Recently, the interest in green energy is increasing as a means to resolve problems including the exhaustion of the energy source and, effective management of energy through the convergence of various fields. Therefore, the projects of smart grid which is called intelligent electrical grid for the accomplishment of low carbon green growth are being carried out in a rush. However, as the IT is centered upon the electrical grid, the shortage of IT also appears in smart grid and the complexity of convergence is aggravating the problem. Also, various personal information and payment information within the smart grid are gradually becoming big data and target for external invasion and attack; thus, there is increase in concerns for this matter. The purpose of this study is to analyze the security vulnerabilities and security requirement within smart grid and the authentication and access control method for privacy protection within home network. Therefore, we propose a secure access authentication and remote control method for user’s home device within home network environment, and we present their security analysis. The proposed access authentication method blocks the unauthorized external access and enables secure remote access to home network and its devices with a secure message authentication protocol.
The smart grid with which studies are being actively conducted based on recent convergence technology is also called intelligent electrical grid and great attention is paid to it as the technology for the accomplishment of low carbon green growth. Smart grid is a power infrastructure system of the next generation linked to smart demand management and new renewable energy by applying IT to the existing electrical grid and exchanging real-time information both ways between supplier and consumer. Combining IT technologies to the existing electrical grid systems can enable power supplier and consumer to obtain useful information from each other on real-times basis, and this can maximize the energy efficiency of the whole electrical grid systems. Particularly, two-way information exchange infrastructure between power suppliers and consumers called AMI (advanced metering infrastructure) can be considered as the core of smart grid [
As of now, the government is planning to supply AMI to over 50% of total consumers nationwide until 2016. The supply of AMI has already been completed for the high voltage consumer of KEPCO (Korea Electric Power Corporation). For the diversity in rate plan, more selection for consumer, and the creation of new service to result from the application of AMI, the replacement from mechanic watt-hour meter to smart meter is essential. With the replacement, the base for optimization in energy use can be arranged through real-time confirmation on one’s own electricity use and rate and the control by automated remote device [
When the interworking between the AMI system currently under study with power supplier as its sponsor and the home network is completed, there are advantages that additional installation cost can be reduced. Also telecommunication infrastructure of broadband internet which is already supplied to millions of households can be used in smart grid environment. Home network refers to the connection of information appliances within home via network and control of information appliance regardless of the location of user with connection via external internet network.
However, home network possesses security vulnerability that the legacy mediums and protocols possess since various wired and wireless mediums and protocols coexist within it. Also, there is a problem that previously used network based cyber-attack technology via internet can be applied to the home network.
Therefore, in secure smart grid environment, there is a necessity for reliable security framework and technologies for the combination of various devices with new concept and wired and wireless telecommunication terminal. Particularly, in smart grid environment, the detailed personal information would be collected, stored, processed, and sometimes illegally disclosed, so the needs of privacy protection framework consisting of securing devices, detecting unauthorized invasion of privacy, adopting efficient home device access control mechanism, and others are greatly increasing [
AMI of smart grid should protect various services against external attackers through various security solutions including secure access control mechanism same as other contemporary communication networks. Particularly, study on privacy information protection during the accesses to, from, and in home network is an important research aspect for building secure smart grid environment [
Therefore, the purpose of this study is to propose authentication method for privacy information protection of home device in smart grid environment.
Initial version of this study was presented and discussed in MUSIC 2012 and this study is expanded and is more concrete version. The composition of this study is as follows. The telecommunication network of smart grid, security vulnerability, and security requirement will be examined in Section
Smart grid includes various infrastructures including the various monitoring and control facilities installed to not only electricity generation, electricity transmission, and electricity supply facilities but also smart devices such as smart meter, software, and hardware.
Main technology of smart grid includes IT technology, smart device including smart meter, distributed system technology for energy management, reliability of energy quality based technology, energy production, storage, and transmission technology, entire system monitoring technology, and core system that is security technology that guarantees the stability of system.
Also, there is main telecommunication infrastructure called AMI with two-way telecommunication as its base for more reliable smart grid. Telecommunication infrastructure of AMI can be composed by suing wired telecommunication technology such as Ethernet and PLC (power line communication) and wireless telecommunication technology such as ZigBee, Wi-Fi, and 3GPP.
It is composed as hierarchical structure in which several smart meters in AMI telecommunication environment access a DCU (data aggregate unit) that plays the role of gateway and several DCU also access AMI server of the power supplier through WAN.
