Technical Field
This disclosure relates generally to securing information in an industrial or other environment (e.g., in a next generation power grid) and, in particular, to improved techniques for key management to protect end-to-end data security in such an environment.
Background of the Related Art
The recent evolution of the smart grid brings about a convergence of electrical power-engineering improvements, networks, and communications and computing technology to transform the one-way power flow value-chain into a fabric of two-way power and information sharing infrastructure. To this end, modern electrical power devices (typically used in transmission and distribution domains) of the power grid today have a collection of sensing, computing, communication and control elements. For example, advanced metering infrastructures are now being put into place to remotely read electrical meters, to manage and control electric substation devices, and to control power switching. The data collected from these field devices often is used for different purposes, such as billing, distribution control, and energy management. The collected data often is aggregated and then analyzed by business analytics and optimization sub-systems to bring new models of pricing operational efficiency and consumer service offerings. In addition, energy-optimization practices, such as electrical demand-response initiatives, need to send commands down to these devices for maintenance, calibration and control. Consequently, these business systems, as well as the field devices, often depend heavily on the integrity of the data collected and the integrity of the control commands sent. In addition, confidentiality of data elements is needed to preserve the behavioral and personally identifiable information (PII) of the customer. Further, many of these field equipment and systems are classified as critical cyber assets, with associated government regulations (e.g., NERC-CIP and FERC) being applicable thereto, making data security even more vital. This data security can be achieved by proper design and deployment of a cryptographic infrastructure to coexist along with the data flow components.
Key management is the management of cryptographic keys for a cryptosystem. Key management typically involves the generation, exchange, storage, use, and replacement of keys. Key management often becomes the most challenging aspect of deploying a crypto infrastructure.
The National Institute of Science and Technology (NIST) has published guidelines (NIST Interagency Report 7628: Guidelines for Smart Grid Cyber Security) to act as a framework and roadmap describing security standards that are applicable (or are likely to be applicable) to the smart grid. This report suggests that a key management scheme be used to protect cryptographic materials, as well as to provide sufficient key diversity. Further, the report suggests that symmetric cipher systems (and thus symmetric keys) be used provided that adequate coordination among the key producer and the key consumers can be enforced.
Despite the importance of data security in this model, there are serious challenges and inhibitions that have prevented end-to-end data security from being implemented effectively in the smart grid. There are numerous reasons why this is the case. Many devices lack the processing power and sufficient random-number generation resources to handle cryptographic key generation. Also, many devices have yet to be enhanced with communication elements that can respond to remote commands, or to collect data and transfer it remotely. While there are new vendors that have begun to provide auxiliary components that can perform such functions and provide basic key storage, these additional components are not supplemented with robust key management schemes and typically do not have connectivity to crypto-key servers, certificate authorities, or other resources (e.g., OCSP servers). Where devices do include native security features, typically the authentication operations are based on asymmetric keys embedded in the devices. While asymmetric cipher systems provide good security, they are computationally-intensive. Moreover, unlike conventional Internet-based secure transactions, the connectivity between smart grid devices and business applications may be long-standing and sometimes persistent, and this necessitates more robust and strategic key management schemes to protect data. Further, third party service providers also may create additional privacy concerns because they provide value-added services (e.g., consumer energy management) that generate detailed information about behavioral patterns and profiles. Another problem is that current practices often expect business application-layer software assets to build data security and key management solutions between just a pair of communicating entities (namely, the endpoint devices and themselves). Data, however, often is shared between and among multiple business systems; thus, care must be taken while provisioning all the keys involved. This requirement becomes especially cost-prohibitive as this overhead is multiplied several times for each security association. Thus, the scalability of key management schemes for data in motion, and data at rest within systems, becomes very difficult and intractable to manage.
Indeed, key management schemes, when implemented, are provisioned in a vacuum, typically within individual vendor-supplied subsystems, with little or no integration across other operational systems. A more robust and integrated solution is necessary.
The subject matter of this disclosure addresses these and other deficiencies of the prior art.