1. Field of the Invention
The present invention is related to information security and more particularly to differential power analysis and other side channel attacks (SCA).
2. Background Description
Increasingly, utility companies are deploying endpoint monitoring devices, known as smart meters, grid health sensors, and data concentrators, that monitor local endpoint power consumption and periodically report usage. As of 2010 there were eight (8) million smart meters deployed with as many as sixty (60) million expected to be deployed by 2020. Security and privacy is of great concern both personally and in the business-place. Consequently, smart endpoint devices have become security attack targets. Utility companies have employed encryption based design techniques to provide some security for smart meter communications.
So for example, to prevent brute force security attacks on smart grid endpoints, some state of the art designs have incorporated encryption standardized in Advanced Encryption Standard (AES), e.g., AES-128,256. Some of these protection techniques are directed at preventing endpoint cryptographic key extraction. Others prevent reverse-engineering endpoint communication protocols. Since not all smart endpoint device communication is encrypted, providers have deployed meter reprogramming with embedded security technology, derived from financial transactions and government applications. Some embedded products have physical attack-detection mechanisms. Other embedded products rely on deployed logical techniques like lockable and encrypted, secure on-chip memories. Still other approaches rely on secure bootloaders that lock the endpoint device during manufacturing. Whenever financial or political incentives have aligned, however, someone has quickly developed some method, e.g., data mining technique, to exploit any available data.
In spite of employing these security measures, using smart meters has added privacy and security vulnerabilities to what are commonly known as side channel attacks, which may reveal key information in spite of security efforts. For example, a smart meter may store or cache energy use information before reporting it to the service provider. State of the art smart meters monitor power consumption with a high resolution level, e.g., to the minute or even second. Stored information is an information-rich side channel, that characterizes customer habits and behaviors.
Some activities have detectable power consumption signatures, e.g., watching television. Even detecting the presence or absence of activity can provide some information. Side channel attacks frequently use energy profiling to extract available consumption signatures, and exploit vulnerabilities that are beyond protection with encryption. Typical energy profiling includes, for example, Differential Power Analysis (DPA) and Differential Electromagnetic Analysis (DEMA), and also invasive attacks (e.g. laser attacks). Information embedded in power consumption data, increasingly, has made utility companies a potential source of privacy abuse by side channel attackers. Consequently, side channel attacks have raised privacy and security concerns both for home and business and concern for side channel attack vulnerability has been increasing, not only from the customer information privacy perspective but also for enterprise applications.
Thus, there is a need for side channel attack security/prevention for protecting service facility infrastructure, and for focusing security on differential power and EM side channel attacks in smart meters and on preventing the attacks, and especially on smart meters metering and monitoring utility usage such as electricity, gas, water, fuel and other commodities.