Concept for a cryptographic infrastructure for measurement components in smart grids

Similar documents
Securing Distribution Automation

Secure Machine to Machine Communication on the example of Smart Grids

Smart Grid Information Security

An Introduction to Cryptography as Applied to the Smart Grid

Information Security Basic Concepts

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Cryptography in Metrology

CRYPTOGRAPHY AS A SERVICE

How To Protect Your Network From Attack

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

DIN/DKE Roadmap GERMAN

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015

Savitribai Phule Pune University

Danske Bank Group Certificate Policy

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Information Security

Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1

Cyber Security Practical considerations for implementing IEC 62351

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

Security of smart grid communication protocols

Egyptian Best Practices Securing E-Services

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

Electronic Registration Identification (ERI)

Advanced Authentication

Defending the Internet of Things

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Information Security Standards in Critical Infrastructure Protection

A Draft Framework for Designing Cryptographic Key Management Systems

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Public-Key Infrastructure

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cloud security architecture

Data Protection: From PKI to Virtualization & Cloud

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240

SSLPost Electronic Document Signing

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

PRIME IDENTITY MANAGEMENT CORE

Secure SCADA Network Technology and Methods

Cyber Security and Privacy - Program 183

Safety and security related features in AUTOSAR

CPSC 467: Cryptography and Computer Security

SMKI Recovery Procedure

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

Future directions of the AusCERT Certificate Service

Strengths and Weaknesses of Cybersecurity Standards

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

Digital Signing without the Headaches

I N F O R M A T I O N S E C U R I T Y

Secure web transactions system

Key Management Interoperability Protocol (KMIP)

Computer and Network Security

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

I N F O R M A T I O N S E C U R I T Y

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Chapter 6 Electronic Mail Security

Network Security. Introduction. Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015

How To Encrypt Data With Encryption

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Cryptography and Key Management Basics

Snow Agent System Pilot Deployment version

How can the Future Internet enable Smart Energy?

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue

IT Networks & Security CERT Luncheon Series: Cryptography

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

Cyber Security for Protection Related Data Files

Consulting International

Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI)

White Paper How Noah Mobile uses Microsoft Azure Core Services

Chapter 1: Introduction

NEMA Standards Publication PS 3 Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Innovations in Digital Signature. Rethinking Digital Signatures

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder

2012 ISO TC46/SC4/WG11 N246

TELECOMMUNICATION NETWORKS

Secure Network Communications FIPS Non Proprietary Security Policy

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Design and Implementation of a Secure Online Lottery System

Transcription:

Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Concept for a cryptographic infrastructure for measurement components in smart grids Norbert Zisky Physikalisch-Technische Bundesanstalt Norbert Zisky 1

Physikalisch-Technische Bundesanstalt Braunschweig und Berlin 1887-2013 www.ptb.de Dr. Norbert Zisky Head of WG 8.52 Datacommunication and -security Projects INSIKA (Intergrated security concept for OPT) On-Board Metering Committees EMRP JRP14 WG4 METROLOGY Task Force Smart FOR Grid SMART ELECTRICAL GRIDS EG Privacy and Security Smart Grid Coordination Group Sub Group Information Security DKE 1911.11 Information security Norbert Zisky 2

Content EU-Commission and European standardization mandat M/490 CEN/CENELEC/ETSI Smart Grid Coordination Security concepts measurement and grid control Conclusions Norbert Zisky 3

Personal view Security and privacy aspects are not in the scope /in mind of metrology mostly but: there is a need on it Missing: EU directive for protection of smart grids General security concept for European smart grids Compared with the clear decission from 2012: connector for e-cars type 2!!! Norbert Zisky 4

EU Principles and Activities 3. Energy package Energy and Climate package 20/20/20 Vision 2. Strategic energy report Towards a secure, sustainable and competitive European energy network (Nov. 2008) Statements on Smart Grids Directive 2009/72/EC vom 13.07.2009 http://ec.europa.eu/energy/index_en.htm Norbert Zisky 5

Task Force Smart Grid Expert groups 1 Functionalities for Smart Grids 2 Regulatory recommendations for data safety, data handling and data protection 3 Roles and responsibilities of actors involved in the Smart Grids deployment Norbert Zisky 6

Mandate M/490 CEN/CENELEC/ETSI Standardization Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment Norbert Zisky 7

Struktur SGCG Norbert Zisky 8

Status M/490 SGCG Overview Framework Document Smart Grid Smart Grid Framework Document (SGCG_Sec0036_DC).pdf, p. 16 First Set of Standards SGCG_Sec_0042_DC - First set of standard (draft) V1 0.pdf, Oct, 2nd 2012, p. 204 Sustainable Processes Report WG SP_ver0 65 (SGCG_Sec0033_DC).pdf Aug, 8 th 2012 p. 84 Reference Architecture: SGCG - RAWG - Reference Architecture TR v2.0.pdf Aug, 8 th 2012 p. 96 Information Security M490-SGCG-SGIS-DRAFT-V0-7050.doc Oct, 31 st 2012, p. 46 Norbert Zisky 9

