Countries all over the world continue to increase investment in smart meters and smart grid markets, and look forward to improving the efficiency of grid systems, but they ignore the safety of transmission infrastructure. The current grid design is relatively weak in security and vulnerable. This article describes the concept of security over the life of the device—the ideal smart grid embedded device should ensure its security throughout its lifecycle, even back to contract vendors. In this article we will discuss how to secure the smart grid throughout its lifecycle and how to deal with potential threats.
For smart grids, the importance of security issues is increasing because of the increasing probability that the grid infrastructure is being attacked and the steady supply of electricity in each country is at risk of malicious attacks. IT security is especially important for this; many solutions support end-to-end communication data encryption, such as data concentrators, monitors, and data collector systems (SCADA). The focus on IT encryption measures is unquestionable because of the need to ensure the security of data transmitted "over the air." However, even with strong end-to-end encryption, the entire smart grid cannot be secured: because the embedded device itself is vulnerable.
Is encryption equal to security?
Although the encryption tool is very effective for privacy protection and authentication of data and commands, it must be noted that this is only part of the solution. The role of encryption is to prevent protected data from being decrypted or falsified during transmission or storage. Some people think that complex RF or power carrier communication relies on frequency modulation to fully guarantee data security. In fact, such protection can easily be broken. Assuming that the attacker can arbitrarily control the remote meter pull-and-close relay, the power company will need to invest a lot of resources to handle the fault. Power companies not only suffer economic losses, but also cause great troubles, posing a survival threat to places that must use air conditioners.
So how do you avoid such accidents? If both parties to the communication encrypt, decrypt, sign or verify the data on the communication line by key, data encryption from the embedded sensor to the control system is critical, and key protection for encryption is also more important. Once the key is stolen, the entire network is no longer secure. The embedded terminal of the smart grid needs a more complete security solution, which can learn from the security technology of the financial terminal, focuses on key protection, and adopts chip-level hardware and multiple protection measures against attack.
The focus of power supply protection cannot be limited to valid data and command verification for smart grids. The worm maker understands the effective means of attacking embedded infrastructure, which is not easily detected and causes serious damage to the system. The famous "zero-day attack" uses the way to eliminate or modify the system program, and the damage caused to the system is very hidden. Therefore, we should not only pay attention to the installation of equipment, but also pay attention to any vulnerable programming (such as production process).
What are the loopholes?
Achieving a safe and reliable design is not an easy task, requiring a lot of time and a deep understanding of security protection technologies. So, is this investment worth it? Let us first analyze a smart meter that is connected to the net. For example, an electric meter installed in our own home without protection measures is easy for outsiders to open such an electric meter. If the meter uses a general purpose MCU to handle communication and application functions, there is likely to be a programming port that an attacker can reprogram or read internally. With sufficient resources and time, some people can write a program with similar functions, but implant a virus that gets key data or falsifies the bill.
Even if the meter on the net has certain protection measures, it can prevent tampering to a certain extent. We can still find some vulnerable parts of the production process - the so-called "social engineering" provides an opportunity for attackers to invade IP and production processes. After spending thousands of dollars, it is possible for an attacker to acquire a program and, after a reverse engineering modification, implant a "new program" into the product. In addition, an attacker can sell your program to a competitor, causing huge losses.
How to ensure the safety of the equipment life cycle?
Strict product production processes should consider the security from design to production and the strategies for dealing with tampering. To ensure the safety of the life cycle, the following points need to be considered:
1. Make sure that the chips you get are from the original factory and purchase through formal channels to reduce the risk. Of course, you should also consider encryption technology. Security processors and smart grid products sold by Maxim can incorporate user keys or certificates to prevent others from unlocking and programming ICs.
2. Protect your IP. Signatures, program encryption, and secure loading from system processors to chip software decryption and authorization certification are provided at the factory production site. This type of encryption prevents programs from being cloned or cracked.
3. Only run the program you specified. Secure program loading uses digital signatures to verify the validity of the code and prevent unauthorized code from being loaded or run.
4. Reliable communication. Encrypt and sign new configurations, firmware updates, and instructions to verify the reliability of your data source.
5. Field protection key. Do not store the key in it, such as an external EEPROM. If your system uses a separate security processor and application processor, keep the key in a secure processor and do not send it out. In order to prevent an attacker from stealing keys from the communication data of the circuit board.
6. Key protection within the company. Engineers can use development keys to develop product security features, and product-level keys are signed by multiple people. Authorization can usually be done using a higher level security module.
7. Do not let go of every tiny vulnerability. If a system attacker steals important information from only one meter and invests a lot of time and money to research the information, it is hoped that the entire system will be attacked accordingly. An experienced attacker may open the IC package and look for important information from the MCU's memory. Therefore, it is necessary to use a unique key or asymmetric encryption (eg elliptical curve digital signature).
The current grid security measures leave a lot of room for attackers. In order for embedded devices to be secure throughout their lifecycle, we also need to strengthen the security design of the entire smart grid, which is discouraged by attackers.
Display Port Cable,Dp Cable,Dp To Hdmi Cable,Display Port
CHANGZHOU LESEN ELECTRONICS TECHNOLOGY CO.,LTD , https://www.china-lesencable.com