This page has moved to a new address.

Smart Grid Privacy, Authentication and Authorization

body { background:#aba; margin:0; padding:20px 10px; text-align:center; font:x-small/1.5em "Trebuchet MS",Verdana,Arial,Sans-serif; color:#333; font-size/* */:/**/small; font-size: /**/small; } /* Page Structure ----------------------------------------------- */ /* The images which help create rounded corners depend on the following widths and measurements. If you want to change these measurements, the images will also need to change. */ @media all { #content { width:740px; margin:0 auto; text-align:left; } #main { width:485px; float:left; background:#fff url("http://www.blogblog.com/rounders/corners_main_bot.gif") no-repeat left bottom; margin:15px 0 0; padding:0 0 10px; color:#000; font-size:97%; line-height:1.5em; } #main2 { float:left; width:100%; background:url("http://www.blogblog.com/rounders/corners_main_top.gif") no-repeat left top; padding:10px 0 0; } #main3 { background:url("http://www.blogblog.com/rounders/rails_main.gif") repeat-y; padding:0; } #sidebar { width:240px; float:right; margin:15px 0 0; font-size:97%; line-height:1.5em; } } @media handheld { #content { width:90%; } #main { width:100%; float:none; background:#fff; } #main2 { float:none; background:none; } #main3 { background:none; padding:0; } #sidebar { width:100%; float:none; } } /* Links ----------------------------------------------- */ a:link { color:#258; } a:visited { color:#666; } a:hover { color:#c63; } a img { border-width:0; } /* Blog Header ----------------------------------------------- */ @media all { #header { background:#456 url("http://www.blogblog.com/rounders/corners_cap_top.gif") no-repeat left top; margin:0 0 0; padding:8px 0 0; color:#fff; } #header div { background:url("http://www.blogblog.com/rounders/corners_cap_bot.gif") no-repeat left bottom; padding:0 15px 8px; } } @media handheld { #header { background:#456; } #header div { background:none; } } #blog-title { margin:0; padding:10px 30px 5px; font-size:200%; line-height:1.2em; } #blog-title a { text-decoration:none; color:#fff; } #description { margin:0; padding:5px 30px 10px; font-size:94%; line-height:1.5em; } /* Posts ----------------------------------------------- */ .date-header { margin:0 28px 0 43px; font-size:85%; line-height:2em; text-transform:uppercase; letter-spacing:.2em; color:#357; } .post { margin:.3em 0 25px; padding:0 13px; border:1px dotted #bbb; border-width:1px 0; } .post-title { margin:0; font-size:135%; line-height:1.5em; background:url("http://www.blogblog.com/rounders/icon_arrow.gif") no-repeat 10px .5em; display:block; border:1px dotted #bbb; border-width:0 1px 1px; padding:2px 14px 2px 29px; color:#333; } a.title-link, .post-title strong { text-decoration:none; display:block; } a.title-link:hover { background-color:#ded; color:#000; } .post-body { border:1px dotted #bbb; border-width:0 1px 1px; border-bottom-color:#fff; padding:10px 14px 1px 29px; } html>body .post-body { border-bottom-width:0; } .post p { margin:0 0 .75em; } p.post-footer { background:#ded; margin:0; padding:2px 14px 2px 29px; border:1px dotted #bbb; border-width:1px; border-bottom:1px solid #eee; font-size:100%; line-height:1.5em; color:#666; text-align:right; } html>body p.post-footer { border-bottom-color:transparent; } p.post-footer em { display:block; float:left; text-align:left; font-style:normal; } a.comment-link { /* IE5.0/Win doesn't apply padding to inline elements, so we hide these two declarations from it */ background/* */:/**/url("http://www.blogblog.com/rounders/icon_comment.gif") no-repeat 0 45%; padding-left:14px; } html>body a.comment-link { /* Respecified, for IE5/Mac's benefit */ background:url("http://www.blogblog.com/rounders/icon_comment.gif") no-repeat 0 45%; padding-left:14px; } .post