SecureDataProvenanceinHomeEnergyMonitoringNetworksMingHongChia,SyeLoongKeoh,Zhaohui Tang
1
Outline
• DataProvenanceandSmartMetering• SecurityThreatsandRequirements• ProposedArchitecture
– ThresholdCryptography– LocationAuthenticityusingBLE
• PreliminaryEvaluations• FutureWorkandConclusions
2
“Dataprovenance referstorecordsoftheinputs,entities,systems,andprocessesthatinfluencedata ofinterest,providingahistoricalrecordofthedata anditsorigins.”
SystemsandInternetInfrastructureSecurity,PennStateUniversity
3
Data Provenance
• Cryptography
• Redundancyanddatacross-checking
4
Data Provenance
AuthenticationEncryption
Data Collector Measurement Device
Data Source
…
Data Collector
Measurement Devices
Data Source
• Sensordataistypicallyaggregated– smartmeter.
5
IoT and Smart Metering
NAN
Data Concentrator
Smart Home Appliances
Smart Meter
Neighbourhood Area Network (NAN)
Home Area Network (HAN)
ZigBee, WiFI, Ethernet
WiFi, Cellular
WAN
Wide Area Network (WAN)
Fibre Optic, Cellular
Utility
Public Realm Private Realm
Advanced Metering Infrastructure (AMI)
Utility End
Collection
Monitoring
• Issmartmeterthetruedatasourceofenergyconsumptionofthehousehold?
6
Smart Metering
Smart Home Appliances
Smart Meter
Home Area Network (HAN)
ZigBee, WiFI, Ethernet
HAN
Utility
Energy Consumption
Reporting
The real data source
The real data source
Potential compromise?- under reporting of energy usage- energy fraud
• Dataprovenance=thereportedenergyusageiscollectedfromthespecificapplianceasclaimed,andthatitreflectstherealenergyconsumption.
• Specifically,weareinterestedin:– Sourcedata/identityauthenticity– Dataintegrityandconsistency– Locationauthenticity
7
IoT Data Provenance
• Asecureplug(SSP)tomeasuretheenergyconsumptionateachdatasource.
• Usingmultiplesensorstotrackelectricityusage.
• UsingBluetoothlocalizationtodetectchangesinthelocation.
8
Secure Smart Plug
Smart EnergyPlug
SmartMeter
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
Secure Smart Plug
Data Source
9
Proposed Approach
Smart EnergyPlug
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
Secure Smart Plug Source Data / Identity• Using RSA threshold
scheme (k,n).
Data Integrity / Consistency• Both energy data from the
magnetic sensor and theenergy plug must match.
• Aggregated energy data from all data sources must also match the smart meter’s measured data.
Location Authenticity• Using Bluetooth Trilateration
technique.
10
Proposed Approach
SECURITYPROTOCOL
Commissioning
Operational
1. CommissioningPhaseA. DeploymentofSecureSmart
Plug- registerlocation
B. RSAKeyPairGeneration
C. SecretShareGeneration
2. OperationalPhaseA. SigningandVerificationProtocol
usingThresholdScheme(3,4)
B. LocationVerification
11
Commissioning Phase
SmartMeter
Smart EnergyPlug
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
Secure Smart Plug
Public Key: nShare: s3
Public Key: nShare: s4
Public Key: nShares: s , s1 2
1. RSA Key Pair Generation (PK and SK)- Public Key (PK): (n, e)- Secret Key (SK): d
2. Generation of Secret Shares- Secret Shares: s1, s2, s3, s4
Data Source
• One-timekeygenerationusing(3,4)ThresholdSchemeforeachdatasourceinthenetwork.
Commissioning Phase
• UsingTrilaterationalgorithmtodeterminethelocationofSSP.
• UsingRSSIoftheBLEchiptocomputethedistance.
• LocationofthedeployedSSPisregistered.
