This paper discusses aims, architecture, and security issues of Smart Grid, taking care of the lesson learned at University of Pisa in research projects on smart energy and grid. A key element of Smart Grid is the energy home area network (HAN), for which an implementation is proposed, dealing with its security aspects and showing some solutions for realizing a wireless network based on ZigBee. Possible hardware-software architectures and implementations using COTS (Commercial Off The Shelf) components are presented for key building blocks of the energy HAN such as smart power meters and plugs and a home smart information box providing energy management policy and supporting user's energy awareness.
Smart Grid is the evolution of the current power grid, into a new smarter network [
This paper discusses aims, network architecture, and security/privacy problems of a Smart Grid in Section
From an ICT point of view a Smart Grid is a “network of networks” including wide area network (WAN), local area network (LAN), and home area network (HAN), going from the energy generation side to the customer’s premises side. Particularly, a proper design of the HAN must ensure both customers’ privacy and energy efficiency of the system. Sections
The typical structure of the existing power grid is shown in Figure
Structure of existing power grid.
In term of efficiency, along the existing grid there is waste of energy in various forms: only one-third of fuel energy is converted into electricity (and waste heat is not recovered), 8% of the produced energy is lost along transmission lines, and 20% of the generation capacity exists only to support a potential peak demand [
Moreover, present electricity grids are mainly unidirectional: generators produce energy and distribute it to the lower level, with very few information about grid status and end users energy consumption. Typically, the electric power source has no real-time information about service parameters of termination points and cannot control energy production according to the real request of the grid. The new challenges for present grids can be summarized in five main points. Introduction of new forms of power generation, in particular those using renewable energy sources such as wind, sun, and biomass. These type of generators have intermittent and small outputs and need therefore a different management from traditional generators. Need of uninterrupted electricity supply. Need to decrease peak demands during the day and to reduce energy waste to ensure adequate energy reserves. Diffusion of new digitally controlled devices able to change the behavior of the electrical load (e.g., switching itself on or off), smart power meters, and energy control units implementing energy management strategy and improving energy awareness of users. Security threats, that involve not only the electricity supply but also cyber attacks [
The evolution towards the Smart Grid begins with innovations in the existing grid by incorporating new ICT technologies in many point of the infrastructure. Table
Smart Grid innovations versus existing power grid.
Existing grid | Smart Grid |
---|---|
Electromechanical | Digital |
One-way communication | Two-way communication |
Centralized generation | Distributed generation |
Hierarchical | Network of networks |
Few sensors | Sensors throughout |
Blind | Self-monitoring |
Manual repairing | Self-healing |
Failures and blackouts | Adaptive and islanding |
Manual check/test | Remote check/test |
Limited control | Pervasive control |
Few customer choices | Many customer choices |
The change of the unidirectional approach of the classic power grid with the bidirectional one introduced by the Smart Grid concept can favour the diffusion of distributed generators or cogenerators, along the existing grid. Indeed, Smart Grid can provide an easier integration of alternative sources of energy (i.e., sun, wind, etc.) characterized by time-varying energy production level with storage systems, in order to fill the gap between when/where the energy is produced and when/where the energy is required. Smart Grid can aid utility companies to make a more efficient use of the existing infrastructures, introducing step by step some key features as demand response, peak shaving, and service quality control [
The evolution of the grid requires the coexistence between Smart Grid and existing grid [
An example of a microgrid has been developed at University of Pisa in the framework of the NanoCatGeo project [
NanoCatGeo microgrid developed at University of Pisa.
Smart Grid can be viewed as a network of networks, see Figure
Smart Grid network hierarchy.
