jaseg/master-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

MA: Add standardization themes blurb

Browse source
This commit is contained in:
jaseg 2020-05-19 19:32:33 +02:00
parent a92caf0e99
commit a4813caa8d
2 changed files with 143 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

39
ma/safety_reset.bib
View file

@ -1325,4 +1325,43 @@
urldate = {2020-05-18},
}
@Misc{abdallah01,
author = {Asmaa Abdallah},
editor = {Xuemin Shen},
title = {Security and Privacy in Smart Grid},
url = {http://dx.doi.org/10.1007/978-3-319-93677-2},
address = {Cham},
isbn = {9783319936772},
pagetotal = {1 Online-Ressource (XIV, 126 p. 30 illus., 23 illus. in color)},
ppn_gvk = {1028034970},
publisher = {Springer International Publishing},
series = {SpringerBriefs in Electrical and Computer Engineering},
year = {2018},
}
@InBook{kaplan01,
author = {Abraham Kaplan},
booktitle = {The Conduct of Inquiry: Methodology for Behavioral Science},
date = {1964},
title = {The Law of the Instrument},
isbn = {9781412836296},
location = {San Francisco},
pages = {28},
publisher = {Chandler Publishing Co.},
url = {https://books.google.com/books?id=OYe6fsXSP3IC&pg=PA28},
}
@Book{merz01,
author = {Hermann Merz and Thomas Hansemann and Christof Hübner},
title = {Building automation},
isbn = {9783540888284},
pagetotal = {X, 282},
publisher = {Springer},
series = {Springer series on signals and communication technology},
subtitle = {Communication systems with EIB/KNX, LON, and BACnet},
address = {Berlin [u.a.]},
ppn_gvk = {584030762},
year = {2009},
}
@Comment{jabref-meta: databaseType:biblatex;}

