Upload
danitranoster8512
View
219
Download
0
Embed Size (px)
Citation preview
7/29/2019 Smart Grid No
1/4
SECURE SMART METER INFRASTRUCTURE IN MULTI-DWELLING ENVIRONMENT
Binod Vaidya, Dimitrios Makrakis, Hussein Mouftah
University of Ottawa, Ottawa, Canada
ABSTRACT
Smart grid deployment focuses on reliability, cost savings and
energy efficiency as well as customer satisfaction. Many
utilities are turning to Smart meter infrastructure technology.
Smart Energy profile was motivated by requirement to enable
personal energy management in Home area networks. In Multi-
dwelling units, wireless networking such as WiFi and ZigBee
could be feasible, as range of communications can be extended
to communicate with the gateway. In such a network, routing is
one of the fundamental components. However, designing
secure routing protocols for wireless mesh networks is achallenging task due to various reasons. In this paper, we
provide a comprehensive security mechanism for source
routing protocol in wireless multi-hop networks, which is
particularly suitable for multi-dwelling environment.
Index Terms Smart meter infrastructure, Multi-dwelling unit, wireless muti-hop network, secure routing
protocol
1. INTRODUCTION
Smart grid deployment focuses on reliability, cost savings
and energy efficiency as well as customer satisfaction. As a
strategic response, many utilities are turning to smart meterinfrastructure (SMI) technology.
Smart Energy Profile (SEP) 1.0 was motivated by
requirement to enable personal energy management in
Home area networks (HANs) and is used in many Smart
grid applications. Smart energy (SE) device include energy
service interface (ESI), metering device, in-home display
(IHD), programmable communicating thermostat (PCT),
load control devices (LCD), and other smart appliances.
SEP 2.0 is currently under development, which will offer
IP-based control for SMI and HANs [1].
For smart energy HAN, both wired and wireless
communication protocols can be considered, however,
wireless communications have significant advantages overwired ones. While multi-hopping is considered in wireless
communications such as low-power (LP) WiFi and ZigBee,
range of communications can be extended to communicate
with the gateway in larger smart energy HAN, especially in
multi-dwelling environment.
The wireless mesh networks may be preferred for
routing data in Neighborhood area network (NAN). In such
a network, routing is one of the fundamental components.
However, designing secure routing protocols for wireless
mesh networks is a challenging task due to various reasons
including resource constraints of nodes, limited capacity of
the wireless medium, self-organized form of the network.
In this paper, we provide a comprehensive security
mechanism for source routing protocol in wireless multi-hop
networks, which is particularly suitable for multi-dwelling
environment.
2. BACKGROUNDS
2.1. Multi-dwelling Units
Mid to high-rise dwellings including condominiums and
apartments have a number of neighboring premises area
networks operated by different customers residing on the
same premises. Such large buildings containing independent
dwellings are known as Multi-family dwelling or Multi
dwelling units (MDU) [2].
SEP 1.1 refers NAN as possible further use case
including MDUs, however, it provides little details
regarding NAN implementation. SEP 2.0 includes
specifications for MDU deployments. In MDUs, smart
meters are located in meter rooms near ground floor or in
basements. And they are physically secure with limited
access. In such MDUs, sub-meters allow for individualbilling to MDU residents.
When deploying SMI in MDU, challenge arises due to
not only need of seamless wireless connectivity but also
security and privacy concerns.
2.2. Secure routing mechanisms
In the wireless mesh multi-hop network, routing is one of
the fundamental components. For wireless mesh network,
several routing protocols such as Ad hoc On-Demand
Distance Vector (AODV), Dynamic Source Routing
(DSR)[3], and Hybrid Wireless Mesh Protocol (HWMP) can
be considered. However, none of above addresses security
and anonymity protection mechanisms.
Secure routing algorithms are used to protect the route
discovery and maintenance phase, which can counter
various attacks such as forging, modifying, or dropping of
routing messages [4]. For instance, Secure routing protocol
(SRP) [5], ARIADNE [6], Secure Dynamic Source Routing
(SDSR) [8] and Secure Route Discovery Protocol (SRDP)
[7] provide mechanisms to enable route establishment such
that malicious nodes cannot cause inappropriate routes. SRP
2012 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)978-1-4673-1433-6/12/$31.00 2012 IEEE
7/29/2019 Smart Grid No
2/4
uses end-to-end Message authentication codes (MACs)
whereas ARIADNE uses accumulation of MACs.
