secure data provenance in home energy monitoring networks loong keoh... · 2019-07-16 · secure...
TRANSCRIPT
![Page 1: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/1.jpg)
SecureDataProvenanceinHomeEnergyMonitoringNetworksMingHongChia,SyeLoongKeoh,Zhaohui Tang
1
![Page 2: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/2.jpg)
Outline
• DataProvenanceandSmartMetering• SecurityThreatsandRequirements• ProposedArchitecture
– ThresholdCryptography– LocationAuthenticityusingBLE
• PreliminaryEvaluations• FutureWorkandConclusions
2
![Page 3: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/3.jpg)
“Dataprovenance referstorecordsoftheinputs,entities,systems,andprocessesthatinfluencedata ofinterest,providingahistoricalrecordofthedata anditsorigins.”
SystemsandInternetInfrastructureSecurity,PennStateUniversity
3
Data Provenance
![Page 4: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/4.jpg)
• Cryptography
• Redundancyanddatacross-checking
4
Data Provenance
AuthenticationEncryption
Data Collector Measurement Device
Data Source
…
Data Collector
Measurement Devices
Data Source
![Page 5: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/5.jpg)
• Sensordataistypicallyaggregated– smartmeter.
5
IoT and Smart Metering
NAN
Data Concentrator
Smart Home Appliances
Smart Meter
Neighbourhood Area Network (NAN)
Home Area Network (HAN)
ZigBee, WiFI, Ethernet
WiFi, Cellular
WAN
Wide Area Network (WAN)
Fibre Optic, Cellular
Utility
Public Realm Private Realm
Advanced Metering Infrastructure (AMI)
Utility End
Collection
Monitoring
![Page 6: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/6.jpg)
• Issmartmeterthetruedatasourceofenergyconsumptionofthehousehold?
6
Smart Metering
Smart Home Appliances
Smart Meter
Home Area Network (HAN)
ZigBee, WiFI, Ethernet
HAN
Utility
Energy Consumption
Reporting
The real data source
The real data source
Potential compromise?- under reporting of energy usage- energy fraud
![Page 7: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/7.jpg)
• Dataprovenance=thereportedenergyusageiscollectedfromthespecificapplianceasclaimed,andthatitreflectstherealenergyconsumption.
• Specifically,weareinterestedin:– Sourcedata/identityauthenticity– Dataintegrityandconsistency– Locationauthenticity
7
IoT Data Provenance
![Page 8: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/8.jpg)
• Asecureplug(SSP)tomeasuretheenergyconsumptionateachdatasource.
• Usingmultiplesensorstotrackelectricityusage.
• UsingBluetoothlocalizationtodetectchangesinthelocation.
8
Secure Smart Plug
Smart EnergyPlug
SmartMeter
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
Secure Smart Plug
Data Source
![Page 9: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/9.jpg)
9
Proposed Approach
Smart EnergyPlug
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
Secure Smart Plug Source Data / Identity• Using RSA threshold
scheme (k,n).
Data Integrity / Consistency• Both energy data from the
magnetic sensor and theenergy plug must match.
• Aggregated energy data from all data sources must also match the smart meter’s measured data.
Location Authenticity• Using Bluetooth Trilateration
technique.
![Page 10: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/10.jpg)
10
Proposed Approach
SECURITYPROTOCOL
Commissioning
Operational
1. CommissioningPhaseA. DeploymentofSecureSmart
Plug- registerlocation
B. RSAKeyPairGeneration
C. SecretShareGeneration
2. OperationalPhaseA. SigningandVerificationProtocol
usingThresholdScheme(3,4)
B. LocationVerification
![Page 11: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/11.jpg)
11
Commissioning Phase
SmartMeter
Smart EnergyPlug
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
Secure Smart Plug
Public Key: nShare: s3
Public Key: nShare: s4
Public Key: nShares: s , s1 2
1. RSA Key Pair Generation (PK and SK)- Public Key (PK): (n, e)- Secret Key (SK): d
2. Generation of Secret Shares- Secret Shares: s1, s2, s3, s4
Data Source
• One-timekeygenerationusing(3,4)ThresholdSchemeforeachdatasourceinthenetwork.
![Page 12: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/12.jpg)
Commissioning Phase
• UsingTrilaterationalgorithmtodeterminethelocationofSSP.
• UsingRSSIoftheBLEchiptocomputethedistance.
• LocationofthedeployedSSPisregistered.
