08311466
08311466
08311466
…
SAS Data Collectors power consumption from a smart meter. First of all, the
Windows 7 SX1272+RaspberryPi Optical RS485
SAS needs to establish a connection (Message 1 and 2) and
authenticate to the smart meter (Message 3 and 4). Smart
Figure 1. System overview meters are provisioned with a secret key when they are de-
ployed. Anyone without the secret key cannot access the
smart meter. After successful connection and authentica-
tion, the SAS then can issue the reading commands (Mes-
3.2. System Overview sage 5 and 6). Finally, the connection is closed (Message 7
and 8).
Our system aims to enable remote metering in a secure To explain the data transmission among SAS, data col-
and cost-efficient way by adopting LoRa technology and lector, LoRa component, and smart meter, we take estab-
key management protocol. There are three entities involved lishing connection as an example, which is shown in the left
in this system, i.e., the SAS, the data collector and the smart part of Figure 2. The SAS requests to connect to the meter
meter. There can be more than one SAS in smart girds. through the data collector which is indexed by IP addresses.
Each SAS can support a number of data collectors which Upon receiving the request, the data collector reaches out
can further support a number of smart meters. For illustra- to the LoRa component attached to the target meter to issue
tion purpose, we use the case of one SAS, one data collector, the connection command. The LoRa component is assigned
and one smart meter to explain our design. a node ID for index. The corresponding LoRa component
forwards the connection command to the smart meter and
The system overview is shown in Figure 1. Each smart
waits for the response. As soon as the LoRa component re-
meter is equipped with a LoRa component which is respon-
ceives the response from the smart meter, it sends back the
sible for reading the corresponding smart meter and sending
response to the data collector which then feeds the response
out the reading upon requests. Physically, the LoRa compo-
to the SAS. It works in a similar manner for other messages
nent should be integrated to the existing meter so that it is
pairs. Messages with odd IDs are sent from the SAS to the
well protected instead of being exposed outside the smart
smart meter, while messages with even IDs are responded
meter box. Through the LoRa component, the data collec-
reversely.
tor can communicate with the smart meter using wireless
A counter field is included in each message to prevent
LoRa technology. The data collector and the smart meter
replay attacks. Communication counterparts store a counter
can be located at different places with a distance. The dis-
and maintain its increment. Each time an entity receives a
tance between them, i.e., the distance supported by LoRa
message, it compares the received counter with the stored
technology, can be up to 22 kilometers depending on the
counter. Any situation that a received counter is less than
environment. Meanwhile, the data collector is connected to
the stored value means a possible replay attack.
SAS via Ethernet.
We use symmetric keys to protect data transmitted from
To secure the transmission of meter readings, we use the SAS to the LoRa component. Each LoRa component
symmetric cryptography to protect the communication be- attached to a smart meter shares a secret symmetric key
tween the SAS and the meter. Each pair of communication with the SAS. By encrypting data using symmetric keys,
counterparts shares a unique secret key. The meter read- we avoid any plain text from being transmitted over the air
ing is encrypted with the secret key before being sent out. or cable to prevent the data from being sniffed or altered.
In order to maintain a long-term security, we introduce the However, it is not recommended to use fixed keys for a very
KMS (Key Management Server) to manage keys used in the long time that smart meters usually serve. To solve such
system. An automated periodical key update is feasible us- problem, we propose a key management protocol to update
ing our KMS. The management domain of KMS is limited the keys periodically.
within a single layer, i.e., managing the keys between one
3.4. Key Management Protocol
SAS and the meters under its supply. Therefore, there can
be multiple KMS systems. In addition, the KMS is a con- As shown in Figure 3, we take two layers of the smart
ceptual server which can be deployed on a separate server grids topology for illustration. There is a secret key sharing
or integrated to SAS. We detail each component in the fol- between each pair of communication counterparts so that
lowing subsections. any intruder without knowing the key cannot tamper with
Ethernet LoRa Optical 1. Connection request
SAS Data Collector LoRa Component RS485 Smart Meter
2. Connection confirmation
1 3. Authentication request
1 4. Authentication result
1
2 5. Send reading command
2 6. Response to reading command
2
7. Disconnection request
8. Disconnection confirmation
…
KSN
initialization command and a random nonce n0 , encrypted
KSA KA KSN with Kp (m1 in Figure 4).
KB
…
…
Key Initialization
Pre-installed Kp
Calculate K0 according to Ki = H(Ki+1) m1 = ܧ (“init” + K0 + n0)
K0 = ܦ (m1) - “init” - n0
Decrypt n0’ from m2 m2 = ܧ బ (“ack” + n1 + n0 )
If n0’ == n0, store K0, set expiry time,
set i = 0, clean data m3 = ܧ బ (“ack” + n2 + n1) Decrypt n1’ from m3,
If n1’ == n1, store K0, clean data
Ethernet
LoRa Data
Power Meter Gas Supplier
Collector
SAS Data Collector LoRa Component Smart Meter Gas Meter
Power Supplier
T1
Figure 7. Integrated utility meter reading infrastructure.
