Dagstuhl Seminar 11511
Privacy and Security in Smart Energy Grids
( Dec 18 – Dec 21, 2011 )
- Stefan Katzenbeisser (TU Darmstadt, DE)
- Klaus Kursawe (Radboud University Nijmegen, NL)
- Bart Preneel (KU Leuven, BE)
- Ahmad-Reza Sadeghi (TU Darmstadt, DE)
- Andreas Dolzmann (for scientific matters)
- Simone Schilke (for administrative matters)
The smart grid initiative is an attempt to improve reliability and efficiency of the electricity grid by adding communication and intelligence to its components all the way from end-user devices to the utilities. On the end user side, detailed usage information will be transferred to both home systems and the utilities; the utility can provide load- and pricing information to the meters and end-devices in real time. On the grid side, intelligent systems will allow for a more flexible energy distribution. Naturally, adding smartness to a critical and sizeable infrastructure system such as the electricity grid imposes extreme requirements on security and privacy, while facing numerous conflicting requirements from the different players. In addition, legislation is pushing hard to implement a large scale smart grid in a very short time: In Europe, the commission plans to achieve 80% smart grid coverage by 2020, with some countries starting to roll out meters at a large scale in 2012; in the US, the rollout has already started.
In such a setting, security and privacy are vital. A security breach of a smart energy grid can have severe consequences for power availability. With respect to privacy, the information gathered by the utility reveals a wealth of information about individual customers: examples are the day rhythm (power consumption data may reveal that a customer always comes home after the bars close, and has too little time between getting up and leaving the house to have breakfast), religious patterns (a devout Muslim may turn on the light for a morning prayer, or a catholic family may always leave home during the Sunday sermon), relationship patterns (energy usage may identify the days on which a group of people stayed in a house and the time when they went to bed), and even TV schedules (by combining electricity and water consumption measurements).
While it is not clear yet to which extent this data is going to be exploited, the potential privacy implications are substantial and have already been identified (after interoperability) as the second most important issue with the smart grid by NIST.
It is thus essential to build security and privacy protection into smart energy grids right from the start. The goal of this seminar was thus to raise awareness of this critical problem that may affect every European citizen within a couple of years and to bring together academic researchers as well as utility experts in order to start an open dialogue on smart grid privacy and security problems and potential solutions.
Topics covered during the seminar were:
- Communication Security: For the smart grid to work efficiently, end-user devices will need to communicate with the utility. The main challenge is that the end devices may be extremely limited in their capacity, and that commissioning – i.e., integration of a new device into a home- or office network – has to be simple and efficient. This will require new ways of secure communication between power consuming devices and smart meters as well as new ways to set up communication networks covering extremely small devices (such as light bulbs).
- Privacy: The amount of data collected about individual users in a smart grid setting is unprecedented, and leads to massive concerns about user’s privacy. The setting is rather unique for privacy research – the data is not gathered for the profit of some company, but for the more noble cause of global energy savings, and the nature of the system makes it hard to temporarily opt out. Flexible Privacy-Enhancing Technologies are required to balance the conflicting requirements of privacy and data usage.
- Implementation Security: Already now, the first attacks on implementations of smart meters have been published. With a huge number of small embedded devices suddenly getting connected, implementation security becomes critical. Unfortunately, vendors of those devices are usually not experienced in protecting against network-based attacks, and resource constraints on such devices do not allow implementation of many standard security solutions designed to protect larger computer systems. Thus, new hardware security mechanisms are required.
- Grid Architectures: The smart grid combines architectural requirements that are inherently contradictory. On one side, control networks for critical systems should always put safety first, i.e., rather risk a data loss than a disruption in functionality. On the other side, this particular network deals with a huge amount of privacy related and security critical data, requiring adequate protection from data theft. New architectures need to be designed to accommodate both privacy and dependability at the same time.
- Nikita Borisov (University of Illinois - Urbana Champaign, US) [dblp]
- Binbin Chen (ADSC - Singapore, SG)
- George Danezis (Microsoft Research UK - Cambridge, GB) [dblp]
- Peter Ebinger (AGT International - Darmstadt, DE)
- Paulo Jorge Esteves-Veríssimo (University of Lisboa, PT) [dblp]
- Flavio D. Garcia (Radboud University Nijmegen, NL) [dblp]
- Jorge Guajardo Merchan (Robert Bosch LLC - Pittsburgh, US) [dblp]
- Matthias Hollick (TU Darmstadt, DE) [dblp]
- Bart Jacobs (Radboud University Nijmegen, NL) [dblp]
- Michael John (Elster GmbH - Mainz, DE)
- Stefan Katzenbeisser (TU Darmstadt, DE) [dblp]
- Florian Kerschbaum (TU Dresden, DE) [dblp]
- Erwin Kooi (Alliander - Duiven, NL)
- Klaus Kursawe (Radboud University Nijmegen, NL) [dblp]
- Leonardo A. Martucci (Karlstad University, SE) [dblp]
- Günter Müller (Universität Freiburg, DE)
- Bart Preneel (KU Leuven, BE) [dblp]
- Carsten Rudolph (Fraunhofer SIT - Darmstadt, DE) [dblp]
- Ahmad-Reza Sadeghi (TU Darmstadt, DE) [dblp]
- Kazue Sako (NEC - Kawasaki, JP) [dblp]
- Radu Sion (Stony Brook University, US) [dblp]
- Christian Stüble (Sirrix AG Bochum, DE)
- Gene Tsudik (University of California - Irvine, US) [dblp]
- Ingrid Verbauwhede (KU Leuven, BE) [dblp]
- Khan Ferdous Wahid (Fraunhofer SIT - Darmstadt, DE)
- Jos Weyers (TenneT - Arnhem, NL)
- Wenyuan Xu (University of South Carolina - Columbia, US)
- Dagstuhl Seminar 16032: Privacy and Security in Smart Energy Grids (2016-01-17 - 2016-01-20) (Details)
- hardware security
- smart meters
- security in heterogeneous networks