From 0e7de70691695c03f672e919df3b1446ee065c47 Mon Sep 17 00:00:00 2001 From: jaseg Date: Sun, 29 Dec 2019 00:46:41 +0100 Subject: thesis: expand introduction --- ma/safety_reset.bib | 619 ++++++++++++++++++++++++++++++++++++++++++++++++++++ ma/safety_reset.tex | 121 +++++++++- 2 files changed, 736 insertions(+), 4 deletions(-) create mode 100644 ma/safety_reset.bib (limited to 'ma') diff --git a/ma/safety_reset.bib b/ma/safety_reset.bib new file mode 100644 index 0000000..3bdb9d2 --- /dev/null +++ b/ma/safety_reset.bib @@ -0,0 +1,619 @@ +@online{bnetza1, + author = {Bundesnetzagentur}, + publisher = {Bundesnetzagentur}, + title = {Smart Meter}, + url = {https://web.archive.org/web/20190919100204/https://www.bundesnetzagentur.de/DE/Sachgebiete/ElektrizitaetundGas/Verbraucher/NetzanschlussUndMessung/SmartMetering/SmartMeter_node.html}, + urldate = {2019-09-19}, + year = {2019} +} + +@online{bmwi1, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik} and {Bundesministerium f{\"u}r Wirtschaft und Energie}}, + month = jan, + publisher = {Bundesministerium f{\"u}r Wirtschaft und Energie}, + title = {Standardisierungsstrategie zur sektor{\"u}bergreifenden Digitalisierung nach dem Gesetz zur Digitalisierung der Energiewende}, + url = {https://web.archive.org/web/20190919100713/https://www.bmwi.de/Redaktion/DE/Downloads/S-T/standardisierungsstrategie.pdf?__blob=publicationFile&v=4}, + urldate = {2019-09-19}, + year = {2019} +} + +@online{bsi-tr-03109, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + month = nov, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {Technische Richtlinie BSI TR-03109}, + url = {https://web.archive.org/web/20190919102010/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR03109.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=3}, + urldate = 2019-09-19, + year = {2015} +} + +@online{bsi-tr-03109-1, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + month = jan, + number = {v1.0.1}, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {TR-03109-1: Anforderungen an die Interoperabilit{\"a}t der Kommunikationseinheit eines intelligenten Messsystems}, + url = {https://web.archive.org/web/20190919102217/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR03109-1.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=3}, + urldate = 2019-09-19, + year = {2019} +} + +@online{bsi-tr-03109-6, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + month = nov, + number = {v1.0}, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {TR-03109-6: Smart Meter Gateway Administration}, + url = {https://web.archive.org/web/20190919102651/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-6-Smart_Meter_Gateway_Administration.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=4}, + urldate = 2019-09-19, + year = {2015} +} + +@online{bsi-tr-03109-4, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + month = aug, + number = {v1.2.1}, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {TR-03109-4: Public Key Infrastruktur f{\"u}r Smart Meter Gateways}, + url = {https://web.archive.org/web/20190919102649/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-4_PKI.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=3}, + urldate = 2019-09-19, + year = {2017} +} + +@online{bsi-tr-03109-2, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + month = dec, + number = {v1.1}, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {TR-03109-2: Smart Meter Gateway - Anforderungen an die Funktionalit{\"a}t und Interoperabilit{\"a}t des Sicherheitsmoduls}, + url = {https://web.archive.org/web/20190919102644/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2-Anforderungen_an_die_Funktionalitaet.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=3}, + urldate = 2019-09-19, + year = {2014} +} + +@online{bsi-tr-03109-3, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + month = apr, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {TR-03109-3: Kryptographische Vorgaben f{\"u}r die Infrastruktur von intelligenten Messsystemen}, + url = {https://web.archive.org/web/20190919102648/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-3_Kryptographische_Vorgaben.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=1}, + urldate = 2019-09-19, + year = {2014} +} + +@online{bsi-tr-03109-1-I, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = mar, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {TR-03109-1 Anlage I: CMS-Datenformat f{\"u}r die Inhaltsdatenverschl{\"u}sselung und -signatur}, + url = {https://web.archive.org/web/20190919104234/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1\_Anlage\_CMS.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2\_cid351?