applying a security kernel framework to smart meter gateways
TRANSCRIPT
![Page 1: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/1.jpg)
1
Michael Gröne, Marcel Winandy
Applying a Security Kernel Framework to Smart Meter Gateways
© 2012 Sirrix AG
![Page 2: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/2.jpg)
2
Introduction: The Smart Grid Household
Computer
Dish washer
Hybrid / e-car Battery pack
Solar panel
Thermostat
Hot water heater Sensors
![Page 3: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/3.jpg)
3
Introduction: Smart Metering Infrastructure
Internet
Utility Provider
Gateway
Gateway
Gateway
![Page 4: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/4.jpg)
4
Critical Issues
• Privacy (individual power consumption, smart home communication)
• Security (connection via Internet, different data and stakeholders)
![Page 5: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/5.jpg)
5
Considerations by the EU
• EU Directive 2009/72/EC: • 80% of households should be equipped with smart meters by 2020
• EU Task Force on Smart Grids, Expert Group 2 (February 2011): • “Smart Grid products and solutions should be designed from the start
with appropriate levels of data privacy and security at their core”
• EU Commission’s recommendation (March 2012): • Use “‘best available techniques’ to safeguard personal data and
guarantee data security when data are processed in smart metering systems and smart grids”
(cf. Tijmen Wisman: “The Transformation of the Home through the Internet of Things: the impact on the private sphere” at APC 2012)
![Page 6: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/6.jpg)
6
This Talk
The TURAYATM High-Assurance Security Kernel Framework
Applying the security kernel framework to smart meter gateways
Security requirements for smart meter gateways
![Page 7: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/7.jpg)
7
Security requirements for smart meter gateways
![Page 8: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/8.jpg)
8
Smart Meter Gateway
Home Area Network: - Controllable Local Systems (CLS) - User Displays for consumers
Local Metrological Network: - Smart Meters (power, water, heat, etc.)
External Parties: - Utility provider (billing) - Gateway Admin
![Page 9: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/9.jpg)
9
Main Functions of the Smart Meter Gateway
Meter Data Management
Capturing, processing, and billing
Administration
Receiving control commands and
configuration data
User Display
Providing an interface for
display units in the HAN
CLS Proxy
Providing an interface for
controllable local systems (CLS) to
the WAN
![Page 10: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/10.jpg)
10
Protection Profile for Smart Meter Gateways
• Developed by German federal agency for information security (BSI) • All gateway vendors must have their products certified according the PP • PP comes along with Technical Specification regulating interoperability • Overall security objectives:
• Protection of person-related data of consumers • Securing a reliable billing process • Protection of the smart meter systems
and smart grid infrastructure
![Page 11: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/11.jpg)
11
Required Security Functions
• Providing secure communications channels between networks • Privacy protection:
• Pseudonymization of consumer data • Gateway administrators should not be able to see consumer data
• Confidentiality and integrity protection of content data • On the device • When transferred to external parties
• User authentication for consumers • Secure execution environments for processing on the device • Secure remote update (firmware, policies) • Logging • Self Tests
![Page 12: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/12.jpg)
12
Information Flow Control
• WAN connection establishment only allowed by Gateway (!) • Exception: Wake-Up Call
• CLS and Meters can call Gateway • CLS can communicate to
authorized parties in WAN • Gateway acts as proxy
• No communication between HAN and LMN allowed
• External parties must use Gateway Admin to issue Wake-Up call • Gateway then calls pre-defined
service in WAN
![Page 13: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/13.jpg)
13
Problems
• Smart meter and smart meter gateway vendors are no IT security experts • Unfamiliar with Common Criteria evaluation process • Need to develop new or adapt existing system software to comply • Need to demonstrate that their product protects data according PP
• Simply using Embedded Linux OS + firewall functionality not enough • Protecting data on the device • Controlling information flow • Remote administrators should not be able to access consumer data
![Page 14: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/14.jpg)
14
TURAYATM High-Assurance Security Kernel Framework
![Page 15: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/15.jpg)
15
TURAYATM High-Assurance Security Kernel Framework
• Security architecture based on functional requirements from Common Criteria • Platform independent:
server systems (virtualization, cloud) end-user / embedded devices
App App App
![Page 16: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/16.jpg)
16
Experiences
• Research & Development projects: • EMSCB: individual PCs, laptops • OpenTC: trusted infrastructures (PCs, servers, virtual data center) • TClouds: trusted cloud infrastructures • Emergent: information flow control in digital enterprises • RUBTrust/MediTrust: evaluation of certain application domains • TrustedMobile/BizzTrust: smartphones
![Page 17: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/17.jpg)
17
Development Approach
• HASK-PP: Common Criteria protection profile for the security kernel (EAL 5) • Main concept: isolated domains for data/execution, trusted computing • Approach: simplicity
(only few main security requirements, implementation-independent)
![Page 18: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/18.jpg)
18
Framework Approach: Reduced Complexity
• Goal: Reduce size of trusted computing base • Easier to maintain and evaluate (e.g., Common Criteria) • Reduced attack surface
• Approaches: microkernel, virtualization, code optimization (e.g., remove unneeded libraries)
App App App Complex application logic (could also include device drivers)
Basic security services
Basic resource management
Hardware security module (e.g., TPM)
![Page 19: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/19.jpg)
19
Framework Approach: Modularity
• Goal: Make security kernel applicable to several usage scenarios • Components could be added or removed (depending on need) • Components could be replaced by alternative implementations
(depending on hardware capabilities or required security guarantees) • Examples:
• Resource Management: L4 microkernel, Xen hypervisor, SELinux, etc. • Hardware Security Module: HSM, TPM, smartcard, etc.
![Page 20: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/20.jpg)
20
Applying the security kernel framework to smart meter gateways
![Page 21: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/21.jpg)
21
High-Level Security Architecture (Gateway)
![Page 22: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/22.jpg)
22
Meter Data Processing and Delivery
![Page 23: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/23.jpg)
23
Remote Administration of the Gateway
![Page 24: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/24.jpg)
24
Smart Meter Backend
Smart Meter Gateways
Backend Management
System
...
Gateway Administrator
External Party
![Page 25: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/25.jpg)
25
Outlook: Trusted Smart Metering Architecture
![Page 26: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/26.jpg)
26
Conclusion
• Smart grid needs to address security & privacy requirements • Smart Meter Gateway is one important component • In Germany: regulatory requirement of Common Criteria evaluation
• TURAYATM Security Kernel framework: • Modular security architecture • Common Criteria oriented development
• Smart Meter Gateway realizable on top of the security kernel framework: • Gateway functions as isolated compartments • Information flow control by design
![Page 27: Applying a Security Kernel Framework to Smart Meter Gateways](https://reader036.vdocuments.site/reader036/viewer/2022081404/5575b135d8b42a3b498b4d13/html5/thumbnails/27.jpg)
27
Sirrix AG Lise-Meitner-Allee 4 44801 Bochum Germany
Tel +49 234 / 61 00 71-0 Fax +49 234 / 61 00 71-500
Email [email protected] Web www.sirrix.de
QUESTIONS?
Marcel Winandy
Email: [email protected]