Resource Centric Security to protect customer energy information in the smart grid

From the customer domain perspective, interoperation implies that external systems are able to control customer's energy resources as well as to read energy-related information. These two types of accesses to an energy resource affect the operation of the customer domain differently. However, most existing security mechanisms were designed at individual resource level and cannot efficiently handle such fine-grained access. To resolve the issue of fine granularity, this paper proposes a new security mechanism, Resource Centric Security, that leverages the concept of a filesystem Access Control List. Three privileges of read, write, and execute are defined on each energy resource, and a set of attributes is assigned to each privilege. Each external user also maintains his own set of attributes. He can access the privilege only if his attribute set matches the privilege's set. In this way, the user may receive permission to read data of a resource but not to invoke operations. We have implemented the proposed scheme on a real testbed and have run experiments. The results and following analysis discover that our scheme can provide a proper level of data protection with reasonable overhead.

[1]  Sila Kiliccote,et al.  Open Automated Demand Response Communications Specification (Version 1.0) , 2009 .

[2]  Nada Golmie,et al.  NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0 , 2012 .

[3]  季超,et al.  Centralized control type monitoring system of electricity meter based on BACnet (a data communication protocol for building automation and control networks) , 2009 .

[4]  Jemal H. Abawajy,et al.  An efficient approach based on trust and reputation for secured selection of grid resources , 2012, Int. J. Parallel Emergent Distributed Syst..

[5]  Rajit Gadh,et al.  Electric vehicle smart charging and vehicle-to-grid operation , 2013, Int. J. Parallel Emergent Distributed Syst..

[6]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[7]  Roy T. Fielding,et al.  Principled design of the modern Web architecture , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[8]  W. Kastner,et al.  Web Services in Building Automation: Mapping KNX to oBIX , 2007, 2007 5th IEEE International Conference on Industrial Informatics.

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[11]  D C Washington NORTH AMERICAN ENERGY STANDARDS BOARD NAESB BOARD OF DIRECTORS MEETING , 2002 .

[12]  Annabelle Lee,et al.  Guidelines for Smart Grid Cyber Security , 2010 .