12
Secure Smart Plug
Estimote Beacon (Candy)
Estimote Beacon (Yellow)
Estimote Beacon (Beetroot)
(Intersection)
13
Smart EnergyPlug
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
(1) Sends m to BT, where m = m1
SP
i
(2) Check current location(XY)of SP upon receiving m
(3) if true, generate own partial signature share by signing mSIGN { s , n , m , N } i
(4) Sends psto SP
SmartMeter
(6) Send all respective partial signature shares to SM
ps = { s , n, m1 , N }1 1 SPps = { s , n, m1 , N }2 2 SP
(1) Sends m to BT, where m = m2
MS (4) Sends psto MS
i
(5) Generate own partial signature share by signing mSIGN { s , n , m , N }
(6) Send all respective partial signature shares to SMps = { s , n, m2 , N }4 MS4
ps = { s , n, m1 , N }3 SP3PS1 =SP
ps = { s , n, m1 , N }ps = { s , n, m1 , N }ps = { s , n, m1 , N }
SP1 1
SP2 2
SP3 3
PS2 =MS
ps = { s , n, m2 , N }ps = { s , n, m2 , N }ps = { s , n, m2 , N }
MS1 1MS2 2MS4 4
(1) Sends m to SM, where m = m1(5) Generate own partial signature share by signing mSIGN { s , n , m , N }
Secure Smart Plug
(1) Sends m to SM, where m = m2
SP
MS i
i
ps = { s , n, m2 , N }1 1 MSps = { s , n, m2 , N }2 2 MS
(7) Upon receiving the PS , combine and aggregate them to compute as FS for verification later.COMBINE { PS, PK , m, n, k, N }
(8) Verifies m with SKd
(9) VERISM FS ≡ m using PK
SK
(10) VERISM (m1 ≡ m 2)using PKe
e
SP MS
e
d
i
Operational Phase
Data Source
Operational Phase
• UsingBLEtodetectchangesinthelocationofSSP.
14
Estimote Beacon (Yellow)
Estimote Beacon (Beetroot)
Estimote Beacon (Candy)
WiFi Wireless Router
Smart Meter
Local Area Network (LAN)
Secure Smart Plug(Raspberry Pi 3)
• OneofthecomponentsinSSP“attempted”tounderreporttheenergyconsumption.
• Resultingin:– Differenceintheenergyusageatthesamedatasource:MMS ≠MSP ☛ datainconsistency
15
Attack Simulation I
• There-locationoftheSSPtomeasureadatasourcethatisoutsideofthehouse.
• Resultingin:– Detectionoflocationthatisdifferentfromthedeployedlocation,hencewillnotgeneratepartialsignatures,ps1 andps2☛ incorrectlocation.
– Energyusagedatacannotbeverifiedduetothelackofsignatureshares.
16
Attack Simulation II
17
Estimote Beacon (Yellow)
Estimote Beacon (Beetroot)
Estimote Beacon (Candy) Original Deployed
Location Coordinates (x:6.5, y: 10.0)
Relocated Secure Smart Plug Location Coordinates (x:2.5, y: 2.5)
Secured Smart Plug
Attack Simulation II
• Bothenergymeasurementsensors“werecompromised”.
• Resultingin:– (IFLocationofSSPisauthentic)☛ collusionbetweenMSandSPyieldedasuccessfulattack.
– (IFSSPisre-located)☛ collusionbetweenMSandSPdidnotworkasonlytwopartialsignaturesharescouldbegeneratedfora(3,4)ThresholdScheme.
18
Attack Simulation III
19
Performance Results
20
Performance Results
Entity Components in SSPKey Size (bits) 512 1024 2048 Average (ms) 148.33 863.67 6419
Time taken to generate a partial signature
Entity Smart MeterKey Size (bits) 512 1024 2048 Combine Signature (ms) 5 8.33 18.33
Signature Verification (ms) 132 157 875
Time taken to combine partial signatures and verify signature
• TheRSAthresholdschemeisfeasibleonaRaspberryPi3device,thoughnotveryefficient.
• Preliminarystudyofdataprovenance inthecontextofIoT.
• ICSsystemsalsousemanyredundantsensorsforcriticalinfrastructureandmonitoring.
• TPMandsoftware-basedattestationwillberequiredtoensuretheverificationsoftwareworkscorrectly?
• ReplacementofRSA-basedThresholdSchemewithaMAC-basedscheme?
• Autodetectionoflocationwithoutdeploymentofbeacons?
21
Conclusions
Thankyou!
Contact details:Sye Loong KeohUniversity of [email protected]
Zhaohui TangSingapore Institute of [email protected]
22