BEST PRACTICES AND RESEARCH FOR HANDLING DEMAND RESPONSE SECURITY ISSUES IN THE SMART GRID

kitlunchroomAI and Robotics

Nov 21, 2013 (3 years and 8 months ago)

338 views




BEST PRACTICES AND RESEARCH FOR HANDLING DEMAND RESPONSE SECURITY
ISSUES IN THE SMART GRID



Prakarn Asavachivanthornkul

B.S.
,
King Mongkut's Institute of Technology, Ladkrabang
,
2003




PROJECT



Submitted in partial satisfaction of

the requirements for the degree of


MASTER OF
SCIENCE

in

COMPUTER SCIENCE

at

CALIFORNIA STATE UNIVERSITY, SACRAMENTO



FALL

2010


ii




BEST PRACTICES AND RESEARCH FOR HANDLING DEMAND RESPONSE SECURITY
ISSUES IN THE SMART GRID



A Project



by



Prakarn Asavachivanthornkul







Approved by:


__________________________________
, Committee Chair

Isaac Ghansah, Ph.D.


__________________________________
,
Second Reader

Scott Gordon, Ph.D.



____________________________


Date








iii





Student:
Prakarn Asavachivanthornkul






I certify that this
student

has met the requirements for format contained in the University format
manual, and that this project is suitable for shelving in the Library and credit is to be awarded for
the project.




__________________________________
, Graduate Coordinator

_________
____



Nikrouz Faroughi, Ph.D.








Date



Department of
Computer Science



iv


Abstract

of

BEST PRACTICES AND RESEARCH FOR HANDLING DEMAND RESPONSE SECURITY
ISSUES IN THE SMART GRID


by

Prakarn Asavachivanthornkul


W
hen electricity demand is peak
, utilities and other electric Independent Systems Operators
(ISOs) keep electric generators on
-
line in order to meet the high demand.

In some cases, new
power plant
s

have to be built.
This
solution
increases costs,
wastes ener
gy and
creates

air
pollution.
To overcome this, m
any utilities, government, and others have been developing
Demand Response (DR)

programs

to manage growth in peak electricity demands, and to provide
more reliable and mo
re economic energy. The primary focus of the Demand Response (DR) is to
provide two
-
way communication
s

to customers so that
the energy
-
management and control
system (EMCS) at the customer’s sites can take action based on the demands for electricity and
ele
ctricity prices.
As a result
, w
hen the grid supply becomes strained or when the electric
ity

prices reach a certain point, demand response programs
are intended to
lower the energy use in
return for
reducing

to
tal system costs and electric

load
s on the grid
.

DR systems are expected to be eventually utilized in most of California’s residential and
commercial energy customers. The breach in security goals


confidentiality, integrity,
availability and accountability


could adversely affect the system and larg
e
number of
customers. The impacts vary
from the reliability of the grid itself to
the
customers’ electric bills

and to the privacy loss of the customers
.

In some
case
s
, it could affect health

and safety of
customers
.

This
project

discusses security risk
s of
DR systems, addresses

information security
v


best practices to mitigate those risks
and identifies

potential

Research and D
ev
elopment
(R&D)
issues
existing in DR systems

with the hope of increasing

awareness of security issues existing in
DR systems
.

Th
e results show that although DR systems have a number of potential security risks and
vulnerabilities that must be addressed, information security best practices can be used to mitigate
some of them. In some situations

(e.g., ensuring non
-
repudiation)
, whe
re the best practices could
not be directly used, fu
r
ther research
will

be required

to address security issues
and appropriate
R&D issues
are

identified

for those unique cases

as well
.




__________________________________
, Committee Chair

Isaac
Ghansah, Ph.D.


____________________________

Date


vi


ACKNOWLEDGMENTS


I would like to thank
Dr.

Isaac Ghansah for
his

direction, assistance and guidance. Dr. Ghansah’s
recommendations and technical advi
ces have been invaluable for this

project
.


Special thanks should be given to all of my friends who helped me in many ways. Finally, words
alone cannot express the thanks I owe
to
my family and
Puthita Utchavanich, my
spec
ial friend
,
for
t
he
i
r encouragement
s

and support
s
.
















vii


TABLE OF CONTENTS

P
age

Acknowledgments
................................
................................
................................
...........................

vi

List of T
ables

................................
................................
................................
................................

xiii

List of figu
res

................................
................................
................................
................................

xiv

Chapter

1.

INTRODUCTION

................................
................................
................................
.....................

1

1.1.

Background

................................
................................
................................
......................

1

1.2.

Terms and Definitions

................................
................................
................................
......

5

1.2.1.

Security Requirements

................................
................................
.........................

5

1.2.2.

Cyber Security

................................
................................
................................
......

7

1.3.

Statement of Problems

................................
................................
................................
.....

7

1.4.

Project Overview

................................
................................
................................
..............

8

1.5.

Pro
ject Objectives

................................
................................
................................
..........

10

1.6.

Report Organization

................................
................................
................................
.......

10

2.

REVIEW OF DEMAND AND RESPONSE SYSTEMS

................................
.......................

13

2.1.

Demand Response Systems
................................
................................
............................

13

2.2.

Information transmitted in Demand Response Systems

................................
................

14

2.2.1.

Price
-
Based Information

................................
................................
....................

15

2.2.2.

Event
-
Based Information

................................
................................
...................

15

2.2.3.

Bidding Information

................................
................................
...........................

16

2.3.

Major Components in Demand Response systems

................................
........................

16

2.3.1.

Advanced Metering Infrastructure and Demand Response Systems

.................

16

2.3.2.

Home Area Networks, Neighborhood Area Networks and Demand Response
Systems

................................
................................
................................
..............

19

viii


2.3.
3.

Overview of Zigbee Communication Standard

................................
..................

20

2.3.4.

Use of Zigbee in HAN for Demand Response Systems

................................
.....

20

2.3.5.

Demand Response Networks

................................
................................
.............

21

2.3.6.

Open Automated Demand Response

................................
................................
..

25

2.4.

Conclusion

................................
................................
................................
.....................

28

3.

SECURITY ISSUES IN DEMAND AND RESPONSE

................................
.........................

29

3.1.

Security Requirements and Demand Response Systems

................................
...............

30

3.1.1.

Confidentiality
................................
................................
................................
....

30

3.1.2.

Authentication

................................
................................
................................
....

30

3.1.3.

Data Integrity

................................
................................
................................
.....

30

3.1.4.

Availability

................................
................................
................................
.........

31

3.1.5.

Accountability

................................
................................
................................
....

31

3.2.

Security Issues in Pricing Signals

................................
................................
..................

31

3.3.

Security Issues in Demand Response Events Information

................................
.............

32

3.4.

Security Issues in Bidding Information

................................
................................
..........

33

3.5.

Security Issues in Demand Response Networks

................................
............................

34

3.5.1.

Demand Response Sensor Networks

................................
................................
..

34

3.5.2.