img { margin:0 0 5px 0; padding:4px; border:1px solid #ccc; } blockquote { margin:.75em 0; border:1px dotted #ccc; border-width:1px 0; padding:5px 15px; color:#666; } .post blockquote p { margin:.5em 0; } /* Comments ----------------------------------------------- */ #comments { margin:-25px 13px 0; border:1px dotted #ccc; border-width:0 1px 1px; padding:20px 0 15px 0; } #comments h4 { margin:0 0 10px; padding:0 14px 2px 29px; border-bottom:1px dotted #ccc; font-size:120%; line-height:1.4em; color:#333; } #comments-block { margin:0 15px 0 9px; } .comment-data { background:url("http://www.blogblog.com/rounders/icon_comment.gif") no-repeat 2px .3em; margin:.5em 0; padding:0 0 0 20px; color:#666; } .comment-poster { font-weight:bold; } .comment-body { margin:0 0 1.25em; padding:0 0 0 20px; } .comment-body p { margin:0 0 .5em; } .comment-timestamp { margin:0 0 .5em; padding:0 0 .75em 20px; color:#666; } .comment-timestamp a:link { color:#666; } .deleted-comment { font-style:italic; color:gray; } .paging-control-container { float: right; margin: 0px 6px 0px 0px; font-size: 80%; } .unneeded-paging-control { visibility: hidden; } /* Profile ----------------------------------------------- */ @media all { #profile-container { background:#cdc url("http://www.blogblog.com/rounders/corners_prof_bot.gif") no-repeat left bottom; margin:0 0 15px; padding:0 0 10px; color:#345; } #profile-container h2 { background:url("http://www.blogblog.com/rounders/corners_prof_top.gif") no-repeat left top; padding:10px 15px .2em; margin:0; border-width:0; font-size:115%; line-height:1.5em; color:#234; } } @media handheld { #profile-container { background:#cdc; } #profile-container h2 { background:none; } } .profile-datablock { margin:0 15px .5em; border-top:1px dotted #aba; padding-top:8px; } .profile-img {display:inline;} .profile-img img { float:left; margin:0 10px 5px 0; border:4px solid #fff; } .profile-data strong { display:block; } #profile-container p { margin:0 15px .5em; } #profile-container .profile-textblock { clear:left; } #profile-container a { color:#258; } .profile-link a { background:url("http://www.blogblog.com/rounders/icon_profile.gif") no-repeat 0 .1em; padding-left:15px; font-weight:bold; } ul.profile-datablock { list-style-type:none; } /* Sidebar Boxes ----------------------------------------------- */ @media all { .box { background:#fff url("http://www.blogblog.com/rounders/corners_side_top.gif") no-repeat left top; margin:0 0 15px; padding:10px 0 0; color:#666; } .box2 { background:url("http://www.blogblog.com/rounders/corners_side_bot.gif") no-repeat left bottom; padding:0 13px 8px; } } @media handheld { .box { background:#fff; } .box2 { background:none; } } .sidebar-title { margin:0; padding:0 0 .2em; border-bottom:1px dotted #9b9; font-size:115%; line-height:1.5em; color:#333; } .box ul { margin:.5em 0 1.25em; padding:0 0px; list-style:none; } .box ul li { background:url("http://www.blogblog.com/rounders/icon_arrow_sm.gif") no-repeat 2px .25em; margin:0; padding:0 0 3px 16px; margin-bottom:3px; border-bottom:1px dotted #eee; line-height:1.4em; } .box p { margin:0 0 .6em; } /* Footer ----------------------------------------------- */ #footer { clear:both; margin:0; padding:15px 0 0; } @media all { #footer div { background:#456 url("http://www.blogblog.com/rounders/corners_cap_top.gif") no-repeat left top; padding:8px 0 0; color:#fff; } #footer div div { background:url("http://www.blogblog.com/rounders/corners_cap_bot.gif") no-repeat left bottom; padding:0 15px 8px; } } @media handheld { #footer div { background:#456; } #footer div div { background:none; } } #footer hr {display:none;} #footer p {margin:0;} #footer a {color:#fff;} /* Feeds ----------------------------------------------- */ #blogfeeds { } #postfeeds { padding:0 15px 0; }

