Security and Privacy in the Smart Energy Grid Martin Erich Jobst - - PowerPoint PPT Presentation

Security and Privacy in the Smart Energy Grid

Martin Erich Jobst

Chair for Network Architectures and Services Department for Computer Science Technische Universit¨ at M¨ unchen

July 01, 2013

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 1

Motivation

Smart energy grids offer many new features for both customers and electricity providers

Collection of real-time consumption data Capacity-dependent regulation of smart appliances Load-dependent regulation of small power plants Remote management of electricity meters

However, there are great privacy and security concerns

Invasion of customer privacy Energy theft Attacks on the customer Sabotage of the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 2

Motivation

Smart energy grids offer many new features for both customers and electricity providers

Collection of real-time consumption data Capacity-dependent regulation of smart appliances Load-dependent regulation of small power plants Remote management of electricity meters

However, there are great privacy and security concerns

Invasion of customer privacy Energy theft Attacks on the customer Sabotage of the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 2

Outline

1 Background 2 Privacy

Concerns Solutions

3 Security

Threats Countermeasures

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 3

Smart Meters

Metering Device Home Gateway

S0-Interface

• r internal

Customer Premises Installation (integrated or separate)

to provider to customer

SML, DLMS/COSEM

• r IEC 61850

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 4

Smart Energy Grid

Smart Meter Households Data Aggregator/ Concentartor Provider Network Power Plant Metering Backend

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 5

Smart metering regulations in the EU

EU: “At least 80 % of consumers shall be equipped with intelligent metering systems by 2020.” (directives 2006/32/EC and 2009/72/EC) Germany: mandatory for new installations (§21d EnWG, MessZV) Requirements: Measurement Instruments Directive (MID) 2004 However, only abstract requirements for the implementation (certain accuracy and be tamper-resistant) More detailed requirements are exclusive to a growing number of international standards (ISO, IEC, EN, etc.)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 6

Smart metering regulations in the EU

EU: “At least 80 % of consumers shall be equipped with intelligent metering systems by 2020.” (directives 2006/32/EC and 2009/72/EC) Germany: mandatory for new installations (§21d EnWG, MessZV) Requirements: Measurement Instruments Directive (MID) 2004 However, only abstract requirements for the implementation (certain accuracy and be tamper-resistant) More detailed requirements are exclusive to a growing number of international standards (ISO, IEC, EN, etc.)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 6

Outline

1 Background 2 Privacy

Concerns Solutions

3 Security

Threats Countermeasures

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 7

Privacy

Example smart meter measurement data, redrawn from actual measurements

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 8

Privacy cont.

Measurement interval: as low as 2 sec Questions that may be answered:

What kind of devices do you use (maybe manufacturer, model)? When are you at home? When do you wake up or go to bed (to the minute)? How well do you sleep at night (light on/off)? Are you on sick leave (and do you spend it at home)? and many more

Research: Possible to determine what you watch on TV (black/white contrast from LCD backlight)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 9

Privacy cont.

Measurement interval: as low as 2 sec Questions that may be answered:

What kind of devices do you use (maybe manufacturer, model)? When are you at home? When do you wake up or go to bed (to the minute)? How well do you sleep at night (light on/off)? Are you on sick leave (and do you spend it at home)? and many more

Research: Possible to determine what you watch on TV (black/white contrast from LCD backlight)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 9

Privacy cont.

Measurement interval: as low as 2 sec Questions that may be answered:

What kind of devices do you use (maybe manufacturer, model)? When are you at home? When do you wake up or go to bed (to the minute)? How well do you sleep at night (light on/off)? Are you on sick leave (and do you spend it at home)? and many more

Research: Possible to determine what you watch on TV (black/white contrast from LCD backlight)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 9

Outline

1 Background 2 Privacy

Concerns Solutions

3 Security

Threats Countermeasures

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 10

Privacy Solutions I

The obvious approach . . .

is to increase the interval between reports Pros

Easy to implement Guaranteed protection (depending on the interval) Customer regains full local access

Cons

Less accurate information for provider

Conclusion

Feasible short-term alternative May be combined with anonymization (frequent anonymized and infrequent attributabe reports)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 11

Privacy Solutions I

The obvious approach . . .

is to increase the interval between reports Pros

Easy to implement Guaranteed protection (depending on the interval) Customer regains full local access

Cons

Less accurate information for provider

Conclusion

Feasible short-term alternative May be combined with anonymization (frequent anonymized and infrequent attributabe reports)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 11