Furthermore, SDSR uses digital signatures as well as
accumulation of public Diffie-Hellmann and encrypted
hashed keys while SRDP uses MACs and aggregate
signature schemes of Accountable-Subgroup Multi-
signature (ASM).
Above schemes are not suitable for SMI since either
they lack sufficient security measures or they have
comparatively higher computational cost.
3. NETWORK CONSIDERSATIONS FOR MULTI-
DWELLING ENVIRONMENT
In many urban areas, MDUs are the norm rather than the
exception. These residential dwellings present challenges
and often require special planning to assure that wired (i.e.
fiber) or wireless networks can efficiently and reliably scale
the heights involved across multiple floors.
For existing MDU environment, where running fiber to
each unit may not be feasible, thus wireless networkinfrastructure could be viable solution. Cost-effective
wireless mesh architecture could deliver real-time services
such as voice and video as well as data services to the MDU
customers.
Following network considerations for multi-dwelling
environment have been accounted:
A single mesh network covering whole MDU; Range extenders are employed whenever coverage is
not sufficient;
Intermediate repeaters may not be trust-worthy; theybelongs to different dwellers;
SE devices (i.e. IHD) may be statics or semi-statics; All devices share same network key and networkaccess is granted by a Coordinator / Trust Center.
4. PROPOSED SECURE ROUTING SCHEME FOR
MULTI-DWELLING ENVIRONMENT
In this section, we propose secure routing scheme for
wireless mesh infrastructure in multi-dwelling environment.
Main goal is to furnish lightweight, efficient and secure
on-demand source routing protocol based on elliptic curve
cryptography (ECC) based public key cryptography.
The main intention of this mechanism is to obtain secure
route discovery in on-demand routing protocol by utilizing
self-certified public keying technique, Schnorr digital
signature algorithm, as well as multi-signature scheme.
As this framework is based on source routing algorithm,
it has three basic operations: initialization, route discovery,
and route maintenance.
4.1. Initialization
Prior to joining the network, every node has to access the
Certificate Authority (CA) in secure manner to obtain an
implicit certificate (i). CA has secret key (xCA) and publickey (XCA).
The ESI that includes Trust center and Coordinator shall
provide common network key to all SE devices, then each
SE device can have shared secret keys with other ones.
4.2. Secure Route Discovery and Maintenance
In the proposed secure route discovery, we have used
Schnorr digital signature algorithm for source node
authentication and multi-signatures scheme for intermediate
node authentication.
The route discovery in wireless multi-hop ad-hoc
network performed is as follows.
Consider a source node (S) that does not have route to
the destination node (D). When Shas data packets to be sent
to D, it initiates Route Request (RREQ) packet. This RREQ
packet is flooded throughout the network.
Initially, S will compute Schnorr digital signature (yS)
with the help of shared secret key (kSD) and append it to the
RREQ packet.When an intermediate node receives RREQ packet with
source address Sand destination addressD, the intermediate
node rebroadcasts it as per DSR protocol. Lets suppose the
RREQ will transverse through nodes A, B, and C before
reaching the destination D. When intermediate node A
receives the RREQ from S, it computes partial commitment
(A). Then node A appends its own address in the route listand its partial commitment, and then rebroadcastsRREQ.
Similarly, intermediate nodes B and C compute joint
partial commitments (1) and (
2) respectively, and append
their addresses in the route list and respective commitments
before rebroadcast RREQ. RREQ algorithm for secure
RREQ message flow is shown in Figure 1.
S ComputeyS= xS.h(kSD, M)+ kSD
where M = {S, D, Sid}
S * {REQ, M, {S}, yS}
A Choose A
Compute A = A.P
A * {REQ, M, {S, A}, A, yS}
B Choose B
Compute B = B.Pand 1 = A + B
B * {REQ, M, {S, A, B}, 1, yS}
C Choose C
Compute C= C.Pand 2 = 1 + C
C * {REQ, M, {S, A, B, C}, 2, yS}
Fig 1: Secure RREQ message flow
When D receives RREQ packet from its neighboring
nodes, it checks validity ofRREQ by verifying Equation 1.
