Conference: World Meter Design Congress
Location: San Francisco, CA, USA
Presenter: Michael T. Garrison Stuber
Abstract: Presented by Michael T. Garrison Stuber at World Meter Design Congress

Security is a major concern for AMI solutions. For years, security was a non-issue. Most automated meter reading (AMR) systems did not provide any control capabilities, and the data, while rarely encrypted, was both obscure and anonymous enough that privacy was not a major concern. AMI solutions present a very different challenge. The integration of a remote disconnect switch and a home area network interface into the meter allow the AMI meter to interact with the home and even shut it off entirely. Security is now a critical issue in the design of new meters and new metering systems. This presentation will consider the key areas of information security including confidentiality, integrity, availability, authentication, authorization, and timeliness and explore how they apply to advanced metering. To provide more specific examples, the presentation will show how the C12.22 standard addresses, or, in some cases, fails to address, each of these security concerns; however, the security principles discussed apply to all advanced metering and smart grid solutions.

Outline

  • The presentation will review core security principles (confidentiality, integrity, availability, authentication, authorization, and timeliness) to provide a unified starting place. It will also review the anticipated threats to AMI systems.
  • The presentation will first examine confidentiality. It will specifically look at what transactions are truly private in an AMI system. It will also discuss the difference between privacy, a security objective, and encryption, a security tool. It will discuss the available algorithms, and discuss how C12.22 addresses it.
  • The presentation will next examine integrity, and why it is critical for AMI networks, including a discussion of how a breach of integrity could create public safety issues. It will discuss some possible cryptographic techniques, reviewing the advantages and disadvantages of each, and detail how it is handled in C12.22.
  • The presentation will then consider the challenges of availability, especially for networks in which physical control can not be assured.
  • The presentation will continue by focusing on authentication in AMI network. Authenticating messages is the heart of controlling an AMI network. Meters must know that command messages they receive are genuine. The presentation will discuss a variety of techniques, including hashes, authenticated encryption modes, and digital signatures. It will review how the C12.22 protocol supports authenticating messages, as well as offer some alternative approaches.
  • The presentation will briefly consider authorization, its role in an AMI system, and show how this is supported within C12.22
  • Finally, the presentation will consider how enforcing message timeliness can protect against replay attacks. Again, it will show how this is supported within C12.22
  • The presentation will conclude with a recap of critical security principles for AMI solutions.