T2
T3
system can satisfy the requirement of the real-world usage
Figure 6. Illustration for test time costs. well.
6. Discussion
ters. We set it to mode 4 (whose predefined parameters are
shown in Table 1) reflecting a moderate transmission rate. 6.1. Generalized Utility Metering
We implement our system in C++. 128-bit AES-CBC is Our solution can be applied to other utility metering sce-
used as the encryption algorithm. There are 303, 177, and narios sharing similar infrastructure networks, such as water
268 lines of code added to the SAS, the data collector, and metering and gas metering. However, the challenge is that
the LoRa component for the smart meter, respectively. The different from power meters, water meters and gas meters
LoRa components communicate in a way that every packet are not powered. Taking the limited battery into consider-
is expected an acknowledge before timeout. ation, we propose an overall metering infrastructure based
on our metering solution.
5.2. Performance The power meter which is usually connected to electric-
We evaluate the performance of the system by measuring ity supply works as a relay for other meters powered by bat-
the inquiry time of import active energy which is used for tery, as shown in Figure 7. The data collector here is shared
billing. In order to accurately measure the time cost based by various utility suppliers. As the data collector is not in-
on a synchronized clock, we measure the time cost at each volved in any data processing and does not possess any se-
entity separately. As shown in Figure 6, we measure T1, T2, cret key, a shared data collector would not affect the overall
and T3 from the SAS, the data collector and the LoRa com- security. The reading request for all types of meters is sent
ponent attached to the smart meter, respectively. The time from the data collector to the smart power meter via LoRa.
costs are measured starting from the time when a message If the request is to read the power meter, the power meter
reaches the entity till the time after the message leaves. T1 replies as requested. If the request is for other meter read-
represents the time of a single round of query and response. ing, the power meter forwards the request to corresponding
Similarly, T2 and T3 represent the time that a single round meters. It follows the same routine when the response is
of query and response takes between data collector/LoRa back. The key management protocol can also work as stated
component and the smart meter, respectively. T1, T2, and in Section 3.4 with the existence of the power meter relay.
T3 are measured based on the transmission of the same mes- On one hand, it is common for a household to have gas,
sage. The experiment results are shown in Table 2. Multiple water, and power supplies. It is environment-friendly to
experiments demonstrate a steady time cost. It takes about share metering infrastructures which are with similar net-
5.3 seconds for the SAS to issue a reading command and work topology. On the other hand, the meters powered by
obtain the response. The time cost over the LoRa (T2-T3) battery can save battery by communicating with the power
is about 2.0 seconds including both request and response. meter which is geographically located nearby and avoiding
The communication load in smart metering is light accord- direct distant communication with the data collector.
ing to the statistic data that each smart meter only sends 48
6.2. Key Updating Failure
messages per day and 12 bytes per message [3]. In the real-
world scenario, the metering frequency is normally once ev- Although the attacker cannot obtain the plain message
ery month for electricity billing purpose and 30 or 60 min- because (s)he does not own the shared secret key, intercep-
utes for the power demand forecasting task. Based on our tion may cause loss of messages, while alteration may cause
experiment results in Table 2, one SAS can support more decryption errors. Therefore, consistent key updating fail-
than 300,000 such queries in 30 minutes. Therefore, our ures which can be caused by various reasons may require
human on-site inspections. To avoid intentionally thwart- Acknowledgement
ing key update which may lead to human resource waste,
we suggest that the update time should be random even the This research is supported by the National Research
periodical update interval is averagely fixed. Foundation, Prime Minister’s Office, Singapore under the
Energy Programme and administrated by the Energy Mar-
ket Authority (EP Award No. NRF2014EWT-EIRP002-
6.3. Comparison with Existing Key Management 040). We appreciate William Tan, Shaoshen Zhao, and
Protocols Haoyun You from Mirai for their domain knowledge guide-
lines.
We compare our work with some recent key management
protocols[20, 14, 19, 15, 18].
References
The management hierarchy is compatible across the
schemes, although different communication requirements [1] Lora. http://www.semtech.com/wireless-rf/
internet-of-things/what-is-lora/.
are considered. Long et al. [15], Uludag et al. [18], and
our paper account for the role of the central server, while [2] Semtech announces the industry’s first single chip hybrid plc
and lora wireless platform for smart grid, smart metering and
the rest consider only localized communication following
iot applications. http://investors.semtech.co
typical grid operations. Uludag et al. [18] provide security m/releasedetail.cfm?ReleaseID=968700.
between control center to end device at the cost of managing [3] Smart metering: Lorawan vs. sigfox vs. weightless-p.
extra secret keys, and Long et al. [15] simply route commu- https://iot-daily.com/2016/12/09/which-l
nication between the control center and end device through pwan-technology-is-most-suitable-for-s
the SAS. Our key management works in a single-layer way. mart-metering/.
