Wireless AMI Application and Security for Controlled Home Area ...

More documents

Recommendations

Info

2unavailable when the home electric system is faulted or open.Wireless enables communication between AMI and the outlet,even with a fault in the electric connection between them.Comparatively, options like Ethernet cabling have extensiveinfrastructure costs with little flexibility to reconfigure thenetwork architecture.A wireless-based home area network for AMI (WHAN-SM)has more security challenges than possibly any other solutiondue to the shared wireless medium. There have been visionarydocuments on smart grids that call for improved security [6],[7]. There are researchers who have specifically focused onsecurity and AMI and called for more work to be done inensuring a secure framework, with some actually proposingsuch a framework or architecture [8] – [13] on which to buildsolutions. Based on a survey of the literature and discussionswith engineers and experts, what has been lacking, however, isa concrete, low-level approach that looks at various possibleattacks to such a WHAN-SM.This work takes a comprehensive look at wireless securityin WHAN-SM. Furthermore, countermeasures are developedfor both the utility and the customer. A key aspect thatdifferentiates security in WHAN-SM from that inconventional HANs is that there are two different entitieswhose interests must be kept secure: (i) the utility company,who must be sure that no one, including the customer, cantamper with the measurement and control of appliances asagreed upon, and (ii) the customer, whose privacy must beguarded at all times when the AMI is collecting and relayingdata, and that personal appliance management preferences arehonored at all times. The traditional wireless local areanetwork security protocols are based on a single partyapplication. Very limited work has been done for wirelesslocal area network security solutions under the presence ofmore than one stakeholder. This work pays special attention topossible attacks and countermeasures needed with theexistence of these multiple parties.The paper is organized as follows. In Section II, a moredetailed description is given of the WHAN-SM scenario.Section III looks at relevant security objectives in WHAN-SMand discusses possible attacks. In Section IV, solutions to theidentified attacks are proposed. Concluding remarks withsome directions for future work are made in Section VI.II. HOME AREA NETWORK FOR AMISThe AMI will enable energy meters installed in all customerpremises to communicate with the utility operated controlcenter and with appliances installed in the premises, and tocontrol the appliances’’ operation. The future AMI will havethe ability to control how many appliances could operate at agiven time and thus implement demand-side management forthe utility. In such an application the utility control centerlooks at aggregate loads from all its customers at a given timeand then issues specific control instructions to the AMIs. It isenvisioned that in the future when a customer participates inAMI, the AMI would have control over some specific class ofappliances (typically the high-load appliances that thecustomer can operate with some tolerance in delay). It isexpected that with introduction of AMIs, time of the daytariffs will become more popular, allowing customers tobenefit from having appliances operate at times of lower tariff.If control is done manually consumers are less attentive tovarying tariffs and thus less likely to optimize the energy costby using appliances at off-peak times [14]. Any infrastructurethat allows reduced human intervention in energy costoptimization is of high interest.A. Role of CommunicationAMIs are expected to introduce two new categories ofcommunication. The first, already employed by many utilitiesin the U.S., is between the energy meter and the utility controlcenter. This facilitates observation of real-time powerconsumption and any abnormalities in the system, and allowsdemand-side management. If real-time pricing in introduced,this category of communication will enable the consumer totrack the current price. In addition to the ANSI C12.22standard [15], significant work has been done on ensuringsecure communication between the meter and the utility [16],[17]. Many utilities in the U.S. have implemented AMI thathave the capability of this level of communication [18]-[20].If the AMI is to allow load and cost management, a secondcategory of communication between the meter and the users’appliances is also necessary. One of the major concerns ofimplementing this category of communication is the questionof consumer privacy [3], [21]. Customers have concerns aboutthe utility knowing what electrical appliances they are using atany given time. Therefore, a separate layer of communication,limited to the customer facility, is required. Using thiscommunication layer, the AMI will communicate with andcontrol the customer’s appliances without sharing thisinformation with any other stakeholders.It should be noted that if the second layer of control isachieved by enabling demand-side management, thengreenhouse gas emissions can be also controlled as well.Utilities subject to existing and proposed state and federalemissions regulations could benefit greatly.Further, the introduction of electric vehicles (EV) is aserious concern for utilities. EV charging will be stochastic innature and a large increased load on the distributiontransformers. Therefore, EVs require higher level bidirectionalhigher end communication; some of theinformation about EV charging should be communicated tothe utility (e.g. time required for charging, availability, andcharge level of the battery). Therefore EVs should becategorized separately when the communication architecture isdeveloped. As this scenario is still only emerging, we do notaddress this appliance class in this work. This work focuses onthe network within the home and how AMI deals withappliance classified in groups 1, 2, and 3, as described inFigure 1.B. Communication Requirements in a WHAN-SMIt may not be economical to have equal communicationcapability for all components; for example, a light bulb needsonly minimal communication infrastructure whereas an airconditioner needs to communicate more information.
