Secure and Privacy-friendly Smart Electricity Metering

Smart grids are the electrical grids of the future. They are an extension of the current electrical grid with bidirectional communication between smart meters and utilities. Smart appliances and electric vehicles can also be connected to the smart grid. Finally, smart grids enable distributed energy production. The smart grid roll-out is currently in full progress. The E.U. stimulates the use of smart meters with E.U. directive2009/72/EC and the U.S. with the U.S. Energy Independence and Security Act of 2007.

Smart grids have several advantages. Real time monitoring of the load and flexible tariffs allow energy savings and demand peak shaving. Smart grids can also detect breakdowns and  automatically reroute the current. Furthermore, the facilitated integration of renewable energy sources becomes more and more important as non-renewable energy sources become exhausted. Finally less use of fossil fuels will give rise to less CO2 emission.

An important problem however is thesecurity of these smart grids. Several sources have shown that sensitive information (e.g., religion, health,...) can be gathered from detailedload monitoring. The location data of the charging of electric vehiclescan leak sensitive information as well. Furthermore, it is important that neither the client nor the provider can change the meter data being sent on. Since electric vehicles can be charged at different locations, user authentication must also be taken into account. Finally, there is the threat of cyber attacks, since smart grids heavily rely on computer networks.
Several research groups are already looking for solutionsto guarantee privacy and integrity in smart grids. However, these solutions focus only on one aspect of the problem (e.g., guaranteeing privacywhile still allowing load forecasting), whereas this PhD wants to develop an architecture that takes into account all aspects of smart grid security.

Several sectors have an interest in the development of this security architecture: producers of semi conductors, energy providers,the automobile industry, operators of parking lots, producers of charging poles and smart meters, suppliers of smart appliances and companies that process mobile payments.

Therefore this PhD wants to developan architecture that guarantees privacy, integrity and authentication to the users of smart grids by using cryptographic techniques. Fine-grained load and location data should only be visible to the user himself. Nevertheless the provider should be able to bill the customer based on flexible tariffs and to forecast the load. Additional goals are to keep thecost price as low as possible and change as little as possible to the existing systems.

First, a complete description of the system architecture (smart meters, electric vehicles, public charging poles, …) will be obtained, taking into account all the key players (users, energy providers, operators of public charging infrastructure, …) and their mutual roles. This analysis will also include mapping the existing security mechanisms in place. Once this state of the art description has been obtained, a risk analysis can be performed. This will result in detailed security requirements for every component in the system. The risk analysis will be followed by a gap analysis that will show the security and privacy requirements that still have to be resolved.

Next, an overall security architecture can be designed with indication of the main components (identification tokens, authentication servers, key distribution centers, payment servers, audit loggers, etc.). This design will take intoaccount the existing system architecture, key players and security requirements.

Then security protocols will be designed for security or privacy problems for which the current state of the art is not adequate: secure and private data aggregation, secure storage and use of secretkeys in 'easy to access hardware' (e.g., charging poles), payments, etc. Cryptographic primitives that can be used for this are for example: commitments, digital signatures, zero-knowledge proofs and public key cryptography.

Finally, the key components of the security architecture will be implemented on a selection of target platforms (e.g. on a smart card, in a meter, on a smart phone), where the focus will be on payments for charging electric vehicles. The goal of this phase is to show theperformance and efficiency of the design. Furthermore this implementation will reveal any practical problems that are included in the design. The necessary changes will then be made in order to solve these practicalproblems.

The research will be conducted within the research group COmputer Security and Industrial Cryptography (COSIC), which is part of the department of Electronical engineering (ESAT) at the KU Leuven. COSIC's research varies between the theoretical construction of primitives and the development of safe and efficient hardware implementations. Their goal is to create a secure electronic equivalent for interactions inthe physical world. This PhD is a perfect match to that, since it is about the transition from a physical to a digital electrical grid.