Security Concerns in Demand Response Wireless Sensor Networks

................

35

3.6.

Zigbee Security

................................
................................
................................
..............

36

3.7.

Security Concerns in Zigbee

................................
................................
..........................

39

3.7.1.

Key Establishment and Distribution

................................
................................
..

39

3.7.2.

Insufficient Integrity Protection

................................
................................
.........

40

3.7.3.

Nonce Management Problem

................................
................................
.............

41

3.7.4.

Key Management Problem

................................
................................
.................

42

ix


3.8.

Securities Issues in Open Automated Demand Response

................................
..............

43

3.9.

Automated Demand Response at Residential Sites and Security Iss
ues

........................

51

3.9.1.

Possible Attacks on Programmable Communicating Thermostat

......................

52

3.10.

Conclusion

................................
................................
................................
.....................

53

4.

BEST PRACTIC
ES FOR HANDLING SECURITY ISSUES IN DEMAND RESPONSE

...

54

4.1.

Demand Response Sensor Networks and Security Measures

................................
........

55

4.1.1.

Use of Cryptography

................................
................................
..........................

55

4.1.2.

Elliptic
-
Curve Cryptography

................................
................................
..............

56

4.1.3.

Use of Elliptic
-
Curve Cryptography in Sensor Networks

................................
..

57

4.1.3.1.

Authentication
................................
................................
.....................

57

4.1.3.2.

Confidentiality

................................
................................
....................

59

4.1.
3.3.

Accountability
/
Non
-
repudiation

................................
.........................

60

4.2.

Zigbee and Security Measures

................................
................................
.......................

60

4.3.

Demand Response Best Practices

................................
................................
..................

61

4.3.1.

Data Transmission

................................
................................
..............................

62

4.3.
2.

Data Handling Practices

................................
................................
.....................

62

4.3.3.

Key Management

................................
................................
...............................

62

4.3.3.1.

Key Usage

................................
................................
...........................

63

4.3.3.2.

K
ey Period

................................
................................
..........................

64

4.3.3.3.

Algorithm and Key Length

................................
................................
.

65

4.3.4.

Key Management Systems

................................
................................
.................

67

4.3.4.1.

Symmetric Key Management

................................
.............................

67

4.3.4.1.1.


Key Establishment and Distribution

................................
.

68

4.3.4.1.2.


Protection of Symmetric Keys in Transit

..........................

71

x


4.3.5.

Access Control and DR communications

................................
...........................

72

4.4.

Open Automated Demand Response Best Practices

................................
......................

73

4.4.1.

Security Requirements for OpenADR

................................
................................

74

4.4.2.

Security Measures for OpenADR

................................
................................
......

74

4.4.2.1.

TLS 1.0 with server
-
side certificates

................................
..................

75

4.4.2.2.

TLS 1.0 with server
-
side and client
-
side certificates

..........................

76

4.4.2.3.

Web Service Security

................................
................................
.........

78

4.4.2.3.1.


Encryption

................................
................................
.........

78

4.4.2.3.2.


Source Authentication

................................
.......................

80

4.4.2.3.3.


Message Authentication

................................
....................

80

4.4.2.3.4.


Non
-
repudiation

................................
................................

81

4.4.2.3.5.


Key Pair Management
................................
.......................

82

4.4.2.3.6.


Certificate Management

................................
....................

82

4.4.2.3.7.


Security Consideration in X.509 Certificate with WS
-
Security

................................
................................
.............

83

4.5.

Automated Demand Response at Residential Sites and Security Measures

..................

84

4.5.1.

Cryptographic Approaches

................................
................................
.................

85

4.5.2.

Key
Distribution

................................
................................
................................
.

86

4.5.3.

Key Management

................................
................................
...............................

86

4.6.

Conclusion

................................
................................
................................
.....................

87

5.

RESEARCH AND DEVELOPMENT ISSUES

................................
................................
......

89

5.1.

Topics in Authentication and/or Authorization

................................
..............................

90

5.1.1.

Role
-
Based Access Control

................................
................................
................

90

5.1.2.

Authentication between DR Service Providers and Smart Devices

...................

92

xi


5.1.3.

HAN Devices Authentication

................................
................................
............

93

5.1.4.

Authorization and Authentication between Users and Smart Appliances

..........

94

5.2.

Topics in Cryptography and Key Management

................................
.............................

96

5.2.1.

Public Key Infrastructure

................................
................................
...................

96

5.2.1.1.

Trust Establishment

................................
................................
............

99

5.2.1.2.

Private Key Protection

................................
................................
........

99

5.2.1.3.

Certificate Revocation List Availability

................................
...........

100

5.2.2.

Key Management and Public Key Infrastructure

................................
.............

101

5.2.3.

Limitation in Devices and Cryptography

................................
.........................

102

5.2.4.

Key Management for Wireless Sensor Networks

................................
............

103

5.2.5.

Accountability/Non
-
repudiation Issues

................................
............................

105

5.2.5.1.

An overview of Contract
-
Signing Protocols

................................
.....

108

5.2.5.2.

Roles of TTP

................................
................................
.....................

109

5.2.5.3.

Optimistic Fair Exchange Protocol

................................
...................

110

5.2.5.3.1.


The Exchange Sub
-
protocol

................................
............

111

5.2.5.3.2.


The Abort Sub
-
protocol

................................
..................

112

5.2.5.3.3.


The Resolve Sub
-
protocol

................................
...............

114

6.3.

Conclusion

................................
................................
................................
...................

117

6.

CONCLUSION

................................
................................
................................
.....................

118

6.1.

Project Outcomes

................................
................................
................................
.........

119

6.2.

S
uggestion for Future Work

................................
................................
.........................

119

Appendix A.

TECHNICAL BEST PRACTICES FOR ENFORCING SECURITY GOALS

.....

122

A.1.

Use of Cryptographic Tools

................................
................................
.........................

123

A.1.1.

Confidentiality
................................
................................
................................
..

123

xii


A.1.
2.

Integrity

................................
................................
................................
............

125

A.1.3.

Availability

................................
................................
................................
.......

128

A.1.4.

Accountability/Non
-
repudiation
................................
................................
.......

129

A.2.

User Authentication

................................
................................
................................
.....

130

A.2.1.

Password Authentication

................................
................................
..................

130

A.2.2.

Token Authentication

................................
................................
.......................

131

A.2.3.

Biometric Authentication

................................
................................
.................

131

A.2.4.

Digital Signature

................................
................................
..............................

132

A.3.

Access Control/Authorization

................................
................................
......................

132

A.3.1.

Discretionary Access Control
................................
................................
...........

133

A.3.1.1.

Access Control List

................................
................................
...........

133

A.3.1.2.

Capability List

................................
................................
..................

134

A.3.2.

Mandatory Access Control

................................
................................
...............

134

A.3.3.

Role
-
based Access Control

................................
................................
..............

135

Glossary

................................
................................
................................
................................
.......

136

References

................................
................................
................................
................................
....

140





xiii


LIST OF TABLES

Page

1.