Thursday, November 4, 2010

Smart Grid Privacy, Authentication and Authorization

This paper outlines my own personal views on the requirements for the home customer re privacy, authentication and authorization. 

It's meant to illustrate the complexities and to raise questions in utility management, public regulators and utility customer minds about how customer privacy, authentication and authorization will be accomplished.

Privacy - Types of Data

In the future there are several types of utility customer data that privacy is applicable to:

Customer account information - e.g. address, credit card information, billing informationCustomer account energy consumption - e.g. hourly, daily, weekly, monthly and yearly total home energy consumption informationHome energy consumption - e.g. appliances, gadgets, air conditioners, heaters, lights, etc.Electric vehicle consumption

Parties Involved

There are several parties who may want to access such information including:

Account owner - e.g. the home owner who is paying the billsUtility companyEnergy brokersDelegated identities - e.g. a caregiver for an elderly person or family membersOther third parties - e.g.  Electric car manufacturers, energy companies, battery manufacturers, hot water and air conditioning vendors, lighting vendors, etc.

Good and Bad

Smart grid means that the data becomes:

"atomized"- i.e. more fine grained (second and hourly data) "personalized" - able to tell more exactly what goes on in every room in the home Commercially valuable to other parties than just the customer and the utility - e.g. energy brokers, hot water and air conditioning vendors, vehicle energy companies, etc.

From the home owner's perspective, this is good and potentially bad.  It's good because the home owner can take advantage of a number of new services from the utility and other parties that will potentially lower their energy bills and manage their home energy.

It's potentially bad because the lifestyle of the homeowner can be deduced from the more atomic and personalized data.  Further, this data can be quickly moved around to third parties, government agencies, etc without the home owner knowing about it and giving their consent.

Data Storage

The data itself may be stored on a temporary or permanent basis in the following locations:

Home Energy controllers of the futureHome area networkHome data storesUtility Operational data storesData warehousesCustomer billing applicationsCustomer relationship marketing systemsCustomer portalsOther applications in SCADA and CorporateThird Parties Government agencies

Data Movement

The data also has movement.  For example, the home data may go from the home to the utility to an energy broker and potentially beyond.

Data Expiry

Finally, the data also has potential expiry dates associated with it.  For example, the home account owner may grant a third party or utility access to a particular piece or set of data for limited time duration only.

Implications

The implications of the above are significant for each of the parties:

Home Account OwnerWith the Utility

The home account owner will want to ensure that that their permission is given for the utility to:

Use their customer account, account energy and home energy data internally or not approve the use of the dataApprove the use by the utility of sharing or releasing any data with any third partyApprove any delegated access to their account, account energy or home energy data Specify the time limit of the data that will be stored within the utility or shared by the utility with any third party

With Third Parties

The home account owner will want to ensure that that their permission is given for the third party to:

To approve the use of their data with third parties as well as specifying the time limit of the data

Utility

The utility:

Must ensure that there is a fine grained control of data content with appropriate controls to ensure who can view the data regardless of where it is stored in the different utility applications and data storesDesign the systems such that permission is given by the customer before the utility shares the data with third partiesBe able to terminate access to data based on time limits the customer setsHave some kind of chain of custody of data such that if any litigation occurs the utility can prove that they protected the data appropriately within their enterprise and how they passed the data to third parties

Third Parties

Third parties will:

Ensure that there is a fine grained control of data content with appropriate controls to ensure who can view the data regardless of where it is stored in the their customer applications and data storesEnsure that customer permission is given before taking in customer dataBe able to terminate access to data based on time limits the customer sets

Technological Requirements

The privacy technological requirements for all the above are having good identity management, fine grained content management and digital privacy rights infrastructure in place by the utility and third parties. 

I also believe that the best way to handle the content is to have XML schemas that the utility and third party industry agrees to, defining each data element.

This way the data that is being passed around can be easily interpreted by different applications regardless of how they store and label the content internally. 

It will also aid content management and privacy rights applications in the future apply and enforce security policies for data that is coming from another party.

For customers, it means that if they have their own energy data stores within their home, they need to grant access to the data to specified parties and be able to specify time limits on the data once it's left their data stores.

Authentication and Authorization

Assuming the privacy infrastructure is in place, let's now discuss the authentication and authorization requirements to the home. Many utilities are currently deploying smart meters in the homes. 

One of the main drivers of this is time of use billing being implemented resulting in customer bills that are climbing. Customers are not happy with this. 

As a result, many utilities are currently buying and deploying customer portals that offer their customers the ability to manage their home energy consumption as a way to lower their total monthly bill.

One of the unsaid effects of deploying this software is that the utility's applications need to talk to the home on a frequent basis whenever any "energy event" in the home occurs.  This could be every few minutes or a longer period of time.

