Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI)
Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI) (author)
One area of critical importance to the security of the modernized grid is cryptography. Cryptographic techniques are used to ensure confidentiality, non-repudiation, and authentication. In the advanced metering infrastructure (AMI) the smart meters include multiple symmetric and/or asymmetric key pairs. With the deployment of millions of smart meters, cryptographic key management for millions of keys is a critical technical area for utilities.
The overall objective of this research project was to identify the design principles that are applicable to AMI and the management of cryptographic keys. Designing and implementing effective cryptographic key management schemes is a research area that requires the input from utilities and the cryptography community. This report may be used by utilities as they design their cryptographic key management systems and/or work with vendors to design cryptographic key management systems. The report provides specific design guidance for utilities.
Smart Energy Profile (SEP) 1.x Summary and Analysis
Smart Energy Profile (SEP) 1.x Summary and Analysis, Version 1.0 (technical lead and co-author)
Load control capabilities in Home Area Networks (HANs) are an integral part of the smart grid and energy efficiency modernization efforts currently underway. Like other smart grid systems, HANs are vulnerable to cyber attacks and adequate security measures are needed. The Zigbee Smart Energy Profile 1.0 and Smart Energy Profile 1.1 (collectively referred to in this white paper as SEP 1.x) present a communication framework for HAN devices along with a security framework.
This white paper builds upon prior efforts that assessed the security of SEP 1.x with a primary objective to help stakeholders understand the vulnerabilities in SEP 1.x and provide them with actionable advice on how to mitigate or minimize these vulnerabilities. This white paper goes beyond prior work in several aspects. Included are several representative system architectures and the Texas public utilities commission architecture. These representative architectures assist in understanding the results of the security analysis. This white paper lists the differences between versions SEP 1.0 and 1.1 of the specifications, which will help the relevant stakeholders to understand the applicability of this document on their HANs. Finally, this document presents potential vulnerabilities, impacts, best practices, and mitigations for SEP 1.x.