Author:
Steve Norman, Smart Energy Marketing Manager, Industrial Business Group, Renesas Electronics Europe
Date
10/08/2011
We have often seen reported the potential for data theft, either on an individual basis, or on a larger scale. The question is how to lessen the risk of the worst happening in smart grid metering. The use of cryptography is a very obvious starting point, enforcing authentication, providing encryption and signing data; but this is only a part of the solution. Before rollout, rigorous design and test procedures must be implemented to avoid software vulnerabilities such as buffer overflows, where memory safety is violated through the writing of data from the desired buffer to an adjacent area of memory. Moving onto the rollout phase, and indeed throughout the entire life cycle of the meter, further controls must be put in place to maintain the integrity of the meter and its contents once activated, even after decommissioning and disposal, in whatever form the latter may take. Then what is hopefully standard practise by now for tamper detection, logging and reporting, as well as ensuring the secure storage and use of associated cryptographic keys; and let's not forget, we are also talking about the keys and certificates in the meter itself. A final point on cryptography keys - separate keys for separate uses must be a given. Let's remember that even smart meters ultimately have limited processing power, despite the prevalence of what is considered a relatively high end 32-bit microcontroller at their hearts, so strong encryption must be embedded and considered as part of the microcontroller overhead. As part of the encryption process, I already mentioned different keys for different uses and the challenges of storing keys securely, but what about the question of revoking keys? This is actually a huge issue that will not be covered in depth here, but the point is that a strategy must be established that will not leave the system vulnerable whilst dealing with compromises that may have taken place since the moment the cause of revoking the key occurred, for example in the instance of a cryptographic key being stolen from a meter contractor or a handheld commissioning terminal being lost. Millions of these smart meters are likely to be installed when considering major smart grid or smart meter rollouts, and this in itself presents the challenge of restricting and controlling availability of the meters to be installed, and later - and presumably more challenging - controlling disposal at end of life. Then what happens when the meter has been installed and it's left in the hands of the consumer; physical security becomes another challenge to add to our list. We all know that the smart part of a smart meter means communications, ideally providing interoperability, meaning point-to-point security measures which are widely discussed. But shouldn't we really be discussing end-to-end security? Or is convenience really more important to us than security? Speaking of communications, ‘new' does not necessarily mean ‘better' in terms of security vulnerabilities. What we are discussing is nothing new if you look outside of the smart meter or smart grid area; we can cite some examples from other industries. DVD DRM (Digital Rights Management) was hacked by a 16-year old; Blu-Ray content was similarly hacked within days of first being available. The aforementioned recent Sony Playstation Network hack remains high-profile, but let's also not forget the huge ongoing damage done to Nintendo earnings and those of their development partners through hacking of its DS handheld gaming system. Can we take the smart meter and smart grid application less seriously? Let's now start to consider what can be done
This may sound like a strange comment from someone representing the world's largest microcontroller manufacturer and leading supplier to the metering market, but the answer is probably not to be found in a standard microcontroller. Just as you should not fit a high security door lock and then leave the key under the door mat, you should not leave your cryptographic keys unprotected. Standard microcontrollers cannot necessarily be relied upon to store the keys securely, and may also copy the keys to RAM during use; numerous techniques exist for hackers to recover keys from a standard microcontroller. One must also consider their capabilities for key and random number generation; many attacks are possible due to flaws in generation, implementation or use of random numbers. Many standard microcontrollers offer the ability to set a protection flag or fuse to "prevent" reading of the stored data, but this is not an adequate solution. Here are some of the potential risks: power analysis using resistors can disclose key information; timing analysis can also disclose key information; voltage glitching can bypass security checks; fuse resetting using lasers, camera flashes, etc. can allow code to be read; chip erase via JTAG can allow reading of data located in RAM; and entropy analysis can be used to identify keys. However, a dedicated secure microcontroller can provide a solution. A secure microcontroller can provide resistance against physical attack through analysis or probing, with its inherent random chip layout, metal shielding, memory data scrambling and fine process technology providing secure key storage through a secure environment. Randomised timing and the ability to mask the operations, as well as hardware data encryption and random number generation on-chip, can prevent timing and current disturbances leading to leakage attack. And illegal voltage, noise, temperature, clocking or optical attack can be mitigated against through automatic tamper detect, which will shut down the device upon illegal access attempts, as well as dedicated EEPROM protection and co-processing for random number generation and cryptography to accelerate these operations. In summary, a secure microcontroller provides secure key storage, whereby the key never leaves the microcontroller and is never held in unsecured RAM; it provides hardware acceleration for cryptographic operations; it prevents cloning; it provides secure credit information storage and logging; key generation and random number generation is done onboard; and cryptographic algorithms are fully validated. Final considerations As already mentioned, "End to End" or E2E security is more secure than "Point to Point" or P2P security; P2P is only as secure as the weakest link in the chain, and creates vulnerabilities at each point that data is decrypted and re-encrypted. For E2E security, the meter and data centre must implement compatible algorithms, which brings us on to the regulatory and standards frameworks. There are statutory minimum levels of cryptographic security, but the question of P2P convenience versus E2E security remains, as does the impact of such choices concerning the power burden, critical in battery powered meters and dictated by the strength of cryptography used and the frequency of readings. Then there is the ongoing uncertainty around patents covering some popular cryptographic algorithms such as ECC (Elliptic Curve Cryptography), where a solution for interoperability without patent infringement would be demanded… Unfortunately, while there can be no question of the requirement, security is not simple, but must be considered at the start of smart meter and smart grid programmes and not as an afterthought! As a closing point, at the time of writing, the White House had just released it's Smart Grid Policy Framework for the U.S.A. Cyber security was cited as one of four top priorities to ensure protection of the electricity system against cyber attacks, ensuring it can recover when attacked, and developing and maintaining threat awareness, guidelines and standards. Europe must do the same. www.renesas.com