A Security Policy for a Distributed Utility Metering System

Abstract

This dissertation describes a security policy for a distributed utility metering system. The system uses untrusted networks, such as the Internet, to communicate between service providers (water, gas, electricity etc.) and the gateway servers at customer premises. Within a building, the system uses a low-bandwidth mains-borne network, or Field-Area Network (FAN), such as Fieldbus, to communicate between the gateway server and each of the utility meters. The FAN is regarded as untrusted, and communications to and from each utility meter must be protected from all other meters and any possible outsiders on the network. It must also be assumed that the gateway server is physically vulnerable to attack, and that its loss must not jeopardise the security of the system. Each service provider must be able to access each utility meter individually. Service providers can send commands to individual utility meters, and obtain individual meter readings applicable to their service. Service providers must not be able to interfere with one another’s service. However, the gateway must be able to interpret communications initiated by individual meters, to ensure that the alarm can be raised to service providers if a meter reading appears to have been tampered with. On high-bandwidth networks, well known symmetric and public-key cryptography techniques can easily provide the required features. However, with a low-bandwidth network such as FANs, the protocol must be carefully optimised to minimise the amount of data transmitted. This dissertation describes a new architecture, in which well-known cryptography principles are applied in the FAN field in a way that has not been described in the literature.