Date post: | 30-May-2015 |
Category: |
Technology |
Upload: | hhanebeck |
View: | 1,358 times |
Download: | 0 times |
www.reveresecurity.com 1© 2009-2010 Revere Security. All rights reserved.
August 10, 2010
Securing the Smart Grid at the Edge
Hanns-Christian L. Hanebeck
© 2009-2010 Revere Security. All rights reserved.
The Robespierre Leadership Model
2
“I must see which way the crowd is headed ... for I am their leader!"
© 2009-2010 Revere Security. All rights reserved.
Do We Need to Secure the Edge?
3Image Sources: nbc.com and smartgridsecurity.blogspot.com
On January 25, 2003 hackers infected the Davis-Besse nuclear power plant in Ohio with a worm. The virus entered through a “secure” T1 line for an external consulting firm. While the infection did not harm the plant, which had been off-line during the worm attack, it caused the Safety Parameter Display System to be down for five hours and the plant process computer for six.
Four years later, IBM researcher Scott Lunsford hacked into a nuclear power plant and claimed that entering through the SCADA network “… turned out to be one of the easiest penetration tests I'd ever done …”
Source: Forbes, America’s Hackable Backbone, Oct. 2007
© 2009-2010 Revere Security. All rights reserved.
Is Technology Available to Secure the Edge?
4
Complex Smart Devices• 32-bit or higher microprocessor• AES /ECC Encryption very well suited
Simple Smart Devices• 16-bit or lower microprocessor• AES /ECC Encryption too large, too expensive• Revere Hummingbird perfectly suited
• Revere Hummingbird very well suited
today
Old Security Doesn’t Always Solve NEW Problems
© 2009-2010 Revere Security. All rights reserved. 5
Traditional Security Framework
Physical Infrastructure
Networks and Servers
Endpoints: Laptops, PCs
Processes and Applications
People and Identities
Data, Information, Knowledge
Phones
Mobile Devices
Sensors& SCADA
Smart Meters
RFID Tags?
?
?
?
?
Very long time to market
Very few experts
worldwide
Littlecustomer & consumer
pull
Requirements for Security at the Edge
© 2009-2010 Revere Security. All rights reserved. 6
Easy to Integrate Short Messages e.g. 16-bit Cipher
Built-in MAC
Little Code Space Required – Fits on a 16-bit Chip
Lower Power RequirementMutual Authentication Protocol
Simple, Scalable Key Management System
Anonymous Communications
© 2009-2010 Revere Security. All rights reserved.
Security Along the Power Supply
7
Security at the EDGE of the Smart Grid necessitates handling of many small, resource constrained devices
Generation
Storage Substation
Consumption
UtilitySCADA Smart Meter
© 2009-2010 Revere Security. All rights reserved.
Security for Smart Metering
8
Protecting Smart Meters will require industrial-strength security on a very small footprint.
12
3
3
4
5
6
1 Consumer uses energy
2 Smart Meter records and transmits consumption data
3 Wireless networks (Wi-Max, cell, BPL, etc.) transmit information to the utility
4 Utility aggregates usage data, prepares pricing and makes information available to the consumer
5 Consumer accesses the information online
6 Consumer makes choices that will affect energy consumption
© 2009-2010 Revere Security. All rights reserved.
Smart Meter Security Example
9
Sensus iCon Smart Meter
Image Sources: ukfrrnell.com and joysco.com
TI MSP430
Hummingbird is up to 416% faster and consumes 76% less power than AES (EAX’).
© 2009-2010 Revere Security. All rights reserved.
Implementing Security - Key Management
10
• Highly complex• Need to manage keys on the smart meter (HAN)• Requires very high level of systemic security• Keys might need to be assigned on a temporary basis• Handhelds and laptops for key commissioning may be
lost
Key ManagementChallenges
Solution • Distributed hierarchical system architecture• Scalable to well more than 100 million keys• Authentication of field devices by installed smart meters• Anonymous identification and key management to protect privacy• Secure assignment of temporary session keys
© 2009-2010 Revere Security. All rights reserved.
Implementing Security – Other Challenges
11
• Authentication is vital to prevent unwanted access• It ensures that commands and data are authorized• In cases where encryption and authentication are
required, a one-pass approach is superior
Built-in Authentication
• Consumers will likely want ownership of and control over their own consumption data
• The integration of multiple devices into one standards-based home area network will be difficult at best
• Consumers will likely use third-party devices to control their energy consumption and data
Consumer Privacy
Event Management
• Smart Grid security necessitates the ability to react to events in near real-time
• This requires a highly mature event management infrastructure (bus) and a lot of knowledge about business rules
• It is unclear who owns and manages these systems
© 2009-2010 Revere Security. All rights reserved.
Implementing Security – Other Challenges
12
“The key to winning is getting to where the puck is going to be next.”
“The Great One”
www.reveresecurity.com 14© 2009-2010 Revere Security. All rights reserved.
August 10, 2010
Securing the Smart Grid at the Edge
Hanns-Christian L. Hanebeck