Smart Energy Profile (SEP) 1.x Summary and Analysis, Version 1.0 (technical lead and co-author)
Load control capabilities in Home Area Networks (HANs) are an integral part of the smart grid and energy efficiency modernization efforts currently underway. Like other smart grid systems, HANs are vulnerable to cyber attacks and adequate security measures are needed. The Zigbee Smart Energy Profile 1.0 and Smart Energy Profile 1.1 (collectively referred to in this white paper as SEP 1.x) present a communication framework for HAN devices along with a security framework.
This white paper builds upon prior efforts that assessed the security of SEP 1.x with a primary objective to help stakeholders understand the vulnerabilities in SEP 1.x and provide them with actionable advice on how to mitigate or minimize these vulnerabilities. This white paper goes beyond prior work in several aspects. Included are several representative system architectures and the Texas public utilities commission architecture. These representative architectures assist in understanding the results of the security analysis. This white paper lists the differences between versions SEP 1.0 and 1.1 of the specifications, which will help the relevant stakeholders to understand the applicability of this document on their HANs. Finally, this document presents potential vulnerabilities, impacts, best practices, and mitigations for SEP 1.x.