If it is true, D will accept RREQ packet; otherwise, D will
discard it.
7/29/2019 Smart Grid No
3/4
yS.P = XS.h(kSD, M) + kSD.P (1)
Then, D generates route reply (RREP) packet, which
includes the accumulated route as obtained fromRREQ, and
partial multi-signature.
TheRREPis then sent back on the reverse route as given
by the accumulated route found in the corresponding RREQ.
Intermediate nodes compute joint partial signature
parameter (si). After appending this partial signature
parameter in RREP, intermediate nodes will pass it to the
next node on route path. Upon receiving RREP, S will
compute necessary parameters. RREP algorithm for secure
RREPmessage flow is shown in Figure 2.
D Choose D
Compute D = D.P
Compute
ComputesD = xD.h(M1) + D,
whereM1 = {S, D,Sid,{S, A, B, C, D}, T}
D C {REP, M1, sD}
C ComputesC= xC.h(M1) + C, ands 1 = sD + sC
C B {REP, M1, s 1}
B ComputesB = xB.h(M1) + B, ands 2 = s 1 + sB
C B {REP, M1, s 2}
A ComputesA = xA.h(M1) + A, ands T = s 2 + sA
A S {REP, M1, s T}
S Compute
Fig 2: Secure RREP message flow
Then S will check Equation 2 to verify the multi-
signature. If it holds, S will accept received RREP packet
from the destinationD; otherwise, Swill discard it.
sT.P = XCA.eT.h(M1) + RT.h(M1) + T (2)
With this algorithm, source S can be assure that it has
authenticated destination D and all intermediary nodes, in
turn, the source route is authentic and trustworthy.
In case of route maintenance, whenever a route breaks
because of node mobility, the neighbor of the node will send
route error to the source. In order to authenticate the packet
and ensure freshness, this scheme uses digital signaturealong with nonce in route error messages.
5. ANALYSIS OF PROPOSED MECHANISM
5.1. Security Analysis
Numerous attacks such as modification attack, man-in-the-
middle (MiTM) attack, invisible node attack may be
possible in existing on-demand source routing protocol in
wireless multi-hop networks that could threaten the security
of the network.
We will evaluate the proposed scheme for several active
attacks. Due to lack of space, we have not compared with
existing schemes.
5.1.1. Resistance to modification attacks
Malicious nodes can modify the protocol fields of messages
passed among nodes. Such attacks compromise the integrity
of routing computation. By altering routing information
such as the hop count and the destination sequence number,
an attacker can cause network traffic to be dropped,
redirected to a different destination or take a long route to
the destination increasing communication delays, in turn,
could cause a denial of service attack. In this scheme, the
multi-signature scheme provides authentication during route
discovery while Schnorr signature scheme provides source
node authentication duringRREQ process.
5.1.2. Resistance to Man-In-The-Middle attacks
In active attacks, an attacker actively participates indisrupting the normal operation of the network services. A
malicious host can create an active attack by modifying
packets or by introducing false information in the ad hoc
network. It confuses routing procedures and degrades
network performance. In this scheme, every intermediate
node participates while constructing multi-signatures, which
will be verified by the source at the end of the route
discovery process. Since all nodes use self-certified public
keys, it would be difficult for malicious nodes to participate
in the route discovery process.
5.1.3. Resistance to Invisible node attacks
In the case of ad hoc network, a malicious node simplyrelays unaltered messages during route discovery, resulting
in invalid routes being returned by the routing protocol to
the requesting node. In this mechanism, RREQ packet
carries joint commitments contributed by intermediate nodes
through which RREQ packet passes. Also while a RREP
packet travels towards the source, every intermediate node it
passes through participates in the construction of a multi-
signature. Thus the source can easily detect possible
invisible node attack.
5.2. Performance Evaluation
We have used OPNET as a simulator for performance
evaluation of the secure on-demand routing protocol used inmulti-dwelling environment.
The simulation includes a network having 50 nodes, each
having radio power range of 300m and channel capacity of 1
Mbps. For this purpose, 10 source and destination pairs are
randomly selected among the 50 nodes. Continuous bit rate
(CBR) traffic sources are used. Each run executes 300
seconds of simulation time.