Since the existing grid is moving from a centralized network to a dynamic peer-to-peer network, with a growing complexity, it is also becoming more vulnerable to local and global disruptions. Smart endpoints introduced into the network become portals for intrusion and malicious attacks. Moreover, Smart Grid is growing over systems not designed with security criteria, thus with significant security holes [ the complexity of the grid increases accidental errors and possible points of intrusion; the deployment of new technologies can introduce new issues in the network; the presence of many network links increases potential cascading failures and gives more opportunities to compromise the system; smart nodes can be vulnerable entry points for denial of service (DOS) attacks.
Particularly, the focus of Smart Grid security is on the HAN: indeed WAN and LAN in Smart Grid are known computer networks whose security issues are widely discussed in literature. The HAN network is deployed into the customer domain, and its security is a critical point strictly related with customer’s privacy.
A typical HAN is composed of four elements. A gateway that connects the HAN network to the outside information services, in the LAN or WAN network. The access points or network nodes composing the HAN network. A network operating system and a network management software. Smart endpoints, such as smart meters, displays, refrigerators, appliances, and thermostats.
So far, many technologies have been considered in order to implement the HAN by different groups and organizations. The most significant standards are ZigBee [
HAN standards and security algorithm, main characteristics.
ZigBee |
|
Insteon | Wavenis | |
---|---|---|---|---|
RF band, |
868/915/2400 | 868/908/2400 | 904 | 433/868/915/2400 |
Range, |
10–100 | 30–100 | 45 | 200–1000 |
Bit rate, |
20/40/250 | 9.6/40/200 | 38.4 | 4.8/19.2/100 |
Message size, bytes | 127 | 64 | 14–28 | NA |
Security |
128 b AES | 128 b AES | NA | 3DES/128 b AES |
From the customer point of view, a fundamental requirement is the protection of the information exchanged between the utility company and the smart power meters installed at the customers’ premises. Far from old electromechanical measuring systems, the new generation of power meters is fully electronic [
Power line communication is based on the following idea. AC power is transmitted over high-voltage transmission wires at 50–60 Hz, so it is possible to impress a higher frequency signal carrying digital information in both directions (from customers’ premises towards the utility company and vice versa). The carrier used for data transmission in power line communication has generally a frequency of about 100–200 kHz, for data rates of few Kbps, so that data signals can be easily separated from power ones. More details on power line communication in Smart Grid and the relevant packet formats and standards can be found in [
However, consumption records obtained through the smart meters can reveal a lot of information about customer’s activities, thus it is important to satisfy some requirements in terms of
House electricity demand and information extracted: apparent power (Volt
House electricity demand and information extracted: real power
In information technology, there are a lot of codes and rules in order to achieve the security requirements emphasized. An example is ISO/IEC 27000 series, a set of standards of certified best practices for information security [
These guides can be applied to ensure information security for every kind of systems, including Smart Grid and particularly for the HAN which is the main focus of this paper. A code of technical practice for security in the HAN of a Smart Grid can be summarized in the following twelve points.
This set of practices can be also used as a backbone for the development of future Smart Grid standards.
Several associations and groups in different countries have developed many standards for security in Smart Grid. The IEC 62351 standard, developed by the International Electrotechnical Commission (IEC), is one of them. This standard concerns power system management and associated information exchanged and is divided in eight core standards, reported in Table
IEC 62351 core standards.
Core standard | Topics |
---|---|
IEC 62351-1 | Communication network and system security introduction |
IEC 62351-2 | Glossary of terms |
IEC 62351-3 | Profiles including TCP/IP |
IEC 62351-4 | Profiles including manufacturing message specifications (MMS) |
IEC 62351-5 | Security for IEC 60870-5 and derivatives |
IEC 62351-6 | Security for IEC 61850 |
IEC 62351-7 | Network and system management (NSM) data object models |
IEC 62351-8 | Role-based access control |
NIST interagency report 7628 for cyber security in Smart Grid is another important document [
Besides these standards, in literature there are some solutions and models proposed for implementing security in Smart Grid. One of the most interesting solution is based on public key infrastructure (PKI). This is based on the fact that security and privacy technologies use a key to encrypt and protect data, in order to meet the desired security requirements. The problem, in a large network as a Smart Grid, is the key management system. The PKI proposed is composed of five main elements: PKI standards; Smart Grid PKI tools; device attestation; trust anchor security; certificate attributes.