134
ma/safety_reset.tex
View file

@ -463,13 +463,23 @@ transport encryption and other cryptographic services\cite{bsi-tr-03109-2,bsi-tr
% FIXME
\section{Regulatory frameworks around the world}
% FIXME
Smart metering regulation varies from country to country as it is tightly coupled to the overall regulation of the
electrical grid. The standardization of the physical form factor and metrological parameters of a meter is usually
separate from the standardization of its \emph{smart} functionality. Most countries base the standard for their meters'
outwards-facing communication interface on a family of standards unified under the IEC as DLMS/COSEM. Employing this
base protocol ountry-specific standardization only covers which precise variant of it is spoken and what features are
supported.
\subsection{International standards}
% FIXME
\subsection{The regulatory situation in selected countries}
% FIXME
In this section we will give an overview of the situation in a number of countries. This list of countries is not
representative and notably does not include any developing countries and is geographically biased. We selected these
countries for illustration only and based our selection in a large part on the availability of information in a language
we read. We will conclude this section with a summarization of common themes.
\subsubsection{Germany}
@ -559,13 +569,75 @@ meters are round devices that plug into a wall-mounted socket while IEC devices
directly to the mains wiring through large screw terminals\cite{ifixit01}.
\subsection{Common themes}
% FIXME
Researching the current situation around the world for the above sections we were able to distill some common themes.
First, smart metering is slowly advancing on a global scale and despite significant reservations from privacy-conscious
people and consumer advocates it seems it is here to stay. There are some notable exceptions of countries that have
decided to scale-back an ongoing rollout effort after subsequent analysis showed economical or other
issues\footnote{cf.\ the Netherlands and Germany}.
% FIXME overall thing: here or somewhere else mention the ongoing confusion of smart metering and smart home, e.g.
% sato01
\subsubsection{The introduction of smart metering}
\section{Security in smart grids}
The smart meter rollout is largely driven by utility companies. Utility companies field a variety of arguments for the
rollout. The most prominent argument is a general increase in energy-efficiency along with a reduction of emissions.
This argument is based on the estimation that smart metering will increase private customers' awareness of their own
consumption and this will lead them to reduce their consumption. The second highly popular argument for smart metering
is that it is necessary for the widespread adoption of renewable energies. This argument again builds on the trend
towards \emph{green} energy to rationalize smart metering. Often it is formulated as an \emph{inevitability} instead of
a choice.
Academic reception of smart metering is dyed with an almost unanimous enthusiasm. In particular smart meter
communication infrastructure has received a large amount of research
attention\cite{dzung01,gungor01,kabalci01,lloret01,mahmood01,yan01,anderson01}. Outside of human-computer interaction
claims that smart meters will reduce customer energy consumption have often been uncritically accepted.
\subsubsection{Standardization and reality of smart devices}
Regulators, utilities and academics meet in their enthusiasm on the issue of smart home integration of smart metering. A
feature of many setups is that the meter acts as the centerpiece of a modern, fully integrated smart
home\cite{aubel01,geelen01,bsi-tr-03109-1,abdallah01}. The smart meter serves as a communication hub between a new class
of grid-aware loads and the utility company's control center. Large (usually thermal) loads such as dishwashers,
refrigerators and air conditioners are forecasted to intelligently adapt their heating/cooling cycles to better match
the grid's supply. A frequent scenario is that in which the meter bills the customer using near-real time pricing, and
supplies large loads in the customer's household with this pricing information. These loads then intelligently schedule
their operation to minimize cost\cite{sato01}. At the time in the mid-2000nds when smart metering proposals were first
advanced this vision might have been an effect of the \emph{law of the instrument}\cite{kaplan01}. Back then outside of
specialty applications household devices were not usually networked\cite{merz01}. Smart meters at the time may have
seemed the obvious choice for a smart home communications hub.
From today's perspective, this idea is obviously outdated. Smart \emph{things} now have found their way into many homes.
Only these things are directly interconnected through the internet--foregoing the home-area network (HAN) technologies
anticipated by the smart metering pioneers. The simple reason for this is that nowadays anyone has Wifi, and Wifi
transceivers have become inexpensive enough to disappear in the bill of materials (BOM) cost of a large home device such
as a washing machine. Smart meters are usually situated in the basement--physically far away from most of one's devices.
This makes connecting them to said devices awkward and connecting them via the local Wifi lends the question why the
smart devices should not simply use the internet in the first place.
Connecting things to a smart meter through a local bus is academically appealing. It promises cost-savings from a
simpler physical layer (such as ZigBee instead of Wifi) and it neatly separates concerns into \emph{home infrastructure}
and the regular internet. Communication between smart meter and devices never leaves the house. This gives potential
additional tolerance to utility backend systems breaking. It also physically keeps communication inside the house,
bypassing the utility's eyes improving both customer privacy and agency. The presently popular model of a device as
simple as a light switch proxying its every action through a manufacturer's servers somewhere on the public internet is
in stark contrast to this scenario. Alas, the reason that this model is as popular is that in most cases it simply
works. Device manufacturers simply integrate one of many off-the-shelf Wifi modules. The resulting device will work
anywhere on earth\footnote{For some places channel assignments may have to be updated. This is a configuration-level
change and in some devices is done by the end-user during provisioning.}. A HAN-connected device would have several
variants with different modems for different standards. Some might work across countries, but some might not. And in
some countriese there might not even be a standard for smart grid HANs.
Looking at the situation like this begs the question why this realization has not yet found its way into mainstream
acceptance by smart metering implementors. The customer-facing functionality promised through smart meters would be
simple to implement as part of a now-standard \emph{internet of things} application. An in-home display that shows
