jaseg/master-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ma: Fixup citations, improve some paragraphs

Browse source
This commit is contained in:
jaseg 2020-05-26 18:52:41 +02:00
parent dbb94996ba
commit 2f2cb339b6
2 changed files with 87 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

61
ma/safety_reset.bib
View file

@ -33,15 +33,15 @@
booktitle={Black Hat conference},
year={2014}
}
@online{bnetza1,
author = {Bundesnetzagentur},
publisher = {Bundesnetzagentur},
title = {Smart Meter},
url = {https://web.archive.org/web/20190919100204/https://www.bundesnetzagentur.de/DE/Sachgebiete/ElektrizitaetundGas/Verbraucher/NetzanschlussUndMessung/SmartMetering/SmartMeter_node.html},
urldate = {2019-09-19},
year = {2019}
}
@Online{bnetza1,
author = {{German Government Bundesnetzagentur}},
title = {Smart Meter},
url = {https://web.archive.org/web/20190919100204/https://www.bundesnetzagentur.de/DE/Sachgebiete/ElektrizitaetundGas/Verbraucher/NetzanschlussUndMessung/SmartMetering/SmartMeter_node.html},
urldate = {2019-09-19},
publisher = {Bundesnetzagentur},
year = {2019},
}
@Online{bmwi1,
author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik} and {Bundesministerium f{\"u}r Wirtschaft und Energie}},
@ -1273,6 +1273,7 @@
}
@Misc{ukgov01,
author = {{UK Department for Business, Energy and Industrial Strategy}},
date = {2018},
title = {Smart Metering Implementation Programme Progress Report for 2018},
url = {https://www.gov.uk/government/publications/smart-metering-implementation-programme-progress-report-2018},
@ -1281,15 +1282,16 @@
}
@Misc{ukgov02,
date = {2014},
title = {Smart Metering Implementation Programme: Smart Metering Equipment Technical Specifications},
url = {https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/381535/SMIP_E2E_SMETS2.pdf},
urldate = {2020-05-18},
version = {1.58},
institution = {UK Department of Energy and Climate Change},
author = {{UK Department of Energy and Climate Change}},
date = {2014},
title = {Smart Metering Implementation Programme: Smart Metering Equipment Technical Specifications},
url = {https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/381535/SMIP_E2E_SMETS2.pdf},
urldate = {2020-05-18},
version = {1.58},
}
@Misc{ukgov03,
author = {{UK Department for Business, Energy and Industrial Strategy}},
date = {2016},
title = {Smart Meter Rollout Cost-Benefit Analysis Part I},
url = {https://ec.europa.eu/growth/tools-databases/tris/cs/index.cfm/search/?trisaction=search.detail&year=2017&num=350&iLang=EN},
@ -1552,4 +1554,33 @@
year = {1996},
}
@Misc{ukgov04,
author = {{UK Department for Business Energy and Industrial Strategy}},
date = {2019},
title = {Smart Meter Statistics Quarterly Report to end March 2019},
urldate = {2020-05-26},
url = {https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/804767/2019_Q1_Smart_Meters_Report.pdf},
}
@Misc{bnetza02,
author = {{German Government Bundesnetzagentur}},
date = {2018},
title = {Monitoring Report 2018},
urldate = {2020-05-26},
url = {https://www.bundesnetzagentur.de/SharedDocs/Downloads/EN/BNetzA/PressSection/ReportsPublications/2019/MonitoringReport2019.pdf},
}
@Article{borkar01,
author = {Borkar, Shekhar},
date = {2005},
journaltitle = {IEEE Micro},
title = {Designing reliable systems from unreliable components: the challenges of transistor variability and degradation},
number = {6},
pages = {10--16},
volume = {25},
journal = {Ieee Micro},
publisher = {IEEE},
year = {2005},
}
@Comment{jabref-meta: databaseType:biblatex;}

79
ma/safety_reset.tex
View file

@ -95,6 +95,7 @@
\chapter{Introduction}
%FIXME: sprinkle this section with citations.