PKI standards would be used to determine requirements on the PKI operations of energy service provider. PKI, however, is notoriously hard to deploy and to use, due to the fact that PKI standards provide only high-level framework, and leave to companies the detailed implementation. Smart Grid PKI tools give users an easy way to manage the infrastructure and enable the development of future applications, which meet PKI security requirements. An important feature of these tools is to eliminate the need of symmetric key configuration, which is an insecure and expensive process. In a secure system, each component must be a trusted component. Device attestation techniques are used to identify devices and to find out if the device has been tampered. Within a network based on PKI infrastructure, an important aspect is the management of devices’ certificates. These certificates can be organized in trees, and the root is called Trust Anchor (TA). It is important to secure operations on TA: loading and storing, identification, management of local policy database (a set of rules defining how a device should use its certificates, and what type of certificates it should accept), and so forth. It is essential in Smart Grid that any device in the network can determine the authorization status of another device and authenticate it. This can be done using the attributes present into the certificate and contacting a security server. Therefore, it is important to distribute local security servers in various part of the network and not to rely only on a back-end server (single point of failure problem).
The solution proposed is only a high-level description of how security and privacy can be achieved in Smart Grid, and many problems may come out during the implementation of a PKI infrastructure. Some of these problems were discussed previously (i.e., need of distributed authentication servers, implementation of PKI standards, secure management of devices certificates, etc.).
Alternatively, the PAKE (password-authenticated key exchange) research [
As far as privacy of the customers is concerned, a possible solution is based on the anonymization of smart meters data. The idea is to distinguish smart meters data on the basis of their generation frequencies. High-frequency data sent by smart meters to utility data concentrators in order to control power generation and distribution network and to enable a real-time response to power quality. These data do not need to be attributable to a particular customer and are sent, for example, every minute. Low-frequency data sent to utility company, for billing and account management. These data must be attributable to a customer or an account and are sent every day/week/month.
Only high-frequency data are “anonymized,” because of their sending rate. A smart meter, using this technique, has two ID for its message: an HFID for high-frequency data, and a LFID for low-frequency data. The method proposed ensures the anonymity of the HFID, thus of high-frequency messages. The utility company and customers know only their LFID, and the HFID is known only by the manufacturer of the smart meter, that so it is the only one that has the correspondence between LFID and HFID. The HFID for example can be hardware encoded. This solution, however, considers only data sent from smart meters. The limits in terms of security of an approach similar to the proposed one (HFID and LFID correspondence is known by the smart meter manufactures and stored in its archives) are discussed in [
This section presents a possible implementation of a home area network for smart energy management, discusses security issues, and analyzes some commercial hardware/software solutions for its implementation. The network proposed is derived from the experience gained in Smart Grid projects proposal in Italy such as the Energy@Home project [
The general architecture of the smart energy HAN is presented in Figure
Smart energy HAN general architecture.
The Home Energy Angel box implements these main functions: collecting data from the power meters and from the smart endpoints in the home domain, monitoring the energy sources (from the electricity provider or from local renewable energy sources such as photovoltaic panels or wind-based systems), the energy loads (recharge point of electric vehicles if any, lighting, air conditioning, household appliances and infotainment devices), and the energy buffers (Li-ion batteries or H2-based energy storage [ collecting data through the HAN from environmental sensors (temperature, light, and humidity); forecasting of users’ needs, based on data provided by sensors and by profiling methods; sending commands to smart appliances according to preprogrammed strategies to implement power saving strategies (e.g., turn off/on lights adaptively on the environment conditions, proper time programming of washing machines or oven to avoid peak consumption,…), providing information to the users about their energy behavior through their tablet PC or smartphones.