\_\_blob=publicationFile\&v=2}, + urldate = 2019-09-19, + year = {2013} +} + +@online{bsi-tr-03109-1-II, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = mar, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-1 Anlage II: COSEM/HTTP Webservices}, + url = {https://web.archive.org/web/20190919104234/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1\_Anlage\_CMS.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2\_cid351?\_\_blob=publicationFile\&v=2}, + urldate = 2019-09-19, + year = {2012} +} + +@online{bsi-tr-03109-1-IIIb, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = mar, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-1 Anlage III: Feinspezifikation "Drahtlose LMN-Schnittstelle" Teil b: "OMS Technical Report Security"}, + url = {https://web.archive.org/web/20190919110101/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1_Anlage_Feinspezifikation_Drahtlose_LMN-Schnittstelle-Teil2.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=2}, + urldate = 2019-09-19, + year = {2013} +} + +@online{bsi-tr-03109-1-IIIa, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = mar, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-1 Anlage III: Feinspezifikation "Drahtlose LMN-Schnittstelle" Teil a: "OMS Specification Volume 2, Primary Communication"}, + url = {https://web.archive.org/web/20190919110054/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1_Anlage_Feinspezifikation_Drahtlose_LMN-Schnittstelle.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=2}, + urldate = 2019-09-19, + year = {2013} +} + +@online{bsi-tr-03109-1-IVa, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = mar, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-1 Anlage IV: Feinspezifikation "Drahtgebundene LMN-Schnittstelle" Teil a: "HDLC f{\"u}r LMN"}, + url = {https://web.archive.org/web/20190919110101/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1_Anlage_Feinspezifikation_Drahtlose_LMN-Schnittstelle-Teil2.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=2}, + urldate = 2019-09-19, + year = {2013} +} + +@online{bsi-tr-03109-1-IVb, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = mar, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-1 Anlage IV: Feinspezifikation "Drahtgebundene LMN-Schnittstelle" Teil b: "SML Smart Message Language"}, + url = {https://web.archive.org/web/20190919110756/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1\_Anlage\_Feinspezifikation\_Drahtgebundene\_LMN-Schnittstelle\_Teilb.pdf jsessionid=BD197BE4CB44C76EE7945640B8703844.2\_cid351?\_\_blob=publicationFile\&v=2}, + urldate = 2019-09-19, + year = {2013} +} + +@online{bsi-tr-03109-1-VI, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = mar, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-1 Anlage VI: Betriebsprozesse}, + url = {https://web.archive.org/web/20190919111203/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1_Anlage_Betriebsprozesse.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=1}, + urldate = 2019-09-19, + year = {2013} +} + +@online{bsi-tr-03109-1-VII, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = jan, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-1 Anlage VII: Interoperabilit{\"a}tsmodell und Ger{\"a}teprofile f{\"u}r Smart-Meter- Gateways}, + url = {https://web.archive.org/web/20190919111350/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1_Anlage_Interop-Modell-Geraeteprofile.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=2}, + urldate = 2019-09-19, + year = {2019} +} + +@online{bsi-tr-03109-2-a, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.1}, + month = dec, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-2 Anhang A: Smart Meter Gateway Sicherheitsmodul Use Cases}, + url = {https://web.archive.org/web/20190919111540/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2-Sicherheitsmodul_Use_Cases.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=2}, + urldate = 2019-09-19, + year = {2014} +} + +@online{bsi-tr-03109-2-b, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {v1.0}, + month = jun, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-2 Anhang B: Smart Meter Mini-HSM Anforderungen an die Funktionalit{\"a}t und Interoperabilit{\"a}t des Sicherheitsmoduls}, + url = {https://web.archive.org/web/20190919111832/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2_Anhang_B_Smart_Meter_Mini_HSM.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=3}, + urldate = 2019-09-19, + year = {2017} +} + +@online{bsi-tr-03116-3, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03116 Kryptographische Vorgaben f{\"u}r Projekte der Bundesregierung}, + month = jan, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03116-3: Intelligente Messsysteme}, + url = {https://web.archive.org/web/20190919112052/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-3.pdf; jsessionid=CB56FC0D3137C5624CA697AB9E57671F.1_cid360?