Since AMI is a point of contact for internal and external telecommunication networks of power consumer, it can be the target of firmware, worm, virus, and malicious code circulation, meter bot, DDoS (distributed denial of service) attack, and others [
AMI telecommunication network for interworking between power system and control systems that composes smart grid is as Figure
Communication structure of smart grid.
Smart grid environment is vulnerable to cyber-attack different from the existing electrical grid. First of all, as smart grid environment requires two-way data transmission, adequate power supply and system operation are automatically performed through collection of various data. Therefore, in case wrong information or forged and falsified data is provided in some node, the reliability of smart grid cannot be secured and it could lead to cyber threat. Also, smart devices such as smart meter, home gateway, sensors, and others that can become a point of contact for information exchange at the terminal of consumer can be utilized as the route of cyber-attack. Moreover, information appliances of home network are relatively low in computing capacity; thus it is difficult to install powerful security function and there is high possibility that it could be used or targeted for cyber-attack [
Although various home networking technologies can be used, home network does not possess correspondence technology to resolve the security vulnerability of medium on its own. Also, in case of middleware, there is lack of security infrastructure that can satisfy all security functions required by each middleware and flexibly provide security function in integrated middleware environment in which all middlewares are combined together. Therefore, it has security vulnerability toward cyber-attack such as hacking, malicious code, worm, virus, DDoS attack, and wiretapping of telecommunication network. In order to correspond to such cyber-attack, the security of home gateway is necessary by priority as it is the door that connects the public network outside the house and home network within the house and the security for wired and wireless network technology which is access route of home network environment is also necessary [
When looking into AMI based security threat elements in smart grid environment, it can be divided into the access to each device and user based information security in user environment. The elements of security threat in AMI are described in Figure
Security threats in AMI network.
The security requirements of smart grid basically include the goals of general network security, confidentiality, integrity, and availability. Moreover, in order to mitigate to security threats that can be expected in smart grid environment, several security requirements should be considered additionally.
The security policy on various privacy or sensitive information created from AMI and HAN (home-area network) should be conducted by applying such security requirement for smart grid. The privacy information created in smart grid is as Table
Personal information of smart grid.
Type | Description |
---|---|
Name | A proper name registered to the account |
|
|
Address | A location information of service area |
|
|
Account number | Unique identification number related to account |
|
|
Meter IP | Internet protocol address used by meter |
|
|
HAN | Electronic devices currently in use from house connected to network |
|
|
Current rate | Rate information imposed to the account |
|
|
Billing history | All data and rate information of metering devices |
|
|
Service provider | Information of supplier that supplies user account |
|
|
Distributed resource | Existence of power generation or storage device, operation status, and usage pattern |
In this study, authentication method and access control method for privacy protection are proposed so that remote user can securely access HAN and perform the work in home network based smart grid environment.
The privacy subgroup within CSWG (cyber security working group) of NIST divides the privacy largely into 4 categories that are privacy of personal information, privacy of person, privacy of personal behavioral, and privacy of personal communications [
AMI within smart grid plays an important role in connecting smart device and electrical grid and it receives and transmits the important information such as electricity consumption and user consumption pattern information generated within home network. Figure
Structure of the proposed authentication system.
Home server which is added of service module for electricity management to the existing home gateway provides multimedia service, data and network device sharing service, and home appliances control services within household. Data of home server is applied to DB access control module; thus access is controlled according to the access level of user. This provides not only system and service access control for each user but also access control differentiated based on service access environment of user. Figure
User can monitor and control the standby power of devices in home network by using remote control function through home network based AMI while one is out of home. The proposed user authentication method enables authorized remote user to securely control the device.
In the proposed user authentication method, it is assumed that the device always exists in the range where telecommunication with authentication server is available, the device, home server, and authentication server are secure from physical attack such as side channel attack, and home server and authentication server exchange messages through secure channel. The notation of key used in communication is as shown in Notation section.
The authentication server creates the ID of device and shared secret key (
Remote user A transmits his ID, ID of device to access, and time stamp to the authentication server and demands the creation of token necessary to receive approval for device access. Remote user A who received token transmits it to device for the mutual authentication with device and creation of session key. Detailed process is as follows. Remote user A sends his The authentication server checks ID and password of remote user A and creates secret key The authentication server creates a session key ( The information in token includes Lifetime which informs of the expiration date of token, time stamp In order to securely transmit token to remote user, the authentication server sends encrypted token, session key, and random value Remote user creates secret key ( Remote user creates time stamp Remote user A transmits Home server identifies the device to access through ID of message received from the remote user and transmits the message to the device. Device B which received the message decrypts the token through secret key ( Device B verifies MAC through acquired session key and approves the remote user. Device B calculates the random value ( Device B sends Home server transmits the message Remote user A authenticates the device by decrypting the received message with the use of session key (
The secret key
Remote user demands token necessary to receive access approval of home device to the authentication server. The authentication server checks the information of remote user and transmits token to remote user. The remote user who received the token transmits it to the home device for the mutual authentication with device and creation of session key. Mutual authentication between remote user and home device and process of session key creation are as Figure
Access control module flow chart mutual authentication between user and home device and session key creation process.
