I'm saddened by the naïveté (or perhaps it's simple incompetence) of the smart meter manufacturers. Why isn't all communication encrypted? Why doesn't each meter have a unique public/private key pair associated with it? That way even if a key was extracted from a meter, it wouldn't be possible to use that key to access any other meter. It's not like there's a shortage of 1024-bit primes. Each meter in the world can have a unique 2048-bit key.
Maybe this isn't important for initial deployment. Maybe each meter is simply read-only. But, eventually, I think utilities want to be able to signal to the meter and associated devices in the house when to turn on and turn off. E.g. temporarily shut off air conditioning during a demand peak. I don't want some random hacker in another continent communicating with my meter, either for malice or for lulz.
Anyway, that's just my simple view on how things should be done. Obviously the real world isn't nearly as paranoid.
Smart meters are deployed in massive numbers and maintenance/upkeep of flaky units is an intractable problem. They are BOM-constrained products. So they tend to use dirt-simple bulletproof embedded processors; mostly, MSP430.
So provisioning "2048 bit keys" (more realistically/reasonably: aggressively small ECC keys) is not as simple as pulling them out of the air and assigning them.
On top of that, and for the same reasons I mentioned above, smart meters tend to communicate over very simple RF protocols. There isn't a lot of headroom in those protocols for large moduli or, for that matter, for many round-trips.
I'm not arguing that these systems should be more secure. They obviously should be. I'm disputing that securing them is an easy problem. It is not.
Later
(There are better smart meters, as someone mentioned downthread. But remember also that it is very, very difficult to get cryptography right. It has essentially never been done in the first major deployment of any system.)
Agreed! Securing stuff is NOT an easy problem--especially cost constrained, embedded goods. Having worked on multiple connected device projects now (including Square's first encrypted reader--but that was one of the more rigorous efforts I've seen), I'd say there's not much communication in our industry & everyone seems to roll their own security. It's disastrous & I'm not certain what the solution is. Only companies with obvious liability issues seem to bother with security consultants such as Matasano. The rest wing it with reference designs and code scraped from dubious places. So, when articles like this surface, I'm fascinated, but not surprised. BTW, this problem is only going to get worse with the IoT boom.
I have nothing but respect for what you do, Thomas. I wish everyone I've worked with had access to your services. Could you maybe help TI wrap it all up into a hardware block in the next generation of MSP430s? :)
There is a standard for smart meters called DLMS [1]. It's the most used protocol for smart meters for a while now. The protocol supports two way authentication and uses AES-GCM.
Providing a secure medium for meter communication is in the interest of both the user and the power companies: Users are protected from malicious commands to the meter (using the breaker to disconnect your power, changing the used tariff, ...) and power suppliers prevent fraud.
It's mainly used in Europe. The US has a very similar, but older protocol called ANSI C12. The C12.22 spec includes authenticated encryption, but I'm not familiar with the details.
Ouch, thats bad :) C12.22 is pretty old, AES didn't even exist yet. It seems that it got an update recently (2011) with the smart grid and smart metering use case in mind. The are now using an EAX called EAX prime [1] put it seems to have it's own issues [2].
as far as i can tell the ability to manage financial risk of non-payment is the business driver for smart meters despite the rhetoric of 'smart'. electricity companies hate the fact that you consume energy and then get billed in arrears since obviously some people can't/won't pay. smart meters let you move instantly to a pre-pay plan where the risk moves from the provider to the user... it's also a more graceful method of cutting people off - you can just transition to a pre-pay method with a fixed credit limit so that it's clear what is going to happen when you get to zero - this is useful if there are follow-on liabilities ie, people depend on power if they have medical needs etc
From my experience (I work in this industry) the biggest driver is definitely billing, but not quite what you picked out.
What providers really want is to move to tiered and time-of-use pricing across the entire grid. Most utilities already do this with the various commercial tariffs, but that only accounts for about 40% of the total grid. All of us, in the near future, will be paying rates that vary by how much we use AND (more critically) WHEN we use it.
It's not really something to fear, for a lot of people this is going to mean lower utility bills in general. For the folks running swimming pools and the like, things are probably going to get a bit more expensive.
This is a great place for startups, btw. There are a lot of interesting opportunities around helping people make sense of the changing landscape surrounding utility billing.
Exactly. Also, every energy company I've dealt with in the UK does their very best to ensure you're always in credit.
They "predict" your usage wildly inaccurately (even if you give monthly readings and they have years of your historical usage to analyse) and adjust your monthly direct debit how they see fit.
But, eventually, I think utilities want to be able to signal to the meter and associated devices in the house when to turn on and turn off. E.g. temporarily shut off air conditioning during a demand peak.
I have this in my home. I don't think it's been used at all this year, but last summer it was on multiple occasions.
How it works (in my area at least) copied from your linked site. Essentially, radio signal.
> If the demand for electricity escalates to a critical point, a "system emergency" or "peak alert" is announced, and Alliant willl turn on the radio signal that activates the switch on your air conditioner. The receiver will be activated to cycle the outdoor cooling unit according to the program option you elected.
I'm starting to wish Orwell had never written anything, given how often people name-drop him in, apparently, every single conversation about trying to run or build a more efficient society.
How, how is it Orwellian? Is the power company determining whether you can have air conditioning based on your party loyalty and commitment in the 5 minutes hate?
Or maybe, and I know this will sound crazy to the most vocal HN people on this, it's a line item on your bill which lets you have a lower rate in exchange for allowing load management on a large, dumb energy hungry appliance?
I think that many people here bristle (me included) at the notion of treating electricity as nonfungible. I think there are at least two reasons for that:
* There seems to be a slippery slope once power companies start to care what do you use your electricity for.
* People are possesive of stuff that is inside their home and do want to retain control over it.
I think most of those people (me included) would be happy to have a varying price of electricity instead.
Except electricity really isn't completely fungible. It entirely dissimilar to something like oil, where once it's transported to a location it's out of your control. If you wanted it to look more fungible, you'd have to give up watt billing and accept volt-amps instead, and even then, what you do to the power line does affect other users regardless. It's only fungible in as much as we've broadly regulated it to act so.
Moreover, the notion that there's a slippery slope is as fallacious as it has ever been. What additional change will be implemented without forethought or public debate, that this change implies?
I'm completely puzzled about these downvotes. The first paragraph I was replying to is definitely a job for Telehash, and I was genuinely excited about the applicability of the technology.
If I were designing secure SCADA protocols, the first thing I'd think of is the ways in which we communicate with submarines. Are any of those protocols public?
Submarines communicate using extremely low frequency radio transmissions to penetrate water. They have a bandwidth of 2-3 characters per minute, so the messages are almost exclusively orders to surface and switch to standard satellite based communications. Oh, and the transmitter requires a very unique piece of land with low ground potential that only exists in a dozen or so places worldwide.
I was familiar with Project Sanguine, but had hoped there were less ambitious public projects I had overlooked (perhaps closer to VLF which operates <30m seawater depths).
After reading about the Navy E-6B aircraft, which trails a 5km antenna behind it to communicate with subs, I had presumed modern 'submarine -> other underwater radios' were akin to large commercial fishing trawling nets - or the really long antennas were packed into hilbert curves and epoxied to the hulls or something.
Anyhow, it seems 'acoustic modems' using 'CSMA' [1] are the norm for commercial underwater ROVs (such as James Gosling's 'wavegliders' [2]).
As a consumer, you can usually still avoid the installation of a smart meter. Ask yourself if it's practical that a washing machine starts in the middle of the night and wakes you up you or your neighbours and the laundry will have wrinkles in the morning? You can buy old refurbished analog/digital meters for cheap and measure what you want and it will consume no power nor will it send your confidential data (privacy). And you can combine it with a Arduino if you want the data on your computer. Many smart meters also send the data over a GPRS modem every 15min (have an inbuilt SIM card), that you cannot snoop so easy.
The whole smart meter movement is not about technical advancement, it's about they want that you pay higher prices for consuming less and they don't have to build a better power grid infrastructure in the next few years. It reminds me of the telcos 15 years ago when phone calls and internet over modem was cheaper in the night when most people sleep, and very expensive during working hours.
> You can buy old refurbished analog/digital meters for cheap and measure what you want
But can you use them? New Zealand power retailers install their own meters - you can't supply your own. You can certainly install additional metering of your own but you can't get rid of the smart meter.
Are things different where you live?
Also, I disagree with your final paragraph. Our local distributors have been spending lots of money installing new lines and upgrading the network, and the retailers are changing the meters because it means we get an accurate bill every month (rather than an estimate for two out of every three months) and they don't need a meter reader to visit every property every three months. It's a significant improvement in service and it simplifies their operations at the same time.
> But can you use them? New Zealand power retailers install their own meters - you can't supply your own.
You can use you your own meters, but the last one facing the power grid is installed by the infrastructure provider. So you can mearsure with old refurbished meters your washing machine, swimming pool, etc. Ask your power infrastructure provider, they may sell you old analog and/or digital meters. And depending on the local law, you have the right to "say no" to the installation of a smart meter.
> Our local distributors have been spending lots of money installing new lines and upgrading the network
That's great. At my location the power infrastructure is the same since around 1960 (old wooden power poles on the country side, etc.) and the power line goes also from roof to roof, and if you want underground cable you have to pay it yourself. Almost every thunderstorm we have a short power-outage, because of the wooden poles. They only repair, and don't upgrade the infrastructure at all.
> the retailers are changing the meters because it means we get an accurate bill every month.
Where I live, central Europe, you have to read the traditional (analog or digital) meter yourself every month and send the data via email/postcard and someone controls your meter infrequently every few months/years at your location. If the device would be called digital meter (like the industrial ones) and send the data only once a week or month, it would be fine. On the other side the new smart meters send the data every 15 minutes over GPRS cell-phone technology.
Don't know about NZ, but in Australia the networks own the meters, and the law is clear: you connect to the grid, you must give them access to their network gear. And they send over their own meter readers.
Conspiracy theories are less explanatory than the fairly simple "The utility company makes millions of truck rolls every month to do something that an API would do better, faster, and for free. Truck rolls are insanely expensive."
Maybe this isn't important for initial deployment. Maybe each meter is simply read-only. But, eventually, I think utilities want to be able to signal to the meter and associated devices in the house when to turn on and turn off. E.g. temporarily shut off air conditioning during a demand peak. I don't want some random hacker in another continent communicating with my meter, either for malice or for lulz.
Anyway, that's just my simple view on how things should be done. Obviously the real world isn't nearly as paranoid.