IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

Similar documents
Privacy and Security in Smart Grids

IFIP World Computer Congress (WCC2010)

Smart Meter Security. Martin Klimke, Principle of Technical Marketing Infineon Chip Card and Security

Verwendung der sicheren BSI Smart Metering Infrastruktur für Anwendungen aus der Wohnungswirtschaft und gewerbliche Liegenschaften

Protection Profile for the Gateway of a Smart Metering System Combining privacy protection with security for the grid

SMARTMETER. A technological overview of the German roll-out. Peter Hasse. 28. Dec 2012

Secure automotive on-board networks

josef A Java-Based Open-Source Smart Meter Gateway Experimentation Framework

Smart Gas Metering in Germany.

Lecture Embedded System Security Introduction to Trusted Computing

NIST Compliance Controls

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

New Security Features in DLMS/COSEM

Security analysis of Dutch smart metering systems

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Communication Concept for Smart Metering, Smart Grid and Home Automation

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

*NSTAC Report to the President on the Internet of Things.

Lecture Embedded System Security Introduction to Trusted Computing

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Markus Bartsch. German Smart Metering and European Privacy Needs

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Trusted Computing Group

Security Architecture of Smart Metering Systems

The Smart Grid Security Innovation Alliance. John Reynolds October 26, 2011 Cambridge, Massachusetts

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Applications of Attestation:

Lecture Embedded System Security Introduction to Trusted Computing

Architecture and Development of Secure Communication Solutions for Smart Grid Applications

Windows 10 IoT Core Azure Connectivity and Security

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

The German IT Security Certification Scheme. Joachim Weber

Cisco Secure Boot and Trust Anchor Module Differentiation

Windows IoT Security. Jackie Chang Sr. Program Manager

Digitalization in the Energy Market Test Technology for the Electricity Market 2.0

A Review on Black Hole Attack in MANET

TPM v.s. Embedded Board. James Y

Update on Smart Grid Deployment in the EU. Dr.-Ing. Manuel Sánchez Jiménez Team Leader Smart Grids Directorate General for Energy European Commission

Server side management system for multiple IoT terminals in industrial systems

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

MASP Chapter on Safety and Security

Link Security Considerations in the. Enterprise

Monitoring and Managing IIoT Security

29th Feb 2012, Embedded World Conference 2012, Nuremberg, Germany. Communication Solutions for Smart Gas Meters and Energy Efficient Embedded Services

Intelligent measuring systems Smart Meter Gateway CONEXA

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Trusted Platform for Mobile Devices: Challenges and Solutions

Security and Privacy Issues In Smart Grid

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

IT SECURITY IN CONTEXT OF INDUSTRIE 4.0 PROTECTION OF PRODUCTION DATA

Solution Overview Vectored Event Grid Architecture for Real-Time Intelligent Event Management

Security+ SY0-501 Study Guide Table of Contents

DICE: Foundational Trust for IoT

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

Security Architecture of Smart Metering Systems

EXTERNALLY VERIFIABLE CODE EXECUTION

Trusted Computing Today: Benefits and Solutions

Trusted Platform Modules Automotive applications and differentiation from HSM

ISAO SO Product Outline

the SWIFT Customer Security

Connecting Securely to the Cloud

Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification

Lecture Embedded System Security Trusted Platform Module

OGEMA Technology in Brief How OGEMA works and what it can do for you

Survivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee*

Trusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008

Cryptography and Network Security Chapter 1

Remote Control not only, but also for Energy Distribution Systems. Dr. Dietmar Gollnick CEO e*message Group CMA Spring Meeting 2016

Orange Smart Cities. Smart Metering and Smart Grid : how can a telecom operator contribute? November

WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices

Scalable Security solutions to enable Cyber Security and to manage Digital Identities

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG

Cryptography and Network Security

Afilias DNSSEC Practice Statement (DPS) Version

Intel Software Guard Extensions

Cyber security for digital substations. IEC Europe Conference 2017

Comprehensive Cyber Security Features in SIPROTEC & SICAM. SIPROTEC Dag 11. Mei 2017

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Hypervisor Security First Published On: Last Updated On:

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

Defenses against Wormhole Attack

Holistic view on security as foundation for trust and innovation in new energy markets

Verizon Software Defined Perimeter (SDP).