Standards, Standards. First Set of Standards draft: available in preparation CEN/CENELEC 85 39 ETSI 60 CEN 44 31 ITU 41 1 ISO 102 Sum 332!!!! 71 Norbert Zisky 10

Important Standards for SGIS IEC 61850-x-y IEC 62056-5-3 IEC 62443-x-y IEC 62351 IEC 15118-2 Substation automation Electricity metering DLMS/COSEM Security Security for industrial automation control systems Power systems data and communications security Vehicle-to-Grid Communication Interface ISO/IEC 19790 Security requirements for cryptographic modules Norbert Zisky 11

Development of security concepts Determine the system architecture Use case analysis Security analysis of the system environment Fixing security objectives/ security policiies Fixing security level Security concept and security services, organisational measures Fixing the residue risk Norbert Zisky 12

NIST logical reference model Source: NISTIR 7628 Guidelines for Smart Grid Cyber Security Norbert Zisky 13

Reference Architecture IEC TR 62357 Source: Final report of the CEN/CENELEC/ETSI JWG on Standards for Smart Grids, 2011-06-05, Fig. 9 Norbert Zisky 14

Security terms Authentication provision of assurance that a claimed characteristic of an entity is correct Confidentiality property that information is not made available or disclosed to unauthorized individuals, entities, or processes Integrity property of protecting the accuracy and completeness of assets Non-repudiation ability to prove the occurrence of a claimed event or action and its originating entities Availability property of being accessible and usable upon demand by an authorized entity Source: ISO/IEC 27000:2012 Norbert Zisky 15

Protection objectives and security measures protection objective confidentiality integrity authenticity non-repudiation availability identifikation security measures encryption Hash, MAC, signatures signatures signatures techn. measures, redundancy password, challenge response Use of signatures based on symmetric or asymmetric crypto systems are state of the art for high level security solutions Norbert Zisky 16

Security classes Level of security 1. Trusted by information theory 2. Strong cryptografy 3. Well investigated 4. Less investigated 5. Not open ( security by obscurity ) Norbert Zisky 17

Critical components and elements All sensors and actors which show the grid state or influence them e. g. : measurement devices, switches, controller, energy management systems, persons Thesis 1: a system is so strong only as it weakest link is distinction in protection classes is not optimal Thesis 2: Bigger grid areas can be disturbed by many small attacks to non important elements Thesis 3: The need for grid state information and the confidentiallity is opposite Thesis 4: Availability can not ensured by IT-security measures Norbert Zisky 18

Security concept approach End-to-End-Security on a functional level, Clear assignment of functions to components Data encryption if needed No pattern approval of distributed components Each component/each element has an unique identity at the same defined security level Main security requirement: Nobody has access to the secret elements!!! Norbert Zisky 19

Security concept smart grid end-to-end security process A in component X prozess B in component Y information source action CIA Information target reaction Norbert Zisky 20

Security concept realization System wide uniquie data elements, authenticated data exchange between processes with strong cryptography PDU (AES, ECDSA) Use of smart card or cryptocontroller Key management with PKI Data encryption with ECDH, TLS Security depends on crypto measures in general EU Certified CA and RA with unique policies for smart grid Norbert Zisky 21

Data modeling Syntax and semantic of meter data including signatures - all data objects should be identifiable individual e.g. OBIS-codes as a good approach - good experiences with coding (Basic Encoding Rules) - creating of hierachical data objects Data verification based on unique data models e. g. XML structures!! problems, if real time requirements Norbert Zisky 22

Data modeling example Signed_billing_data /A-XDR- coded sbd_type ::= SEQUENCE { billing_data billing_data_type billing_data_sig auth_data_type } billing_data_type ::= SEQUENCE { begin_cp date_time -- time start charging end_cp date_time -- time end charging counter_values SEQ. value_type -- meter values. meter_id VisibleString -- meter ID } auth_data_type ::= SEQUENCE { signature sig_type -- signature certificate_info certificate_info_type -- certificate identification } Norbert Zisky 23

Public key infrastructure Example Need for trusted systems Root-CA Controls Root-CA meters Root-CA Management CA controls manufacturer CA meter manufacturer DAS controls meter Controls certificates Meter certificates Norbert Zisky 24

DAS authorisiation for control linked with a meter control meter DAS Authorisation Request Authorisation Response control ID meter ID random number time control signature control authorisation request authorisation result +/- signature DAS time meter signature meter Norbert Zisky 25

Results of the EMRP project Task 4.4 Generic security concept Proposal for a cryptographic infrastructure Test PKI for measurement and control components First approach for an operational concept for trusted measurements Current work: Implementing and testing laboratory components Changing the security platform smart card secure complex microcontoller Norbert Zisky 26

Conclusion Many activities of the EU-Kommission for coordination of smart grids Important standardization mandates M/441, M/490 M/468 with special issues IT security Smart grids needs complete and system wide security concepts Sensors and actors have to support a end-to-endsecurity based on strong cryptographic measures and trusted infrastructures Norbert Zisky 27

Many Thanks! Norbert Zisky 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information