7/29/2019 Smart Grid No
4/4
We have assumed that an adversarial node forwards a
routing packet without appending its address on RREQ
packet and can drop some of the data packets later.
While assessing the performance of the routing scheme,
we have considered packet delivery ratio (PDR) and
Average end-to-end delay (ETED). PDR is the ratio of
number of data packet successfully delivered to destinations
to number of data packets generated by CBR sources. The
ETED indicates how long it took for a packet successfully
delivery from the CBR source to the application layer of the
destination.
Fig 3: Effect of adversaries on PDR for various schemes
Figure 3 illustrates the effect of adversaries on PDR for
proposed scheme and existing schemes on applying above-
mentioned attack. It can be seen that with the increase of
misbehaving nodes, PDR for SRP scheme decreases
dramatically because it is susceptible to such an attack. And
similar result is observed in SDSR scheme. In the case of
proposed scheme, PDR remains above 80% even for higher
percentage of misbehaving nodes. It is clear that proposed
scheme is affected in much lesser extent because it can resist
the invisible man attack and tends to prevent from such an
attack.
Fig 4: Effect of adversaries on ETE delay for various schemes
Figure 4 shows the ETE delay for proposed scheme and
other schemes. It is plotted against percentage of adversarial
nodes applying above-mentioned attack scenario. In this
figure, we can observe that the ETED in network increases
with the increase in percentage of adversaries. For higher
percentage of adversaries, say 10%, the ETED for SRP and
SDSR are much higher than that for proposed scheme.
6. CONCLUSIONS AND FUTURE WORKS
In this paper, we provide comprehensive security framework
for wireless multi-hop SMI network, capable of providingend-to-end security. The proposed scheme deploys self-
certified public keying technique along with multi-signature
scheme and Schnorr digital signature scheme to achieve
secure route discovery. We have analyzed its robustness to
various attacks. The simulation results show that the
proposed scheme is not only robust against misbehaving
activities but also better than existing protocols.
In future, we will conduct more detailed security analysis
as well as performance evaluation of the proposed protocol.
7. ACKNOWLEDGMENTS
This work was supported by the Government of Ontariounder the ORF-RE WISENSE project as well as by NSERC
under the Discovery Grants program 2011 - 2016.
8. REFERENCES
[1]ZigBee Smart Energy Profile 2.0 Technical Requirements,M.G. Stuber (Ed.), Mar 2010.
[2] L. Negri, A ZigBee Smart Energy based Metering Solution forMulti Dwelling Units, 5th European ZigBee DevelopersConference, Munich, Germany, May 2011.
[3] D.B. Johnson et. al., The Dynamic Source Routing Protocol
(DSR) for Mobile Ad Hoc Networks for IPv4, IETF RFC 4728,2007.
[4] Y.C. Hu and A. Perrig, A survey of secure wireless ad hocrouting,IEEE Security & Privacy 2(3): 2839, 2004.
[5] P. Papadimitratos and Z.J. Haas, Secure Routing for MobileAd hoc Networks, In Proc. of CNDS 2002, San Antonio, TX,USA, 2002.
[6] Y.C. Hu, et. al., ARIADNE: A Secure On-demand RoutingProtocol for Ad hoc Networks, In Proc. of MobiCom 2002,
Atlanta, Georgia, USA, 2002.
[7] J. Kim and G. Tsudik, SRDP: Secure route discovery fordynamic source routing in MANETs, Ad Hoc Networks, 7(6):
1097-1109, 2009.
[8] F. Kargl, et. al., Secure Dynamic Source Routing,In Proc. ofHICSS 2005, Hawaii, 2005.
[9] M. Girault, Self-certified public keys,In Proc of Advances in
Cryptology: Eurocrypt'91, Springer, pp. 490-497, 1991.
[10] N. Koblitz, et. al., The state of elliptic curve cryptography,Designs, Codes and Cryptography, 19(2-3), pp. 173-193, 2000.
[11] P. Schnorr, Efficient Signature Generation by Smart Cards,Journal of Cryptology 4(3): 161174, 1991.
[12] S. Micali, et. al., Accountable-subgroup multi-signatures,InProc. ACM CCS 2001, Philadelphia, PA, USA, pp. 245-254, 2001.