Table 1: List of WAN Technologies with its Application, Strengths and Weaknesses

..........

23

2.

Table 2: List of LAN Technologies with its Application, Strengths and Weaknesses

............

25

3.

Table 3: Comprehensive Security Concerns in Zigbee

................................
...........................

43

4.

Table 4: Possible Attacks and Impacts of Utility/ISO Operator Interfaces

.............................

44

5.

Table 5: Possible Attacks and Impacts of DRAS Client Interfaces

................................
........

47

6.

Table 6: Possible
Attacks and Impacts of Participant Interfaces

................................
.............

50




xiv


LIST OF FIGURES

Page

1.

Figure 1: Overview of Demand
Response System

................................
................................
..

14

2.

Figure 2: Advanced Metering Infrastructure and Demand Response

................................
.....

18

3.

Figure 3: Zigbee
-
based HAN Enabling Demand Response from Utility AMI Network

........

20

4.

Figure 4: High
-
level View of Smart Grid Network Architecture

................................
............

22

5.

Figure 5: Generic OpenADR Interface Architecture

................................
...............................

26

6.

Figure 6: DRAS Client Interfaces

................................
................................
...........................

28

7.

Figure 7: Typical Wireless Sensor Networks

................................
................................
..........

35

8.

Figure 8: Zigbee Layer Model

................................
................................
................................
.

37

9.

Figure 9: Typical Zigbee Network

................................
................................
..........................

39

10.

Figure 10: Security Suites Supported by IEEE 802.15.4

................................
........................

41

11.

Figure 11: Path of Attack in PCT

................................
................................
............................

52

12.

Figure 12: Simplified Version of ECC
-
Based SSL Handshake Protocol

................................

58

13.

Figure 13: Recommended Algorithms and Minimum Key Sizes

................................
............

65

14.

Figure 14: Comparable Security Strength for the Approved Algorithms

...............................

66

15.

Figure 15: Hash Function Security Strengths for Cryptographic Applications

.......................

67

16.

Figure 16: Kerberos Operations

................................
................................
..............................

69

17.

Figure 17: TLS Handshake with Client Certificate and MITM Attack

................................
...

77

18.

Figure 18: Asymmetric Cryptography
................................
................................
.....................

79

xv


19.

Figure 19: Authentication using X.509 Certificate

................................
................................
.

80

20.

Figure 20: Signing and Verification Process of Digital Signature

................................
..........

81

21.

Figure 21: Requesting and Obtaining a Certificate from CA

................................
..................

83

22.

Figure 22: Defense Mechanisms for PCT Systems

................................
................................
.

85

23.

Figure 23: Hierarchy of the Key Distribution

................................
................................
.........

86

24.

Figure 24: Signature Generation and Verification

................................
................................
..

97

25.

Figure 25: Use of Digital Signatures for Ensuring Accountability

................................
.......

106

26.

Figure 26: Exchange Sub
-
protocol in Optimistic Fair Exchange Protocol

...........................

111

27.

Figure 27: Aborted Sub
-
protocol in Optimistic Fair Exchange Protocol

..............................

114

28.

Figure 28: Resolve Sub
-
protocol in Optimistic Fair Exchange Protocol

..............................

115

29.

Figure 29: Pub
lic Key Encryption

................................
................................
.........................

124

30.

Figure 30: Message Authentication Code

................................
................................
.............

126

31.

Figure 31: Signature Generation and Verification

................................
................................

127





1




Chapter 1

INTRODUCTION

1.1.

Background

When electricity demand is peak, particularly in summer, utilities, and other electric Independent
Systems Operators keep electric generators on
-
line in order to meet high demand.
In some cases,
series

of a new power plant have to be built.

This solution w
astes energy and increase
s

air
pollution

[1]
. If the demand is highest in most regions and exceeds available supplies, brownouts
and blackouts can happen.
The Economic Impacts of the August 2003 Blackout

has shown that
the impacts of
blackouts
that
happen
e
d

in the Northeast and California during the past few years
caused billions of dollars from loss of businesses and individuals

[
2
]
.
This has proved that

the
traditional
electricity grids are not reliable enough.

D
emand
R
esponse (DR)

is “…an action taken to reduce electricity demand in response to price,
monetary incentives, or utility directives so as to maintain reliable electric services or avoid high
electricity prices

[3]
.”
During the peak hours, DR programs or tariffs
can
lower
the energy use
d

in
return for decreasing total system costs and electric loads. As a result, the need for building more
power plants and transmission lines, which are non
-
environmentally friendly, is decreased

[1]
.


The primary focus on Demand Response is
to provide electricity consumers with dynamic or
time
-
based price information or other types of incentive information so that the consumer end
-
use
electric loads can be shifted or shed in response to the information received in reliable and
economic manner
s. DR could be implemented in different ways depending on the types of price
information.
For example, t
he Real
-
Time P
ricing (RTP) requires computer
-
based response, while
2




the fixed time
-
of
-
use
(ToU)
pricing may be manually handled by the customer
.
In the p
ast few
years, a

number of research and development on
DR

programs have been carried out in order to
manage growth in peak electricity demands and provide more reliable to electricity grids as well
as more economic energy.


Demand Respo
nse Research Center
(DRRC)

operated by
Lawrence Berkeley National
Laboratory (LBNL)
for the
California Energy Commission
’s
Public Interest Energy Research

Program (PIER)
has been putting efforts to d
evelop, demonstrate and deploy

activities related t
o a
framework which can en
able Automated Demand R
esponse

(AutoDR or ADR)
.
The research
conducted by DRRC plays substantive roles in moving DR to market acceptance. For instance,
a
number of
field tests

conducted

in
a variety of sites, such as commercial buildings, museums and

high
schools
,

by LBNL through PIER Demand Response Researc
h

Center have

shown that ADR
can reduce the average building peak electricity demand by 10 to 14 percent

[1]
.


The development of Open Automated Demand Response (OpenADR or Open Auto
-
DR) has been
carried out in order to
provide a w
eb
-
services
-
based framework that utilizes Internet
-
based DR
events and price signals in order to
optimize

electric
ity

supply and demand
,

which in turn
improv
es

the reliability of electronic grid and
decreases

the total cost of overall systems.

OpenADR
has been defined as

“a set of standard, continuous, open communication signals and
systems provided over the Internet to allow facilities to

automate their demand and response with
no human in the loop

[4]
.”

In 2008, OpenADR communication specification version 1
.0

[5]

was

released
by
LBNL

Demand Response Research Center
. This specification provides a feasible
framework for developing a low
-
cos
t communication infrastructure to facilitate sending and
receiving DR signals from a utility or
an
Independent System Operator (ISO) to electric
customers and to interact with
commercial and
industrial control systems
based on a DR signal
3




with no human int
ervention

[5]
.

Many California
’s

commercialized DR programs have been
developed based on OpenADR and related technologies. As a r
esult, 303 facilities were able to
provide over
55 megawatts

(MW)

of peak demand

reduction,

with a percent of peak demand
reduc
tion of 24%

[6]
.