Like in all fields of engineering there is an ongoing diffusion of information systems into industrial control systems
in the power grid. Automation of these control systems has been practised for the better part of a century already.
Until recently this automation was mostly limited to core components of the grid. Generators in power stations are
@ -121,8 +122,9 @@ To match this new landscape of decentralized generation and unpredictable renewa
had to adapt itself in major ways. One aspect of this adaption that is particularly visible to ordinary people is the
computerization of end-user energy metering. Despite the widespread use of industrial control systems inside the
electrical grid and the far-reaching diffusion of computers into people's everyday lifes the energy meter has long been
one of the last remnants of an offline, analog time. Until the 2010s many of the world's households were still served
through electromechanical Ferraris-style meters that have their origin in the late 19th century. % FIXME citation.
one of the last remnants of an offline, analog time. Until the 2010s many households were still served through
electromechanical Ferraris-style meters that have their origin in the late 19th
century\cite{borlase01,ukgov04,bnetza02}.
Today under the umbrella term \emph{Smart Grid} the shift towards fully computerized, often networked meters has been
partially accomplished. The roll out of these \emph{Smart Meters} has not been very smooth overall with some countries
@ -141,9 +143,9 @@ A remotely exploitable flaw inside a smart meter's firmware\footnote{
one in Germany. For clarity in this introductory chapter we use \emph{smart meter} to describe the entire system at
the customer premises including both the meter and a potential gateway.
} could have consequences ranging from impaired billing
functionality to an existential threat to grid stability. A coördinated attack on meters in a country where load
switches are common could at worst cause widespread activation of grid safety systems by repeatedly connecting and
disconnecting megawatts of load capacity in just the wrong moments.
functionality to an existential threat to grid stability\cite{anderson01,anderson02}. A coördinated attack on meters in
a country where load switches are common could at worst cause widespread activation of grid safety systems by repeatedly
connecting and disconnecting megawatts of load capacity in just the wrong moments\cite{wu01}.
Mitigation of these attacks through firmware security measures is unlikely to yield satisfactory results. The enormous
complexity of smart meter firmware makes firmware security extremely labor-intensive. The diverse standardization
@ -392,16 +394,17 @@ customers in situations where that was not previously economically possible\foot
To the customer the utility of a smart meter is largely limited to the convenience of being able to read it without
going to the basement. In the long term it is said that there will be second-order savings to the customer since
electricity prices adapting to the market situation along with this convenience will lead them to consume less
electricity and to consume it in a way that is more amenable to utilities, both leading to reduced cost. % FIXME citation
electricity and to consume it in a way that is more amenable to utilities, both leading to reduced
cost\cite{borlase01,bmwi03,anderson02}.
Traditional Ferraris counters with their distinctive rotating aluminium disc are simple electromechanical devices. Since
it does not include any failure-prone semiconductors or other high technology a cheap Ferraris-style meter can easily
last decades. In contrast to this, smart meters are complex high technology. They are vastly more expensive to develop
in the first place since they require the development and integration of large amounts of complex, custom firwmare. Once
deployed, their lifetime is severely limited by this very complexity. Complex semiconductor devices tend to fail, and
firmware that needs to communicate with the outside world tends to not age well. % FIXME citation
firmware that needs to communicate with the outside world tends to not age well\cite{borkar01}.
This combination of higher unit cost and lower expected lifetime leads to grossly increased costs per household. This
cost is usually shared between utility and customer. % FIXME citation
cost is usually shared between utility and customer.
As part of its smart metering rollout the German government in 2013 had a study conducted on the economies of smart
meter installations. This study came to the conclusion that for the majority of households computerizing an existing
@ -463,19 +466,18 @@ the MCU's time base as a reference.
Whereas legacy electromechanical energy meters only provided a display of aggregate energy use through a decimal counter
as well as an indirect indication of power through a rotating wheel one of the selling points of smart meters is their
ability to calculate advanced statistics on energy use. These statistics are supposed to help customers better target
energy conservation measures though evidence of this happening is scarce. % FIXME strong citation here plz!
energy conservation measures\cite{bmwi03}.