Privacy Solutions I

The obvious approach . . .

is to increase the interval between reports Pros

Easy to implement Guaranteed protection (depending on the interval) Customer regains full local access

Cons

Less accurate information for provider

Conclusion

Feasible short-term alternative May be combined with anonymization (frequent anonymized and infrequent attributabe reports)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 11

Privacy Solutions I

The obvious approach . . .

is to increase the interval between reports Pros

Easy to implement Guaranteed protection (depending on the interval) Customer regains full local access

Cons

Less accurate information for provider

Conclusion

Feasible short-term alternative May be combined with anonymization (frequent anonymized and infrequent attributabe reports)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 11

Privacy Solutions II

The pseudo-approach . . .

is pseudonymize reports by a data aggregator or TTP Pros

Accurate anonymous readings

Cons

Requires trusted point (where?) Still identifiable by collecting external information

Conclusion

Not such a good idea ;)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 12

Privacy Solutions II

The pseudo-approach . . .

is pseudonymize reports by a data aggregator or TTP Pros

Accurate anonymous readings

Cons

Requires trusted point (where?) Still identifiable by collecting external information

Conclusion

Not such a good idea ;)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 12

Privacy Solutions II

The pseudo-approach . . .

is pseudonymize reports by a data aggregator or TTP Pros

Accurate anonymous readings

Cons

Requires trusted point (where?) Still identifiable by collecting external information

Conclusion

Not such a good idea ;)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 12

Privacy Solutions II

The pseudo-approach . . .

is pseudonymize reports by a data aggregator or TTP Pros

Accurate anonymous readings

Cons

Requires trusted point (where?) Still identifiable by collecting external information

Conclusion

Not such a good idea ;)

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 12

Privacy Solutions III

The statistical approach . . .

is to aggregate (or simply sum) measurements Pros

Easy to implement Good protection (depending on the number)

Cons

Only usable for overall statistics Also needs TTP (who?)

Conclusion

Not easy for customers or providers to accept

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 13

Privacy Solutions III

The statistical approach . . .

is to aggregate (or simply sum) measurements Pros

Easy to implement Good protection (depending on the number)

Cons

Only usable for overall statistics Also needs TTP (who?)

Conclusion

Not easy for customers or providers to accept

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 13

Privacy Solutions III

The statistical approach . . .

is to aggregate (or simply sum) measurements Pros

Easy to implement Good protection (depending on the number)

Cons

Only usable for overall statistics Also needs TTP (who?)

Conclusion

Not easy for customers or providers to accept

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 13

Privacy Solutions III

The statistical approach . . .

is to aggregate (or simply sum) measurements Pros

Easy to implement Good protection (depending on the number)

Cons

Only usable for overall statistics Also needs TTP (who?)

Conclusion

Not easy for customers or providers to accept

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 13

Privacy Solutions IV

The mathematical approach . . .

is to add random distortions to the data that cancel each other

• ut when summed

Pros

Obscuring done in the meter itself (→ no external trust) Guaranteed privacy

Cons

Complicated to implement securely

Conclusion

Best (software) alternative, as of yet May need some time to be deployed

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 14

Privacy Solutions IV

The mathematical approach . . .

is to add random distortions to the data that cancel each other

• ut when summed

Pros

Obscuring done in the meter itself (→ no external trust) Guaranteed privacy

Cons

Complicated to implement securely

Conclusion

Best (software) alternative, as of yet May need some time to be deployed

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 14

Privacy Solutions IV

The mathematical approach . . .

is to add random distortions to the data that cancel each other

• ut when summed

Pros

Obscuring done in the meter itself (→ no external trust) Guaranteed privacy

Cons

Complicated to implement securely

Conclusion

Best (software) alternative, as of yet May need some time to be deployed

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 14

Privacy Solutions IV

The mathematical approach . . .

is to add random distortions to the data that cancel each other

• ut when summed

Pros

Obscuring done in the meter itself (→ no external trust) Guaranteed privacy

Cons

Complicated to implement securely

Conclusion

Best (software) alternative, as of yet May need some time to be deployed

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 14

Privacy Solutions V

The analog solution . . .

is to buffer the energy with a capacitor bank or battery Pros

Completely obscures the short-term energy usage Retains accurate information for the provider (load on the grid) Enables grid load-balancing and protects from power outages

Cons

Presumably costly, complex and error-prone

Conclusion

Not really ready to use Maybe if future electric car batteries were used to buffer energy anyway

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 15

Privacy Solutions V

The analog solution . . .

