Home » Inside SafeNet » U.K. Meter Fraud Further Supports the Need for a Secure PKI Smart Meter Infrastructure
U.K. Meter Fraud Further Supports the Need for a Secure PKI Smart Meter Infrastructure
March 7, 2011, 05:59 am EDT
The U.K.-based Sky News just released an investigative report uncovering an electricity key scam, netting criminals millions of pounds. Based on their report, 125,000 people purchased illegal “top-ups” for their meters from criminal enterprises. Last year, hackers cracked technology used for prepay electricity meters (pay-as-you-go systems) and were able to offer people a £50 credit. This has cost utility companies in the U.K. close to £10m in sales, which could rise to £30m after the impact of contacting customers and replacing meters.
The issue for utility companies then becomes how to secure their meters to avoid these types of hacks in the future. The solution is to implement a secure public key infrastructure into the meters that is protected by a hardware security module. The U.S. and U.K. are currently undergoing efforts to modernize their energy infrastructures, which includes the meters that have been largely unchanged for the past several decades. To secure these meters, avoid fraudulent alterations, and ensure consumer integrity, energy companies are turning to PKI—the recommended solution for protecting against data threats.
By implementing PKI into the meters themselves, the smart grid can be secure at the communication layer, creating a system that identifies connected meters as being authentic, verifies that the meters are configured correctly and haven’t been altered, and validates the meters for network access. PKIs are ideal for large-scale security deployments that require a high level of security with minimal impact on performance. In a PKI environment, it is essential that private keys and certificates are guarded with a reliable key management solution that protects against ever-evolving data threats. For this, utility companies have turned to hardware security modules (HSM) to safeguard the PKI in a hardened appliance. The HSM acts as a key vault—protecting the PKI itself, ensuring the meter readings are valid and from a trusted source. By combining a public key infrastructure with the trusted security of an HSM, utility companies can realize the following benefits:
- Device Attestation. Using device attestation certificates, the HSM confirms the device manufacturer, model, and serial number, and that the device has not been tampered. These certificates, coupled with the appropriate authentication protocol, can be used by the energy service provider to ensure that the device is exactly what it claims to be.
- PKI and EKM. HSMs provide significant cost savings, as HSM functionality (key generation/offline root/online root/key export) is made available with one device.
- Trust Anchor. A local policy database (LPD) is a set of rules that define how the device can use its certificate and what types of certificates it should accept when acting as a relying party. The LPD would be a signed object, signed and stored within the HSM.
- Transaction Processing of Usage and Billing to Customers. Provide a trusted path for energy usage for accurate and secure electronic billing.
- Remote Management of Meters. Securely update the metering settings, configuration, security credentials, and firmware of all devices in the AMI System.
Although this type of infrastructure may add to operational costs upfront, the payoff from eliminating future expenses due to hacks, such as occurred in the U.K., more than justifies the investment.This entry was posted in Authentication, Compliance, Digital Signatures, Endpoint Protection, Energy, Key Management, Manufacturing by Trisha Paine. Bookmark the permalink.
SafeNet October 6, 2011, 11:35 am UTC
SafeNet October 4, 2011, 03:03 pm UTC
SafeNet September 13, 2011, 04:40 pm UTC
SafeNet October 6, 2011, 11:35 am UTC