Andrew J. Paverd

Hardware Security for Device Authentication in the Smart Grid

Secure communication between devices is a key aspect of smart grid security. In the future smart home environment, various smart devices, appliances and energy management systems will communicate with each other via the home network. In order to achieve mutual authentication, each device will have a private cryptographic key which must be protected against theft or misuse. Current mechanisms for protecting such keys exist but generally require interaction with the user. This makes them unsuitable for the smart grid context due to the high degree of automation involved in the smart grid. To address this challenge, we have designed, implemented and tested a system that provides hardware security for device private keys using Trusted Computing technologies. Using DRTM late-launch functionality, our system ensures that the private key is only available within a protected trusted environment on a specific device. Preliminary implementation and testing has demonstrated that our system can operate successfully in unattended environments such as the smart grid.

Security and Privacy in Smart Grid Demand Response Systems

Various research efforts have focussed on the security and privacy concerns arising from the introduction of smart energy meters. However, in addition to smart metering, the ultimate vision of the smart grid includes bi-directional communication between consumers and suppliers to facilitate certain types of Demand Response (DR) strategies such as demand bidding (DR-DB). In this work we explore the security and privacy implications arising from this bi-directional communication. This paper builds on the preliminary work in this field to define a set of security and privacy goals for DR systems and to identify appropriate and realistic adversary models. We use these adversary models to analyse a DR-DB system, based on the Open Automated Demand Response (OpenADR) specifications, in terms of the security and privacy goals. Our analysis shows that whilst the system can achieve the defined security goals, the current system architecture cannot achieve the privacy goals in the presence of honest-but-curious adversaries. To address this issue, we present a preliminary proposal for an enhanced architecture which includes a trusted third party based on approaches and technologies from the field of Trusted Computing.

Privacy-enhanced bi-directional communication in the Smart Grid using trusted computing

Although privacy concerns in smart metering have been widely studied, relatively little attention has been given to privacy in bi-directional communication between consumers and service providers. Full bi-directional communication is necessary for incentive-based demand response (DR) protocols, such as demand bidding, in which consumers bid to reduce their energy consumption. However, this can reveal private information about consumers. Existing proposals for privacy-enhancing protocols do not support bi-directional communication. To address this challenge, we present a privacy-enhancing communication architecture that incorporates all three major information flows (network monitoring, billing and bi-directional DR) using a combination of spatial and temporal aggregation and differential privacy. The key element of our architecture is the Trustworthy Remote Entity (TRE), a node that is singularly trusted by mutually distrusting entities. The TRE differs from a trusted third party in that it uses Trusted Computing approaches and techniques to provide a technical foundation for its trustworthiness. A automated formal analysis of our communication architecture shows that it achieves its security and privacy objectives with respect to a previously-defined adversary model. This is therefore the first application of privacy-enhancing techniques to bi-directional smart grid communication between mutually distrusting agents.

Personal PKI for the Smart Device Era

As people use an increasing number of smart devices for their everyday computing, it is surprising that these powerful, internet-enabled devices are rarely connected together to create personal networks. The webinos project is an attempt to make this possible so that resources can easily be shared between devices, regardless of the operating system or network they are using. However, increased connectivity raises a number of security and privacy issues, and in this paper we introduce a public key infrastructure designed to be suitable for personal computing across multiple devices. We recognize the need for our PKI to work on both mobile and home networks, use existing online user identities and take into consideration the different interaction styles found on smart devices in different form factors. We propose a set of principles for personal key infrastructures, describe our implementation and outline how it mitigates common threats and issues.

Characteristic-based security analysis of personal networks

The Personal Network (PN) is a logical network of interconnected components used by an individual. It encompasses the home network, the Personal Area Network (PAN), and the Vehicular Area Network (VAN) and includes cloud-based services. Previous security analyses, including ITU-T Recommendation X.1111, have focussed on the individual physical networks rather than the PN itself. By consolidating and structuring previous work, we propose an updated and enhanced security analysis for the PN. In our characteristic-based approach we identify the primary characteristics of the PN and its components and use these to develop an abstract PN asset model. From this, we derive the main attacker objectives and a list of attack vectors through which these could be achieved. We propose a mapping between the attack vectors and the PN component characteristics that can be used to determine the specific attacks to which a particular component is vulnerable. In this paper, we present a summary of this analysis and discuss its usage.