https://www.dagstuhl.de/11511

December 18 – 21 , 2011, Dagstuhl Seminar 11511

Privacy and Security in Smart Energy Grids

Organizers

Stefan Katzenbeisser (TU Darmstadt, DE)
Klaus Kursawe (Radboud University Nijmegen, NL)
Bart Preneel (KU Leuven, BE)
Ahmad-Reza Sadeghi (TU Darmstadt, DE)

For support, please contact

Dagstuhl Service Team

Documents

Dagstuhl Report, Volume 1, Issue 12 Dagstuhl Report
List of Participants
Shared Documents
Dagstuhl Seminar Schedule [pdf]

Summary

The smart grid initiative is an attempt to improve reliability and efficiency of the electricity grid by adding communication and intelligence to its components all the way from end-user devices to the utilities. On the end user side, detailed usage information will be transferred to both home systems and the utilities; the utility can provide load- and pricing information to the meters and end-devices in real time. On the grid side, intelligent systems will allow for a more flexible energy distribution. Naturally, adding smartness to a critical and sizeable infrastructure system such as the electricity grid imposes extreme requirements on security and privacy, while facing numerous conflicting requirements from the different players. In addition, legislation is pushing hard to implement a large scale smart grid in a very short time: In Europe, the commission plans to achieve 80% smart grid coverage by 2020, with some countries starting to roll out meters at a large scale in 2012; in the US, the rollout has already started.

In such a setting, security and privacy are vital. A security breach of a smart energy grid can have severe consequences for power availability. With respect to privacy, the information gathered by the utility reveals a wealth of information about individual customers: examples are the day rhythm (power consumption data may reveal that a customer always comes home after the bars close, and has too little time between getting up and leaving the house to have breakfast), religious patterns (a devout Muslim may turn on the light for a morning prayer, or a catholic family may always leave home during the Sunday sermon), relationship patterns (energy usage may identify the days on which a group of people stayed in a house and the time when they went to bed), and even TV schedules (by combining electricity and water consumption measurements).

While it is not clear yet to which extent this data is going to be exploited, the potential privacy implications are substantial and have already been identified (after interoperability) as the second most important issue with the smart grid by NIST.

It is thus essential to build security and privacy protection into smart energy grids right from the start. The goal of this seminar was thus to raise awareness of this critical problem that may affect every European citizen within a couple of years and to bring together academic researchers as well as utility experts in order to start an open dialogue on smart grid privacy and security problems and potential solutions.

Topics covered during the seminar were:

  • Communication Security: For the smart grid to work efficiently, end-user devices will need to communicate with the utility. The main challenge is that the end devices may be extremely limited in their capacity, and that commissioning – i.e., integration of a new device into a home- or office network – has to be simple and efficient. This will require new ways of secure communication between power consuming devices and smart meters as well as new ways to set up communication networks covering extremely small devices (such as light bulbs).
  • Privacy: The amount of data collected about individual users in a smart grid setting is unprecedented, and leads to massive concerns about user’s privacy. The setting is rather unique for privacy research – the data is not gathered for the profit of some company, but for the more noble cause of global energy savings, and the nature of the system makes it hard to temporarily opt out. Flexible Privacy-Enhancing Technologies are required to balance the conflicting requirements of privacy and data usage.
  • Implementation Security: Already now, the first attacks on implementations of smart meters have been published. With a huge number of small embedded devices suddenly getting connected, implementation security becomes critical. Unfortunately, vendors of those devices are usually not experienced in protecting against network-based attacks, and resource constraints on such devices do not allow implementation of many standard security solutions designed to protect larger computer systems. Thus, new hardware security mechanisms are required.
  • Grid Architectures: The smart grid combines architectural requirements that are inherently contradictory. On one side, control networks for critical systems should always put safety first, i.e., rather risk a data loss than a disruption in functionality. On the other side, this particular network deals with a huge amount of privacy related and security critical data, requiring adequate protection from data theft. New architectures need to be designed to accommodate both privacy and dependability at the same time.

Related Dagstuhl Seminar

Classification

  • Security/cryptography

Keywords

  • Privacy
  • Hardware security
  • Smart meters
  • Security in heterogeneous networks

Documentation

In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.

 

Download overview leaflet (PDF).

Publications

Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.