Most of the current deployments set a uid (uniform identification) and password in place allowing the application to log on to the local data store in the home. 

I believe that this approach is not secure from the customer's perspective since passwords are easily obtainable through a variety of different methods. 

I also believe that over the next several years, privacy litigation against utilities will force the utility to adopt a more rigorous method of authenticating to the home.

I think that the answer is to deploy web services to the home using a digital certificate that the home owner grants the utility as well as the utility granting a digital certificate to the home owner. 

These "tokens" provide a higher strength of authentication to automated or semi-automated interactions between the home owner's applications and data stores and the utility's applications.

There is a hidden cost in deploying a public key infrastructure (PKI) to achieve this. The utility must now manage digital certificates. This means that certificates must be issued, revoked and renewed. 

The utility will also use PKI to interface with third parties for authentication who are accessing the customer data via the utility since many of these interactions will be done via a web service automatically in the future.

Further, the average home owner won't know what these digital certificate tokens are.  I predict that enterprises like Cisco, who own companies like Linksys, providing wireless routers to the home, will become the main technological interface to the home energy controller in the future.

The wireless router software will integrate with the home portal management software.  The software will ask the customer if they wish to grant the utility access to their data.  When the customer responds affirmatively, the software will generate a home digital certificate and grant this to the utility. 

Further, the router software will then generate a new digital certificate with the customer's permission when the digital certificate expires.  This then removes the customer's potential confusion over digital certificate management. Finally the router will take the utility's digital certificate and store it securely on the router.

Now let's consider the customer logging on to the utility customer billing and portal applications to set who in their family has rights to change smart grid program settings with the utility, etc.  There is significant customer ease of use considerations to consider.

First the utility must be able to offer different access rights to different home members.  The utility's application software must be able to offer fine grained authorization rights to different family members allowing this to happen. 

Secondly, the utility must also have a way to accept delegation of account management and data access to the customer.  For example, this will enable elderly customers to delegate the management of their accounts as well as offer different smart grid home energy settings to other family members.

This is good and potentially bad for a utility.  In offering more services to their customers, there is now the need to grant authentication and authorization rights for many different parties than they do today.  Using uids and passwords will not work with larger utilities since many people forget their passwords and there is an associated password management cost.

A better way for the utility to manage this mid-term is to use voice authentication to log on to the utility systems.  The home owner would use their voice and wouldn't have to remember their uid and password to log on. 

It also easily enables different family members to log on using their voice and then have the utility's identity management infrastructure apply different authorization rights to the party.

One thing the utility might consider is for any changes to the home owner account settings, where the risk is higher to the customer and the utility, the customer might be required to also provide a password in addition to their voice. 

However, for regular home energy management functions, where the risk is lower, voice authentication is sufficient.

Summary

There are many hidden management costs in deploying smart grid services to the home.  I believe that future litigation and regulation will force the utilities to deploy an extensive identity management, content management, privacy rights and public key infrastructure (PKI). Voice authentication should be offered as part of an identity management deployment.

If you agree with me, then now is the time to begin laying in place the budgets, project teams and infrastructure while most utilities are in the smart grid planning stages.  This infrastructure normally takes one to three years to properly plan, deploy and maintain.  Further, it is more complicated than it sounds.  Why?

The identity management, content management and digital rights infrastructure touches many different applications and infrastructure within the utility.  It therefore is much more than buying some software and placing it on a highly available server infrastructure. 

It often requires re-engineering of applications which takes time, money, resources and excellent testing before moving into production. Management should take note of this.

The utilities should band together and create an XML schema for smart grid data.  This will allow for easier, lower cost data management between the utility and third parties as well as provide for better and more seamless content management enforcement of the data.

About the Author

Guy Huntington is a learned and burned identity management and security consultant.  He has led a utility identity management program, participated in a utility security assessment, integrated physical and logical security and rescued several large Fortune 500 identity projects.  His white papers can be read at http://www.authenticationworld.com/papers.html.  He can be reached at guy@hvl.net or 1-604-861-6804.

Note: the views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Infosec Island reserves the right to remove or edit the content of all material submitted by our members.

View the original article here

Labels: , , , , ,

0 Comments:

Post a Comment

Feel Free to Leave Your Comments/Thoughts Below

<< Home