real-time energy consumption and cost statistics would simply be an android tablet fetching summarized data from the
utility's billing backend. Demand-side response by large loads would be as simple as an HTTP request with a token
identifying the customer's contract that returns the electricity price the meter is currently charging along with a
recommendation to switch on or off. It seems the smart home has already arrived while smart metering standardization is
still getting off the starting blocks.
% TODO is this too critical? Is maybe the modern smart home compatible with smart meters? Is maybe the local-only path
% of data, avoiding utility clouds a design feature? (may be true in DE, NL, probably not anywhere else)
\section{Security in smart distribution grids}
The smart grid in practice is nothing more or less than an aggregation of embedded control and measurement devices that
are part of a large control system. This implies that all the same security concerns that apply to embedded systems in
@ -577,37 +649,39 @@ systems, and as such inherently hard to update. Also, the smart grid and its con
implement\cite{blaze01} and adding a host of distributed systems problems on top\cite{lamport01}.
Given that the electrical grid is a major piece of essential infrastructure in modern civilization, these problems
amount to significant issues in practice. Attacks on the electrical grid may have grave consequences\cite{lee01} all the
while the long maintenance cycles of various components make the system slow to adapt. Thus, components for the smart
grid need to be built to a much higher standard of security than most consumer devices to ensure they live up to
well-funded attackers even decades down the road. This requirement intensifies the challenges of embedded security and
distributed systems security among others that are inherent in any modern complex technological system.
amount to significant issues in practice. Attacks on the electrical grid may have grave
consequences\cite{anderson01,lee01} all the while the long maintenance cycles of various components make the system slow
to adapt. Thus, components for the smart grid need to be built to a much higher standard of security than most consumer
devices to ensure they live up to well-funded attackers even decades down the road. This requirement intensifies the
challenges of embedded security and distributed systems security among others that are inherent in any modern complex
technological system. The safety-critical nature of modern smart metering ecosystems in particular was quickly
recognized by security experts\cite{anderson01}.
A point we will not consider in much depth is theft of electricity. A large part of the motivation of the introduction
of smart meters seems to be % TODO weak statement
to reduce the level of fraud by consumers. Academic papers tend to either focus on other benefits such as generation
efficiency gains through better forecasting or try to rationalize the funamentally anti-consumer nature of smart
metering with strenuous claims of ``enormous social benefits''\cite{mcdaniel01}. We will entirely focus on grid
stability and discard electricity theft in the context of this paper for two reasons: One, billing inaccuracies of
electricity companies are of very low urgency compared to grid stability, and the one is a precondition for the other.
Two, utility companies can already put strong bounds on the amount of theft by simply cross-refrencing meter readings
against trusted readings from upstream sections of the grid. This capability works even without smart meters and only
gains speed from smart meters, just as the old exploit of bypassing the meter with a section of wire can't be prevented
like this.
A point we will not consider in much depth is theft of electricity. An incentive for the introduction of smart metering
that is frequently cited in utility industry publications outside of a general public's view is the reduction of
electricity theft. Academic papers tend to either focus on other benefits such as generation efficiency gains through
better forecasting or try to rationalize the funamentally anti-consumer nature of smart metering with strenuous claims
of ``enormous social benefits''\cite{mcdaniel01}. Academics rarely point out the large economical incentive such
\emph{revenue protection} mechanisms provide\cite{anderson01}.
Due to these bounds on its volume, electricity theft using smart meter hacking would not scale. Hackers would simply be
rooted up one by one with no damage to consumers and very limmited damage to utility companies. Damage in these
scenarios would be a far cry from the efficiency of an exponentially growing botnet.
This thesis will entirely focus on grid stability and discard electricity theft. For the attack scenarios we lay out
billing inaccuracies of utility companies are of very low urgency compared to grid stability. In fact stability is a
precondition for billing to happen. Additionally utility companies can already limit the volume of theft by
cross-refrencing meter readings against trusted readings from upstream sections of the grid. This capability works even
without smart meters and only gains speed from smart meters. A smart meter cannot prevent the customer from bypassing it
with a section of wire. Due to the limit on its volume, electricity theft using smart meter hacking would not scale.
Hackers would quickly be triangulated with no damage to consumers and limited damage to utility companies.
\subsection{Smart grid components as embedded devices}
A fundamental challenge in smart grid implementations is the central role smart electricity meters play. Smart meters
are used both for highly-granular load measurement and (in some countries) load switching\cite{zheng01}.
Smart electricity meters are effectively consumer devices. They are built down to a certain price point that is
measured by the burden it puts on consumers and that is generally fixed by regulatory authorities. % FIXME cite
This requirement precludes some hardware features such as the use of a standard hardened software environment on a
high-powerded embedded system (such as a hypervirtualized embedded linux setup) that would both increase resilience
against attacks and simplify updates. Combined with the small market sizes in smart grid deployments
Smart electricity meters are effectively consumer devices. They are built down to a certain price point that is measured
by the burden it puts on consumers. The cost of a smart meter is ultimately limited by it being a major factor in the
economies of a smart meter rollout\cite{bmwi03}. Cost requirements preclude some hardware features such as the use of a
standard hardened software environment on a high-powerded embedded system (such as a hypervirtualized embedded linux
setup) that would both increase resilience against attacks and simplify updates. Combined with the small market sizes in
smart grid deployments
\footnote{
Most vendors of smart electricity meters only serve a handful of markets. For the most part, smart meter development
cost lies in the meter's software % TODO cite?