__blob=publicationFile&v=9}, + urldate = 2019-09-19, + year = {2019} +} + +@online{bsi-tr-03109-ts-1, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + booktitle = {Technische Richtlinie BSI TR-03109}, + edition = {00.91}, + month = jan, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-03109-TS-1: Testkonzept zu BSI TR-03109-1}, + url = {https://web.archive.org/web/20190919112310/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-TS-1_Testkonzept.pdf; jsessionid=BD197BE4CB44C76EE7945640B8703844.2_cid351?__blob=publicationFile&v=1}, + urldate = 2019-09-19, + year = {2015} +} + +@online{bsi-tr-pruefstellen, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + edition = {v1.5}, + month = jan, + organization = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, + title = {TR-Pr{\"u}fstellen: Anforderungen an Antragsteller zur Anerkennung als Pr{\"u}fstelle im Bereich Technischer Richtlinien}, + url = {https://web.archive.org/web/20190919112552/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/TR-Pruefstellen.pdf; jsessionid=A6B4CB8AD2C038741C656276CE874B61.2_cid369?__blob=publicationFile&v=10}, + urldate = 2019-09-19, + year = {2019} +} + +@article{mo01, + author = {Yilin Mo and Tiffany Hyun-Jin Kim and Kenneth Brancik and Dona Dickinson and Heejo Lee and Adrian Perrig and Bruno Sinopoli}, + journaltitle = {Proceedings of the IEEE}, + month = jan, + number = {1}, + pages = {195--209}, + publisher = {IEEE}, + title = {Cyber-Physical Security of a Smart Grid Infrastructure}, + url = {http://ieeexplore.ieee.org.sci-hub.tw/abstract/document/6016202; https://ieeexplore.ieee.org/abstract/document/6016202; https://www.researchgate.net/profile/Yilin_Mo/publication/224257991_Cyber-Physical_Security_of_a_Smart_Grid_Infrastructure/links/004635395d2f66a584000000.pdf}, + urldate = 2019-09-19, + volume = {100}, + year = {2012} +} + +@article{gungor01, + author = {Vehbi C. G{\"u}ng{\"o}r and Dilan Sahin and Taskin Kocak and Concettina Buccella and Carlo Cecati and Gerhard P. Hancke and Salih Erg{\"u}t}, + journaltitle = {IEEE Transactions on Industrial Informatics}, + month = nov, + number = {4}, + organization = {IEEE}, + pages = {529--539}, + title = {Smart Grid Technologies: Communication Technologies and Standards}, + url = {https://www.researchgate.net/profile/Salih_Ergut/publication/224257498_Smart_Grid_Technologies_Communication_Technologies_and_Standards/links/56ccb4e508ae85c8233bc062/Smart-Grid-Technologies-Communication-Technologies-and-Standards.pdf}, + volume = {7}, + year = {2011} +} + +@article{yan01, + author = {Ye Yan and Yi Qian and Hamid Sharif and David Tipper}, + doi = {10.1109/SURV.2012.021312.00034}, + journaltitle = {IEEE Communications Surveys \& Tutorials}, + organization = {IEEE}, + title = {A Survey on Smart Grid Communication Infrastructures: Motivations, Requirements and Challenges}, + url = {http://d-scholarship.pitt.edu/12508/1/Smart_Grid_Infrastructure_Final.pdf}, + year = {2012} +} + +@article{kabalci01, + author = {Yasin Kabalci}, + doi = {10.1016/j.rser.2015.12.114}, + journaltitle = {Renewable and Sustainable Energy Reviews}, + pages = {302--318}, + publisher = {Elsevier}, + title = {A survey on smart metering and smart grid communication}, + url = {https://www.researchgate.net/profile/Yasin_Kabalci/publication/289504234_A_survey_on_smart_metering_and_smart_grid_communication/links/5a6105aaaca272a1581745c1/A-survey-on-smart-metering-and-smart-grid-communication.pdf}, + volume = {57}, + year = {2016} +} + +@article{zhou01, + author = {Bin Zhou and Wentao Li and Ka Wing Chan and Yijia Cao and Yonghong Kuang and Xi Liu and Xiong Wang}, + journaltitle = {Renewable and Sustainable Energy Reviews}, + pages = {30--40}, + publisher = {Elsevier}, + title = {Smart home energy management systems: Concept, configurations, and scheduling strategies}, + url = {http://www.sciencedirect.com.sci-hub.tw/science/article/abs/pii/S1364032116002823}, + volume = {61}, + x-color = {#009966}, + year = {2016} +} + +@journal{lloret01, + author = {Jaime Lloret and Jesus Tomas and Alejandro Canovas and Lorena Parra}, + journaltitle = {IEEE Communications Magazine}, + organization = {IEEE}, + pages = {50--57}, + title = {An Integrated IoT Architecture for Smart Metering}, + urldate = 2019-09-19, + volume = {54}, + x-color = {#7a783b}, + year = {2016} +} + +@article{sharma01, + author = {Konark Sharma and Lalit Mohan Saini}, + doi = {10.1016/j.rser.2015.04.170}, + journaltitle = {Renewable and Sustainable Energy Reviews}, + pages = {720--735}, + publisher = {Elsevier}, + title = {Performance analysis of smart metering for smart grid: An overview}, + url = {http://www.sciencedirect.com.sci-hub.tw/science/article/abs/pii/S1364032115004402}, + urldate = 2019-09-19, + volume = {49}, + x-color = {#7a783b}, + year = {2015} +} + +@article{leiva01, + author = {Javier Leiva and Alfonso Palacios and Jos{\'e} A. Aguado}, + journaltitle = {Renewable and Sustainable Energy Reviews}, + pages = {227--233}, + publisher = {Elsevier}, + title = {Smart metering trends, implications and necessities: A policy review}, + url = {http://kchbi.chtf.stuba.sk/upload_new/file/Miro/Proc%20problemy%20odovzdane%20zadania/Cyprichov%C3%A1/SmartMetering.pdf; http://dx.doi.org/10.1016/j.rser.2015.11.002}, + urldate = 2019-09-19, + volume = {55}, + x-color = {#009966}, + year = {2016} +} + +@article{lopez01, + author = {G. Lopez and J.I. Moreno and H. Amar\'{\i}s and F. Salazar}, + doi = {10.1016/j.epsr.2014.05.006}, + journaltitle = {Electric Power Systems Research}, + publisher = {Elsevier}, + title = {Paving the road toward Smart Grids through large-scale advanced metering infrastructures}, + url = {http://www.sciencedirect.com.sci-hub.tw/science/article/abs/pii/S0378779614001862}, + urldate = 2019-09-19, + x-color = {#009966}, + year = {2014} +} + +@article{alahakoon01, + author = {Damminda Alahakoon and Xinghuo Yu}, + doi = {10.1109/TII.2015.2414355}, + journaltitle = {IEEE Transactions on Industrial Informatics}, + organization = {IEEE}, + title = {Smart Electricity Meter Data Intelligence for Future Energy Systems: A Survey}, + url = {http://ieeexplore.ieee.org.sci-hub.tw/abstract/document/7063262}, + urldate = 2019-09-19, + x-color = {#009966}, + year = {2015} +} + +@book{borlase01, + editor = {Stuart Borlase}, + isbn = {978-1-4987-9955-3}, + publisher = {CRC Press}, + series = {Electric Power and Energy Engineering}, + title = {Smart Grids: Advanced Technologies and Solutions}, + url = {http://libgen.is/book/index.php?md5=54E49C790BF4ABE66857D6A86E60A196}, + urldate = 2019-09-19, + x-color = {#cc3300}, + year = {2017} +} + +@article{amin01, + author = {Saurabh Amin and Galina A. Schwartz and Alvaro A. C{\'a}rdenas and S. Shankar Sastry}, + doi = {10.1109/MCS.2014.2364711}, + journaltitle = {IEEE Control Systems Magazine}, + month = feb, + organization = {IEEE}, + part = {1}, + title = {Game-Theoretic Models of Electricity Theft Detection in Smart Utility Networks}, + url = {https://cloudfront.escholarship.org/dist/prd/content/qt3658w184/qt3658w184.pdf}, + urldate = 2019-09-19, + volume = {35}, + x-color = {#7a783b}, + year = {2015} +} + +@article{mahmood01, + author = {Anzar Mahmood and Nadeem Javaid and Sohail Razzaq}, + doi = {10.1016/j.rser.2014.08.036}, + journaltitle = {Renewable and Sustainable Energy Reviews}, + pages = {248--260}, + publisher = {Elsevier}, + title = {A review of wireless communications for smart grid}, + url = {http://www.sciencedirect.com.sci-hub.tw/science/article/abs/pii/S1364032114007126}, + urldate = 2019-09-19, + volume = {41}, + x-color = {#7a783b}, + year = {2015} +} + +@techreport{bsi01, + author = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + edition = {v1.0}, + month = jan, + organization = {{Bundesamt f{\"u}r Sicherheit in der Informationstechnik}}, + title = {Marktanalyse zur Feststellung der technischen M{\"o}glichkeit zum Einbau intelligenter Messsysteme nach {\S} 30 MsbG}, + url = {https://web.archive.org/web/20190919124052/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/SmartMeter/Marktanalysen/Marktanalyse_nach_Para_30_MsbG.pdf?__blob=publicationFile&v=8}, + urldate = 2019-09-19, + x-color = {#009966}, + year = {2019} +} + +@inproceedings{czechowski01, + author = {R. {Czechowski} and A. M. {Kosek}}, + booktitle = {2016 Joint Workshop on Cyber- Physical Security and Resilience in Smart Grids (CPSR-SG)}, + doi = {10.1109/CPSRSG.2016.7684098}, + issn = {}, + keywords = {power consumption; power engineering computing; power system measurement; power system security; security of data; smart meters; energy theft techniques; power energy consumption; electric energy distribution; electricity theft detection; energy consumers; cyber security; smart metering; low voltage network; Energy consumption; Security; Energy measurement; Companies; Power systems; Wheels; Smart Grid; energy theft; cyber-physical security; digital data flow; energy hacking}, + month = {April}, + organization = {IEEE}, + pages = {1--7}, + title = {The most frequent energy theft techniques and hazards in present power energy consumption}, + url = {https://project-sparks.eu/wp-content/uploads/2016/04/czechowski-cpsr-sg-paper-four.pdf}, + x-color = {#009966}, + year = {2016} +} + +@datasheet{st-db3636, + author = {{ST Microelectronics}}, + edition = {r1}, + month = {jun}, + organization = {ST Microelectronics}, + subtitle = {Security module of a smart meter gateway as defined by the BSI}, + title = {STSAFE-J100-BS Data brief}, + url = {https://www.st.com/resource/en/data_brief/stsafe-j100-bs.pdf}, + urldate = 2019-09-20, + x-color = {#009966}, + year = {2018} +} + +@slides{dalheimer01, + author = {Mathias Dalheimer}, + eventtitle = {Gulaschprogrammiernacht 2014}, + title = {Smartin Meter-Einf{\"u}hrung Deutschland}, + url = {https://entropia.de/images/2/2c/GPN14-SmartMeterEinf%C3%BChrung.pdf} +} + +@online{heise01, + author = {Heise Medien}, + title = {checkm8: Boot-Exploit soll neuere iPhones knacken}, + url = {https://www.heise.de/mac-and-i/meldung/checkm8-Boot-Exploit-soll-neuere-iPhones-knacken-4542075.html} +} + +@article{wu01, + author = {Yongdong Wu and Zhuo Wei and Jian Weng and Xin Li and Robert H. Deng}, + doi = {10.1109/TSG.2017.2661307}, + journaltitle = {IEEE Transactions on Smart Grid}, + month = {Sep}, + number = {5}, + pages = {4490--4502}, + title = {Resonance Attacks on Load Frequency Control of Smart Grids}, + volume = {9}, + x-color = {#cc3300}, + year = {2018} +} + +@techreport{entsoe01, + author = {ENTSO-E System Protection Dynamics and WG}, + month = mar, + title = {Oscillation Event 03.12.2017}, + url = {https://docstore.entsoe.eu/Documents/SOC%20documents/Regional_Groups_Continental_Europe/OSCILLATION_REPORT_SPD.pdf}, + year = {2018} +} + +@article{leveson01, + author = {Nancy G. Leveson and Clark S. Turner}, + journaltitle = {IEEE Computer}, + month = jul, + number = {7}, + pages = {18--41}, + title = {An Investigation of the Therac-25 Accidents}, + url = {https://doi.org/10.1109/MC.1993.274940; https://web.archive.org/web/20041128024227/http://www.cs.umd.edu/class/spring2003/cmsc838p/Misc/therac.pdf}, + volume = {26}, + year = {1993} +} + +@article{lamport01, + author = {Leslie Lamport and Robert Shostak and Marshall Pease}, + journaltitle = {ACM Transactions on Programming Languages and Systems}, + month = jul, + number = {3}, + pages = {382--401}, + publisher = {ACM}, + title = {The Byzantine Generals Problem}, + url = {https://www.microsoft.com/en-us/research/publication/byzantine-generals-problem/?from=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fum%2Fpeople%2Flamport%2Fpubs%2Fbyz.pdf; https://doi.org/10.1145%2F357172.357176}, + volume = {4}, + year = {1982} +} + +@incollection{blaze01, + author = {Matt Blaze and Joan Feigenbaum and John Ioannidis and Angelos D Keromytis}, + booktitle = {Secure Internet Programming}, + pages = {185--210}, + publisher = {Springer}, + title = {The role of trust management in distributed systems security}, + year = {1999} +} + +@article{lee01, + author = {Robert M. Lee and Michael J. Assante and Tim Conway}, + journal = {Electricity Information Sharing and Analysis Center (E-ISAC)}, + title = {Analysis of the cyber attack on the Ukrainian power grid}, + year = {2016} +} + +@article{sun01, + author = {Chih-Che Sun and Adam Hahn and Chen-Ching Liu}, + journal = {International Journal of Electrical Power \& Energy Systems}, + pages = {45--56}, + publisher = {Elsevier}, + title = {Cyber security of a power grid: State-of-the-art}, + volume = {99}, + year = {2018} +} + +@inproceedings{zheng01, + author = {Jixuan Zheng and David Wenzhong Gao and Li Lin}, + booktitle = {2013 IEEE Green Technologies Conference (GreenTech)}, + organization = {IEEE}, + pages = {57--64}, + title = {Smart meters in smart grid: An overview}, + year = {2013} +} + +@techreport{cenelec01, + author = {The CEN/CENELEC/ETSI Joint Working Group Standards Smart on for Grids}, + month = may, + organization = {CEN/CENELEC/ETSI}, + title = {Final report of the CEN/CENELEC/ETSI Joint Working Group on Standards for Smart Grids}, + year = {2011} +} + +@techreport{pariente01, + author = {Dillon Pariente and Emmanuel Ledinot}, + journal = {Formal Verification of Object-Oriented Software}, + pages = {205-219}, + publisher = {KIT University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association}, + title = {Formal verification of industrial C code using Frama-C: a case study}, + year = {2010} +} + +@inbook{rogers01, + author = {Graham Rogers}, + publisher = {Kluwer}, + title = {Power System Oscillations}, + year = {2000} +} + +@proceedings{grebe01, + author = {E. Grebe and J. Kabouris and S. L{\'o}pez Barba and W. Sattinger and W. Winter}, + doi = { 10.1109/PES.2010.5589932 {\textperiodcentered}}, + journaltitle = {IEEE PES General Meeting}, + month = aug, + publisher = {IEEE}, + title = {Low Frequency Oscillations in the Interconnected System of