14
www.reveresecurity.com 1 © 2009-2010 Revere Security. All rights reserved. August 10, 2010 Securing the Smart Grid at the Edge Hanns-Christian L. Hanebeck

Smart Grid Cyber Security Summit Revere

Embed Size (px)

DESCRIPTION

This presentation addresses the unique challenges of securing Smart Meters and SCADA devices within the power grid. The Revere Security Hummingbird cipher is introduced as a solution to the problem of securing microprocessors below 32-bit.

Citation preview

Page 1: Smart Grid Cyber Security Summit Revere

www.reveresecurity.com 1© 2009-2010 Revere Security. All rights reserved.

August 10, 2010

Securing the Smart Grid at the Edge

Hanns-Christian L. Hanebeck

Page 2: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

The Robespierre Leadership Model

2

“I must see which way the crowd is headed ... for I am their leader!"

Page 3: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Do We Need to Secure the Edge?

3Image Sources: nbc.com and smartgridsecurity.blogspot.com

On January 25, 2003 hackers infected the Davis-Besse nuclear power plant in Ohio with a worm. The virus entered through a “secure” T1 line for an external consulting firm. While the infection did not harm the plant, which had been off-line during the worm attack, it caused the Safety Parameter Display System to be down for five hours and the plant process computer for six.

Four years later, IBM researcher Scott Lunsford hacked into a nuclear power plant and claimed that entering through the SCADA network “… turned out to be one of the easiest penetration tests I'd ever done …”

Source: Forbes, America’s Hackable Backbone, Oct. 2007

Page 4: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Is Technology Available to Secure the Edge?

4

Complex Smart Devices• 32-bit or higher microprocessor• AES /ECC Encryption very well suited

Simple Smart Devices• 16-bit or lower microprocessor• AES /ECC Encryption too large, too expensive• Revere Hummingbird perfectly suited

• Revere Hummingbird very well suited

today

Page 5: Smart Grid Cyber Security Summit Revere

Old Security Doesn’t Always Solve NEW Problems

© 2009-2010 Revere Security. All rights reserved. 5

Traditional Security Framework

Physical Infrastructure

Networks and Servers

Endpoints: Laptops, PCs

Processes and Applications

People and Identities

Data, Information, Knowledge

Phones

Mobile Devices

Sensors& SCADA

Smart Meters

RFID Tags?

?

?

?

?

Very long time to market

Very few experts

worldwide

Littlecustomer & consumer

pull

Page 6: Smart Grid Cyber Security Summit Revere

Requirements for Security at the Edge

© 2009-2010 Revere Security. All rights reserved. 6

Easy to Integrate Short Messages e.g. 16-bit Cipher

Built-in MAC

Little Code Space Required – Fits on a 16-bit Chip

Lower Power RequirementMutual Authentication Protocol

Simple, Scalable Key Management System

Anonymous Communications

Page 7: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Security Along the Power Supply

7

Security at the EDGE of the Smart Grid necessitates handling of many small, resource constrained devices

Generation

Storage Substation

Consumption

UtilitySCADA Smart Meter

Page 8: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Security for Smart Metering

8

Protecting Smart Meters will require industrial-strength security on a very small footprint.

12

3

3

4

5

6

1 Consumer uses energy

2 Smart Meter records and transmits consumption data

3 Wireless networks (Wi-Max, cell, BPL, etc.) transmit information to the utility

4 Utility aggregates usage data, prepares pricing and makes information available to the consumer

5 Consumer accesses the information online

6 Consumer makes choices that will affect energy consumption

Page 9: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Smart Meter Security Example

9

Sensus iCon Smart Meter

Image Sources: ukfrrnell.com and joysco.com

TI MSP430

Hummingbird is up to 416% faster and consumes 76% less power than AES (EAX’).

Page 10: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Implementing Security - Key Management

10

• Highly complex• Need to manage keys on the smart meter (HAN)• Requires very high level of systemic security• Keys might need to be assigned on a temporary basis• Handhelds and laptops for key commissioning may be

lost

Key ManagementChallenges

Solution • Distributed hierarchical system architecture• Scalable to well more than 100 million keys• Authentication of field devices by installed smart meters• Anonymous identification and key management to protect privacy• Secure assignment of temporary session keys

Page 11: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Implementing Security – Other Challenges

11

• Authentication is vital to prevent unwanted access• It ensures that commands and data are authorized• In cases where encryption and authentication are

required, a one-pass approach is superior

Built-in Authentication

• Consumers will likely want ownership of and control over their own consumption data

• The integration of multiple devices into one standards-based home area network will be difficult at best

• Consumers will likely use third-party devices to control their energy consumption and data

Consumer Privacy

Event Management

• Smart Grid security necessitates the ability to react to events in near real-time

• This requires a highly mature event management infrastructure (bus) and a lot of knowledge about business rules

• It is unclear who owns and manages these systems

Page 12: Smart Grid Cyber Security Summit Revere

© 2009-2010 Revere Security. All rights reserved.

Implementing Security – Other Challenges

12

“The key to winning is getting to where the puck is going to be next.”

“The Great One”

Page 13: Smart Grid Cyber Security Summit Revere

Questions?

Chris Hanebeck(214) 415-2648 [email protected]

Page 14: Smart Grid Cyber Security Summit Revere

www.reveresecurity.com 14© 2009-2010 Revere Security. All rights reserved.

August 10, 2010

Securing the Smart Grid at the Edge

Hanns-Christian L. Hanebeck