Security and Privacy in Smart Grid Systems: Countermeasure and Formal Verification

Lead Research Organisation: University of Oxford
Department Name: Computer Science

Abstract

In many distributed computing contexts, a need arises for two mutually-distrusting parties to undertake a joint calculation, often without the disclosure of the unprocessed data from one or both sides to the other. Sometimes a 'trusted third party' is used for this purpose - but immediately the verification of the trustworthiness of that party becomes a challenge. The cryptographic world has addressed this through the paradigm of secure multi-party computation - and the related problem of an untrusted processor through various schemes of homomorphic encryption. These are successful in many contexts, but imply certain overheads and complexities.

We propose a different model, wherein the technologies of Trusted Computing are used to create an assured Trustworthy Remote Entity (TRE): this also enables us to develop duplex communications, which are seldom considered in the approaches described above. The main part of this project is devoted to developing and verifying a TRE-based solution for the substantial and far-reaching challenges of security and privacy in smart power grids: later in the project we consider the generalization of the approach to other similar problems, such as those in dynamic location-based road pricing. The 'big idea' is that the user can be signed up with a TRE, and have a high degree of confidence that their data (e.g. the information on how much electricity is being used right now) is not going to get in to the hands of someone who might use it against them (e.g. to work out when the home is unoccupied) - but the power company can also have from their side confidence that the data they receive is coming from one of their customers. If they need to reduce demand - in the extreme case by, say, remotely switching off somone's air conditioning unit fora time - they can send a signal back, confident that it will go to the right user, without knowing which customer that is.

This approach can be generalised to many other situations: for example, the TRE could help to calculate a price for you to drive on a particular road at a particular time, without disclosing your movements to the transport authority. It could also pass back personalized (but anonymous) instructions on how to find a better route at the time.

Planned Impact

When these research objectives are achieved, we will be able to provide service providers with a building-block solution which enables them cheaply and easily to deliver highly-assured centralized processing of personal data, with strong guarantees that the privacy of the individuals involved cannot be compromised. This is good for those businesses (since they seldom want the liability of processing personal data, but want to be able to offer customized services) as well as being good for individual consumers and society at large, buy keeping each person in control of their own personal data.

We expect this approach to open up many new opportunities in research - for researchers and companies to explore different scenarios in which such a capability will be useful. It will also help those who design tools for system verification to hone those tools against realistic scenarios: many practical deployments are difficult to verify because they are too large and complex. Our scenario abstracts away one key component and reduces it to a tractable verification task.
 
Description This was a project funded jointly by EPSRC and the Singapore National Research Foundation: the interaction of the two halves (Oxford University and National University of Singapore) is described under the section on 'objectives' below.

We have conducted a comprehensive survey of related work and the state-of-the-art of security and privacy technologies in smart grid systems: this paper has been accepted by a leading journal. The field of smart grids - and particularly smart metering - is fast-moving, as such meters are now being widely deployed in many countries, and so real cyber attack incidents are starting to be seen. The paper is therefore an up-to-date and authoritative account of the topic.

In response to such emerging threats, the emphasis of the Oxford side of the project. has been informed by that survey, and focused on appropriate techniques for secure communications and data handling in smart grid networks. As a response to emerging threats, these technologies may contribute to the design of the next generation of devices ans services.

Smart meters are considered as foundational part of the smart metering infrastructure (SMI) in smart energy networks. A smart meter is a digital device that makes use of two-way communication between consumer and utility to exchange, manage and control energy consumption within a home. However, despite all the features, a smart meter raises several security-related concerns. For instance, how to exchange data between the legal entities (e.g., smart meter and utility server) while maintaining privacy of the consumer. To address these concerns, authentication and key agreement in SMI can provide important security properties that not only to maintain a trust between the legitimate entities but also to satisfy other security services. We developed a lightweight authentication and key agreement (LAKA) that enables trust, anonymity, integrity and adequate security in the domain of smart energy network. The proposed scheme employs hybrid cryptography to facilitate mutual trust (authentication), dynamic session key, integrity, and anonymity. We justify the feasibility of the proposed scheme with a test-bed using a 802.15.4 based device (i.e., smart meter). Moreover, through a security and performance analysis, we show that the proposed scheme is more effective and energy efficient compared to the previous schemes.