Beyond the Home Energy Angel box, a home gateway is also connected to the HAN. This provides internet access for users through a Wi-Fi network. The home gateway is the interface between the HAN and the WAN network (internet in this architecture). Users can obtain information about home consumption contacting the Home Energy Angel information box through the home gateway, using a simple internet connection or locally using the connected interfaces on their tablet, laptop, or smartphone. The Home Energy Angel smart information box provides energy services to make customers aware about their energy consumption. These services are automatic load management, energy efficiency, active demand service, and networking with smart appliances.
A graphical user interface (GUI) will be developed for the Home Energy Angel, enabling a better user experience of the whole system. The GUI will be designed for two main purposes. Firstly, users will be able to easily provide information on their preferences in using the energy at home (i.e., on the appliance that they are willing to use, on the time window to start/stop each device). Secondly, it will be used to visualize the optimal energy plan calculated by the Home Energy Angel and to access additional information such as the load consumption profile, costs, or statistical data, thereby settling the general lack of awareness people have of their energy consumption.
The proposed Home Energy Architecture will provide benefits in terms of the following. Provide an easy-to-use support to optimize the production and consumption of electricity, reduce electricity cost, and minimize electricity waste. Increase user awareness on energy consumption/saving. Improve the grid efficiency by leveling peaks in the demand.
Energy consumption information, collected by meters, can be sent directly to the Distribution System Operator servers (DSO legacy systems in Figure
In the architecture detailed in Figure
The system architecture of the network is shown in Figure
Smart energy HAN architecture implementation example.
The home gateway acts as an interface between the WAN (internet) and the HAN. A Wi-Fi router can play this role: the smart information box can be accessed remotely from users and can easily contact the utility service servers. In the example of Figure
ZigBee protocol assigns a role to each node into the network. There are three possible roles. ZigBee coordinator (ZC): it is the smartest device in the network. The coordinator node is the root of the network and can also act as a bridge between different networks. It can contain information about the network as well as store the security keys. In each ZigBee network there is only one coordinator. The smart information box is the ZC of the example network of Figure ZigBee router (ZR): it acts as router in the network, exchanging data between nodes (not present in the example network of Figure ZigBee end devices (ZEDs): they are the simplest nodes of the network, and they can communicate only with the coordinator or routers. ZEDs require little amount of memory. The devices in the network of Figure
It is worth noting that ZigBee is not a protocol for peer-to-peer networks (i.e., networks composed by nodes that have all the same role and where there is no distinction between them). ZigBee instead assigns a role to each node, and ZEDs cannot communicate directly, but only through a router or coordinator. Using routers within ZigBee network allows the deployment of a network architecture similar to mesh network.
Moreover the Home Energy Angel in our vision is a smart device that runs applications specific for energy management. It is a point of presence for every smart device within the home domain and for third party’s domotic solutions. For our purpose, the Home Energy Angel smart information box can integrate also the Wi-Fi router to provide an internet access to users. In such a case all the applications for network and energy management run on the Home Energy Angel smart information box, that acts also as a gateway.
Implementing the proposed energy HAN will allow energy saving and cost saving benefits for the end users.
As discussed at the last SustainIT2012 conference in several papers [
A further cost saving can be achieved, thanks to the HAN, by enabling users to automatically exploit the high variability of energy cost which, as reported in Figure
Cost of energy in different time ranges in Italy.
Figure
Oven (a), refrigerator (b), washing machine (c), and home plug (d) system diagram.
