenergybecomerealityatastaggeringspeed.
Sharethisarticle:
Citethisarticle:BibTex RTF Tagged MARC XML RIS
RateThisContent:
Novoteshavebeencastyet.Haveyoursay!
0 1 0googleplus 3 1
6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview
http://timreview.ca/article/702 7/7
CopyrightTalentFirstNetwork20072015ISSN:19270321FormerlytheOpenSourceBusinessResourceTheTechnologyInnovationManagementReviewispublishedunderaCreativeCommonsAttribution3.0UnportedLicense.Authorsretainfullcopyrighttotheirindividualworks.
Topic:ManagingInnovation TechnologyEntrepreneurship
Moreinformationabouttextformats
Keywords:authentication,cybersecurity,encryption,privacy,smartgrid
AddnewcommentYourname
Subject
Comment*
NoHTMLtagsallowed.Webpageaddressesandemailaddressesturnintolinksautomatically.Linesandparagraphsbreakautomatically.
Save Preview