Innovation policy for Industry 4.0

Trusted Network Access Control Experiences from Adoption

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Security and Privacy in Car2Car Adhoc Networks

Trusted Computing Special Aspects and Challenges

CIS Controls Measures and Metrics for Version 7

German OWASP Day 2016 CarIT Security: Facing Information Security Threats. Tobias Millauer

DELVING INTO SECURITY

fulfils all requirements for high protection of the criteria catalogue The appendix is part of the certificate and consists of 5 pages.

Intel s s Security Vision for Xen

Security Risks of an Advanced Metering Infrastructure

CIS Controls Measures and Metrics for Version 7

Introduction to Device Trust Architecture

CardOS Secure Elements for Smart Home Applications

TNC EVERYWHERE. Pervasive Security

Transcription:

IDACCS Wireless 2014 Integrity protection in a smart grid environment for wireless access of smart meters Prof- Dr.-Ing. Kai-Oliver Detken DECOIT GmbH Fahrenheitstraße 9 D-28359 Bremen URL: http://www.decoit.de E-Mail: detken@decoit.de

Table of Contents Motivation National project SPIDER Smart meter scenario Threat analysis and Trusted Computing approaches STRIDE TPM and TNC TCN Device integrity in smart grids Wireless security in smart grids Conclusions

Motivation and smart meter scenario

Motivation Changes of the energy market Fluctuating decentralized energy generation versus stability Consideration of different interests Intelligent regulated energy grids German law EnWG 21 postulates intelligent systems Intelligent Secure Critical infrastructure has to be secure Personal allowance data has to be protected Creation of trust by security mechanisms is important The German Federal Office for Information Security (BSI) defines security requirements and specification for critical infrastructure

National research project SPIDER Secure Power-line Data communication within intelligent energy grids (SPIDER) 2 years project of ZIM (BMWi) Lifetime: 1st March 2013 till 28th February 2015 Budget: 1.2 million Euro Project goal: Development and BSI certification of a Smart Meter Gateway (SMGW) Website: www.spider-smartmetergateway.de Partners: Industrial partners: DECOIT GmbH, devolo AG (project leader) Academicals: University of Applied Sciences of Bremen, Fraunhofer FOKUS, University of Siegen Associated partners: Maxim Integrated, datenschutz cert Energy providers: Vattenfall, RWE

Smart meter scenario (1)

Smart meter scenario (2) Local Metrological Network (LMN): SMs for various commodities (e.g. electricity, gas and water) are connected with the SMGW through the LMN. Home Area Network (HAN): Controllable local systems (CLS, e.g. local solar power plants) are connected through the SMGW via the HAN. Utilizing the SMGW as proxy, CLSs can be controlled by external entities (e.g. solar power plant vendors for maintenance). The consumer can interact with the SMGW across the HAN to access the measurement data gathered by its SMs. A service technician is able to readout SMGW system events for troubleshooting purpose through the HAN connection. Wide Area Network (WAN): The GWA is able to interact with a SMGW through the WAN for management purpose. The SMGW may also communicate measurement data to authorized external entities via the WAN.

Threat analysis and Trusted Computing approaches

Threat categories The BSI defined three categories of security threats based on the described SMGW scenario Disclosing data of the infrastructure by data collection Manipulation of data of the SMGW by fraud or disruption Alteration and control of involved systems (e.g. CLS, SMGW) Motivation for attackers Attacker from the WAN interface high motivation (external person) Attacker from the HAN interface small motivation (energy customer)

STRIDE approach STRIDE approach - further analysis after security requirements STRIDE = Spoofing, Tampering, Repudiation, Information disclosure, Denial of service und Elevation of privilege Using STRIDE additional threats were discovered (e.g. in the class of tampering and Denial of service) From BSI s point of view, integrity can be established by a hardware seal only However, solutions exist in Trusted Computing to recognize and control these threads more effectively

Trusted Computing (TC) of TCG Trusted Platform Module (TPM) Hardware-based identity (hardware trust anchor, Root of Trust) Integrity measurement of hard- and software Trusted boot process (Trusted Boot) Trusted Network Connect (TNC) System integrity validation (remote attestation) Can be used for authentication and monitoring

Trusted Core Network (TCN) TCN is a hardware-based approach from Fraunhofer SIT to enable device identity and integrity checks in a distributed environment Each endpoint device checks its next neighbors Splitting of security and functional communication TPM should be used to build a TCN with help of Secure storage for cryptographically keys and device status information Random number generator Signature calculation with the chip directly Authentic attestation of the device status TPM has a EAL-4+ certification and Common Criteria EAL-5 certification for the chip design

