Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
4.6 Port P5 4 PRACTICAL ANALYSIS<br />
Metering data SSL Password auth. Secure registration<br />
Oxxio Yes No No -<br />
Delta Yes No Yes -<br />
Nuon No No Yes No<br />
Essent No No Yes No<br />
Eneco No Yes Yes No<br />
4.6.4 Recommendations<br />
Table 15: Port P5 security measures<br />
Shoulder surfing Sniffing on (wireless) LAN<br />
Oxxio Possible Possible<br />
Delta Not feasible Possible<br />
Nuon Not feasible Possible<br />
Essent Not feasible Possible<br />
Eneco Not feasible Not feasible<br />
Table 16: Port P5 attack feasibility<br />
The privacy <strong>of</strong> the customer’s data has to be protected using strong SSL encryption for all HTTP<br />
data streams. This prevents sensitive data to be communicated in plain text through local (wireless)<br />
networks and the internet and could also be used the verify the identity <strong>of</strong> the website using<br />
a server certificate.<br />
Access credentials to the website should at a minimum consists <strong>of</strong> a username and password which<br />
could be only be obtained through a secure registration procedure that uses a out-<strong>of</strong>-band channel<br />
to communicate the users password to the customer.<br />
44