According to California Public Utility Commission (CPUC), there are three regulated investor
-
owned utilities

(IOUs)

in California

that offer DR programs, Pacific Gas and Electric Company
(PG&E),
Southern California Edison (SCE) and San Diego Gas and Electric (SDG&E).
These
utilities offer

DR programs for small, medium and large businesses. A number of study cases of
various
businesses have been conducted

by these utilities
. For instance, a case st
udy on
community medical centers
from PG&E
has shown that one of the largest hospitals, participating
in the study, could drop more than 500 kW over two to six hour periods on three event days

[7]
.


The
benefits
of DR vary from
consumer’s

energy
bill
saving
s

to
energy
efficiency and reliability

to the grid
.
Utilities, ISOs, Regional Transmission Organizations (RTOs) and other organizations
could use DR to manage electrical demand and supply,
reduce potential outages,
and
lower

total
system costs instea
d of
having the generators produce more supplies or building more power
generations in order to meet high electrical demands. Having these benefits motivates
FERC
,
C
PUC,
CEC and other utilities

to
conduct a number of

assessments,
study cases
, field tests

and

research on DR to demonstrate
and improve

the
abilities of DR.

As mentioned

earlier
, some of
the research has

shown that
DR
can cut costs and provide
s

efficient way to manage and reduce
electric loads in industrial, commercial and residential building
s
.


In addition to

the efforts to
improve DR capabilities,
National Institute of Standards and
Technology
(NIST) and
Smart Gr
id Interoperability Panel (
SGIP)

also have responsibilities to

4




coordinate development of a framework including standards and protoc
ols for information
management to achieve interoperability of smart grid devices and systems
1
. Under this

collaboration
, there
is a
working g
roup
, called Cyber Security Working Group (CSWG), which is
dealing with cyber security issues in the Smart Grid

an
d developing overall security strategy for
the Smart Grid
.
NIST has published
three volumes of
Guidelines for
Smart Grid Cyber Security
Strategy and Requirements (NIST
IR 7628

vol. 1
-
3
)

[8]

in Aug 2010
.

The NIST
IR

7628 provides
security strategy, high
-
level

requirements, architectures, privacy issues, etc

for addressing cyber
security for Smart Grid systems
. Some of the information in this guideline is used in this research
as well.

A lot of

research

on security issues and countermeasures in DR and relevant
components, such as
DR sensor networks,
Advanced Metering Infrastructure (AMI) and
smart meters
,

have been
undertaken
.

In 2006, a

research on Network Security Architecture for Demand Response/Sensor
N
etworks [
9
]

was

released

by CEC and U.C. Berkeley. It fo
cus
ed

on

identifying security and
privacy in sensor networks and developing a framework for deployment scenarios


short,
medium and long term

deployment



for demand response network architectures
.
A Security
Specification

[10]

and a Security Implementati
on

[
11
]

to address AMI security issues have been
recently released by AMI security (AMI
-
SEC) task force formed by
The Open Smart Grid Users
Group
2
.
These reports covered a set of security requirements for
AMI and the guide for
establishing
a high security
assurance level

for AMI. The reports

addressed some

aspects
of the
issues related to DR

pricing signals. Another report
on
Cyber Security Issues on Smart Grid



1

The NIST Smart Gird Collaboration site:
http://collaborate.nist.gov/twiki
-
sggrid/bin/view/SmartGrid/WebHome
.

2
The Open Smart Grid Users Group website:
http://osgug.ucaiug.org
.

5




Systems

from Na
tional Supervisory Control and Data Acquisition (SCAD
A
)

Test Bed (NSTB)
[
12
]

covered

a few

of the current issues related to AMI and wireless networks
.
The
OpenADR
communication specification version 1.0

[5]

by LBNL addresses some of the security
requirements and policies for the communications with Demand Response Automated Server
(DRAS), one of the major components in OpenADR systems. This specification recommended
using
communication standards, such as TLS
, to address the security requirement
s for OpenADR,
but vulnerabilities

in TLS have been recently found by
M
. Ray and

S. Dispen
sa

[13]

in Nov 2009
and it needs to be fixed in order to preserve the security requirements in OpenADR.

All of t
he
se
reports

provide useful information, guidelines and framework for DR systems. However, some
security aspects or issues might
have
be
en

overlooked and sometimes the recommendation and
security measures might not be addressed.

This
project
, Best Practices and Research for Handling Demand Response
Security Issues in the

Smart Grid
,

discusses security risk
s of
DR systems, addresses

informati
on security best practices
to mitigate those risks
and identifies

potential

Research and D
ev
elopment
(R&D)
issues relevant
to DR with the hope of increasing

awareness of security issues existing in DR systems
.

1.2.

Terms and Definitions

1.2.1.

Security Requirements

Th
e terms Security Requirements or Security Goals used in this report refer to the security
aspects as follows:



6






Confidentiality

Confidentiality is to assure that information is not disclosed to unauthorized parties,
entities or processes. This property is
to preserve information restrictions on
unauthorized access and disclosure. Encryption and access control are often used to
ensure confidentiality of the information.



Integrity

Integrity is to preserve the authenticity and accuracy of the information. This

property
can be divided into two aspects.

Data Integrity

is to ensure that data has not been altered in an unauthorized manner
including data in storage, during processing, and while in transit. This includes the
property that data has not been modified,
destroyed and substituted in an unauthorized
and undetected manner.

Source Integrity

refers to preserving the origin of the data. This property is
to ensure
that the source
of the data
is legitimate and the data is come from
the source that it
alleges for
.

This property sometimes refers to Authentication and is interchangeably
used in this report.



Availability

Availability is to ensure that the information is available in a timely and reliable
manner. This includes no denial of an authorized access to entit
ies, processes, devices
and information.


7






Accountability

Accountability is
to ensure that the
subject

is accountable for
its

action
. This includes
the property that an action by an entity is traced uniquely to that entity. Non
-
repudiation


preventing an
entity from denying involvement in a particular action
related to the data


is covered in this property as well.

1.2.2.

Cyber Security

According to NISTIR 7628,
Cyber Security

focuses on the protection required to ensure
confidentiality, integrity and availabil
ity of the electronic information communication systems
[14].” In the smart grid systems, it involves the balance of both power and IT communication
system to maintain reliability to the Smart Grid. It includes preventing, detecting and responding
to attac
ks in order to minimize the number of successfully attacks.

1.3.

Statement of Problems

DR systems are expected to be eventually utilized in most of California’s residential and
commercial energy customers.

The breach in security goals could adversely affect
large scale of a
smart grid system and large number of customers. The impacts are varied from the reliability of
the grid itself to the impacts on customers’ electric bills and to the invasion of the privacy of
customer’s information. For example, unauthor
ized modification of price signals could affect
customers financially. Manipulation of DR signals not only affects electric bills but also causes
annoyance to customers. In some situation
s
, it could affect health and safety of customers as well.
For exampl
e, an attacker may turn on heating units during an extremely hot day in the summer.
Moreover, the information from the smart devices responded by customers, and/or the
8




information collected by utilities could result in the exposure of energy consumption

us
es and
patterns of customers
,
resulting in privacy loss.