Developing this theme, in this field, identity-based mutual authentication including credential privacy without active involvement of a trusted third party is an important building block for smart grid technology. Recently, several schemes have been proposed for the smart grid with various security features (e.g., mutual authentication and key agreement). Moreover, these schemes are said to offer session key security under the widely accepted Canetti-Krawczyk (CK) security model. Instead, we argue that all of them are still vulnerable under the CK model. To remedy the problem, we present a new provably secure key agreement model for smart metering communications. The proposed model preserves the security features and provides more resistance against a denial of service attack. Moreover, our scheme is pairing-free, resulting in highly efficient computational and communication efforts.

The smart grid enables convenient data collection between smart meters and operation centres via data concentrators. However, it presents security and privacy issues for the customer. For instance, a malicious data concentrator cannot only use consumption data for malicious purposes but also can reveal life patterns of the customers. Recently, several methods in different groups (e.g., secure data aggregation, etc.) have been proposed to collect the consumption usage in a privacy-preserving manner. Nevertheless, most of the schemes either introduce computational complexities in data aggregation or fail to support privacy-preserving billing against the internal adversaries (e.g., malicious data concentrators). In our work, we propose an efficient and privacy-preserving data aggregation scheme that supports dynamic billing and provides security against internal adversaries in the smart grid. The proposed scheme actively includes the customer in the registration process, leading to end-to-end secure data aggregation, together with accurate and dynamic billing offering privacy protection.
Exploitation Route Our research on the state-of-the-art will be valuable to practitioners seeking an independent and thorough analysis of the technologies in use in this sector and their strengths and weaknesses. It will also be of use to other researchers pursuing similar projects, and to students seeking a primer in the area.
Sectors Digital/Communication/Information Technologies (including Software),Energy,Security and Diplomacy
 
Description This research is about some of the detailed technology used in securing communications in smart power grid systems, in particular smart metering. As a relativlely small number of such systems are deployed, and deployment is measured on decadal timescales, the expected impact is in contributions to a wider conversation about design priorities. Academic publishing is therefore of key importance to achieving impact in this research -- and we report here a number of publications, each of which is already quite widely cited. A key contribution to understanding is a tutorial/survey paper, with a large readership; the other papers propose new designs for security protocols in this sector. Early work leading to the survey paper highlighted areas of research need that, while still concentrating on smart grids security, diverged from the originally proposed methodology. Availablility of staff locally and changes in staffing in the Singapore collaborator on the project, meant that the approach originally proposed was not feasible, so in order to maximise the project impactr then approach and methodogies employed were slightly differnet from that anticipated.
First Year Of Impact 2018
Sector Manufacturing, including Industrial Biotechology
Impact Types Economic
 
Description Adjunct Professor at Griffith University, Queensland Australia 
Organisation Griffith University
Country Australia 
Sector Academic/University 
PI Contribution Andrew Martin has been appointed Adjunct Professor in the INSTITUTE FOR INTEGRATED AND INTELLIGENT SYSTEMS in Griffith University. He has visited twice, giving four research seminars so far, and undertaken a variety of research discussions - not yet leading to funded projects, but which are anticipated in future.
Collaborator Contribution Prof. Dong, who is a formal collaborator for the Smart Grid Security and Privacy project (the project was established in a joint call with Sinagpore; he is PI for that side of the project, at the National University of Singapore) now divides his time between Singapore and Griffith University, where he directs the Institute. He has facilitated this collaboration, and informally brings his research team there into the project.
Impact Four research seminars at Griffith University and, sponsored by Griffith, for the Queensland Government.
Start Year 2017
 
Description UK-Singapore Collaboration 
Organisation National University of Singapore
Country Singapore 
Sector Academic/University 
PI Contribution Our project was funded through a scheme for UK-Singapore collaboration, supported by EPSRC and Singapore National Research Foundation. We held several face-to-face meetings in Singapore, UK, and Australia, and the project researchers held regular teleconferences to discuss the research.
Collaborator Contribution Joint research on the flagship survey paper: the Singapore partners brought expertise on systems research and verification techniques. This joint vehicle for research helped to inform both our research on the Oxford side (in smart meter secure communications) and the Singapore team's work (on techniques for verification in such contexts).
Impact Kumar P, Lin Y, Bai G, Paverd A, Dong J, Martin A, (2019). Smart Grid Metering Networks: A Survey on Security, Privacy and Open Research Issues. IEEE Communications Surveys & Tutorials,
Start Year 2016