An example of stand-alone ZigBee transceiver is the Texas Instruments CC2520. In the solution that integrates the wireless microcontroller and the transceiver in the same chip, the antenna can be directly printed on the PCB board achieving enough gain with a limited size, as demonstrated by recent works done at University of Pisa where multiloop multifrequency antennas have been realized as PCB-printed antenna for sub GHz applications [
Both solutions can be used to upgrade the existing device’s design enabling them to join home area networks. If we use a transceiver, the existing microcontroller could be connected to it using GPIO (general purpose input/output) and SPI (serial peripheral interface) lines. However, this introduces an overhead to the device MCU, that now has to control the system and to implement the communication protocol. On the other hand, using a wireless microcontroller avoids this problem. Actually, a wireless microcontroller can be used as coprocessor, placing it side by side with the device MCU in charge of the system control. The wireless microcontroller implements the communication protocol and manages the transmission and the reception of packets, while the other MCU continues implementing the control algorithm, and when it needs to communicate with other devices in the network it sends a request to the wireless microcontroller. The overhead introduced by this scenario is limited.
The architecture of the Home Energy Angel smart information box is shown in Figure
Architecture of the Home Energy Angel smart box.
Figure
Architecture of the smart meter.
The described smart meter is the result of an evolution started from AMR (automated meter reading) systems. These meters allow utility companies to read consumption records, status, or alarms occurred. AMRs provide only one-way communication: utility companies cannot take corrective actions on the customer grid.
The evolution of AMR is the AMI (advanced metering information) meter whose hardware architecture has been detailed in Figure
For antitapering reason a 3-axis tilt sensor is also integrated in the smart meter architecture and is connected to the Zigbee and the power line communication interfaces (i.e., if the smart meter is tampered, the end user and/or the utility is notified), see [
Table
COTS components to implement the energy HAN nodes.
Device | ATZB-24-A2/B0 [ |
JN5139 | JN5148 | STM32W108C8 | CC2530 |
---|---|---|---|---|---|
CPU | 8 b RISC ATMega128 | 32 b RISC | 32 b RISC | 32 b RISC Cortex3 | 8 b RISC 8051 |
Radio freq. | 2.4–2.485 GHz | 2.4 GHz | 2.4 GHz | 2.4 GHz | 2.394–2.507 GHz |
Flash/ROM | 128 kB Flash | 192 kB ROM | 128 kB ROM | 64 kB Flash | 32, 64, 128, and 356 kB Flash |
RAM | 8 kB | 8 kB | 128 kB | 8 kB | 8 kB |
Data rate | 250 kbps | 250 kbps | 250, 500, and 667 kbps | 250 kbps | 250 kbps |
|
1.8 V–3.6 V | 2.2 V–3.6 V | 2 V–3.6 V | 2.1 V–3.6 V | 2 V–3.6 V |
RX current | 19 mA | 34 mA | 17.5 mA | 27 mA | 24 mA |
Tx current | 18 mA | 34 mA | 15 mA | 31 mA | 29 mA |
Standby current | 6 |
1.3 |
1.25 |
0.8 |
0.4 mA |
Wakeup time | N.A. | N.A. | 840 |
110 |
600 |
RX sensitiv. | −101 dBm | −97 dBm | −95 dBm | −99 |
−97 dBm |
TX power | 3 dBm | 3 dBm | 3 dBm | 3 dBm | 4.5 dBm |
SoC architecture for wireless sensor networks in energy HAN.
As far as the RF part is concerned all devices in Table
As far as the power consumption is concerned it is in the order of several tens of mW in RX or TX active mode; by implementing power cycling strategies, the power consumption can be kept as low as few
When optimizing the network, a specific customization can be done according to the specific device under control. For example, to control simple power appliances like oven, refrigerators, boiler, lights, or air conditioning, it is not needed a continuous control. They have to send their consumptions, alerts in case of troubles (oven overheat during cooking, failures in refrigerator’s components, etc.), and the capability of turning on or off them remotely is needed. For these devices a simple transceiver can be added, and hence the overhead introduced is minimum. These devices have only to transmit and to receive messages at low rate: their status, including energy usage, is checked few times in a day (4/5 times in a day), and alerts do not occur frequently. So a RF transceiver can be added to the MCU already present in such machines, or their MCU can be replaced with a wireless SoC such as the STM32W108C8. In case of smart plug (e.g., turn on/off control of lights) where a microcontroller is not present (since no logic control is required) a simple transceiver is added without any CPU core.