Therefore, the security concerns of customer information and proper countermeasures in order to
protect against different kinds of attacks must be
identified
. Appropriate data handling practices
and

cryptographic mechanisms must be addressed in order to provide the security and privacy to
customer information. In some case
s
, the information securit
y best practices provided in this

research
to handle DR security issues
may not be directly applied to t
he DR systems. Those
specific situations are identified as Researc
h and Development (R&D) issues
.

1.4.

Project
Overview

Demand Response (DR) systems for managing energy usage in homes

and buildings

are one
of
the critical areas in
the Smart Grid
. Utilities have

deployed Advanced Metering Infrastructure
(AMI) in order to provide two
-
way communications between homes

or buildings

and the utilities
via smart meters
. The electric meters or some other devices residing

in homes

and buildings could
be used

as a gateway
between
buildings

and the utilities. This gateway is used to provide real
time communication link between electric, gas, water meters, and other digital devices in home
s
.
This has led to architecting Home Area Networks

(HANs)

that connect thermostats, load

switches
and lightening devices. A
ll these smart devices connected

in

the
HAN

can be set to operate
during low and high cost energy period
s
. Introduction of HAN along with advanced wireless
home networking has enabled use of home monitoring devices and home automation.
W
ireless
communication
standard, such as Zigbee and Wi
-
Fi,
can be used in home automation for
controlling demand response ev
ents.
The load shedding or shifting is carried out when DR events
9




and price signals arrive at the smart meter or home gateway. DR strategies which are pre
-
programmed in smart devices will take action in response to the signals received.

However,
once thes
e components are deployed in
the Smart Grid
,
they are vulnerable to a number
of attacks. Information transferred in DR systems, such as price signals, could be modified in an
unauthorized manner.
Devices could be manipulated to perform some malicious activ
ities. An
attacker may be able to turn on/off air conditioning units in homes remotely.

Customers’

information could be eavesdropped resulting in privacy loss.
Besides, some communication
standards, such as Zigbee and Wi
-
Fi, have
certain vulnerabilities wh
ich can lead to many kinds of
attacks, such as eavesdropp
ing, replay and Man
-
in
-
the
-
Middle

(MITM)
attacks
.
Therefore, a

number of security issues have to be determined and solved

before DR systems are deployed in
a
large scale
. Security measures and best p
ractices must be
specified

for handling
those security
issues as well.

This
project

explores
DR systems

and related components, such as AMI and HAN. It discusses
relevant communication protocols and network

architectures, such as Zigbee
, with respect to
se
curity
.
In additions, i
t focuses on
identifying

security
issues

in

the information transmitted in
DR systems, such as price and DR events information, DR networks, such as Wireless Sensor
Networks (WSNs) and HAN, and
other

componen
ts as well as

OpenADR
.
The s
ecurity measures
and best practices
in information security
for handling those issues

in DR systems are provided.
In some case
s
, the measures and practices recommended may not be

directly

applicable
.

DR
specific Research and D
evelopment
(R&D)
issues
a
re provided as well
.



10




1.5.

Project Objectives

The overall objectives of the project are as follows:



Identify potential security issues in the context of DR, including
information
transmitted in the system,
Wireless Sensor Networks (WSNs),
communication
protoco
ls, and OpenADR, with respect to the security goals.



Investigate which
information security

best practices can be applied to DR systems in
order to mitigate
actions that violate security goals.

This includes the use of
cryptography and other security mecha
nisms to handle those issues as well.



Explore
possible

R&D issues that should be addressed in the DR systems since some
of the best practices may not be able to use directly or may require further research to
address those security issues.

1.6.

Report Organiza
tion

This report is organized as follows:



Chapter 1:
Introduction



Chapter 2:
Review of Demand and Response Systems

This chapter gives an overview of how DR systems work. It
gives brief details
of the
information transmitted in DR systems
,

and related compo
nents, such as AMI and
HAN
,

in order to see how this information flow
s

in the systems from utilities through
these components
and
load reduction at customers’ sites

is carried out
.
Next, it looks
into HAN and t
he use of Zigbee communication protocol in HAN

to see how home
11




automation can shift or shed electric loads
. DR networks and communication
protocols that could be used are also described. Finally, it also provides information
about OpenADR and its interfaces in order to see how automated DR is carried
out.



Chapter 3:
Security Issues in Demand and Response Systems

This chapter first specifies the overall security requirements in DR systems. It also
looks into the security issues in information transmitted in DR systems. Next, it
discusses about the
security issues in DR networks, where the use of Wireless Sensor
Network (WSN) and HAN is described. Since Zigbee is the most common protocol
used in HAN
s
, the security mechanisms offered by Zigbee are discussed and security
concerns

in Zigbee are identifi
ed. Next, OpenADR and security
issues focusing on
the
information transmitted between

its interfaces are identified with the impacts if
the security goals are compromised. Finally, automated DR at residential sites is
discussed with respect to the security
.



Chapter 4:
Best Practices for Handling Security Issues in Demand Response Systems

This chapter provides security measures and best practices used to mitigate the risks
and security issues specified in Chapter 3. It first provides security mechanisms for
ensuring confidentiality, authentication and accountability in DR sensor networks. It
also suggests the security measures for Zigbee protocol. Next, the best practices for
data transmission, data handling, key management and acce
ss control for DR are
provi
ded. The best practices for OpenADR for handling security requirements are
also provided. Finally, it discusses
the security measures and Key M
anagement
12




practices

for automated demand
at residential sites. (Note that some of the technical
best practices di
scussed in this chapter are referred
to

in

Appendix A.)



Chapter 5:
Research and Development Issues

This chapter identifies potential R&D topics with respect to DR systems.
The R&D
Topics discussed in this chapter are organized into the topics in Authentica
tion and
Authorization, Cryptography and Key Management, and other topics.



Chapter 6:
Conclusion



Appendix A
:
Technical
Best Practices for
Enforcing
Security
Goal
s

This section provides technical best practices to ensure confidentiality, integrity,
availabi
lity and accountability in information systems. These best practices include
the Use of Cryptographic tools, User Authentication techniques and Access
Control/Authorization.

Application of these best practices to DR systems are
mentioned where necessary in

this
report

as well.




13




Chapter 2

REVIEW OF DEMAND AND RESPONSE

SYSTEM
S

DR
can reduce energy consumption during peak time or
based on events
of w
hich the energy
prices are high
, such as congestion, supply
-
demand balance and/or market conditions that raise

the energy supply costs.

When the grid supply becomes strained or when the electric prices reach
a certain point
, demand response programs lower the energy use in return for decreasing total
system costs and electric
ity

supplies on the grid
.

Consequently,

it maximizes usage of the energy
and brings reliability to the grid.

