Some homes already have these new devices but by 2018 they must be installed in all homes due to existing regulations. In this new environment in which there will be millions of smart meters, electricity suppliers are placing special emphasis on cybersecurity, given that they open new vectors of attack different to those of traditional meters:
- Digitally cutting off the electrical supply of an individual, a group, or an industry.
- Stopping the service of the smart meter through a denial-of-service attack, thus preventing electricity operators from recording consumption data.
- Obtaining data from smart meters in order to sell them or reap financial benefits from the use thereof.
- Altering consumption data using eavesdropping and man-in-the-middle techniques.
These new devices, capable of sending consumption data to the operator, can also be controlled remotely. As such, a potential attacker may turn off the meter from a computer, thus leaving the victim without electricity. It would be possible to cut off the electricity supply of an individual, of a neighbourhood, but what would be the financial loss for an industrial production company for a few hours without electricity? Traditional attacks such as extortion would also be feasible when an attacker gains remote control of the smart meter supplying an industrial company and requests an amount of money to stop the denial of electricity supply.
Another aspect to bear in mind is the privacy of citizens. We are increasingly used to sharing our information on social media, but the data that we store in smart meters are very interesting and our outside of the citizen’s control. Large companies and manufacturers are very interested in this information since they will be able to define a consumer’s profile and offer more targeted and advantageous products and/or services. We must also bear in mind that those interested in our data could discover the habits of an individual and/or family and, as such, someone who wishes to burgle our homes would have privileged information to commit this crime.
Another example is the digitalisation of fraud; this continues to be carried out traditionally throughout the electricity network (for example, diverting the flow of electricity from a lamppost). However, if the digital meter had vulnerabilities that could be exploited, fraud could be carried out digitally, with the possibility of the attack being extended, more than just to a single meter, to a complete series of meters, since they would all have the same weakness.
In this regard, it is essential for the digital meter to have physical securing mechanisms in order that, along with software safeguards, it will be difficult for the attacker to manipulate it.
Electricity companies and manufacturers are solving the physical issue by sending events to the control centre. An example of these events is when the casing of the meter is manipulated, the control centre is notified of this act through a notice sent by the affected meter. The joint development of physical-logical safeguards against multi-vector attacks (of physical and logical origin) should therefore be highlighted.
Single-phase smart meter
The meter, physically located, as a general rule, inside the building (in the home), is connected to the concentrator, located in transformer substations, and the latter, in turn, is connected to the control centre. This forms the generic architecture of communications between the meter, the concentrator and the control centre.
Connection architecture of the smart network
In Spain the protocols used between the smart meter and the concentrator are, basically, PRIME along with DLMS and Meters and More. Once the data are in the concentrator they are usually sent to the Control Centre through web services, although they may use another type of communications technology.
The vulnerable points of the infrastructure are the access points (the digital meter-concentrator combination) and the network itself. Encryption techniques are key for safeguarding this infrastructure. In an environment where the system’s capabilities are limited in terms of space, processing capacity, etc., compared with the IT infrastructure that we know, encryption is not a trivial issue.
Manufacturers, under the requirements of electricity companies, must establish security strategies that are interoperable so that meters and concentrators may communicate with each other securely with encryption patterns that can be understood by each other; furthermore, the characteristics of the environment, in which millions of devices from different manufacturers coexist, must be taken into account. The dilemma in this type of infrastructure is deciding what type of encryption to use:
- Symmetric encryption: No additional infrastructure is required, installation is very quick, but it has the problem of key distribution.
- Asymmetric encryption: It requires PKI, it provides greater security, but key management with millions of devices is very complicated.
Using asymmetric encryption to encrypt data between the smart meter and the concentrator is very challenging, since each meter should have its own digital certificate and this would make it difficult to manage due to the high amount of devices installed.
Moreover, if symmetric encryption is used, the smart meter should have a secure element for storing this key and the concentrator should have the key of all meters, but the main question is, how are these keys distributed? Let’s not forget that the greatest difficulty in symmetric encryption in architecture such as this is the distribution of keys and, therefore, it would be necessary to establish very robust security protocol throughout the value chain, that is, from the manufacturing of smart meters until they are installed in field, with the key being introduced in the secure element.
As well as the difficulty of managing keys, we must mention that more keys are planned to be introduced for each device for extra aspects of management and control; as such, we are talking about management of two or three times more keys than elements. Given these options, electricity companies, to secure their system, must decide on what level of encryption they will be able to deploy in the last mile. The winning option at this moment in time for communication between meters and concentrators is symmetric encryption.
In the communication between the concentrator and the control centre, the former acts as a small computer capable of transmitting data in n TCP/IP protocols, and, therefore, the use of digital certificates is carried out much more naturally. Furthermore, we must add that the amount of concentrators is much lower than that of meters (around 500 meters per concentrator).
The current major electricity suppliers have been working for a long time to deal with the challenges that have been caused by encryption. If both types of encryption were combined, the final architecture would be as follows:
Encryption systems architecture
As an example of the application of these encryption architectures, the PRIME/DLMS combination is assessing the possibility of incorporating various keys both into meters and into concentrators; the latter would also store a digital certificate so it could communicate securely with the backend (control centre) governed by an HSM (Hardware Security Module). As such, asymmetrical encryption would secure the system communication. However, and as was highlighted previously, the management of millions of keys could be costly to the supplier and it is something to bear in mind in future deployments.
As such, in the next deployments we will see in action a secure and robust system of devices connected by a digitally secured network. However, the question is not only whether or not the last mile is secure when the abovementioned measures are applied, but whether this security can really be managed productively in light of the aforementioned factors: mass deployment of new devices, different encryption methods and millions of keys in use.