Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptographic Key Management for Smart Power Grids BY ADITYA KANDULA DEVASIA THOMAS.

Published byWhitney Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptographic Key Management for Smart Power Grids BY ADITYA KANDULA DEVASIA THOMAS."— Presentation transcript:

1 Cryptographic Key Management for Smart Power Grids BY ADITYA KANDULA DEVASIA THOMAS

2 Introduction  The smart power grid promises to improve efficiency and reliability of power delivery.  Smart meters provides an economical way of measuring energy consumption.  We will concentrate on the design of the smart meter and its communication links using ZigBee technology and the communication between the smart meter and the collector node, with emphasis on security attributes.

3 Overview  Approaches for managing encryption keys in AMI and main security issues.  A high-level description of the organization of the AMI as this is crucial in order to understand the main requirements for key management.  An overview of communication protocols and standards adopted or proposed for AMIs, followed by a discussion about security of smart meters and networks, including ZigBee.  We then discuss security threats and finally outline some initial research ideas.  This report shows that a reoccurring and prominent source of the problems is key management

4 Need for cyber security  One goal of smart meters is the ability to control device. (Theft, Software hacking, all kinds of mischief).  As the grid becomes more automated, threats will grow more rapidly.  In 2011, nCircle, a provider of automated security and compliance auditing solutions, announced the results of their Smart Grid Survey.  77% of the surveyors were concerned about smart grid cyber security. Therefore smart meter deployment.

5 Smart meter infrastructure  Advanced Metering Infrastructure (AMI), requires combining different security technologies specially encryption.  Despite these technologies, AMI poses several challenges like scalability since AMI involves millions of devices.  AMI uses many different communication technologies, each potentially using different encryption protocols and requiring different keys, managing keys becomes a complex task.

6 Advanced Metering Infrastructure AMI has four main components: 1. the utility company 2. the data collector or concentrator 3. the smart meter 4. the home or office

7

8 Communication Standards and Protocols  The connection between the smart meter and home appliances, that is, the HAN, can use several communication technologies such as ZigBee, Wi- Fi, Ethernet, Z-Wave etc.  We will concentrate on the ZigBee technology.  As in HAN, the connection between the collector and the smart meter also can be implemented using RF Mesh and 3G (EDGE or HSDPA).  Connection between Utility and Collector also allows many protocols and generally uses GPRS based protocol.

9 AMI network technology and protocols standards

10 AMI communications security protocol standards

11 ANSI Meter Standards  Originally, the data formats, data structure and protocols for electricity meters were proprietary. However, utility companies wanted a compatible communication protocol between meters.  Thus, ANSI C12.19 was created to describe meter data formats and structures.  Protocol ANSI C12.18 provides point-to-point communication over optical connections and C12.21 for communication over telephone modems for meters.  Users also wanted to send and receive C12.19 tables remotely over networked connections and ANSI C12.22 was inaugurated.

12 Smart Meter Design and Security  The NISTIR 7628 outlines security requirements for an AMI (defines the need of privacy and integrity of data exchanged between various components that make a metering system.)  A fully deployed AMI contains many working parts and communications paths and the priority of a given security principle (Confidentiality, Integrity, and Availability) varies widely from component to component and function to function.

13 Physical Layout of Smart meters Two inner physical components: 1. The meter board. (The meter board contains storage tables to hold the keys) 2. The communication board. (Used for communication. Within the communication board are the communication protocols.)

14 Cont’d..  The communication board and meter board are connected through a serial port.  The optical port in the meter allows reads and writes to the C12.19 tables in the meter board.  Access to the meter through the optical port is restricted by six security levels, L0 to L5, with the highest privilege being L5.

15 ANSI C12 standards  The meter board contains the physical storage for the keys and passwords.  All data stored in the meter board are stored in cleartext. These values travel from the meter board to the communication board through a serial port in cleartext.  The optical ports on the smart meter permit the operations of read and write to the tables in the meter board.  In order to protect passwords and keys, the protected tables permit write only and return empty values when read.

16 Cont’d..  Operators must log into the smart meter through the optical port or the wireless link  To successfully execute the command, an operator’s security level (L0 to L5) must be greater than or equal to the security level of that command

17 Security Levels(L0 to L5)  Level L0 - requires no password and only allows read commands  Level L1 - Allows only the meter to be read  Level L2 - Allows for demand resets.  Level L3 - Permits commands for the meter maintenance, such as date and time setting, modifying the Time-Of-Use rates and calendar, and loading profile configurations.  Level L4 - Permits programming and procedures to be done except for device configuration.  Level L5 - Allows device configuration, which is needed when altering the ANSI standard tables or manufacturing tables within the meter.

