Fast and Scalable Authentication in Energy Delivery Systems

s
Industry Collaborators: 
  • San Diego Gas and Electric
  • Automatak
  • SCTE•ISBE Energy Management Program
  • Waterfall Security
  • General Electric
Summary Statement: 

In the envisioned smart grid, massive numbers of computational devices will need to authenticate to each other. Adding smartness in other domains of EDS creates similar challenges. In the domain of the Internet of Computers, such authentication would rely on a public key infrastructure (PKI), which uses X.509 certificates to give unique identity to all devices. However, deploying cryptography on an entity population this large—and doing the kinds of things we envision the smart grid doing—raises many scalability challenges the community will need to address. There is also a need to validate other cryptographic solutions that could be potential replacements for standard PKI.

This activity is a joint collaboration between the CREDC teams at the University of Illinois and Dartmouth.

Energy Delivery System (EDS) Gap Analysis: 

With the power grid and other EDS becoming increasingly smart, we are seeing these systems being augmented with massive numbers of computational devices which will communicate with each other. These communications will be important to overall system security and reliability. Consequently, it is important to consider the security of these communications: e.g., authentication of senders and receivers; integrity of messages; and (where appropriate) confidentiality of messages.

For a simple example of what could go wrong just in one corner of EDS, consider a smart grid with smart home appliances and smart home charging stations for electric vehicles.

  • What happens if the appliances all receive forged messages announcing near-zero electricity prices,
  • or if 50% of the charging stations appear to simultaneously tell the grid they are about to start charging
  • or if all the home gateways of a certain type appear to simultaneously tell the appliances they control to turn on?

Adding this smartness increases the attack surface—and thus creates the need for fast and scalable authentication for these devices.

We began by considering the consumer-side smart grid, but are already moving into other domains of EDS.   In ongoing discussions with industry partners, we are also looking at other aspects of “scalable”—including computation and communication overhead.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
Our activity primarily addresses the strategy “Develop and Implement New Protective Measures to Reduce Risk.”  Authenticating communications between the field devices and the control center adds a layer of depth in the system thereby making it harder for an attacker to control end devices to perform actions like relay open/close. This reduces risk in the system and allows for secure operation with marginal overhead.

Our activity also supports the strategies “Assess and Monitor Risk” and “Manage Incidents” by exploring security for the communications that make those strategies possible.   Our exploration of sound cryptography and key-related techniques also supports the “Build a Culture of Security” strategy.

More Information: 
Status of Activity: 
Active