Cryptographic key management design critical for AMI


Palo Alto, CA, U.S.A. — (METERING.COM) — March 8, 2013 – With the scale of the advanced metering infrastructure (AMI) being deployed, with potentially millions of endpoints having cryptographic security functionality, the cryptographic key management system to manage this significant design requires consideration of several design attributes and constraints, according to a new report from the Electric Power Research Institute’s cybersecurity team.

The incorrect implementation of cryptography may potentially result in the compromise of entire systems.

The report says the cryptographic key management system must provide for the adequate protection of cryptographic materials, as well as sufficient key diversity. That is, a smart meter, collector, or other power system device should not be subject to a break-once break-everywhere scenario, due to the use of one secret or private key or a common credential across the entire electric infrastructure. Each device should have unique credentials or key material such that compromise of one device does not impact other deployed devices. The cryptographic key management system must also support an appropriate lifecycle of periodic rekeying and revocation.

Two areas specific to cryptography are also critical for effective operation, the report notes. The first is ensuring that the cryptographic key strength across the various algorithms is comparable. The second is deprecation of various cryptographic algorithms and key sizes.

The report, “Cryptographic Key Management Design Principles for the Advanced Metering Infrastructure,” is intended for use by utilities as they design their cryptographic key management systems and/or work with vendors to design cryptographic key management systems.