is to buffer the energy with a capacitor bank or battery Pros

Completely obscures the short-term energy usage Retains accurate information for the provider (load on the grid) Enables grid load-balancing and protects from power outages

Cons

Presumably costly, complex and error-prone

Conclusion

Not really ready to use Maybe if future electric car batteries were used to buffer energy anyway

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 15

Privacy Solutions V

The analog solution . . .

is to buffer the energy with a capacitor bank or battery Pros

Completely obscures the short-term energy usage Retains accurate information for the provider (load on the grid) Enables grid load-balancing and protects from power outages

Cons

Presumably costly, complex and error-prone

Conclusion

Not really ready to use Maybe if future electric car batteries were used to buffer energy anyway

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 15

Privacy Solutions V

The analog solution . . .

is to buffer the energy with a capacitor bank or battery Pros

Completely obscures the short-term energy usage Retains accurate information for the provider (load on the grid) Enables grid load-balancing and protects from power outages

Cons

Presumably costly, complex and error-prone

Conclusion

Not really ready to use Maybe if future electric car batteries were used to buffer energy anyway

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 15

Outline

1 Background 2 Privacy

Concerns Solutions

3 Security

Threats Countermeasures

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 16

Security

Actual smart meter communication captured in 2011 by the Labor f¨ ur IT-Sicherheit der FH M¨ unster

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 17

Threats

Attack Consequence(s) Eavesdropping on metering reports Invasion of privacy Denial of service Suboptimal energy distribution, power

• utages, grid malfunctions

Forgery of metering reports Energy theft, financial damage to providers/customers Injection of false remote commands Cutoff households, power fluctuations Compromisation of smart meter integrity Manipulate readings, remotely control appliances, infect the customer network Attacks on the provider infrastructure Manipulate metering data, remotely control smart meters, infect the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 18

Threats

Attack Consequence(s) Eavesdropping on metering reports Invasion of privacy Denial of service Suboptimal energy distribution, power

• utages, grid malfunctions

Forgery of metering reports Energy theft, financial damage to providers/customers Injection of false remote commands Cutoff households, power fluctuations Compromisation of smart meter integrity Manipulate readings, remotely control appliances, infect the customer network Attacks on the provider infrastructure Manipulate metering data, remotely control smart meters, infect the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 18

Threats

Attack Consequence(s) Eavesdropping on metering reports Invasion of privacy Denial of service Suboptimal energy distribution, power

• utages, grid malfunctions

Forgery of metering reports Energy theft, financial damage to providers/customers Injection of false remote commands Cutoff households, power fluctuations Compromisation of smart meter integrity Manipulate readings, remotely control appliances, infect the customer network Attacks on the provider infrastructure Manipulate metering data, remotely control smart meters, infect the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 18

Threats

Attack Consequence(s) Eavesdropping on metering reports Invasion of privacy Denial of service Suboptimal energy distribution, power

• utages, grid malfunctions

Forgery of metering reports Energy theft, financial damage to providers/customers Injection of false remote commands Cutoff households, power fluctuations Compromisation of smart meter integrity Manipulate readings, remotely control appliances, infect the customer network Attacks on the provider infrastructure Manipulate metering data, remotely control smart meters, infect the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 18

Threats

Attack Consequence(s) Eavesdropping on metering reports Invasion of privacy Denial of service Suboptimal energy distribution, power

• utages, grid malfunctions

Forgery of metering reports Energy theft, financial damage to providers/customers Injection of false remote commands Cutoff households, power fluctuations Compromisation of smart meter integrity Manipulate readings, remotely control appliances, infect the customer network Attacks on the provider infrastructure Manipulate metering data, remotely control smart meters, infect the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 18

Threats

Attack Consequence(s) Eavesdropping on metering reports Invasion of privacy Denial of service Suboptimal energy distribution, power

• utages, grid malfunctions

Forgery of metering reports Energy theft, financial damage to providers/customers Injection of false remote commands Cutoff households, power fluctuations Compromisation of smart meter integrity Manipulate readings, remotely control appliances, infect the customer network Attacks on the provider infrastructure Manipulate metering data, remotely control smart meters, infect the power grid

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 18

Outline

1 Background 2 Privacy

Concerns Solutions

3 Security

Threats Countermeasures

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 19

Countermeasures

Attack Countermeasure(s) Eavesdropping on metering reports Communications encryption Denial of service none Forgery of metering reports Communications encryption Injection of false remote commands Communications encryption Compromisation of smart meter integrity Integrity Verification, VM sandboxing, IDS Attacks on the provider infrastructure Integrity Verification, VM sandboxing, IDS