When the user authentication process is accomplished, access to each device is accomplished through home server as Figure
Access control module flow chart.
The security from not only data misuse and abuse, immoral use, malicious internal user, technical problem related to sharing, data loss or spill, and account or service hijacking but also unknown threat profile is required for various privacy information created in smart grid environment.
For the privacy protection of user in smart grid, managerial and technical countermeasure such as internal management plan for privacy information, forging/falsification prevention of access control and authorized access record, and encryption process for personal information of user and electricity consumption information needs to be set.
In HAN telecommunication field, there is security vulnerability for information spill by the wiretapping of telecommunication data between AMI and home appliances. Technical countermeasure such as the encryption of HAN telecommunication data and entity authentication needs to be set and it is necessary to apply the encryption algorithm and key management mechanism supported in telecommunication protocol. The authentication method proposed in Section
As a plan for privacy information management, users within home network should be granted different service authority according to the role. Therefore, security policy and access control method regarding the grant of service authority based on role of users should be defined.
The most vulnerable aspect of ID/password based authentication protocol used by the existing home network lies in the dictionary attack of the attacker. Therefore, in order to prevent this, attacker should not be able to acquire any information on password with passive attack such as wiretapping, while proper user authentication protocol is being executed. The proposed method creates one time key by using password and time stamp of previously registered user and random number for the authentication of remote user. Therefore, the access cannot be gained even with the acquisition of password registered by the user.
Also, in case of impersonation attack, authorized MAC value has been used in authentication process; thus, the session value for each registered device is required. In this aspect, access of unauthorized user is restricted.
For checking the overall security of the proposed scheme, the various security analyses against major attacks including replay attack, impersonation attack, entity mutual authentication, access control, and man-in-the-middle attack have been described as follows.
With the analyses on security evaluation as above, the access of unauthorized external user to the home device was blocked and it enabled the secure remote access of authorized user in home network based smart grid environment. Also, it enabled various services such as remote confirmation on the amount of electricity use in home network and control of home devices. In aspect of power supplier, it can provide the information check on electricity consumption of user, monitoring on irregular use, and illegal invasion detection service and this would maximize the energy use efficiency of the consumer who uses the home network.
Smart grid security confronts more difficulties compared to basic network security. This is due to the fact that it requires the power security, IT security, and telecommunication system security. Also, it requires reliability, defense on cyber-physical attack, and privacy protection, in addition to confidentiality, integrity, and availability security. Smart grid is intelligent electrical grid of the next generation that optimizes the energy efficiency by applying IT technology to the existing electrical grid so that supplier and consumer can exchange real-time information both ways. However, in such smart grid environment, there is a high possibility of various security threats including data disclosure and data piracy that exist in the two-way communication using smart devices such as smart meter and AMI.
Particularly, it is necessary to conduct studies on service access authentication process of user in regard to various attacks on privacy within smart grid. Living information, personal information, and payment information are gradually becoming the big data and there is increase in concern for the security of data. Secure authentication method for the protection of user’s privacy in home network based environment within smart grid was proposed in this study. The proposed authentication method protects security against replay attack, impersonation attack, entity mutual authentication, and others by performing the authentication process for user who accesses personal information created and transmitted from home network and AMI.
The access control authentication method in this study blocks unauthorized access from the outside and enables secure remote control of access to personal information in home network by creating one-time key using random value and password and performing message authentication using this key.
In the authentication process, it was implemented so that time stamp value and one-time key cannot be reused regardless of key value spill once the session has been created with them.
Such service in smart grid environment provides not only consulting information of energy consumption reduction such as electricity use history management and usage pattern analysis of users but also additional function in which user can directly participate to reduce the amount of energy use.
More light security system compared to the proposed security module should be implemented and studies on more diverse forms of use should be conducted in the future.
ID of user
Encryption key of user
Time stamp
Random value created from authentication server
Session key of user
Encryption of message
Message authentication code of message
The authors declare that there is no conflict of interests regarding the publication of this paper.
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2011-0014394).