It involves entities in single hierarchy layer instead of mul- [4] Waspmote sx1272 networking guide. http:
tiple layers, which divides the responsibility for central and //www.libelium.com/downloads/documen
local KMS clearly. tation/waspmote_lora_868mhz_915mhz_s
In terms of key scheme, SKM [19] and Uludag’s x1272_networking_guide.pdf.
scheme [18] both involve PKI which is used in combina- [5] M. Badra and S. Zeadally. Key management solutions in the
smart grid environment. In Wireless and Mobile Networking
tion with the symmetric key scheme. Uludag et al. [18] use
Conference (WMNC), 2013 6th Joint IFIP, pages 1–7. IEEE,
the node public/private key to authenticate the exchange of
2013.
pairwise symmetric keys, which is equivalent to the pair-
[6] C. Beaver, D. Gallup, W. Neumann, and M. Torgerson. Key
wise secret key in our scheme. In our scheme, the authen- management for scada. Cryptog. Information Sys. Security
tication is not provided by the costly PKI, but through the Dept., Sandia Nat. Labs, Tech. Rep. SAND2001-3252, 2002.
very first offline initialization. [7] R. Dawson, C. Boyd, E. Dawson, and J. M. G. Nieto. Skma:
Our scheme uses the pairwise, short-lived secret key di- a key management architecture for scada systems. In Pro-
rectly to secure communications for minimum overhead, ceedings of the 2006 Australasian workshops on Grid com-
while other schemes derive single-use keys from the node puting and e-research-Volume 54, pages 183–192. Australian
key or the channel key in the case of Uludag’s [18]. No- Computer Society, Inc., 2006.
tably, many schemes do not consider the periodical key up- [8] F. F. Demertzis, G. Karopoulos, C. Xenakis, and A. Colar-
date. The schemes that do (hash-update [20, 14]) use hash ieti. Self-organised key management for the smart grid. In
International Conference on Ad-Hoc Networks and Wireless,
chain, deriving the new key by applying hash function on
pages 303–316. Springer, 2015.
the current key in order to provide key independence. In
[9] X. Dong, S. Jauhar, and B. Chen. Swapguard: A software-
contrast, our scheme uses the reverse hash chain to prevent only solution for attesting hot-swappable devices in power
inference of future keys. grids. In Smart Grid Communications (SmartGridComm),
2016 IEEE International Conference on, pages 357–363.
IEEE, 2016.
7. Conclusion [10] S. Fuloria, R. Anderson, F. Alvarez, and K. McGrath. Key
management for substations: Symmetric keys, public keys
This paper proposes and implements a secure and cost- or no keys? In Power Systems Conference and Exposition
efficient smart metering solution, i.e., secure smart metering (PSCE), 2011 IEEE/PES, pages 1–6. IEEE, 2011.
infrastructure based on LoRa technology. Moreover, a key [11] S. Galli, A. Scaglione, and Z. Wang. For the grid and through
management protocol with self-verification and future key the grid: The role of power line communications in the smart
secrecy is designed to work with the proposed infrastructure grid. Proceedings of the IEEE, 99(6):998–1027, 2011.
to maintain a long-term security by updating keys periodi- [12] E. Hayden. There is no smart in smart grid without secure
cally. The evaluation also demonstrates the practicability of and reliable communications. Energy & Utilities, white pa-
the proposed solution in real-world scenarios. per, 2010.
[13] L. Lamport. Password authentication with insecure com- sensor network. Technical report, US Patent 2010293379,
munication. Communications of the ACM, 24(11):770–772, 2010.
1981.
[14] N. Liu, J. Chen, L. Zhu, J. Zhang, and Y. He. A key manage- [18] S. Uludag, K.-S. Lui, W. Ren, and K. Nahrstedt. Secure and
ment scheme for secure communications of advanced me- scalable data collection with time minimization in the smart
tering infrastructure in smart grid. IEEE Transactions on grid. IEEE Transactions on Smart Grid, 7(1):43–54, 2016.
Industrial Electronics, 60(10):4746–4756, 2013.
[19] Z. Wan, G. Wang, Y. Yang, and S. Shi. Skm: Scalable
[15] X. Long, D. Tipper, and Y. Qian. An advanced key man- key management for advanced metering infrastructure in
agement scheme for secure smart grid communications. In smart grids. IEEE Transactions on Industrial Electronics,
Smart Grid Communications (SmartGridComm), 2013 IEEE 61(12):7055–7066, 2014.
International Conference on, pages 504–509. IEEE, 2013.
[16] P. Mlynek, J. Misurec, Z. Kolka, J. Slacik, and R. Fujdiak. [20] K. Yu, M. Arifuzzaman, Z. Wen, D. Zhang, and T. Sato. A
Narrowband power line communication for smart metering key management scheme for secure communications of in-
and street lighting control. IFAC-PapersOnLine, 48(4):215– formation centric advanced metering infrastructure in smart
219, 2015. grid. IEEE transactions on instrumentation and measure-
[17] X. Nie. A method for secure data transmission in wireless ment, 64(8):2072–2085, 2015.