This chapter intends to give an overview of DR systems and the information transmitted in DR
systems, such as real
-
time pricing and time
-
of
-
use pricing. It also provides brief details o
f major
components related to DR, such as Advanced Metering Infrastructure (AMI), Home Area
Networks (HANs) and Neighborhood Area Networks (NANs) in the context of DR
. Finally, it
provides an overview of OpenADR as well
.

2.1.

Demand Response Systems

A utility i
s responsible for monitoring the power consumption and transmitting DR commands to
Energy Management and Control Systems (EMCS) at the customers’ sites. The EMCS then
adjusts the electricity loads in response to the commands received based on the pre
-
progr
ammed
DR strategies. The utility receives energy usage information from the meters at customers’ sites
and informs customers, via SMS, email or paging, if they would like to adjust their power
consumption. Customers are also able to decide to reduce power
manually. During the DR events,
14




a utility could trigger automatic controls in order to turn off air
-
conditioning or heating units,
lower the lighting levels and control water pumps. Figure 1 shows the overview of DR systems.

Figure
1
:
Overview of Demand Response System

[15]


All of these activities utilize a number of

computerized technologies, such as the Internet, Local
Area Networks (LANs), Wireless Sensor Networks (WSNs) and Wi
-
Fi, and also different kinds
of devices, such as
E
MCS,
smart meters and sensor devices, to manage and control energy usage
in an efficient manner.


2.2.

Information

transmitted

in Demand Response

Systems

The primary focus on Demand Response is to provide electricity consumers
with dynamic or
time
-
based price
information or other types of incentive information so that the consu
mer

end
-
use
electric loads can be shifted or shed
in response to the information received in reliable and
economic manners. DR could be implemented in different ways depending on the type
s of price
information.
For example, t
he Real
-
Time P
ricing (RTP) requires computer
-
based response, while
the fixed time
-
of
-
use pricing may be manually handled by the customer
.
This section

provide
s

details of major types of information that could be transm
itted in DR systems.

15




2.2.1.

Price
-
Based

Information

The pricing signal consist
s of Real
-
Time Pricing (RTP), Critical
-
Peak Pricing (CPP)
, and Time
-
of
-
U
se pricing (ToU)
.

Real
-
time price is the electricity prices that fluctuate during different time periods over
the course
of the day. This dynamic pricing allows customers (industrial, commercial and residential) to
shift or shed electricity usage in order to minimize electricity and operating costs for their
business. This price signal will show the current price
for power and an automation system, such
as smart clients or meters, will determine what actions need to be taken based on the pricing
signal it received.

Critical
-
peak price is a dynamic electricity price which is usually increased, probably three to ten
times as much as a standard rate, during periods of high energy use, called CPP events. This
information allows electricity consumers to reduce electricity usage during the on
-
peak hours or
shift usage to off
-
peak hours.

Time
-
of
-
use price is the electricit
y prices that are not real
-
time. This pricing information is
defined ahead of time, usually for 24 hour day, and fixed in the certain time periods based on
seasons. For example, weekday afternoon in the summer the price is usually on
-
peak

(higher than
a st
andard rate)

and weekend night during the winter the price is usually off
-
peak

(lower than

a
standard rate)
.

2.2.2.

Event
-
Based Information

DR strategies are pre
-
programmed in Energy Management Control System (EMCS) at the
customers’ sites. The strategies are car
ried out when the DR events and pricing signal
s

arrives.
16




The main purpose of the DR strategies is to control the electric loads at the end users according to
the electric demands in return for decreasing electric usage at end points and providing reliabili
ty
to the grid.

2.2.3.

Bidding Information

DR supports several bidding
-
based programs, such as Capacity Bidding Program (CBP) and
Demand Bidding Program (DBP), which are offered through a utility, such as PG&E. Customers,
who participate in these bidding program
s, can submit a bid for load reduction for a purposed
level of curtailment or against the energy generation resource. In return, the customer will get
incentive payment, if the bid is cleared and he reduces the energy consumption according to the
bid. The
details of how each bidding program

like CBP or DBP

works are not in the scope of this
document
.

2.3.

Major Components in Demand Response

systems

DR systems consist of several infrastructure and networking technologies in order to carry DR
-
related signals from
utility to homes. This section gives a brief overview of those components and
describes why they are necessary for DR systems. We first look into AMI, which is a major part
in DR systems. HAN and NAN is explained in the context of DR, including Zigbee, whi
ch is a
communication standard used in HAN and NAN.

2.3.1.

Advanced Metering Infrastructure and

Demand Response
S
ystems

Advanced Metering

refers to
“Advanced metering is a metering system that records customer
consumption [and possibly other parameters] hourly or more frequently and that provides for
daily or more frequent transmittal of
measurements over a communication network to a central
17




collectio
n point

[3]
.” Advanced Metering
Infrastructure (AMI)
is composed of

advanced devices
at the customer site,

such as
electric
ity meters
, gas

meters, and

water

meters,

communication
networks between the c
ustomer and utilities,

and data recep
tion and manageme
nt systems
, such
as meter data management
.

AMI allows utilities to balance demand and supply
for electricity and
be able to monitor

and control electricity loads which allow the grids to be run more reliably and
efficiently.

The basic functions of AMI invo
lve reading and recording electric consumption of the customer
based on pre
-
defined schedules, including short
-
term intervals and/or on
-
demand, and then
storing and forwarding that
usage
information through the
communication networks, which may
either be w
ireless communication, such as Radio Frequency (RF) or wired communication, such
as power line communication or broadband over power line (BPL) or perhaps the combination of
the two.

AMI is significant as a DR enabling technology because of the ability to
provide
usage
data
based
on hourly intervals, which is needed for time
-
based pricing information. The time
-
based pricing
information, such as Real
-
Time Pricing (RTP)
, enables the ability to reduce and shift electric
loads dynamically over certain period.

T
he
AMI
network
s

allow utilities to

co
llect and distribute

usage and other related
information to
customers, suppliers and

other
service providers. By providing information to customers, the
system assists a change in energy usage in response to
time
-
based
pricing

signals
or incentives
information which bring about
reliability

of the grid
.

The
overview picture of
AMI

and DR are
shown

in Figure 2

below.

18




Figure
2
:
Advanced Metering Infrastructure
and

Demand Response

[16]


AMI systems
are viewed as consisting of the followin
g components:



Smart Meter


The smart meter is the source of metrological data as well as other
energy
-
related information. These smart meters can provide interval data for customer
loads as well as distributed gener
ation.



Customer Gateway


The customer gateway acts as an interface between the AMI
network and customer systems and appliances within the customer facilities, such as a
Home Area Network (HAN) or Building Management System (BMS). It may or may
not co
-
loca
te with the smart meter.



AMI Communications Network


This network provides a path for information to
flow from the meter to the AMI head end.

19






AMI Head End


This system manages the information exchanges between external
systems, such as the Meter Data
Management (MDM) system and the AMI network.

