June 2008 |
[an error occurred while processing this directive] |
EMAIL INTERVIEW Jim Alfred & Ken Sinclair
Jim Alfred is the Director of Product Management for Certicom Corporation, the leading global provider of Elliptic Curve Cryptography (ECC). Jim has over 14 years of technical product development experience. jalfred@certicom.com
Why is security an important issue in smart metering?
Moving from automated meter reading to advance metering infrastructure, smart meters and Home Area Networks of smart energy devices create new security challenges for metering companies and consumers alike.
[an error occurred while processing this directive] |
Sinclair: Can you provide a brief company overview of Certicom?
Alfred: Certicom is a security technology company with over 20 years of experience creating innovative security solutions for resource constrained devices. Our core research focus has been on Elliptic Curve Cryptography (ECC), which provides the most security per bit of any known public-key scheme. In 2003, the US government licensed key patents from Certicom for protecting sensitive data and has since endorsed ECC as the replacement for RSA-based public key crypto schemes.
Sinclair: What is Certicom’s involvement with the ZigBee Alliance?
Alfred: Certicom has been involved in ZigBee since 2002, and was the security editor responsible for specifying both the symmetric and public key protocols used in the security architecture. The system was designed to take maximum advantage of the efficiencies of ECC for securing these battery-powered, resource-constrained devices and the bandwidth-constrained ZigBee network by using ECMQV, an authenticated key agreement scheme, and ECQV "implicit" digital certificates.
Sinclair: Why is security an important issue in smart metering?
Alfred: Moving from automated meter reading to advance metering infrastructure, smart meters and Home Area Networks of smart energy devices create new security challenges for metering companies and consumers alike. As meters and devices become actively managed, utilities will be able to send out remote disconnects or other critical management messages to end-points on the network, including devices in the home, such as power-hungry air conditioners. The open nature of these networks at the physical layer means the application layer security is critical. For instance, we don't want to see a bot propagating itself over the mesh network, inconveniencing consumers – or worse, destabilizing the grid – by sending bogus commands to meters or connected devices. Digital signatures and robust protocols are used to authenticate commands and prevent replay attacks in order to keep the network secure. At the same time, home energy devices and smart meters are going to be collecting and distributing more and more information on energy consumption throughout the home. That information needs to be kept private to keep consumers safe from burglars as well as data miners, so encryption comes into play. Of course, in a commercial building environment security issues are just as critical. Fortunately the same principles can be directly applied, with digital certificates providing a foundation layer of security for system management.
[an error occurred while processing this directive] Sinclair: What does a Device Certificate Authority do?
Alfred: A Device Certificate Authority issues authentic device identities, essentially device passports. Certicom is providing a Device Certificate Authority for ZigBee Smart Energy devices which is analogous to the system used to secure cable modems and customer premise equipment in the cable industry. We work with the ZigBee Alliance and its designated testing labs to ensure that vendors are building ZigBee Smart Energy certified devices. Devices without valid certificates aren't allowed on the network. Once admitted to the network, certificates and the associated keying material are used to secure communications and authenticate commands and responses using ECDSA digital signatures.
Sinclair: What other projects does Certicom have on the horizon with regard to smart metering?
Alfred: Certicom believes that smart meters and the smart grid are going to require a significant security upgrade to make fielded devices withstand the test of time. We are presently working on a system which can decrypt many millions of meter readings an hour, securely updating and managing device encryption and system keys. Our security appliances allow metering companies to meet their emerging security requirements with a turnkey system that is scalable and secure.
Given the critical infrastructure nature of the smart grid, we see a need to deploy higher levels of security in the transmission network, and thus believe SCADA devices and industrial sensor networks will be compelled to deploy a new security architecture based on ECC and security infrastructure similar to what we've fielded for ZigBee and our smart metering security appliances.
[an error occurred while processing this directive]
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]