When dealing with other appliances such as washing machines or rechargeable systems for electric vehicles, a continuous control can be useful to program their work and hence to find an optimal trade off between user needs, time-based energy tariff, and production peaks of renewable home energy generators (wind, photovoltaic), if any. A smart washing machine can be programmed to work during low cost time slots. To do this, once the device is programmed, it must be in standby mode until the job can be performed. Small standby consumption is required. The smart information box of Figure
Architecture of the ST7590 PLC modem [
For the E-meter, the ASIC reported in Figure
Architecture of the E-meter ASIC [
All the devices discussed in the previous section contain an AES dedicated processor to implement ZigBee/IEEE 802.15.4 secure communications. AES is the encryption algorithm used in the proposed network. On-chip one time programmable memory can be used to store 64-bit MAC ID and 128-bit AES security key. As reported in Figure
IEEE 802.15.4 and ZigBee role in the ISO/OSI stack.
This mechanism saves energy, choosing free channels when setting the network. IEEE 802.15.4 is a low consumption protocol. Nodes that use this protocol can keep their transceiver sleeping most of the time (up to 99%), and receiving and sending tasks can be set to take small part of the devices’ energy. ZigBee [
ZigBee nodes have a 16-bit network address, assigned by the coordinator during the association process. This address is used for routing information. Nodes within the network play different roles: coordinator, router, and end device. Coordinator and routers cannot sleep. They must be always awake in order to manage the network and to send packets along the network.
It is important to remind that the ZigBee network has not a peer-to-peer architecture, but a hierarchy one in which end devices can only communicate with routers and coordinators.
IEEE 802.15.4 supports only the encryption algorithm 128-bit AES. The reason is mainly due to the possibility to easily find on the market specific devices able to carry out encryption and decryption at the hardware level. The selected SoC has the AES processor embedded directly into transceivers and requires low resources. This standard does not specify how the keys have to be managed or the authentication policies to be applied. These details are leaved to the high-level standards. AES is used for data security (payload encryption) and for data integrity. In particular, the integrity is achieved using Message Integrity Code (MIC). MIC is obtained encrypting part of the MAC (Medium Access Control) frame, using the network key, and its length is usually 128 bits.
Figure
IEEE 802.15.4 MAC frame and security issues.
Auxiliary security header field is meaningless if the security enable bit (within the frame control field) is unset. Otherwise, this field is divided into three subfields described hereafter.
This field is used to select what kind of protection is used for the frame (i.e., security policies adopted): what is encrypted and how long is the key. The first 3 bits specify the security level, and related codes are listed in Table
Security control codes.
Code | Security type | Authentication | Security services |
---|---|---|---|
0x00 | No security | — | No security |
0x01 | AES-CBC-MAC-32 | MIC-32 | |
0x02 | AES-CBC-MAC-64 | MIC-64 | Data integrity |
0x03 | AES-CBC-MAC-128 | MIC-128 | |
0x04 | AES-CTR | — | Data security |
0x05 | AES-CCM-32 | AES-CCM-32 | |
0x06 | AES-CCM-64 | AES-CCM-64 | |
0x07 | AES-CCM-128 | AES-CCM-128 | Data integrity and security |
To prevent replying attacks, every frame has an unique id.
This field contains information about the type of key used in the communication with the other node. Keys can be implicit (known by nodes that are communicating) or explicit. In this last case, key index and key source subfields give indication about the key used.
Payload fields change according to security control field bits.
Every node within the network has an access control list (ACL), a list of “trusted brothers.” Each node before sending data to another node checks if the receiver is a trusted brother using ACL table. If the receiver does not appear into the list, the node can take two possible actions, according to the security policy adopted for the network, reject the message or begin an authentication process. ACL fields are specified in Table
Access control list fields.