2.3.2.

Home Area Networks, Neighborhood Area Networks and Demand Response Systems

Smart Grid provides two
-
way communications between homeowners’ premises and utility
companies’ back
-
end IT infrastructure. This is done
by deploying Advanced Metering
Infrastructure (AMI) systems that combine Home Area Networks (HANs) and Neighborhood
Area Networks (NANs). A HAN typically connects home devices together whereas a NAN
connects
HAN Gateways

for the Utility Network.

Home Area

Networks connec
t thermostats, load switches,

lightening devices

and other smart
home devices in homes or buildings
. All these smart devices connected to HAN can be set to
operate during low cost energy period
s. The i
ntroduction of HAN along with advanced
wireless
home networking has enabled use of home monitoring devices and home automation. Zigbee
wireless communication can be used in home automation for cont
rolling demand response events.
Figure 3 demonstrates high
-
level view of Zigbee
-
based HAN which fa
cilitates DR signals from/to
the utility’s AMI network.

The key enabling technology for energy management products in the home are protocols such as
Zigbee and Z
-
Wave, ultra low
-
power IEEE 802.15.4
-
based wireless networking standard that has
emerged as the

key to robust, reliable and secure HAN deployments. Although there are several
other potential HAN Protocols, Zigbee is the only one
being
discussed in detail

in this report
,
since it is the most popular open standard for HANs.

20




Figure
3
:
Zigbee
-
based HAN Enabling Demand Response from Utility AMI Network

[17]


2.3.3.

Overview of Zigbee Communication Standard

Zigbee is a low
-
power wireless networking standard which is built on top of IEEE 802.15.4
standard. It is designed specifically for wireless control and monitoring network and can be used
to implement HAN devices and appliances in order to provide automati
on system in the home.
Zigbee enables devices to self assemble into wireless mesh network


from smart meters to
devices in home.

2.3.4.

Use of Zigbee in HAN for

Demand Response

Systems

The use of Zigbee in HAN enables electric consumer and utilities manage ener
gy consumption
effectively. For example, during the period of peak electrical demand, AMI system and HAN
would work together and shed the load based on the price signal or DR events received by the
utility in order to manage the high
-
load devices, such as
changing the thermostat setting of the
HVAC system in par
ticipating homes.

21




As shown in

Figure 3, t
he electric meter serves as the gateway, called Energy Service Portal
(ESP)
, between Zigbee
-
based HAN and Neighborhood Area Network

(
NAN
)

or the utility. The

ESP communicates with a variety of Zigbee
-
based devices, including Programmable
Communicating Thermostat (PCT), In
-
home display, Energy Management Consoles, etc. The
devices in HAN can receive pricing signals from the AMI network. Load control events whic
h
are typically created by the utility can be displayed in the in
-
home display and allow the utility to
schedule turning off high
-
load applications, such as air conditioners and pool pumps, of the
homeowners to manage energy and provide the reliability of
the grid. Homeowners still can
choose to opt
-
in or opt
-
out the events received based on the energy price during the peak demand.

After the utility sends DR events to the ESP, the events will be forwarded to the devices which
are responsible for the signals
. For example, load control device, which is responsible for
shedding or shifting electric loads in the house, will receive the load control events and re
-
act
based on the received events.

2.3.5.

Demand Response Network
s

Before we look at DR
networks, let

us intr
oduce a high
-
level view of the Smart Grid network
architecture
.

(S
ee Figure

4
)

22




Figure
4
: High
-
level V
iew of Smart Grid Network Architecture

[18]


The Utility Control Center is connected with the generator and distribution substation through
Wide Area Network (
WAN
)
. The AMI consists of different kinds of networks, such as NAN and
HAN. The utility network is connected to homes, buildings and industrie
s via NAN. Inside
homes,
Local Area Network (LAN), such as HAN
,

can be used to connect
smart meters and other
smart devices
together
. A smart meter serves as a gateway for communication between HAN and
NAN or the utility. In the context of DR, we focus on
the networks inside the AMI network,
particularly NAN and HAN, where sensor networks can be applied.

The detail of sensor networks
will be discussed later in Chapter 3.

Diverse communication protocols could be utilized in DR systems. For example, Zigbee an
d Wi
-
Fi can be used for wireless communications between s smart devices or smart sensors in HAN or
a customer’s site. WiMax can be used for wireless data transmission in WAN. However, these
23




protocols

have strength and weakness, which should be considered.
Table
1 and 2

below

shows
areas of application, strengths and weaknesses of communication protocols
used
in WAN and
Local Area Network (
LAN
) and

could be used in DR systems

respectively
. These tables are
derived from

Con
sumer Portal Telecommunications
Asse
ssment and Specification

[19]
.

Even
though, there are

a number of technologies that could be used in DR systems, only
Zigbee

will be
discussed in details with respect to security later in
Chapter 3
.

Table
1
: List of WAN Technologies

with its Application, Strengths and W
eaknesses

WAN Technologies

Areas of Application

Strengths

Weaknesses

ADSL (Asymmetric
Digital Subscriber
Line)

Wide
-
area access
between utility and
customers’ sites

J

Available to
most of the
areas through
telephone
lines

-

Consistent
bandwidth

-

Decreasing
bandwidth with
distance

Cable Modem

Access between utility
and customers’ sites

J

Available to
most households

-

High bandwidth

-

Inconsistent
bandwidth
depending on
number of users
and time of day

24




WAN Technologies

Areas of Application

Strengths

Weaknesses

WiMAX (IEEE
802.16)

Connect
ion

between
customers’ portals and
utility

-

Does not require
costly
deployment of
wired
infrastructure

-

Market
deployment of
WiMAX is in
the beginning
phase which is
uncertain if it
will meet the
range targets

BPL (Broadband
over Power Line)

Two
kinds of BPL

-

Access between
utility and
customers’ sites
(Access BPL)

-

Access within
customers’ sites
(In
-
home or In
-
building BPL)

-

Existing wired
infrastructure
available to
nearly every
home

-

Not suitable for
every
applications
depending on
current existing

on power line
3









3

For example, in the case of power lost, data transmitted could be lost as well. This concern applies to
many distributed communications systems. However, it is possible to be implemented in Automatic Meter
Rea
ding (AMR) and DR because the customers’ portal could buffer the data until the power restored
[19]

25




Table
2
: List of LAN Technologies with its Application, Strengths and W
eaknesses

LAN Technologies

Areas of Application

Strengths

Weaknesses

Wired Ethernet
(IEEE 802.3)

Providing connection
for devices at
customers’ sites to a
坁t⁡湤t桥r
湥nw潲ks

J

Low cost

-

Hugh market

-

High
Availability

-

Only for LAN
technologies

WiFi (IEEE 802.11x)

Connection of devices
within a customer’s
獩te


J

Easy to deploy


-

Additional
security
mechanisms
required

Zigbee (IEEE
802.15.4)

Connection of sensors
and other devices in
HAN

User interfaces at
customer sites

Meter reading


-

Low power
requirement

-

Design for use
in Industrial and
home
automation

-

Scalable
(Allowing many
devices to share
a network)

-

Limited range

-

Relatively
low
data rate, but it
would be
sufficient for the
devices used in
HAN.