12
Secure Smart Plug
Estimote Beacon (Candy)
Estimote Beacon (Yellow)
Estimote Beacon (Beetroot)
(Intersection)
![Page 13: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/13.jpg)
13
Smart EnergyPlug
EnergyMagneticSensor
RaspberryPi 3 Bluetooth
(1) Sends m to BT, where m = m1
SP
i
(2) Check current location(XY)of SP upon receiving m
(3) if true, generate own partial signature share by signing mSIGN { s , n , m , N } i
(4) Sends psto SP
SmartMeter
(6) Send all respective partial signature shares to SM
ps = { s , n, m1 , N }1 1 SPps = { s , n, m1 , N }2 2 SP
(1) Sends m to BT, where m = m2
MS (4) Sends psto MS
i
(5) Generate own partial signature share by signing mSIGN { s , n , m , N }
(6) Send all respective partial signature shares to SMps = { s , n, m2 , N }4 MS4
ps = { s , n, m1 , N }3 SP3PS1 =SP
ps = { s , n, m1 , N }ps = { s , n, m1 , N }ps = { s , n, m1 , N }
SP1 1
SP2 2
SP3 3
PS2 =MS
ps = { s , n, m2 , N }ps = { s , n, m2 , N }ps = { s , n, m2 , N }
MS1 1MS2 2MS4 4
(1) Sends m to SM, where m = m1(5) Generate own partial signature share by signing mSIGN { s , n , m , N }
Secure Smart Plug
(1) Sends m to SM, where m = m2
SP
MS i
i
ps = { s , n, m2 , N }1 1 MSps = { s , n, m2 , N }2 2 MS
(7) Upon receiving the PS , combine and aggregate them to compute as FS for verification later.COMBINE { PS, PK , m, n, k, N }
(8) Verifies m with SKd
(9) VERISM FS ≡ m using PK
SK
(10) VERISM (m1 ≡ m 2)using PKe
e
SP MS
e
d
i
Operational Phase
Data Source
![Page 14: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/14.jpg)
Operational Phase
• UsingBLEtodetectchangesinthelocationofSSP.
14
Estimote Beacon (Yellow)
Estimote Beacon (Beetroot)
Estimote Beacon (Candy)
WiFi Wireless Router
Smart Meter
Local Area Network (LAN)
Secure Smart Plug(Raspberry Pi 3)
![Page 15: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/15.jpg)
• OneofthecomponentsinSSP“attempted”tounderreporttheenergyconsumption.
• Resultingin:– Differenceintheenergyusageatthesamedatasource:MMS ≠MSP ☛ datainconsistency
15
Attack Simulation I
![Page 16: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/16.jpg)
• There-locationoftheSSPtomeasureadatasourcethatisoutsideofthehouse.
• Resultingin:– Detectionoflocationthatisdifferentfromthedeployedlocation,hencewillnotgeneratepartialsignatures,ps1 andps2☛ incorrectlocation.
– Energyusagedatacannotbeverifiedduetothelackofsignatureshares.
16
Attack Simulation II
![Page 17: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/17.jpg)
17
Estimote Beacon (Yellow)
Estimote Beacon (Beetroot)
Estimote Beacon (Candy) Original Deployed
Location Coordinates (x:6.5, y: 10.0)
Relocated Secure Smart Plug Location Coordinates (x:2.5, y: 2.5)
Secured Smart Plug
Attack Simulation II
![Page 18: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/18.jpg)
• Bothenergymeasurementsensors“werecompromised”.
• Resultingin:– (IFLocationofSSPisauthentic)☛ collusionbetweenMSandSPyieldedasuccessfulattack.
– (IFSSPisre-located)☛ collusionbetweenMSandSPdidnotworkasonlytwopartialsignaturesharescouldbegeneratedfora(3,4)ThresholdScheme.
18
Attack Simulation III
![Page 19: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/19.jpg)
19
Performance Results
![Page 20: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/20.jpg)
20
Performance Results
Entity Components in SSPKey Size (bits) 512 1024 2048 Average (ms) 148.33 863.67 6419
Time taken to generate a partial signature
Entity Smart MeterKey Size (bits) 512 1024 2048 Combine Signature (ms) 5 8.33 18.33
Signature Verification (ms) 132 157 875
Time taken to combine partial signatures and verify signature
• TheRSAthresholdschemeisfeasibleonaRaspberryPi3device,thoughnotveryefficient.
![Page 21: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/21.jpg)
• Preliminarystudyofdataprovenance inthecontextofIoT.
• ICSsystemsalsousemanyredundantsensorsforcriticalinfrastructureandmonitoring.
• TPMandsoftware-basedattestationwillberequiredtoensuretheverificationsoftwareworkscorrectly?
• ReplacementofRSA-basedThresholdSchemewithaMAC-basedscheme?
• Autodetectionoflocationwithoutdeploymentofbeacons?
21
Conclusions
![Page 22: Secure Data Provenance in Home Energy Monitoring Networks Loong Keoh... · 2019-07-16 · Secure Data Provenance in Home Energy Monitoring Networks Ming Hong Chia, Sye Loong Keoh](https://reader034.vdocuments.site/reader034/viewer/2022050308/5f702b9722b5fa068b21a85d/html5/thumbnails/22.jpg)
Thankyou!
Contact details:Sye Loong KeohUniversity of [email protected]
Zhaohui TangSingapore Institute of [email protected]
22