Continental Europe}, + year = {2010} +} + +@article{mcdaniel01, + author = {McDaniel Patrick and McLaughlin Stephen}, + journaltitle = {Secure Systems}, + month = may, + organization = {IEEE}, + title = {Security and Privacy Challenges in the Smart Grid}, + year = {2009} +} + +@article{schafer01, + author = {Benjamin Sch{\"a}fer and Moritz Matthiae and Marc Timme and Dirk Witthaut}, + doi = { doi:10.1088/1367-2630/17/1/015002 +}, + journaltitle = {New Journal of Physics}, + month = jan, + publisher = {IOP/DPG}, + title = {Decentral Smart Grid Control}, + volume = {17}, + year = {2015} +} + +@article{kosut01, + author = {Oliver Kosut and Liyan Jia and Robert J. Thomas and Lang Tong}, + journaltitle = {IEEE Transactions on Smart Grid}, + month = nov, + number = {4}, + pages = {645-658}, + publisher = {IEEE}, + title = {Malicious Data Attacks on the Smart Grid}, + volume = {2}, + year = {2011} +} + +@online{schneier01, + author = {Bruce Schneier}, + journaltitle = {Crypto-Gram May 15 2002}, + month = may, + publisher = {Counterplane Internet Security}, + title = {Secrecy, Security, and Obscurity}, + url = {https://www.schneier.com/crypto-gram/archives/2002/0515.html}, + year = {2002} +} + diff --git a/ma/safety_reset.tex b/ma/safety_reset.tex index 41b511b..dea5ceb 100644 --- a/ma/safety_reset.tex +++ b/ma/safety_reset.tex @@ -89,6 +89,14 @@ \subsubsection{Smart metering} +\section{Smart meter technology} +\subsubsection{Common components} + +Smart meters usually are built around a standard microcontroller. \label{sm-cpu} +\subsubsection{Cryptographic coprocessors} +\subsubsection{Physical structure} +\subsubsection{Physical installation} + \section{Regulatory frameworks around the world} \subsection{International standards} \subsection{Regulations in Europe} @@ -117,6 +125,22 @@ grid need to be built to a much higher standard of security than most consumer d well-funded attackers even decades down the road. This requirement intensifies the challenges of embedded security and distributed systems security among others that are inherent in any modern complex technological system. +A point we will not consider in much depth is theft of electricity. A large part of the motivation of the introduction +of smart meters seems to be % TODO weak statement +to reduce the level of fraud by consumers. Academic papers tend to either focus on other benefits such as generation +efficiency gains through better forecasting or try to rationalize the funamentally anti-consumer nature of smart +metering with strenuous claims of ``enormous social benefits''\cite{mcdaniel01}. We will entirely focus on grid +stability and discard electricity theft in the context of this paper for two reasons: One, billing inaccuracies of +electricity companies are of very low urgency compared to grid stability, and the one is a precondition for the other. +Two, utility companies can already put strong bounds on the amount of theft by simply cross-refrencing meter readings +against trusted readings from upstream sections of the grid. This capability works even without smart meters and only +gains speed from smart meters, just as the old exploit of bypassing the meter with a section of wire can't be prevented +like this. + +Due to these bounds on its volume, electricity theft using smart meter hacking would not scale. Hackers would simply be +rooted up one by one with no damage to consumers and very limmited damage to utility companies. Damage in these +scenarios would be a far cry from the efficiency of an exponentially growing botnet. + \subsection{Smart grid components as embedded devices} A fundamental challenge in smart grid implementations is the central role smart electricity meters play. Smart meters are used both for highly-granular load measurement and (in some countries) load switching\cite{zheng01}. @@ -128,8 +152,9 @@ against attacks and simplify updates. Combined with the small market sizes in sm \footnote{ Most vendors of smart electricity meters only serve a handful of markets. For the most part, smart meter development cost lies in the meter's software % TODO cite? - and most countries use their own home-grown standards, creating a large development burden for new market entrants - \cite{cenelec01}. + There exist multiple competing standards applicable to various parts of a smart electricity meter. In addition, + most countries have their own certification regimen\cite{cenelec01}. This complexity creates a large development + burden for new market entrants. } this produces a high cost pressure on the software development process for smart electricity meters. @@ -194,6 +219,12 @@ service attack. Thus, in addition to cryptographic security safety