In addition to the pure measurement and data aggregation functions in many deployments % FIXME citation. EU white paper?
smart meters perform two additional functions. One is to serve as a gateway between the utility company's control
systems and large controllable loads in the consumer's household for Demand-Side Management (DSM). % FIXME citation
In DSM the utility company can control when exactly a high-power device such as a water storage heater is turned on. To
the customer the precise timing does not matter since the storage heater is set so that it has enough hot water in its
reservoir at all times. The utility company however can use this degree of control to reduce load variations during
temporary imbalances such as peaks. The efficiency gains realized with this system translate into lower electricity
prices for DSM-enabled loads for the customer. Traditionally DSM was realized on a local level using ripple control
systems. In ripple control control data is coded by modulating a carrier at a low frequency such as \SI{400}{\hertz} on
top of the regular mains voltage. These systems require high-power transmitters at tens of kilowatts and still can only
bridge regional distances\cite{dzung01}.
In addition to the pure measurement and data aggregation functions smart meters can perform additional functions. One is
to serve as a gateway between the utility company's control systems and large controllable loads in the consumer's
household for Demand-Side Management (DSM)\cite{borlase01}. In DSM the utility company can control when exactly a
high-power device such as a water storage heater is turned on. To the customer the precise timing does not matter since
the storage heater is set so that it has enough hot water in its reservoir at all times. The utility company however can
use this degree of control to reduce load variations during temporary imbalances such as peaks. The efficiency gains
realized with this system translate into lower electricity prices for DSM-enabled loads for the customer. Traditionally
DSM was realized on a local level using ripple control systems. In ripple control control data is coded by modulating a
carrier at a low frequency such as \SI{400}{\hertz} on top of the regular mains voltage. These systems require
high-power transmitters at tens of kilowatts and still can only bridge regional distances\cite{dzung01}.
Another important additional function is that in some countries some smart meters can be used to remotely disconnect
consumer households with outstanding bills. Using euphemisms such as \emph{utility revenue protection}\cite{kamstrup01}
@ -500,11 +502,13 @@ Compared to high-risk devices such as card payment processing terminals or ATMs
is only basic\cite{anderson02}. Common measures include sealing the case by irreversibly ultrasonically welding front
and back plastic shells together or the use of security seals on the lid covering the input/output screw terminals.
Low-tech attacks using magnets to saturate the current transformer's ferrite cores are detected using hall
sensors\cite{anderson02,anderson03,itron01,hager01,easymeter01}.
German smart metering standards are unique in that they specify the use of a smartcard-like security module to provide
transport encryption and other cryptographic services\cite{bsi-tr-03109-2,bsi-tr-03109-2-a}.
% FIXME compare to other places where things are not as nice
sensors\cite{anderson02,anderson03,itron01,hager01,easymeter01}. German smart metering standards specify the use of a
smartcard-like security module to provide transport encryption and other cryptographic
services\cite{bsi-tr-03109-2,bsi-tr-03109-2-a}. During our literature review we did not find many references to similar
requirements in other national standards, though this does not mean that individual manufacturers do not use smartcards
for engineering reasons or due to pressure from utilities. The limited documentation on meter internals that we did find
such as \cite{ifixit01} suggests where no such regulation exists manufacturers and utilities likely choose to forego
such advanced measures and instead settle on simple software implementations.
\subsection{Physical structure and installation}
@ -675,8 +679,8 @@ a choice.
Academic reception of smart metering is dyed with an almost unanimous enthusiasm. In particular smart meter
communication infrastructure has received a large amount of research
attention\cite{dzung01,gungor01,kabalci01,lloret01,mahmood01,yan01,anderson01}. Outside of human-computer interaction
claims that smart meters will reduce customer energy consumption have often been uncritically accepted.
attention\cite{dzung01,gungor01,kabalci01,lloret01,mahmood01,yan01,anderson01,anderson02}. Outside of human-computer
interaction claims that smart meters will reduce customer energy consumption have often been uncritically accepted.
