Secure Data Provenance in Home Energy Monitoring Networks Ming Hong - - PowerPoint PPT Presentation

SLIDE 1

Secure Data Provenance in Home Energy Monitoring Networks

Ming Hong Chia, Sye Loong Keoh, Zhaohui Tang

1

SLIDE 2

Outline

• Data Provenance and Smart Metering
• Security Threats and Requirements
• Proposed Architecture

– Threshold Cryptography – Location Authenticity using BLE

• Preliminary Evaluations
• Future Work and Conclusions

2

SLIDE 3

“Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins.”

Systems and Internet Infrastructure Security, Penn State University

3

Data Provenance

SLIDE 4

• Cryptography
• Redundancy and data cross-checking

4

Data Provenance

Authentication Encryption

Data Collector Measurement Device Data Source

…

Data Collector Measurement Devices Data Source

SLIDE 5

• Sensor data is typically aggregated – smart

meter.

5

IoT and Smart Metering

NAN Data Concentrator Smart Home Appliances Smart Meter Neighbourhood Area Network (NAN) Home Area Network (HAN) ZigBee, WiFI, Ethernet WiFi, Cellular

WAN

Wide Area Network (WAN) Fibre Optic, Cellular Utility

Public Realm Private Realm Advanced Metering Infrastructure (AMI)

Utility End Collection Monitoring

SLIDE 6

• Is smart meter the true data source of energy

consumption of the household?

6

Smart Metering

Smart Home Appliances Smart Meter Home Area Network (HAN) ZigBee, WiFI, Ethernet

HAN

Utility

Energy Consumption Reporting

The real data source The real data source Potential compromise?

• under reporting of energy usage
• energy fraud

SLIDE 7

• Data provenance = the reported energy usage

is collected from the specific appliance as claimed, and that it reflects the real energy consumption.

• Specifically, we are interested in:

– Source data/identity authenticity – Data integrity and consistency – Location authenticity

7

IoT Data Provenance

SLIDE 8

• A secure plug (SSP) to measure

the energy consumption at each data source.

• Using multiple

sensors to track electricity usage.

• Using Bluetooth localization to

detect changes in the location.

8

Secure Smart Plug

Smart Energy Plug Smart Meter Energy Magnetic Sensor Raspberry Pi 3 Bluetooth

Secure Smart Plug

Data Source

SLIDE 9

9

Proposed Approach

Smart Energy Plug Energy Magnetic Sensor Raspberry Pi 3 Bluetooth

Secure Smart Plug

Source Data / Identity

• Using RSA threshold

scheme (k,n).

Data Integrity / Consistency

• Both energy data from the

magnetic sensor and the energy plug must match.

• Aggregated energy data

from all data sources must also match the smart meter’s measured data.

Location Authenticity

• Using Bluetooth Trilateration

technique.

SLIDE 10

10

Proposed Approach

SECURITY PROTOCOL Commissioning Operational

• 1. Commissioning Phase
• A. Deployment of Secure Smart

Plug - register location

• B. RSA Key Pair Generation
• C. Secret Share Generation
• 2. Operational Phase
• A. Signing and Verification Protocol

using Threshold Scheme (3,4)

• B. Location Verification

SLIDE 11

11

Commissioning Phase

Smart Meter

Smart Energy Plug Energy Magnetic Sensor Raspberry Pi 3 Bluetooth Secure Smart Plug

Public Key: n Share: s3 Public Key: n Share: s4 Public Key: n Shares: s , s

1 2

• 1. RSA Key Pair Generation

(PK and SK)

• Public Key (PK): (n, e)
• Secret Key (SK): d
• 2. Generation of Secret Shares
• Secret Shares: s1, s2, s3, s4

Data Source

• One-time key generation using (3,4) Threshold

Scheme for each data source in the network.

SLIDE 12

Commissioning Phase

• Using Trilateration algorithm to determine the

location of SSP.

• Using RSSI of the

BLE chip to compute the distance.

• Location of the

deployed SSP is registered.

