Smart Charging of Electric Vehicles Balancing privacy, security and functionality in public Smart Charging of EVs infrastructures = + ++ ? Carlos Montes.

Slides:

Advertisements

Similar presentations

1 Landis+Gyr Confidential Analyst Presentation November 2008`1 Confidential Company Overview & Update DRAFT November 2008 Cyber-Security & Interoperability.

Advertisements

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.

Impact of Smart Grid, ICT on Environment and Climate Change David Su Advanced Network Technologies National Institute of Standards and Technology ITU Symposium.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Prompts Consider the following questions as you build this slide:

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

Securing Vehicular Communications Author ： Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From ： IEEE Wireless Communications Magazine, Special.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

<<Date>><<SDLC Phase>>

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

EStorage First Annual Workshop Arnhem, NL 30, Oct Olivier Teller.

Information Security Policies Larry Conrad September 29, 2009.

Security Controls – What Works

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

FIT3105 Smart card based authentication and identity management Lecture 4.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

The Role of Security & Privacy in EA Program

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Smart Grid Standards Bill Moroney President & Chief Executive Utilities Telecom Council.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

IOT5_ GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Privacy Requirements of User Data in Smart Grids Jaydip Sen Tata Consultancy Services Ltd.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Lessons Learned in Smart Grid Cyber Security

Vehicle-Grid Integration (VGI) © 2011San Diego Gas & Electric Company. All copyright and trademark rights reserved.

Envisioned Role for NTI Concerning ITS Deployment in Egypt by Dr. Mahmoud EL-HADIDI Professor of Telecommunications at Cairo U & Consultant at NTI 3 rd.

Applying FI-WARE Generic Enablers to Smart Grid Management: Electric Car Charging Scenario Dr. Steven Davy Mobile, Middleware, TSSG Mas2tering.

Smart Grid Security Challenges Ahmad Alqasim 1. Agenda Problem Statement Power system vs. smart grid Background Information Focus Point Privacy Attack.

Computer Science and Engineering 1 Cloud ComputingSecurity.

GB Electricity Market Reform: The implementation challenges ahead IAEE International Conference Stockholm, June 20 – Dorcas Batstone

Key Bank - Enterprise Architecture Group 1 Mobile financial services “Barriers To Adoption” Sustainable Computing Consortium April 1 st, 2003 Andrew J.

Cyber Authentication Renewal Project Executive Overview June – minute Brief.

Croatia – Denmark – Norway (transnational) Vision Project elements and key concepts Project summary The vision of the Flexible Electric Vehicle Charging.

@Yuan Xue CS 285 Network Security Fall 2008.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© Synergetics Portfolio Security Aspecten.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Charging Electric Vehicles in a Liberalized Electricity Market Danny Geldtmeijer MSc Netbeheer Nederland / Enexis.

Society of Local Council Clerks Northampton, 21 June 2012 Sylvia Brown Chief Executive, ACRE Localism Act – local impact.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.

Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,

Network Reliability and Interoperability Council VII NRIC Council Meeting Focus Group 1B Network Architectures for Emergency Communications in 2010 September.

IS3220 Information Technology Infrastructure Security

Extensions to the Internet Threat Model

1 On 3GPP2 Femto Security Anand Palanigounder Qualcomm Inc. Notice: Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

Scott Musgrove Senior Business Systems Analyst Water Corporation of Western Australia Developing for an Evolving Mobility Landscape: How Do You Hit a Moving.

OUTCOMES OBJECTIVES FUNCTIONS ACTIONS TERRITORIES LOCATIONS MARKET SEGMENTS TIME LINESCHALLENGE IMPACT RESOURCESACTIVITIESCHANNELS RELATIONS PARTNERS CUSTOMERS.

Smart Grid & Electric Vehicle in Computer Scientist’s Perspective by Minho Shin, Myongji University.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Key management issues in PGP

Smart Grid Paul Bircham Commercial Strategy & Support Director.

Presented by Edith Ngai MPhil Term 3 Presentation

Phil Hunt, Hannes Tschofenig

Challenges facing Enterprise Mobility

Engaging Energy Consumers Energy Action, Fuel Poverty & Climate Action Conference - March 2017 Aoife MacEvilly Commissioner for Energy Regulation Regulating.

12th IEEE PES PowerTech Conference

Open Smart Charging Protocol

Computer Science and Engineering

Presentation transcript:

Smart Charging of Electric Vehicles Balancing privacy, security and functionality in public Smart Charging of EVs infrastructures = + ++ ? Carlos Montes Portela IT (privacy and security) Architect Enexis – Asset Management Innovation ElaadNL – Innovation and Development OCA Conference – 18th of November 2014

Contents  What is Smart Charging all about?  Why do privacy and security (P&S) matter in this context?  How can we approach P&S without loosing focus on functionality?  What measures can we take for a sufficiently secured charging infrastructure?  How and when do we start implementing these measures?