\subsubsection{Standardization and reality of smart devices}
@ -688,9 +692,9 @@ refrigerators and air conditioners are forecasted to intelligently adapt their h
the grid's supply. A frequent scenario is that in which the meter bills the customer using near-real time pricing, and
supplies large loads in the customer's household with this pricing information. These loads then intelligently schedule
their operation to minimize cost\cite{sato01}. At the time in the mid-2000nds when smart metering proposals were first
advanced this vision might have been an effect of the \emph{law of the instrument}\cite{kaplan01}. Back then outside of
specialty applications household devices were not usually networked\cite{merz01}. Smart meters at the time may have
seemed the obvious choice for a smart home communications hub.
advanced this vision might have been an effect of the \emph{law of the instrument}\cite{kaplan01,anderson02}. Back then
outside of specialty applications household devices were not usually networked\cite{merz01}. Smart meters at the time
may have seemed the obvious choice for a smart home communications hub.
From today's perspective, this idea is obviously outdated. Smart \emph{things} now have found their way into many homes.
Only these things are directly interconnected through the internet--foregoing the home-area network (HAN) technologies
@ -720,7 +724,7 @@ real-time energy consumption and cost statistics would simply be an android tabl
utility's billing backend. Demand-side response by large loads would be as simple as an HTTP request with a token
identifying the customer's contract that returns the electricity price the meter is currently charging along with a
recommendation to switch on or off. It seems the smart home has already arrived while smart metering standardization is
still getting off the starting blocks.
still getting off the starting blocks\cite{anderson02}.
% TODO is this too critical? Is maybe the modern smart home compatible with smart meters? Is maybe the local-only path
% of data, avoiding utility clouds a design feature? (may be true in DE, NL, probably not anywhere else)
@ -959,12 +963,11 @@ exceedingly unlikely at this point.
A general observation with smart grid systems of any kind is that they comprise a departure from the decentralized
control structure of yesterday's dumb grid and the advent of centralization at an enormous scale. This modern,
centralized infrastructure has been carefully designed to defend against malicious actors%FIXME cite
and all involved parties have an interest in keeping it secure. Still, like in any other system this centralization also
makes for a very attractive target to attackers. An attacker can employ this centralized control to their advantage.
Decentralized systems tend to make attacks more costly while centralized systems aid their efficiency. From this
perspective the centralization of smart metering control sytems--sometimes at a national level\cite{anderson01}--poses a
security risk.
centralized infrastructure has been carefully designed to defend against malicious actors and all involved parties have
an interest in keeping it secure. In decentralized systems scaling attacks is inherently harder than in centralized
systems\cite{anderson02}. Centralization makes for an attractive attack target. An attacker can employ this centralized
control to their advantage. From this perspective the centralization of smart metering control sytems--sometimes at a
national level\cite{anderson01,anderson02}--poses a security risk.
\chapter{Restoring endpoint safety in an age of smart devices}
@ -1689,6 +1692,7 @@ transmitter key management is shown in Figure \ref{fig:tx_scope_key_illu}. This
our prototype in Section \ref{sec-prototype} and may even be useful in a practical implementation. During
standardization of a safety reset system the key management system would most likely have to be customized to the
particular application's requirements. Developing an universal solution is outside the scope of this work.
% FIXME revisit this section - 2020-05-26
\begin{figure}
\centering
\begin{minipage}[c]{0.5\textwidth}
@ -2039,7 +2043,6 @@ implementation in python. Implementing all components in a high-level language b
while taking away much of the implementation complexity. For our demonstrator we will not be able to use python since
our target platform is a cheap low-end microcontroller. Our demonstrator firmware will have to be written in a low-level
language such as C or rust. For prototyping these languages lack flexibility compared to python.
% FIXME introduce project outline, specs -> proto -> demo above!
To validate our modulation scheme we first performed a series of simulations on our python demodulator prototype
implementation. To simulate a modulated grid frequency signal we added noise to a synthetic modulation signal. For most