12 Secure Smart Plug Estimote Beacon (Candy) Estimote Beacon (Yellow) Estimote Beacon (Beetroot) (Intersection)

SLIDE 13

13

Smart Energy Plug Energy Magnetic Sensor Raspberry Pi 3 Bluetooth

(1) Sends m to BT, where m = m1

SP i

(2) Check current location(XY)

• f SP upon receiving m

(3) if true, generate own partial signature share by signing m SIGN { s , n , m , N }

i

(4) Sends ps to SP

Smart Meter

(6) Send all respective partial signature shares to SM

ps

= { s , n, m1 , N }

1

1

SP

ps

= { s , n, m1 , N }

2

2

SP

(1) Sends m to BT, where m = m2

MS

(4) Sends ps to MS

i

(5) Generate own partial signature share by signing m SIGN { s , n , m , N } (6) Send all respective partial signature shares to SM

ps

= { s , n, m2 , N }

4 MS 4

ps

= { s , n, m1 , N }

3 SP 3

PS1 =

SP

ps

= { s , n, m1 , N }

ps

= { s , n, m1 , N }

ps

= { s , n, m1 , N }

SP 1 1 SP 2 2 SP 3 3

PS2 =

MS

ps

= { s , n, m2 , N }

ps

= { s , n, m2 , N }

ps

= { s , n, m2 , N }

MS 1 1 MS 2 2 MS 4 4

(1) Sends m to SM, where m = m1 (5) Generate own partial signature share by signing m SIGN { s , n , m , N }

Secure Smart Plug

(1) Sends m to SM, where m = m2

SP MS i i

ps

= { s , n, m2 , N }

1

1

MS

ps

= { s , n, m2 , N }

2

2

MS

(7) Upon receiving the PS , combine and aggregate them to compute as FS for verification later. COMBINE { PS, PK , m, n, k, N } (8) Verifies m with SKd (9) VERISM FS ≡ m using PK

SK

(10) VERISM (m1 ≡ m 2) using PKe

e

SP MS

e d

i

Operational Phase

Data Source

SLIDE 14

Operational Phase

• Using BLE to detect changes in the location of

SSP.

14

Estimote Beacon (Yellow) Estimote Beacon (Beetroot) Estimote Beacon (Candy)

WiFi Wireless Router Smart Meter

Local Area Network (LAN)

Secure Smart Plug (Raspberry Pi 3)

SLIDE 15

• One of the components in SSP “attempted” to

under report the energy consumption.

• Resulting in:

– Difference in the energy usage at the same data source: MMS ≠ MSP ☛ data inconsistency

15

Attack Simulation I

SLIDE 16

• The re-location of the SSP to measure a data

source that is outside of the house.

• Resulting in:

– Detection of location that is different from the deployed location, hence will not generate partial signatures, ps1 and ps2 ☛ incorrect location. – Energy usage data cannot be verified due to the lack of signature shares.

16

Attack Simulation II

SLIDE 17

17

Estimote Beacon (Yellow) Estimote Beacon (Beetroot) Estimote Beacon (Candy) Original Deployed Location Coordinates (x:6.5, y: 10.0) Relocated Secure Smart Plug Location Coordinates (x:2.5, y: 2.5) Secured Smart Plug

Attack Simulation II

SLIDE 18

• Both energy measurement sensors “were

compromised”.

• Resulting in:

– (IF Location of SSP is authentic) ☛ collusion between MS and SP yielded a successful attack. – (IF SSP is re-located) ☛ collusion between MS and SP did not work as only two partial signature shares could be generated for a (3,4) Threshold Scheme.

18

Attack Simulation III

SLIDE 19

19

Performance Results

SLIDE 20

20

Performance Results

Entity Components in SSP Key Size (bits) 512 1024 2048 Average (ms) 148.33 863.67 6419

Time taken to generate a partial signature

Entity Smart Meter Key Size (bits) 512 1024 2048 Combine Signature (ms) 5 8.33 18.33 Signature Verification (ms) 132 157 875

Time taken to combine partial signatures and verify signature

• The RSA threshold scheme is feasible on a

Raspberry Pi 3 device, though not very efficient.

SLIDE 21

• Preliminary study of data provenance in the

context of IoT.

• ICS systems also use many redundant sensors for

critical infrastructure and monitoring.

• TPM and software-based attestation will be

required to ensure the verification software works correctly ?

• Replacement of RSA-based Threshold Scheme

with a MAC-based scheme ?

• Auto detection of location without deployment of

beacons ?

21

Conclusions

SLIDE 22

Thank you!

Contact details:

Sye Loong Keoh University of Glasgow SyeLoong.Keoh@glasgow.ac.uk Zhaohui Tang Singapore Institute of Technology Zhaohui.Tang@SingaporeTech.edu.sg

22