Field | Description |
---|---|
Address | Address of the destination node |
Security suite | Security policy used |
Key | 128-bit key used in AES algorithm |
Last initial vector (IV) | Used by the source to avoid reply attacks |
Replay counter | Replay counter is equal to IV but is used by the destination node |
With respect to the 802.15.4 layers, ZigBee adds two additional security layers: the network and the application layers. As all security mechanisms use 128-bit AES encryption, devices designed for IEEE 802.15.4 standard can be used without any modification. ZigBee standard uses three type of keys. These keys are actually used or not, according to the policy chosen for the network. ZigBee keys are: Master key: it is used for keeping link keys confidential and checking their correspondence. Link keys: these keys are unique between pair of nodes. The use of link keys introduces a significant overhead for the node, requesting more memory resources, due to the fact that all data exchanged between two nodes must be encrypted with this key. Link keys are used only in commercial mode policy. Network key: it is an unique 128-bit key shared between the devices composing the network. Network key is generated by the trust center, and it is regenerated after specific time interval. The old key is used to encrypt the new key, that is sent to nodes.
Master and link keys are used by the application layer, and network key is used both by the ZigBee and the MAC layers. The trust center is a special device, that is trusted by the other nodes within the network. Generally, the coordinator is the trust center, even if this role can be played also by another node.
To ensure security, the ZigBee network can use both master and link keys, or if a simple connection is needed only the network key.
In the first case, ideally, every device has the trust center address and an initial master key preinstalled. Otherwise, master keys can be distributed by trust center, during initial network setup using an insecure channel. After all nodes have the master key, link key can be obtained using agreement or transport process. Link keys can be also preinstalled. An example of this use of keys is the commercial mode policy (shown in Figure
ZigBee commercial mode.
When the ZigBee network uses only the network key there is an initial distribution of this key, that is done by the trust center through an insecure channel. Only after the network key is acquired by all nodes the communications between nodes become secure.
Security policies decide which keys are used to make safe the network. Commercial mode where both master key and link keys are used. In this case more memory resources are required. Residential mode where data exchange within the network are encrypted using only network key. This mode is the easiest to implement but is less secure.
To ensure security and privacy protection in the example energy HAN, both residential and commercial modes (see Figures
ZigBee residential mode.
To implement the residential mode the network will need only a network key. The Home Energy Angel smart information box can establish a first key and then distribute it through an insecure connection to other nodes. Otherwise users and operators can “write” it into the devices’ memory; this operation is more secure. Actually any key is transmitted through an insecure channel. Summarizing, if residential mode is chosen security problems can occur during the initial setup of the network.
Commercial mode provides stronger security than residential mode but requires more resources (memory and CPU time). Actually each connection between two nodes uses different keys, and if security is broken in one link, this will not affect the whole network. Also in this mode, the initial key setting is a critical point. A secure method is to assign to each node a first master key “manually.” Then, this will be changed by the trust center using a secure connection. If a first master key is not assigned, this task must be done by the trust center using an insecure channel. A successful conclusion of the initial setup of the network assures the confidentiality and the integrity of the network.
Information exchanged between nodes is always encrypted, and message integrity can always be checked, if the highest security level (AES-CCM-128) was selected. This choice does not affect devices performance since ZigBee transceivers have dedicated AES processors for encryption and decryption.
This paper has discussed and reviewed security problems in Smart Grid taking care of developed architectures and lesson learned at University of Pisa in some projects on the theme of smart energy. An energy home area network, a key element of Smart Grid, is presented, dealing with its security and privacy aspects and showing some solutions to realize a wireless network, based on ZigBee. Implementation challenges from the hardware and software point of view and possible architectures and implementation using COTS components are proposed for key nodes of the smart energy HAN: smart power meters, smart plugs, and a Home Energy Angel information box essential for energy management/saving policy and for energy awareness.