18 Tables in Meter Board  There are six main tables used in relation to the security of the smart meter.  Security/Password table. This table contains 5 passwords, one for each of the security levels L1 through L5.  Default Access Control table. It specifies the default read and write permissions.  Access Control table. It contains the access permissions for specific tables or procedures.  Keys table. It holds the keys used for encryption and authentication.  Extended Keys table. It holds application-related communication keys, an extension available on top of the smart meter security.  Host Access Security table. It is used to store authentication keys, encryption keys, and access permissions used by remote nodes.

19 Challenges  Meter has limited RAM.  Software flaws.  Hardware weaknesses  Micro probing to inject signals, capture data, manipulate registers and thereby retrieve sensitive information is another method of accessing the system.  Smarter techniques, such as differential power analysis, are used to extract the secret keys in integrated circuits.

20 Cont’d..  Key Storage - One set of possible keys stored are asymmetric keys used to authenticate the meter when it joins the Neighborhood Area Network (NAN).  It is known that C12.18 and the C12.22 protocol leverage a shared secret for authentication  The meter itself is easily accessible and an attacker can extract and review the firmware and EEPROM data contents for keys.  There are multiple vendors of AMI. Hence vendor’s implementation decision will greatly influence the security of the system.

21 Network Design

22 ZigBee

23 Why ZigBee  Low Power  Low memory usage  Connects to Lightweight Embedded Tech  On Chip Implementation

24 How is it used  2 ZigBee Networks.  HAN  NAN

25 The Stack

26 ZigBee Security

27 Key Management  Key Types  Master  Network  Links  Key Installation Methods  In-band  Out-of-Band  Pre-Installed

28 Keys: What else?  Network Key  Used to Perform Network layer Security  Routing messages  Network join requests  All devices must have the same NKey  Link Key  Used as Session Keys  Derived from the Master Key

29 Key Establishment Schemes (KE)  Symmetric Key KE (SKKE)  Public Key KE (PKKE)  Certificate Based KE (CBKE)  Uses ECQV implicit certificates D. R.L. Brown, M. J. Campagna, S. A. Vanstone, “Security of ECQV-Certified ECDSA Against Passive Adversaries”, Cryptology ePrint Archive: Report 2009/620.

30 ZigBee: Operation modes in AMI ResidentialCommercial

31 ZigBee: Vulnerabilities  PRNG vulnerability  One method was to uncover the ECC key  The other, when a Linear Feedback Shift Register is used.  No Key Revocation

32 GPRS

33 A GPRS session

34 GPRS: Problems  Messages before authentication are unencrypted  Even during authentication encryption is applied very late  One way authentication  SIM cards can be STOLEN!!!!

35 Security Threat Model

36 Threat,Attack Types and Counter Measures

37 Some more

38 Initial Research

39 Some findings.

40 Group Key Management Systems The scalability mainly depends by the following factors of the GKM scheme:  The size of the ciphertext.  The number of secrets needs to be stored at smart meters, the collectors, and the utility.  The efficiency of the GKM operations, especially re-keying

41 Proposed Work

42 Broadcast GKM

43 BGKM: Components A BGKM scheme consists of the following five algorithms:  Setup – it initializes system and security parameters.  SecGen – it assigns one or more secrets to each client.  KeyGen – it generates the public information using the secrets of a set of selected clients. The public information hides the group key.  KeyDer – A client with a valid secret uses this algorithm to derive the group key from the public information.  Re-Key – it re-generates the public information using the updated set of secrets. The new public information hides a new group key.

44 Physically Unclonable Function (PUF)  Usually place a secret in non-volatile memory  PUF is a device that relies on the differences in IC fabrication and hence cannot be spoofed  Characteristics  Different challenges to the same PUF produce unique responses.  Same challenge to different PUFs produces unique responses

45 Conclusion THANKYOU

46 Reference  Cryptographic Key Management for Smart Power Grids Approaches and Issues  M. Nabeel, J. Zage, S. Kerr, E. Bertino, CS Department, CERIAS and Cyber Center, Purdue University  N. Athula. Kulatunga, U. Sudheera Navaratne, ECET Department, Purdue University  M. Duren,Sypris Electronics  February 22, 2012

Download ppt "Cryptographic Key Management for Smart Power Grids BY ADITYA KANDULA DEVASIA THOMAS."

Similar presentations

Gone in 360 Seconds: Hijacking with Hitag2

Gone in 360 Seconds: Hijacking with Hitag2
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
UCAIug HAN SRS v2.0 Summary August 12, 2010. 2 Scope of HAN SRS in the NIST conceptual model.

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Applications of Wireless Sensor Networks in Smart Grid Presented by Zhongming Zheng.

Applications of Wireless Sensor Networks in Smart Grid Presented by Zhongming Zheng.
Access Control Methodologies

Access Control Methodologies
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.

CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Similar presentations

Ads by Google