2.3.6.

Open Aut
omated Demand Response

Open

A
utomated
D
emand
R
esponse (OpenADR) is
“a set of standard, continuous, open
communication signals and systems provided over the Internet to allow fa
cilities to automate their
demand and response with no human in the loop

[4]
.”

Internet
-
based electricity pricing and DR
signals are used with pre
-
programmed control strategies to optimize energy use of a site or
26




building with no manual intervention.
OpenADR is used to exchange information between a
utility or Independent System Operator (ISO) and the end
-
point users or customer systems.

OpenADR arc
hitecture depicted in Figure

5
consists of a Demand Response Automation Server
(DRAS) and a DRAS Client.
A server provides signals corresponding to DR events to notify
customers and a client at the customer’s site listens to the signals and automates signals to pre
-
programmed

control systems
.

Figure
5
:
Generic OpenADR Interface Archit
ecture

[4]


Information flow in the OpenADR architecture is in five steps, as follows:

1.

The utility or ISO defines DR event and price signals that are sent to DRAS.

2.

DR event and price services published on a DRAS.

27




3.

DRAS clients, that can be a client and
logic with integrated relay (CLIR) for a legacy
control system or web service software for a sophisticated control system, request
event information from the DRAS every minute.

4.

Pre
-
programmed DR strategies determine action based on event and price.

5.

EMCS

ca
rries out load shed based on DR events and strategies.

The DRAS is an infrastructure component in Automated Demand Response programs which are
based on a client
-
server infrastructure. The automation server distributes and receives information
among its ent
ities, such as utilities and ISOs. The purpose of the DRAS is to automate dynamic
pricing and reliable related messages and information received from utilities or ISOs to optimize
the consumption of electricity during peak hours. The DRAS is an integrator
between a
Utility/ISO and DR participants. The major roles of DRAS are to notify the participants regarding
real
-
time prices (RTP), DR events and DR related messages including dynamic pricing.

Figure
6

below
shows details of DRAS and its interface to utili
ty and participant sites including the
internet interface.

The DRAS interface
could

be
given through Web Service Description Language (WSDL)

and
eXtensible mark
-
up language (XML) schema could

be used for data model
s

and entities. The
DRAS interface functio
ns are divided into three groups as follows:



Utility and ISO Operator Interfaces



Participant Operator interfaces



DRAS

Client Interfaces

28




Figure
6
:
DRAS Client Interfaces

[5]


2.4.

Conclusion

This chapter provided

an overview of how DR systems work and how information is transmitted
in the systems

through various communication networks

to EMCS at customers’ sites in order to
shed or shift electric loads. Time
-
based pricing information, DR events inform
ation and bid
ding
information were

described briefly to see how electric loads can be decreased or increased based
on this information. Major components, such
as
AMI,
NAN,
HAN
were

described in the context
of DR
.
The Zigbee communication standard
was

explained along wi
th HAN so as to see how
home automation can carry out load reduction.

The strengths

and weaknesses of communication
protocols along with the usage are briefly described. Finally,
a
n open standard for automated
demand response
, OpenADR architecture,

and how

it works
were

explained in this chapter
.


29




Chapter 3

SECURITY ISSUES IN DEMAND AND RESPONSE

Demand response is a way to manage electricity consumption in response to supply conditions.
The primary
function

of

the Demand Response (DR) is to pr
ovide the cust
omers with price

information so that
customers or
energy
-
management and control system (EMCS) at the
customer’s sites
can

respond based on the demands for electricity and electricity prices
appropriately
.
The price

information could be real
-
time based, tar
iff
-
bas
ed or some combination.
Since the pricing information could be transmitted electronically or fixed for long period and
could be accessed by the participants of the DR program
s,

the customer’s security and privacy
should be addressed. Also, the integ
rity of the pricing signal is critical because if it can be
manipulated, it could lead to financial impacts on the organization or customers. Thus, most of
the DR functions in the smart grid, such as load shedding
/reduction
, time
-
of
-
use
(ToU)
pricing,
dyna
mic pricing, etc. require
i
ntegrity
, availability

and/or confidentiality to maintain the
reliability of the grid and prevent adversaries to manipulat
e the information in the system
.
The
m
anipulation of DR signals not only affects electric bills but
also
causes annoyance to customers

and reduce
s

customers’ confidence
.
Hence, it is crucial to identify potential security concerns,
threats and vulnerabilities and provide defense mechanisms to protect against those issues. This
chapter is to identify those pot
ential security issues based on the DR technologie
s addressed in
the previous chapter

and the

best practices

for handling security goals

for the issues identified in
this chapter
wi
ll be discussed in C
hapter 4
.

30




Security issues are explained below by first
looking at
the security requirements relevant to DR
systems.

Next, the information transferred in DR is
adressed

with respect to security.

DR
networks and security issues are discussed, including security issues in Wireless Sensor Networks
(WSNs), Zigbee
.

Finally, security issues related to OpenADR

and DR at residential sites
are
specified
.

3.1.

Security Requirements and Demand Response Systems

3.1.1.

Confidentiality

The information sent between each entity, such as control usage of the meter, pricing and
metering usa
ge and billing information, needs to be confidential and protected from unauthorized
access to the information, such as eavesdropping attacks, since it can lead to the invasion of
customer privacy and the leaking of the information to an adversary.

3.1.2.

Authentication

The components in DR system, such as
HAN
-
based devices
, Energy Management
and Control
System
s

(EM
C
S), DR services provider and metering, must be authenticated in order to
communicate with each other. If they fail to authenticate with the DR
control services, they must
not be able to connect or respond to the DR event signals in order to protect from
an unauthorized
device

to communicate with the DR system
s
, such as hijacking of the meter connection.

3.1.3.

Data Integrity

Unauthorized manipulation of

DR

information, control signals for the EM
C
S to manage devices
and control usage of the meter or smart meter by inducing an inappropriate response, such as
turning on/off electrical devices at customer
s’

site
s or shutting down DR operation, could directly
31




decrease power reliability and
efficiency

of the grid and cause financial impacts as well as
annoyance on customers. Also, manipulating the pricing signal could adversely impacts the
customer and market secti
ons financially.

3.1.4.

Availability

Pricing and
electricity

usage information need to be confidential, accurate and available all the
time; otherwise, it w
ould affect DR control behavior since t
he grid may not be able to response
based on the signals and take a

wrong action, leading to financial impacts on customers and
markets. Real
-
time load use information transmitted between DR services provider and customer
EMS needs to be available in the timely manner since it can affect the behavior of the grid.
Legacy d
evices at end user and low bandwidth of communication channels may result in the loss
of availability.

3.1.5.

Accountability

Failure to hold account of the actions taken by communicating parties because of the invalid