Security and Privacy in Smart Grid Demand Response Systems

Various research efforts have focussed on the security and privacy concerns arising from the introduction of smart energy meters. However, in addition to smart metering, the ultimate vision of the smart grid includes bi-directional communication between consumers and suppliers to facilitate certain types of Demand Response (DR) strategies such as demand bidding (DR-DB). In this work we explore the security and privacy implications arising from this bi-directional communication. This paper builds on the preliminary work in this field to define a set of security and privacy goals for DR systems and to identify appropriate and realistic adversary models. We use these adversary models to analyse a DR-DB system, based on the Open Automated Demand Response (OpenADR) specifications, in terms of the security and privacy goals. Our analysis shows that whilst the system can achieve the defined security goals, the current system architecture cannot achieve the privacy goals in the presence of honest-but-curious adversaries. To address this issue, we present a preliminary proposal for an enhanced architecture which includes a trusted third party based on approaches and technologies from the field of Trusted Computing

Securing Application with Software Partitioning: A Case Study Using SGX

Application size and complexity are the underlying cause of numerous security vulnerabilities in code. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (e.g. the operating system). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. What overall partitioning scheme should be followed; what granularity of the partitions should be. To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. For this work, we focus on the upcoming Intel Software Guard Extensions (SGX) technology as the state-of-the-art in this field. SGX provides a trusted execution environment, called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system. We present a novel framework consisting of four possible schemes under which an application can be partitioned. These schemes range from coarse-grained partitioning, in which the full application is included in a single enclave, through ultra-fine partitioning, in which each application secret is protected in an individual enclave. We explain the specific security benefits provided by each of the partitioning schemes and discuss how the performance of the application would be affected. To compare the different partitioning schemes, we have partitioned OpenSSL using four different schemes. We discuss SGX properties together with the implications of our design choices in this pape

Securing application with software partitioning: a case study using SGX

Application size and complexity are the underlying cause of numerous security vulnerabilities in code. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (e.g. the operating system). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. What overall partitioning scheme should be followed; what granularity of the partitions should be. To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. For this work, we focus on the upcoming Intel Software Guard Extensions (SGX) technology as the state-of-the-art in this field. SGX provides a trusted execution environment, called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system. We present a novel framework consisting of four possible schemes under which an application can be partitioned. These schemes range from coarse-grained partitioning, in which the full application is included in a single enclave, through ultra-fine partitioning, in which each application secret is protected in an individual enclave. We explain the specific security benefits provided by each of the partitioning schemes and discuss how the performance of the application would be affected. To compare the different partitioning schemes, we have partitioned OpenSSL using four different schemes. We discuss SGX properties together with the implications of our design choices in this pape