under DoS con continued system performance under attacks. This safety property is identical with the safety required to withstand random outages of components, such as communications link outages due to physical damage from storms, flooding etc. % FIXME cite papers on attack impact, on coutermeasures and on attack realization +In general, attacks at the meter level may be hard to weaponize % may be -> weak statement? +since meters are used mostly for billing and forecasting purposes % FIXME cite +and for more critical grid control purposes there exist several additional layers of sensors above smart meters that +limit how much an attacker can falsify smart meter readings without the manipulation being obvious. In order for an +attack to have more far-reaching consequences the attacker would need to compromise additional grid +infrastructure\cite{kim01,kosut01}. \subsubsection{Exploiting centralized control systems} The type of smart grid attack most often cited in popular discourse, and to the author's knowledge % FIXME verify, cite @@ -245,8 +276,8 @@ access to thousands of devices hidden inaccessible in private homes. By compromising smart electricity meters, an attacker can trivially forge the distributed energy measurements these devices perform. In a best-case scenario, this might only affect billing and lead to customers being under- or over-charged if the attack is not noticed in time. However, in a less ideal scenario the energy measurements taken by -these devices migth be used to inform the grid centralized control systems % FIXME cite (straightforward) -and a falsification of these measurements might lead to inefficiency or even instability. +these devices migth be used to inform the grid centralized control systems % FIXME cite +and a falsification of these measurements might lead to inefficiency. In some countries and for some customers, these smart meters have one additional function that is highly useful to an attacker: They contain high-current load switches to disconnect the entire household or business in case electricity @@ -266,9 +297,76 @@ that was mentioned above, this scenario poses a serious danger to grid stability \subsection{Practical attacks} \subsection{Practical threats} \subsection{Conclusion, or why we are doomed} +We can conclude that a compromise of a large number of smart electricity meters cannot be ruled out. The complexity of +network-connected smart meter firmware makes it exceedingly unlikely that it is in fact flawless. Large-scale +deployments of these devices under some circumstances such as where they are used with load disconnect relays make them +an attractive target for attackers interested in causing grid instability. The attacker model for these devices very +definitely includes enemy states, who have considerable resources at their disposal. + +For a reasonable guarantee that no large-scale compromises of hard- and software built today will happen over a span of +some decades, we would have to radically simplify its design and limit attack surface. Unfortunately, the complexity of +smart electricity meter implementations mostly stems from the large list of requirements these devices have to conform +with. Additionally, standards have already been written and changes that reduce scope or functionality have become +exceedingly unlikely at this point. + +A general observation with smart grid systems of any kind is that they comprise a zealous departure of the decentralized +control structure of yesterday's dumb grid and the advent of centralization at an enormous scale. This modern, +centralized infrastructure has been carefully designed to defend against malicious actors%FIXME cite +and all involved parties have an interest in keeping it secure. Still, like in any other system this centralization also +makes a very attractive target for attackers since an attacker can likewise employ this centralized control to their +goals. Fundamentally, decentralized systems tend to make attacks of any kind a lot more costly and one might question +whether security has truly been gained during smart grid rollout. % FIXME hot take maybe \chapter{Restoring endpoint safety in an age of smart devices} +If as layed out in the previous paragraph we cannot rule out a large-scale compromise of smart energy meters, we have to +rephrase our claim to security. If we cannot rule out exploitation, we have to limit its impact. If we assume that we +cannot strip any functionality from smart meters since it may be required by standards or for enormous social +benefits\cite{mcdaniel01} % FIXME is sarcasm ok here? +all we can do is to flush out an attacker once they are in. + +In a worst-case scenario