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 20

Countermeasures

Attack Countermeasure(s) Eavesdropping on metering reports Communications encryption Denial of service none Forgery of metering reports Communications encryption Injection of false remote commands Communications encryption Compromisation of smart meter integrity Integrity Verification, VM sandboxing, IDS Attacks on the provider infrastructure Integrity Verification, VM sandboxing, IDS

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 20

Countermeasures

Attack Countermeasure(s) Eavesdropping on metering reports Communications encryption Denial of service none Forgery of metering reports Communications encryption Injection of false remote commands Communications encryption Compromisation of smart meter integrity Integrity Verification, VM sandboxing, IDS Attacks on the provider infrastructure Integrity Verification, VM sandboxing, IDS

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 20

Countermeasures

Attack Countermeasure(s) Eavesdropping on metering reports Communications encryption Denial of service none Forgery of metering reports Communications encryption Injection of false remote commands Communications encryption Compromisation of smart meter integrity Integrity Verification, VM sandboxing, IDS Attacks on the provider infrastructure Integrity Verification, VM sandboxing, IDS

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 20

Countermeasures

Attack Countermeasure(s) Eavesdropping on metering reports Communications encryption Denial of service none Forgery of metering reports Communications encryption Injection of false remote commands Communications encryption Compromisation of smart meter integrity Integrity Verification, VM sandboxing, IDS Attacks on the provider infrastructure Integrity Verification, VM sandboxing, IDS

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 20

Countermeasures

Attack Countermeasure(s) Eavesdropping on metering reports Communications encryption Denial of service none Forgery of metering reports Communications encryption Injection of false remote commands Communications encryption Compromisation of smart meter integrity Integrity Verification, VM sandboxing, IDS Attacks on the provider infrastructure Integrity Verification, VM sandboxing, IDS

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 20

Summary

Current smart meter implementations have serious security and privacy issues There are several solutions available (aggregation/anonymization, countermeasures) Security and privacy should play an important role for future smart grids

Thank you for your attention Questions?

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 21

For Further Reading I

• E. Quinn.

Privacy and the new energy infrastructure. Available at SSRN 1370731, 2009.

• E. Quinn.

Smart metering and privacy: Existing laws and competing policies. Available at SSRN 1462285, 2009.

• S. Feuerhahn, M. Zillgith, C. Wittwer, and C. Wietfeld.

Comparison of the communication protocols DLMS/COSEM, SML and IEC 61850 for smart metering applications. In Smart Grid Communications (SmartGridComm), 2011 IEEE International Conference on, pages 410–415. IEEE, 2011.

• U. Greveler, B. Justus, and D. Loehr.

Forensic content detection through power consumption. In ICC, pages 6759–6763. IEEE, 2012.

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 22

For Further Reading II

• A. Molina-Markham, P. Shenoy, K. Fu, E. Cecchet, and D. Irwin.

Private memoirs of a smart meter. In Proceedings of the 2nd ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Building, BuildSys ’10, pages 61–66, New York, NY, USA, 2010. ACM.

• A. Rial and G. Danezis.

Privacy-preserving smart metering. In Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, WPES ’11, pages 49–60, New York, NY, USA, 2011. ACM.

• K. Kursawe, G. Danezis, and M. Kohlweiss.

Privacy-friendly aggregation for the smart-grid. In Proceedings of the 11th international conference on Privacy enhancing technologies, PETS’11, pages 175–191, Berlin, Heidelberg, 2011. Springer-Verlag.

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 23

For Further Reading III

• C. Efthymiou and G. Kalogridis.

Smart Grid Privacy via Anonymization of Smart Metering Data. In Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on, pages 238–243, 2010.

• M. Jawurek, M. Johns, and K. Rieck.

Smart metering de-pseudonymization. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC ’11, pages 227–236, New York, NY, USA, 2011. ACM.

• G. Kalogridis, C. Efthymiou, S. Denic, T. Lewis, and R. Cepeda.

Privacy for Smart Meters: Towards Undetectable Appliance Load Signatures. In Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on, pages 232–237, 2010.

• G. Kalogridis, Z. Fan, and S. Basutkar.

Affordable Privacy for Home Smart Meters. In Parallel and Distributed Processing with Applications Workshops (ISPAW), 2011 Ninth IEEE International Symposium on, pages 77–84, 2011.

Martin Erich Jobst: Security and Privacy in the Smart Energy Grid 24