Concept for a cryptographic infrastructure for measurement components in smart grids

Transcription

1 Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Concept for a cryptographic infrastructure for measurement components in smart grids Norbert Zisky Physikalisch-Technische Bundesanstalt Norbert Zisky 1

2 Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Dr. Norbert Zisky Head of WG 8.52 Datacommunication and -security Projects INSIKA (Intergrated security concept for OPT) On-Board Metering Committees EMRP JRP14 WG4 METROLOGY Task Force Smart FOR Grid SMART ELECTRICAL GRIDS EG Privacy and Security Smart Grid Coordination Group Sub Group Information Security DKE Information security Norbert Zisky 2

3 Content EU-Commission and European standardization mandat M/490 CEN/CENELEC/ETSI Smart Grid Coordination Security concepts measurement and grid control Conclusions Norbert Zisky 3

4 Personal view Security and privacy aspects are not in the scope /in mind of metrology mostly but: there is a need on it Missing: EU directive for protection of smart grids General security concept for European smart grids Compared with the clear decission from 2012: connector for e-cars type 2!!! Norbert Zisky 4

5 EU Principles and Activities 3. Energy package Energy and Climate package 20/20/20 Vision 2. Strategic energy report Towards a secure, sustainable and competitive European energy network (Nov. 2008) Statements on Smart Grids Directive 2009/72/EC vom Norbert Zisky 5

6 Task Force Smart Grid Expert groups 1 Functionalities for Smart Grids 2 Regulatory recommendations for data safety, data handling and data protection 3 Roles and responsibilities of actors involved in the Smart Grids deployment Norbert Zisky 6

7 Mandate M/490 CEN/CENELEC/ETSI Standardization Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment Norbert Zisky 7

8 Struktur SGCG Norbert Zisky 8

9 Status M/490 SGCG Overview Framework Document Smart Grid Smart Grid Framework Document (SGCG_Sec0036_DC).pdf, p. 16 First Set of Standards SGCG_Sec_0042_DC - First set of standard (draft) V1 0.pdf, Oct, 2nd 2012, p. 204 Sustainable Processes Report WG SP_ver0 65 (SGCG_Sec0033_DC).pdf Aug, 8 th 2012 p. 84 Reference Architecture: SGCG - RAWG - Reference Architecture TR v2.0.pdf Aug, 8 th 2012 p. 96 Information Security M490-SGCG-SGIS-DRAFT-V doc Oct, 31 st 2012, p. 46 Norbert Zisky 9

10 Standards, Standards. First Set of Standards draft: available in preparation CEN/CENELEC ETSI 60 CEN ITU 41 1 ISO 102 Sum 332!!!! 71 Norbert Zisky 10

11 Important Standards for SGIS IEC x-y IEC IEC x-y IEC IEC Substation automation Electricity metering DLMS/COSEM Security Security for industrial automation control systems Power systems data and communications security Vehicle-to-Grid Communication Interface ISO/IEC Security requirements for cryptographic modules Norbert Zisky 11

12 Development of security concepts Determine the system architecture Use case analysis Security analysis of the system environment Fixing security objectives/ security policiies Fixing security level Security concept and security services, organisational measures Fixing the residue risk Norbert Zisky 12

13 NIST logical reference model Source: NISTIR 7628 Guidelines for Smart Grid Cyber Security Norbert Zisky 13

14 Reference Architecture IEC TR Source: Final report of the CEN/CENELEC/ETSI JWG on Standards for Smart Grids, , Fig. 9 Norbert Zisky 14

15 Security terms Authentication provision of assurance that a claimed characteristic of an entity is correct Confidentiality property that information is not made available or disclosed to unauthorized individuals, entities, or processes Integrity property of protecting the accuracy and completeness of assets Non-repudiation ability to prove the occurrence of a claimed event or action and its originating entities Availability property of being accessible and usable upon demand by an authorized entity Source: ISO/IEC 27000:2012 Norbert Zisky 15

16 Protection objectives and security measures protection objective confidentiality integrity authenticity non-repudiation availability identifikation security measures encryption Hash, MAC, signatures signatures signatures techn. measures, redundancy password, challenge response Use of signatures based on symmetric or asymmetric crypto systems are state of the art for high level security solutions Norbert Zisky 16

17 Security classes Level of security 1. Trusted by information theory 2. Strong cryptografy 3. Well investigated 4. Less investigated 5. Not open ( security by obscurity ) Norbert Zisky 17

18 Critical components and elements All sensors and actors which show the grid state or influence them e. g. : measurement devices, switches, controller, energy management systems, persons Thesis 1: a system is so strong only as it weakest link is distinction in protection classes is not optimal Thesis 2: Bigger grid areas can be disturbed by many small attacks to non important elements Thesis 3: The need for grid state information and the confidentiallity is opposite Thesis 4: Availability can not ensured by IT-security measures Norbert Zisky 18

19 Security concept approach End-to-End-Security on a functional level, Clear assignment of functions to components Data encryption if needed No pattern approval of distributed components Each component/each element has an unique identity at the same defined security level Main security requirement: Nobody has access to the secret elements!!! Norbert Zisky 19

20 Security concept smart grid end-to-end security process A in component X prozess B in component Y information source action CIA Information target reaction Norbert Zisky 20

21 Security concept realization System wide uniquie data elements, authenticated data exchange between processes with strong cryptography PDU (AES, ECDSA) Use of smart card or cryptocontroller Key management with PKI Data encryption with ECDH, TLS Security depends on crypto measures in general EU Certified CA and RA with unique policies for smart grid Norbert Zisky 21

22 Data modeling Syntax and semantic of meter data including signatures - all data objects should be identifiable individual e.g. OBIS-codes as a good approach - good experiences with coding (Basic Encoding Rules) - creating of hierachical data objects Data verification based on unique data models e. g. XML structures!! problems, if real time requirements Norbert Zisky 22

23 Data modeling example Signed_billing_data /A-XDR- coded sbd_type ::= SEQUENCE { billing_data billing_data_type billing_data_sig auth_data_type } billing_data_type ::= SEQUENCE { begin_cp date_time -- time start charging end_cp date_time -- time end charging counter_values SEQ. value_type -- meter values. meter_id VisibleString -- meter ID } auth_data_type ::= SEQUENCE { signature sig_type -- signature certificate_info certificate_info_type -- certificate identification } Norbert Zisky 23

24 Public key infrastructure Example Need for trusted systems Root-CA Controls Root-CA meters Root-CA Management CA controls manufacturer CA meter manufacturer DAS controls meter Controls certificates Meter certificates Norbert Zisky 24

25 DAS authorisiation for control linked with a meter control meter DAS Authorisation Request Authorisation Response control ID meter ID random number time control signature control authorisation request authorisation result +/- signature DAS time meter signature meter Norbert Zisky 25

26 Results of the EMRP project Task 4.4 Generic security concept Proposal for a cryptographic infrastructure Test PKI for measurement and control components First approach for an operational concept for trusted measurements Current work: Implementing and testing laboratory components Changing the security platform smart card secure complex microcontoller Norbert Zisky 26

27 Conclusion Many activities of the EU-Kommission for coordination of smart grids Important standardization mandates M/441, M/490 M/468 with special issues IT security Smart grids needs complete and system wide security concepts Sensors and actors have to support a end-to-endsecurity based on strong cryptographic measures and trusted infrastructures Norbert Zisky 27

28 Many Thanks! Norbert Zisky 28