an attacker would gain unconstrained code execution e.g. by exploiting a flaw in a network +protocol implentation. Since smart meters use standard microcontrollers that do not have advanced memory protection +functions (see pg. \ref{sm-cpu}), at this point we can assume the attacker has full control over the main +microcontroller. With this control they can actuate the load switch if present, transmit data through the device's +communication interfaces or use the user interface components such as LEDs and the LCD. Using the self-programming +capabilities of modern flash microcontrollers, an attacker may even gain persistency without much trouble. Note that in +systems separating cryptographic functions into some form of cryptographic module such as systems used in Germany + % TODO list other countries as well? FIXME cite BSI standard requiring this +we can be optimistic and assume the attacker has not in fact compromised this cryptographic co-processor yet and does +not have access to any cryptographic secrets yet. + +Given that the attacker has complete control over the meter's core microcontroller and given that due to cost +constraints we are bound to use whatever microcontroller the meter OEM has chosen for their design, we cannot rely on +software running on the core mircocontroller to restore system integrity. + +Our solution to this problem is to add another, very small microcontroller to the smart meter design. This +microcontroller will contain a small piece of software to receive cryptographically authenticated commands from utility +companies and on demand reset the meter's core microcontroller to a known-good state. We have to assume the code in the +core controller's flash memory has been compromised, so our only option to flush out an attacker is to re-program the +core microcontroller in its entirety. We propose using JTAG to re-program the core microcontroller + % TODO get terminology consistent. Is "core microcontroller" a good term here? +with a known-good firmware image read from a sufficiently large SPI flash connected to the reset controller. JTAG is +supported by most microcontrollers complex enough to end up in a smart meter design % TODO colloquialism +and given adequate documentation JTAG programming functionality can be ported to new microcontrollers with relatively +little work. + +On the microcontroller side our solution requires the JTAG interface to be activated (i.e. not fused-shut) and for our +solution to work core microcontroller firmware must not be able to permanently disable the JTAG interface from within. +In microcontrollers that do not yet provide this functionality this is a minor change that could be added to a custom +microcontroller variant at low cost. On most microcontrollers keeping JTAG open should not interfere with code readout +protection. Code secrecy should be of no concern\cite{schneier01} here but besides security manufacturers have strong +preferences about this due to fear of copyright infringement. + \section{The theory of endpoint safety} +In order to gain anything by adding our reset controller to the smart meter's already complex design we must satisfy two +conditions. +\begin{enumerate} +\item \textbf{security} means our reset controller itself does not have any exploitable flaws +\item \textbf{safety} menas our reset controller will perform its job as intended +\end{enumerate} + +% FIXME expand + \subsection{Attack characteristics} \subsection{Complex microcontroller firmware} \subsection{Modern microcontroller hardware} @@ -313,6 +411,21 @@ that was mentioned above, this scenario poses a serious danger to grid stability \section{Technical standardization} \section{Regulatory adoption} \section{Practical implementation} +\section{Zones of trust} +In our design, we opted for a safety reset controller + % FIXME is "safety reset" the proper name here? We need some sort of branding, but is this here really about "safety"? +in form of a separate micocontroller entirely separate from whatever application microcontroller the smart meter design +is already using. + +This design nicely separates the meter into an untrusted application (the core microcontroller) and the trusted reset +controller. Since the interface between the two is simple and logically one-way, it can be validated to a high standard +of security. + +Despite these security benefits, the cost of such a separate hardware device might prove high in a mass-market rollout. +In this case, one might attempt to integrate the reset controller into the core microcontroller in some way. Primarily, +there would be two ways to accomplish this. +% separate die/submodule +% trustzone \newpage \appendix -- cgit