summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjaseg <git-bigdata-wsl-arch@jaseg.de>2020-05-19 19:32:33 +0200
committerjaseg <git-bigdata-wsl-arch@jaseg.de>2020-05-19 19:32:33 +0200
commita4813caa8dd1bbda7b6a3bcc72bd715c67aa54f9 (patch)
treef8fcf71785dd4dadeaa3cbb76fd1d83990c2796a
parenta92caf0e999048acf14c7de42f3d91b5e23b2e29 (diff)
downloadmaster-thesis-a4813caa8dd1bbda7b6a3bcc72bd715c67aa54f9.tar.gz
master-thesis-a4813caa8dd1bbda7b6a3bcc72bd715c67aa54f9.tar.bz2
master-thesis-a4813caa8dd1bbda7b6a3bcc72bd715c67aa54f9.zip
MA: Add standardization themes blurb
-rw-r--r--ma/safety_reset.bib39
-rw-r--r--ma/safety_reset.tex142
2 files changed, 147 insertions, 34 deletions
diff --git a/ma/safety_reset.bib b/ma/safety_reset.bib
index 5d14c28..5e11a0e 100644
--- a/ma/safety_reset.bib
+++ b/ma/safety_reset.bib
@@ -1325,4 +1325,43 @@
urldate = {2020-05-18},
}
+@Misc{abdallah01,
+ author = {Asmaa Abdallah},
+ editor = {Xuemin Shen},
+ title = {Security and Privacy in Smart Grid},
+ url = {http://dx.doi.org/10.1007/978-3-319-93677-2},
+ address = {Cham},
+ isbn = {9783319936772},
+ pagetotal = {1 Online-Ressource (XIV, 126 p. 30 illus., 23 illus. in color)},
+ ppn_gvk = {1028034970},
+ publisher = {Springer International Publishing},
+ series = {SpringerBriefs in Electrical and Computer Engineering},
+ year = {2018},
+}
+
+@InBook{kaplan01,
+ author = {Abraham Kaplan},
+ booktitle = {The Conduct of Inquiry: Methodology for Behavioral Science},
+ date = {1964},
+ title = {The Law of the Instrument},
+ isbn = {9781412836296},
+ location = {San Francisco},
+ pages = {28},
+ publisher = {Chandler Publishing Co.},
+ url = {https://books.google.com/books?id=OYe6fsXSP3IC&pg=PA28},
+}
+
+@Book{merz01,
+ author = {Hermann Merz and Thomas Hansemann and Christof Hübner},
+ title = {Building automation},
+ isbn = {9783540888284},
+ pagetotal = {X, 282},
+ publisher = {Springer},
+ series = {Springer series on signals and communication technology},
+ subtitle = {Communication systems with EIB/KNX, LON, and BACnet},
+ address = {Berlin [u.a.]},
+ ppn_gvk = {584030762},
+ year = {2009},
+}
+
@Comment{jabref-meta: databaseType:biblatex;}
diff --git a/ma/safety_reset.tex b/ma/safety_reset.tex
index 8aa31bf..a5e5b63 100644
--- a/ma/safety_reset.tex
+++ b/ma/safety_reset.tex
@@ -463,13 +463,23 @@ transport encryption and other cryptographic services\cite{bsi-tr-03109-2,bsi-tr
% FIXME
\section{Regulatory frameworks around the world}
-% FIXME
+
+Smart metering regulation varies from country to country as it is tightly coupled to the overall regulation of the
+electrical grid. The standardization of the physical form factor and metrological parameters of a meter is usually
+separate from the standardization of its \emph{smart} functionality. Most countries base the standard for their meters'
+outwards-facing communication interface on a family of standards unified under the IEC as DLMS/COSEM. Employing this
+base protocol ountry-specific standardization only covers which precise variant of it is spoken and what features are
+supported.
\subsection{International standards}
% FIXME
\subsection{The regulatory situation in selected countries}
-% FIXME
+
+In this section we will give an overview of the situation in a number of countries. This list of countries is not
+representative and notably does not include any developing countries and is geographically biased. We selected these
+countries for illustration only and based our selection in a large part on the availability of information in a language
+we read. We will conclude this section with a summarization of common themes.
\subsubsection{Germany}
@@ -559,13 +569,75 @@ meters are round devices that plug into a wall-mounted socket while IEC devices
directly to the mains wiring through large screw terminals\cite{ifixit01}.
\subsection{Common themes}
-% FIXME
-
-
-% FIXME overall thing: here or somewhere else mention the ongoing confusion of smart metering and smart home, e.g.
-% sato01
-\section{Security in smart grids}
+Researching the current situation around the world for the above sections we were able to distill some common themes.
+First, smart metering is slowly advancing on a global scale and despite significant reservations from privacy-conscious
+people and consumer advocates it seems it is here to stay. There are some notable exceptions of countries that have
+decided to scale-back an ongoing rollout effort after subsequent analysis showed economical or other
+issues\footnote{cf.\ the Netherlands and Germany}.
