Download A Smart Metering Scenario

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
Document related concepts
no text concepts found
Transcript 
A Smart Metering Scenario
Jorge Cuellar, Jan Stijohann, Santiago Suppan
Siemens AG
14. 05. 2013
Agenda
General Context: Smart Grid Security
 Common Terminology
Description of the Scenario Environment
 Case Overview
Tomorrow: Possible worst case scenarios
 Threat and Attack Analysis
2
General Context: Smart Grid Security I
Motivation
 70% of urban population will live in cities by 2050
 Current energy supply affected by:
• Blackouts
• Power overloads
• High costs
 Upcoming challenges:
• Distributed power supply
…Regenerative sources in many places
• Scarcity of resources
…Intermittent power supply
3
Properties of the Smart Grid
Self-monitoring
Auto-balancing
Self-Regulating
Efficient
Cost reducing
Those properties are necessary to cope with
the requirements of future power supply
 Energy is flowing in both directions
 Amount of energy must be carefully
controlled
 Incentives must be provided
• to consume / store energy
• only when production is high
• in real-time
4
Entities (Roles)
Energy Generators
Energy Suppliers
 Data Communication Network
 Network Gateway
 Energy Supply Server
Prosumer & Home Domain
 Smart Appliances
 Smart Meter
 (Wireless) Home Area Network
 Home Gateway
 Home Energy Management System
Meter Point Operator
5
Data Flow
REMS:
Remote device
for Control &
Usage Display
Energy
Generation („SA“)
ESS: Energy
Supplier Server
S&C
S&C
EMS:
Control &
Usage Display
BDF
Data
Energy
20°C
SA: Smart
Appliances SA: Thermostat
S&C
Vehicle
Charging
(„SA“)
ABD
Third
Parties:
PDD
Energy
Generator
etc
DCN
NG: NW
Gateway
Internet
HG: Home
Gateway
SA: TV
SA
BD
HAN: Home
Area
Network
ABD
Solar
SM: Smart Meter
TN: Transmission
Node
Raw BD
6
Data Flow
Raw BD (Raw Billing Data)
REMS
 All data related to energy
consumption, storage and
production
ESS
 Gathered by the SM
3P PDD
BD (Billing Data)
 Processed and stored by the
SM and the (local) EMS.
S&C
BDF
S&C
EMS
S&C
ABD
HG
TV
BD
DCN
NG
HAN
ABD
Solar
TN
Raw BD
SM
ABD (Aggregated Billing Data)
 Sent to the NG over the
public Data Communication
Network and forwarded to the
Energy Supplier
PDD (data for power generation
and distribution purposes)
 Aggregated by ES from ABD
of several households
 Purpose: usage forecasts for
certain sectors
7
Data Flow
BDF (Billing Data Feedback
Information)
 Every ± 5 minutes
 Users are informed
 Energy usage, generation
volume, costs, revenues, and
current rates
REMS
S&C
ESS
BDF
RS&C
S&C
ABD
HG
3P PDD
 View the smart appliances’
status
 Control of the Smart
Appliances or modification of
the energy management
policies
TV
BD
DCN
NG
HAN
ABD
S&C (Status and Control)
 Local logon to the EMS
EMS
Solar
TN
Raw BD
SM
RS&C (Remote S&C)
 Remotely logon to the EMS
 Using e.g., a cellular phone
or a remote PC
 From external hot spots (e.g.,
internet café)
8
Suggestions for Worst
Cases
Threat and Attack Analysis
Jorge Cuellar, Jan Stijohann, Santiago Suppan
Siemens AG
14. 05. 2013
Questions / Tasks
Assume a variety of home environments
 Some clever, some less clever devices
 Legacy and not legacy systems
 From a variety of vendors
Describe attackers & attacks in some detail:
 External attackers
 Insiders which are either malicious or careless
• Employees, family members, neighbours, installers, manufacturers
Identify security requirements
Identify security controls and measures to provide
 First line of defence
 Defence in depth or redundancies
10
1: Family with children
 Which information could
the attacker obtain?
• What can he deduce?
Possible weak point
…How many persons
live?
 Possible tracing?
• Combination of
information useful for
burglary or … ?
Attacker: insider / outsider
11
2: Smart Appliances
Which appliances are
“smart”?
What kind of information
(R/S&C) do they process?
What are the appliances’
functionalities?
Can a successful attack to
an appliance lead to a
compromise of the AMI?
Attacker: insider / outsider
12
3: Privacy
Initial assumption: all
communication is encrypted
 Possible to read / disclose /
etc. information regardless
of encryption?
 Time / Communication
Parties / Message length
etc., help disclose the
payload data?
 Possible to misuse insider
status (Prosumer / Energy
Supplier)?
Attacker: insider / outsider
13
4: Impersonation
 How to impersonate another
customer for accounting fraud?
 Possible to impersonate a
server?
 With which results?
X
Possible
impersonation
or
interference
Attacker: insider / outsider
14
5: Encryption & Key mgmt
Assume: Communication is
encrypted
 Possible to bypass the
communication
encryption?
Possible weak point
 Possible to extract keys or
to intercept key exchanges
or key updates?
 Possible to exploit
implementation
weaknesses at the
network / transport /
application layer?
 Possible to exploit insider
status?
Attacker: insider / outsider
15
6: Electric Mobility
Assumption: Electric
vehicles share an unique
vehicle ID
 Possible impersonation?
 Possible fraud?
uvID
uvID
 Possible tracing?
 Possible theft?
 …
Attacker: insider / outsider
16
Thank You!
Any questions?
eRise Challenge 2013
14. 05. 2013
REMS
S&C
ESS
S&C
BDF
EMS
S&C
ABD
3P
HG
PDD
TV
BD
DCN
HAN
NG
ABD
Solar
TN
Raw BD
SM
18
Related documents
Internet Safety Lesson - High Point University
Internet Safety Lesson - High Point University
New technologies By all accounts, nanotechnology – the science of
New technologies By all accounts, nanotechnology – the science of
A Guide to Creating an International Marketing Plan
A Guide to Creating an International Marketing Plan
Smart and Sustainable Manufacturing Call for Papers
Smart and Sustainable Manufacturing Call for Papers
11th ITU Symposium on ICT, Environment and Climate Change 21
11th ITU Symposium on ICT, Environment and Climate Change 21
Datasheet Pelton - Global Hydro Energy
Datasheet Pelton - Global Hydro Energy
Marketing planning - setting marketing objectives
Marketing planning - setting marketing objectives
pptx - Naimad Games
pptx - Naimad Games
Security challenges in the lighting use case
Security challenges in the lighting use case
Title: Communication & Marketing Manager Location
Title: Communication & Marketing Manager Location