It’s about flexibility…

Who will have most benefits from Smart Charging? A – Charge Spot Operator C – E-mobility service providers B - Driver D - ‘Green’ producer

A time 8AM 6PM 200A Challenges and opportunities for the DSO

A time 8AM 6PM 200A The Open Smart Charging Protocol (OSCP) informs about the availably capacity via a forecast per cable Challenges and opportunities for the DSO

Not realistic? Challenges and opportunities for the DSO

200A 500A A time 500A OSCP Challenges and opportunities for the DSO

Contents  What is Smart Charging all about?  Why do privacy and security (P&S) matter in this context?  How can we approach P&S without loosing focus on functionality?  What measures can we take for a sufficiently secured charging infrastructure?  How and when do we start implementing these measures?

Many components that come with even more risks…

B – Malware introduced into EV via compromised charge spot What is the biggest privacy and security risk in Smart Charging? A – Large number of charge details data revealed C – DoS attack on charge spot via malicious card D - …

Risks evolve over time and their calculation is complicated Charge Spot Operator Service Provider

Privacy and security is a balancing act

Contents  What is Smart Charging all about?  Why do privacy and security (P&S) matter in this context?  How can we approach P&S without loosing focus on functionality?  What measures can we take for a sufficiently secured charging infrastructure?  How and when do we start implementing these measures?

Start small, grow further from there…  We started with NIST Guidance  not a goal on itself Goal: balancing P, S and F  Initial assumptions / thoughts: Lock should be cheaper than the bicycle Value, form and usage of bicycle is evolving… Desirable –vs- realizable

Risk assessment

Traditional approach didn’t work fully  Defined measures didn’t tackle evolving EV market dynamics  It is difficult for stakeholders to assess possible future risks and define appropriate measures now  End-2-end security with many to many relationships isn’t trivial

Stepwise approach: use case analysis

Stepwise approach: evolvability “The EVDSN variant”

Stepwise approach: evolvability “The EMSP variant”

Stepwise approach: defining security objectives

Stepwise approach: defining an attacker model

Stepwise approach: risk analysis Highests risks for the EV charging (risk x impact): Authentication of EV drivers Integrity and condentiality of communication between DSO and CSO, and between CSO and CS Integrity of the Charge Spot.

Knowing this what should we do? A – Wait for a big P&S incident to happen C – Stick to (not so) good old diesel and gasoline B – Nothing, we are safe D – Find out what the end-2-end security design looks like

Contents  What is Smart Charging all about?  Why do privacy and security (P&S) matter in this context?  How can we approach P&S without loosing focus on functionality?  What measures can we take for a sufficiently secured charging infrastructure?  How and when do we start implementing these measures?

An end-2-end security design for EV charging Integrity protection on meter readings - securing the integrity of data for smart charging and billing Secure communication channels – providing generic confidentiality protection on data (defense-in-depth) Customer authentication - securing the customer identity, through stronger authentication

An end-2-end security design for EV charging: integrity protection of the meter readings

At the meter At the DSO, CSP, CSO, Aggregator, etc. Meter data integrity is protected not in a point-to- point fashion, but it makes safe distribution of meter data possible to n parties. This is key for futureproofness and evolvability.

An end-2-end security design for EV charging: secure communication channels Performance is key in charging infrastructures. Specially at the charge spot for comfortable interaction with the EV driver. Report suggests how to implement this (for Soap over HTTP and JSON)

An end-2-end security design for EV charging: Customer authentication 4 alternatives were analyzed : 1.Mechanisms that do not rely on shared secret or public/private keys to perform authentication, such as the Lamport's login. 2.A GSM-like solution where the EMSP provides the authenticating entity with challenge/ response pairs based on the secret key. 3.Provisioning the RFID-card with a private key and the authenticating entity with the corresponding public key. Certicates can be used to be able to authenticate large numbers of RFID-cards with a single public key. This system is used in the recently deployed wireless payment systems of Dutch banks. 4.A diversied key solution such as the one used for authenticating OV chipcards. Alternative 3 – Certificate based is advised as it can work without communication from the charge spot to the back-office and verification can be done with a public key (no sensitive data is stored for this purpose).

Independent of market model EmSP Retailer Backoffice DSO OSCP IP Charge Spot OCPP Mode 3 Customer OSCP + security measures are market model-agnostic

Independent of market model Retailer Backoffice DSO OSCP EmSP Charge Spot OCPPMode3 IP Customer OSCP + security measures are market model-agnostic

Contents  What is Smart Charging all about?  Why do privacy and security (P&S) matter in this context?  How can we approach P&S without loosing focus on functionality?  What measures can we take for a sufficiently secured charging infrastructure?  How and when do we start implementing these measures?

How can we implement the end-2-end security design in practice? A – Address this topic in OCA workgroups C – Through R&D projects like FP7 (EU) B – Sharing best practices within OCA D – …

Please contact us at: Carlos Montes Portela E: P: +31 (0)6