+
+\subsubsection{The introduction of smart metering}
+
+The smart meter rollout is largely driven by utility companies. Utility companies field a variety of arguments for the
+rollout. The most prominent argument is a general increase in energy-efficiency along with a reduction of emissions.
+This argument is based on the estimation that smart metering will increase private customers' awareness of their own
+consumption and this will lead them to reduce their consumption. The second highly popular argument for smart metering
+is that it is necessary for the widespread adoption of renewable energies. This argument again builds on the trend
+towards \emph{green} energy to rationalize smart metering. Often it is formulated as an \emph{inevitability} instead of
+a choice.
+
+Academic reception of smart metering is dyed with an almost unanimous enthusiasm. In particular smart meter
+communication infrastructure has received a large amount of research
+attention\cite{dzung01,gungor01,kabalci01,lloret01,mahmood01,yan01,anderson01}. Outside of human-computer interaction
+claims that smart meters will reduce customer energy consumption have often been uncritically accepted.
+
+\subsubsection{Standardization and reality of smart devices}
+
+Regulators, utilities and academics meet in their enthusiasm on the issue of smart home integration of smart metering. A
+feature of many setups is that the meter acts as the centerpiece of a modern, fully integrated smart
+home\cite{aubel01,geelen01,bsi-tr-03109-1,abdallah01}. The smart meter serves as a communication hub between a new class
+of grid-aware loads and the utility company's control center. Large (usually thermal) loads such as dishwashers,
+refrigerators and air conditioners are forecasted to intelligently adapt their heating/cooling cycles to better match
+the grid's supply. A frequent scenario is that in which the meter bills the customer using near-real time pricing, and
+supplies large loads in the customer's household with this pricing information. These loads then intelligently schedule
+their operation to minimize cost\cite{sato01}. At the time in the mid-2000nds when smart metering proposals were first
+advanced this vision might have been an effect of the \emph{law of the instrument}\cite{kaplan01}. Back then outside of
+specialty applications household devices were not usually networked\cite{merz01}. Smart meters at the time may have
+seemed the obvious choice for a smart home communications hub.
+
+From today's perspective, this idea is obviously outdated. Smart \emph{things} now have found their way into many homes.
+Only these things are directly interconnected through the internet--foregoing the home-area network (HAN) technologies
+anticipated by the smart metering pioneers. The simple reason for this is that nowadays anyone has Wifi, and Wifi
+transceivers have become inexpensive enough to disappear in the bill of materials (BOM) cost of a large home device such
+as a washing machine. Smart meters are usually situated in the basement--physically far away from most of one's devices.
+This makes connecting them to said devices awkward and connecting them via the local Wifi lends the question why the
+smart devices should not simply use the internet in the first place.
+
+Connecting things to a smart meter through a local bus is academically appealing. It promises cost-savings from a
+simpler physical layer (such as ZigBee instead of Wifi) and it neatly separates concerns into \emph{home infrastructure}
+and the regular internet. Communication between smart meter and devices never leaves the house. This gives potential
+additional tolerance to utility backend systems breaking. It also physically keeps communication inside the house,
+bypassing the utility's eyes improving both customer privacy and agency. The presently popular model of a device as
+simple as a light switch proxying its every action through a manufacturer's servers somewhere on the public internet is
+in stark contrast to this scenario. Alas, the reason that this model is as popular is that in most cases it simply
+works. Device manufacturers simply integrate one of many off-the-shelf Wifi modules. The resulting device will work
+anywhere on earth\footnote{For some places channel assignments may have to be updated. This is a configuration-level
+change and in some devices is done by the end-user during provisioning.}. A HAN-connected device would have several
+variants with different modems for different standards. Some might work across countries, but some might not. And in
+some countriese there might not even be a standard for smart grid HANs.
+
+Looking at the situation like this begs the question why this realization has not yet found its way into mainstream
+acceptance by smart metering implementors. The customer-facing functionality promised through smart meters would be
+simple to implement as part of a now-standard \emph{internet of things} application. An in-home display that shows
+real-time energy consumption and cost statistics would simply be an android tablet fetching summarized data from the
+utility's billing backend. Demand-side response by large loads would be as simple as an HTTP request with a token
+identifying the customer's contract that returns the electricity price the meter is currently charging along with a
+recommendation to switch on or off. It seems the smart home has already arrived while smart metering standardization is
+still getting off the starting blocks.
+% TODO is this too critical? Is maybe the modern smart home compatible with smart meters? Is maybe the local-only path
+% of data, avoiding utility clouds a design feature? (may be true in DE, NL, probably not anywhere else)
+
+\section{Security in smart distribution grids}
The smart grid in practice is nothing more or less than an aggregation of embedded control and measurement devices that
are part of a large control system. This implies that all the same security concerns that apply to embedded systems in
@@ -577,37 +649,39 @@ systems, and as such inherently hard to update. Also, the smart grid and its con
implement\cite{blaze01} and adding a host of distributed systems problems on top\cite{lamport01}.
