MeasurEGrid: Measurable security and privacy for services on the Smart Electricity Grid

IoT emerged with purely functional purposes providing sensing, connectivity and control features at a lower cost. There was little or no focus on security and privacy. However, increasing number cyber-attacks on IoT systems and wider adoption of IoT systems in critical infrastructures such as smart grids and privacy-sensitive domains such as smart homes, security and privacy have been a major concern. Lack of incentives and regulations to build secure IoT systems has been a major hindrance. Certification approaches such as Common Criteria (CC) does not fit the IoT context (lower cost and short life span) because of its higher cost and time-consuming nature. We proposed a notion of security classes to contribute towards the security evaluation and compliance towards a given class. We also demonstrated the applicability of our security classification methodology by performing a systematic assessment of security classes of a commercial Smart Home Energy Management System (SHEMS). To apply the methodology, we defined the security criteria for class evaluation of SHEMS. In our assessment, we first evaluated the security class of an existing SHEMS system with centralized architecture which resulted in a low and not acceptable class D system. Next, we proposed to reduce the connectivity of control mechanism by moving the control logic from the centralized backend towards the gateway resulting in the improved security class A. Majority of decisions in security classes are based on the knowledge and experience of security experts. However, such expert-based analysis is prone to bias and may require proper justification for each decision made, which our security classification method does not provide. In security analysis, uncertainty is inevitable. Thus, unless we quantify, how much confidence an expert has on a decision, security cannot be well-reflected. Therefore, we propose to provide the assurance of security classes by providing security arguments and properly structure the arguments to justify the results of the assessment. We also introduce the concept of belief and uncertainty to quantify the confidence in the decisions made during the analysis. We further investigate the aggregation mechanism to the class evaluation to the component level and argue that weighted mean approach for confidence aggregation mechanism may not be suitable for security because such approach cannot represent extreme low values and claim that multi-metric is better for such aggregation. In the security classification method, one should construct an argumentation model to ensure protection mechanisms, impacts, and connectivity. These parameters also have belief assignments that need to be aggregated to compute a final class and the confidence parameters. It is a highly manual process and constructing the argumentation model from the scratch Computing class of a system from scratch is highly manual and tedious. It involves identifying the protection mechanisms of the component to determine the protection level. It also involves identifying connectivity and compute exposure and security class using the lookup table. In addition, the belief and weight parameters should be assigned, and beliefs should be aggregated. It involves lots of manual work. Thus, to make the methodology usable, a tool to support the methodology is necessary. Therefore, we propose a web application that translates the security classification methodology to a tool. Using this tool, one can compute the security class of their system along with the confidence parameters. We investigate the usability aspect of the tool by involving real stakeholders (system designers, product owners) to apply the methodology into their IoT systems using the tool. Successfully applying the methodology to several real systems by the stakeholders shows the validity of our methodology. The evaluation shows that the concept of security classification is simple and is applicable in the several stages of the System Development Life Cycle (SDLC). Furthermore, we see the opportunity for our methodology to be extensively used in building secure system. Thus, future work involves the investigation towards integration of the security classification methodology with the system development life cycle, especially with DevSecOps cycle. This would, encourage a goal based secure system development and the possibility system security class being dynamic.

A main contribution of the project is proposing the security classification methodology (LightSC). In contrast to current approaches which are considered heavy-weight, the LightSC methodology is light-weight that can guide system engineers or designers to take cybersecurity decisions. The LightSC methodology is tailored towards non-security experts who can select appropriate connectivity and protection mechanisms in the design time. This reduces the cost of frequent patches and enhancement to fix the vulnerabilities. In the LightSC method, one can specify the belief and uncertainty (confidence parameter) in each claim based on the evidence available. Based on individual beliefs, the overall belief in the evaluation is calculated. Because our methodology aims to reduce the dependency of security, we see the opportunities for our methodology to be extensively used in secure system development, in particular in the devsecops cycle.

The Internet of Things (IoT) is the network of physical devices that embed sensors, electronics, software, and network connectivity that enables them to collect and exchange data about their operation and environment, and be remotely controlled. IoT supports emerging applications such as intelligent transportation, smart homes, smart cities, and smart power grids, where this project is placed. Data created by IoT-enabled devices in the home, at work, or while moving, generates however security and privacy challenges. These challenges are often related to physical access security, communication network security, and big data security. The privacy aspects are often of a totally new nature, especially in the smart grid. The proposed project will be central in the ongoing development of the envisaged Smart Grid Security Centre. This novel Centre is planned in conjunction with NCE Smart Energy Markets (an umbrella organization where eSmart Systems is also member) and Energy Informatics at UiO. The Centre will address the security, dependability, and privacy concerns and requirements of our clients and their customers. This industrial PhD project will investigate measurable security for a reliable and efficient, uninterrupted power network with dynamic configuration and security properties. It will address also business and end-user needs by exploring use cases for value-added IoT services.