Goals of the Trusted Core Network Distributed, redundancy control (peer-to-peer) Avoid the distribution of malware Monitoring with fast alarms Protection of confidential data Secure and efficient management processes

TCN architecture The core of TCN is the Trusted Neighborhood Discovery (TND) protocol It provides an extended link-layer network discovery protocol for anomaly detection TND enables the verification of the integrity of software and hardware states of adjacent devices When TND is integrated into industrial devices to operate inside industrial back-end networks, it is initiated by the reception of a trigger message from the neighboring device Additionally, periodically re-launching the attestation procedure with all devices in the neighborhood provides fresh information To avoid Denial of service attacks, the network components are restricted to a valid identity key and a minimum timeout, which is verified before any incoming message is further processed

Device integrity in smart grids

SMGW integrity (1) Securing of the hardware Passive sealing of the SMGW box (defined by BSI) Electronical sensor for box opener Tamper resistant grid for some components Securing of the basis integrity Use of Secure Boot and Root of Trust in combination The boot process is organized as a list of bootstrap modules The first module in this list is the Root of Trust, which is protected by hardware

SMGW integrity (2) Boot process with Secure Boot The Root of Trust holds a reference to the next boot stage, the basic boot loader (bootstrap module n) Before this module is loaded, the boot loader is verified against a known signature by the Root of Trust, using a configured fixed public key Only if the signature of the boot loader is valid, it is loaded The boot loader continues the boot process and verifies the system s hardware integrity (e.g. state of the tamper resistant grid and the chassis) Additionally, it verifies the operating system software using a known signature and the corresponding public key

SMGW integrity (3) Boot process with Secure Boot If the signature is correct, the operating system is loaded and in turn may verify additional software (bootstrap module n+1) by using known signatures and public keys As soon as the verification fails, the boot process is interrupted and the system returns to a secure state, if system recovery is not possible In this case a secure state is a reboot loop System recovery is possible due to a second partition, which contains a duplicate firmware

SMGW integrity (4) Boot process with Secure Boot As long as the boot loader is verified correctly, it is possible to load the firmware from the second partition, if the firmware from the first partition is compromised Only if both firmware versions are compromised, the reboot loop is entered This ensures that a SMGW is only in use, if the initial boot process was trustworthy

Wireless security in smart grids

Use of wireless communication Within smart grids, the goal of using wireless communication is to connect a large number of low-level endpoints such as sensors (e.g. smart meters) to a fewer number of high-level endpoints mainly Furthermore, mesh networks or mobile ad-hoc networks can provide high redundancy in communication routes, highly dynamic infrastructures and fast redress processes in the case of failures Thus, wireless communication can be expected to be part of the new communication infrastructures for the smart grid

M-Bus possibilities for smart grids Within a smart grid environment the SMGW has to use the wireless M-Bus (Meter-Bus) interface That includes the following new possibilities: The data (e.g. heat consumption) are read out electronically At one single cable, which connects to a building controller, all consumption meters of a housing unit can be attached All meters are individually addressable Apart from the availability of the data at the controller a remote reading is possible

Wireless communication risks But dynamic wireless and ad-hoc networks include new security issues Additionally, for the protection of the traffic one main attack vector is the routing information, which can be manipulated Wireless devices in smart grids are built into places which often do not belong to and are not accessible by the company that owns them (e.g. consumer home) The heterogenic environment of mixed-level devices increases the security risks, because low-level devices may not be as protected as high-level devices due to lower computing capacity or energy consumption matters

Building a trust zone During the connection of the SMGW to the smart meters, the SMGW has to assume that the meters and connections are trustful With the use of the TCN approach as described before a trustworthy status of the SMGW and its smart meters can be reached The solution: a trusted smart grid zone can be setup from the metering point to the gateway administrator to beware manipulations and the privacy of the transmitted data

Conclusions

Conclusions Integrity measurement and remote attestation is important Enhancement of the security of the SMGW Improvement of the authenticity of data Secure Boot enables basis integrity It is possible to setup a trust chain with TNC Integrity verification is also applied at runtime TCN approach includes the smart meters Smart Meters with TPM chip are able to check each other A trusted smart grid zone can be established BSI specifications do not mention similar solutions!

Thank you for your attention! DECOIT GmbH Fahrenheitstraße 9 D-28359 Bremen http://www.decoit.de info@decoit.de

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback