Potential Smart Grid standardisation work in ETSI

Security and privacy aspects

Carmine Rizzo on behalf of Scott CADZOW, C3L

© ETSI 2010. All rights reserved

Contents

Coordinating security and privacy in smart grids Role of TISPAN Role of M2M Role of others

Understanding of risk in smart grids From attack both accidental and malicious

Understanding of personal data and privacy in smart grids Preservation of consumer privacy

Resilience modelling Support to utility infrastructure Support to communications infrastructure

2Smart Grids Workshop 14 June 2010 - ETSI

Coordinating security for smart grids in ETSI?

TISPAN Ensuring the NGN is protected from, and provides protection for,

services and applications crossing or hosted in core NGNs Maintenance and guidance of the “design for assurance” paradigm Maintenance and guidance of the “privacy by design” paradigm

Role of M2M and others Use cases, deployment modelling, protocol identification, validation

of core security and privacy models Extension to non-NGN and non-Core functionality consistent with

NGN and core functionality for local devices and their interfaces.

3Smart Grids Workshop 14 June 2010 - ETSI

The NGN as a collection of provider entities

4Smart Grids Workshop 14 June 2010 - ETSI

IP network

IMS plane

Service content (www)

Security protection measures

CIA paradigm Confidentiality

• Is information exchanged across the network only visible to those authorised to see it?

• Covers encryption and separation technologies

Integrity• Has the information exchanged been altered in transit?• Has the system itself been altered?

Availability• Covers a number of topics:

• Identification (and validation of identity through authentication)• Authorisation (is Ann allowed to perform that function?)• Reliability• Resilience

5Smart Grids Workshop 14 June 2010 - ETSI

Privacy protection measures

ISO 15408‑2 (Common Criteria) identifies 4 key attributes that relate to privacy and which are undergoing assessment for application in the NGN Anonymity

• Can a party transact anonymously?

Pseudonymity• Can a user mask themselves with an alias?

Un-Linkability• Does one provider need to know if another provider is offering services to

the same person?

Un-Observability• Does the provider need to ensure that a user may use a resource or

service without others, especially third parties, being able to observe that the resource or service is being used?

6Smart Grids Workshop 14 June 2010 - ETSI

Trust in the NGN

How does the service trust the network?

How does the content provider trust the service platform?

Proposal being considered in TISPAN for the NGN Keyed authorisation framework

• Variant of X.509 based Privilege Management Infrastructure (PMI)• Elements of Kerberos ticket granting service too

Will fully support the LI requirements in the “Dynamic Triggering” area

May allow greater trust from users of the core network May act as a deterrent to SPAM, DDoS and other attacks

7Smart Grids Workshop 14 June 2010 - ETSI

Explicit authorisation model

Assertions Content providers require QoS, GoS guarantees Network resource is finite Detection and prevention of law breaking aids society

Considerations Service providers want customer retention Users want privacy Users want freedom of expression

Identification and authentication are not sufficient by themselves in the NGN and our e-world Authorisation and privacy protection have to be added

Smart Grids Workshop 14 June 2010 - ETSI 8

Standardisation of authorisation frameworks

TISPAN and ETSI Expand the models developed in TS 187 016 “TISPAN; NGN Security;

Identity protection (Protection Profile)” and apply them to generic and specific NGN models

Mandate them for the NGN core

ENISA? Promotion and encouragement of development

Others? For discussion – but everyone has a role they can play

Smart Grids Workshop 14 June 2010 - ETSI 9

Thanks!

Available for your ?

scott@cadzow.comcarmine.rizzo@etsi.org