3Communication needs are used to divide components into thefour categories of Figure 1.Controlling small loads such as light bulbs, phone chargers,and laptop computers will significantly increase theinstallation cost and data traffic. Since control of these loadswill not change the total load profile significantly, these Group1 loads need to inform the control center only when they areconnected to and disconnected from the system. Group 2consists of large loads, such as stoves, that will not becontrolled because the consumer needs them to be available asneeded, not delayed to a later time. This type of applianceneeds minimal communication infrastructure, but will need tosend its power usage and expected duration of usage wheneverpossible.Group 3 loads are large loads, such as air conditioners andclothes washers and dryers, for which usage will be controlled.These loads will send a request through AMI and wait foracceptance before operating. They will need to send extensiveinformation such as expected load, expected duration of usage,and duration of availability. Therefore, they may send moredata packets than the other two types of loads. Furthermore,the acknowledgement from the AMI is essential for this typeof load as they wait to begin operation. The decision tooperate a component will depend on dynamic pricing andduration of availability. Depending on the customer’sagreement with the utility, they will likely be able to overridea delay in operation by paying a higher energy price.Group 4 loads, EVs, are new to the power grid. Since theseare very large and stochastic in nature, it is vital for the AMIto communicate in advance the time of charging of EVs and toplan the charging. Due to the extensive need forcommunication, these are categorized as separate loads. It isessential to build a communication architecture that canmanage this new load through timely and adequate control.C. Communication and Control Model in a WHAN-SMThere are two options for communications betweenappliances and the AMI. The first option is to make appliancessmart, whereby they will have the capability to communicatewith the AMI and make the decisions (when to switch on,when to switch off, etc.). The main disadvantage of thismethod is the lack of communication/processing capability incurrently manufactured appliances. The second option is tomake the power outlets smarter by connecting a transceiverwith processing capability. The work in this paper is based onthis second option because it can be implemented withexisting appliances. Migrating to the first option in the futureas smart functions are added to appliances will not change thecommunications security concerns, and will allow thoseappliances to be designed to a standard developedimmediately. Figure 2 shows two different models for theoutlet communication model.The first model (Figure 2a) is for controlled operation; thisis for appliances clustered in group 3, which need approvalfrom the AMI to operate. The consumer will connect theappliance to the power outlet and program the outlet with thefollowing information: required operation, availability, andpriority. This information will be communicated to the AMI,and, based on the system loading profile and the informationprovided by the consumer, AMI will allocate the time ofoperation of the appliance and send that information back tothe outlet transceiver. On the other hand, for the group 1 and 2appliances, which will not be controlled by the AMI, the onlyinformation the AMI needs is the type of appliance (whichcould be identified by location of the outlet). Figure 2b showsuncontrolled operation; once the consumer switches on theappliance, the outlet will share this information with the AMI.(a) Controlled Outlet(b) Uncontrolled OutletFigure 2: Communication and Control Enabled Power OutletsA downside to using wireless communication for theWHAN-SM scenario could be the data transfer rate, which canbe slower than wired solutions. However, a WHAN-SM isused more for control than as a high-speed access network,and thus, lower data rates are adequate. Current wirelesssolutions that are possible candidates for WHAN-SM are Wi-Fi, ZigBee, and Bluetooth, and their comparison can be foundin [22]. The ZigBee technology based on the IEEE 802.15.4standard [23] is considered a good solution for the WHAN-SM scenario as it has a communication range varying from10-100m, allows large-scale network configurations, and usesa low-power radio. The data rate capability for this technologyis a modest 250kbps, but is more than adequate for theWHAN-SM application scenario. As a result, ZigBee seems tobe the front runner in the race to be the wireless solution ofchoice. Thus, this work makes periodic references to thesecurity architecture in place for ZigBee; however, for themost part, a general wireless network is assumed that couldbe based on any of the above solutions. The work in [24]presents an integration point for different types of wirelessnetworks for HAN through unified metrics that could beutilized to implement any of the proposed general solutions.III. POSSIBLE SECURITY ATTACKSPossible security attacks in a wireless local area networkwere investigated and the possible attacks for a smart meterapplication are identified and presented in this section. Each ofthe attacks is illustrated in terms of a WHAN-SM. The twopartydynamics that exist in the WHAN-SM scenario andrelated challenges are also discussed. The security objectivesof the network and possible attacks it could face are definedlater in this work.A. Two Party DynamicsIn traditional home area-based networks the customer is theonly entity responsible for the operation of the network andacquiring benefits from the deployed applications. For
Page 4 and 5: 4example, consider the case of a ho
Page 6 and 7: 6communication in this step can use
Page 8: 8solutions to these attacks were de

Wireless AMI Application and Security for Controlled Home Area ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?