Tamper-proofing the smart grid

RSS

Introducing smart meters is making the electricity grid increasingly electronic, which saves time and money for utilities since they don’t have to send a person to read the meter. But this increasing ‘digitalisation’ also adds a lot more opportunities for tampering with the meters in some way, resulting in security vulnerabilities. These vulnerabilities obviously need to be considered before introduction of the smart meters to make sure everyone is paying their way when it comes to electricity.

Chris Neil, Senior VP for Industrial and Medical Solutions Group at Maxim Integrated summarised the problem on the slide below.

 

At the very earliest stage, meter SoC ICs could be replaced with fakes, but there are various measures already in place in the supply chain to try to combat this problem.

At the factory, the meters are programmed with their software/firmware before being sent out into the field. There’s a small possibility that this software could be stolen to clone a meter, or that someone could introduce bad software into the manufacturing process. A secure bootloader and cryptographic code validation is necessary, which uses digital signatures to prove the code is valid.

After leaving the factory, the whole meter units could be replaced with fakes.

When in the field, the meters could be recalibrated by utility employees, presumably to reduce the rate of accumulation or to zero it altogether. Proper authentication for anyone installing or reading meters is required. Are they who they say they are? Utilities will also have to be extra vigilant in detecting ‘inside jobs’.  Unscrupulous persons could also try to physically tamper with the meter unit, that is, they could take them apart to run wires in to try to change settings. For me, this is the most likely scenario. There are various tamper detection options available, such as tilt sensors to detect when the case is opened or anti-tamper meshes. The smart meter SoC should also use cryptographic techniques to protect itself from this sort of physical attack.  

The data is also at risk when it leaves the meter – it’s usually transmitted wirelessly and there is a possibility that it could be intercepted. Obviously, it should never be transmitted unencrypted.

Maxim Integrated released a smart meter SoC called Zeus at the Metering, Billing/CRM Europe show over here earlier this month. Zeus, of course, contains a built-in cryptographic module to secure communication, a secure bootloader to prevent unauthorised firmware modification, and tamper detection measures to assure providers that any attempts to physically attack the meter will be detected, recorded, and reported.

So, will the introduction of smart meters overall increase security of the electricity grid, or will the increased opportunities for electronic attack overall reduce security? And without a person coming regularly to physically read the meters, will physical tampering be able to go unnoticed for longer?

Security is going to be an issue for all utilities that adopt smart metering, so I hope they have given it due consideration.

 

Please or Register to post comments.

What's Crosstalk?

Blogs covering all areas of the European electronics industry, particularly in wireless communications and displays technology

Contributors

Sally Ward-Foxton

Sally Ward-Foxton is Associate Editor of Electronic Design Europe. Her beat covers all areas of the European electronics industry, but she has a particular interest in wireless communications and...
Commentaries and Blogs
Guest Blogs
Dec 15, 2014
blog

Who Are You? (I Really Want to Know!)

Borrowing a stanza from The Who’s hit song seemed like a good way to bring attention to a critical topic often ignored by engineers. When finding information on a company that has an interesting product, what do we do? Of course, we look at its Web page to learn more....More
Dec 15, 2014
blog

Bridging Technical Communication Barriers Between Cultures

Understanding technical concepts in different languages can sometimes prove to be difficult, particularly when you have to communicate it. In this article, I discuss the challenges and possible courses of action....More
Dec 1, 2014
blog

Programming Efficiency 7

When I started college, the Intel 4004 was being designed. The C programming language and UNIX operating system were being developed (unbeknownst to me). I did most of my programming in BASIC on an HP 2100 series mini-computer....More

Sponsored Introduction Continue on to (or wait seconds) ×