Given that the electrical grid is a major piece of essential infrastructure in modern civilization, these problems
-amount to significant issues in practice. Attacks on the electrical grid may have grave consequences\cite{lee01} all the
-while the long maintenance cycles of various components make the system slow to adapt. Thus, components for the smart
-grid need to be built to a much higher standard of security than most consumer devices to ensure they live up to
-well-funded attackers even decades down the road. This requirement intensifies the challenges of embedded security and
-distributed systems security among others that are inherent in any modern complex technological system.
-
-A point we will not consider in much depth is theft of electricity. A large part of the motivation of the introduction
-of smart meters seems to be % TODO weak statement
-to reduce the level of fraud by consumers. Academic papers tend to either focus on other benefits such as generation
-efficiency gains through better forecasting or try to rationalize the funamentally anti-consumer nature of smart
-metering with strenuous claims of ``enormous social benefits''\cite{mcdaniel01}. We will entirely focus on grid
-stability and discard electricity theft in the context of this paper for two reasons: One, billing inaccuracies of
-electricity companies are of very low urgency compared to grid stability, and the one is a precondition for the other.
-Two, utility companies can already put strong bounds on the amount of theft by simply cross-refrencing meter readings
-against trusted readings from upstream sections of the grid. This capability works even without smart meters and only
-gains speed from smart meters, just as the old exploit of bypassing the meter with a section of wire can't be prevented
-like this.
-
-Due to these bounds on its volume, electricity theft using smart meter hacking would not scale. Hackers would simply be
-rooted up one by one with no damage to consumers and very limmited damage to utility companies. Damage in these
-scenarios would be a far cry from the efficiency of an exponentially growing botnet.
+amount to significant issues in practice. Attacks on the electrical grid may have grave
+consequences\cite{anderson01,lee01} all the while the long maintenance cycles of various components make the system slow
+to adapt. Thus, components for the smart grid need to be built to a much higher standard of security than most consumer
+devices to ensure they live up to well-funded attackers even decades down the road. This requirement intensifies the
+challenges of embedded security and distributed systems security among others that are inherent in any modern complex
+technological system. The safety-critical nature of modern smart metering ecosystems in particular was quickly
+recognized by security experts\cite{anderson01}.
+
+A point we will not consider in much depth is theft of electricity. An incentive for the introduction of smart metering
+that is frequently cited in utility industry publications outside of a general public's view is the reduction of
+electricity theft. Academic papers tend to either focus on other benefits such as generation efficiency gains through
+better forecasting or try to rationalize the funamentally anti-consumer nature of smart metering with strenuous claims
+of ``enormous social benefits''\cite{mcdaniel01}. Academics rarely point out the large economical incentive such
+\emph{revenue protection} mechanisms provide\cite{anderson01}.
+
+This thesis will entirely focus on grid stability and discard electricity theft. For the attack scenarios we lay out
+billing inaccuracies of utility companies are of very low urgency compared to grid stability. In fact stability is a
+precondition for billing to happen. Additionally utility companies can already limit the volume of theft by
+cross-refrencing meter readings against trusted readings from upstream sections of the grid. This capability works even
+without smart meters and only gains speed from smart meters. A smart meter cannot prevent the customer from bypassing it
+with a section of wire. Due to the limit on its volume, electricity theft using smart meter hacking would not scale.
+Hackers would quickly be triangulated with no damage to consumers and limited damage to utility companies.
\subsection{Smart grid components as embedded devices}
A fundamental challenge in smart grid implementations is the central role smart electricity meters play. Smart meters
are used both for highly-granular load measurement and (in some countries) load switching\cite{zheng01}.
-Smart electricity meters are effectively consumer devices. They are built down to a certain price point that is
-measured by the burden it puts on consumers and that is generally fixed by regulatory authorities. % FIXME cite
-This requirement precludes some hardware features such as the use of a standard hardened software environment on a
-high-powerded embedded system (such as a hypervirtualized embedded linux setup) that would both increase resilience
-against attacks and simplify updates. Combined with the small market sizes in smart grid deployments
+Smart electricity meters are effectively consumer devices. They are built down to a certain price point that is measured
+by the burden it puts on consumers. The cost of a smart meter is ultimately limited by it being a major factor in the
+economies of a smart meter rollout\cite{bmwi03}. Cost requirements preclude some hardware features such as the use of a
+standard hardened software environment on a high-powerded embedded system (such as a hypervirtualized embedded linux
+setup) that would both increase resilience against attacks and simplify updates. Combined with the small market sizes in
+smart grid deployments
\footnote{
Most vendors of smart electricity meters only serve a handful of markets. For the most part, smart meter development
cost lies in the meter's software % TODO cite?