IEEE Wireless Communications - April 2017 - page 15

IEEE Wireless Communications • April 2017
authorization server supporting a delegated autho-
rization scheme. The implementation is based on
the user-managed access (UMA) [7] profile of
the widely used Oauth [7] protocol. The authori-
zation server is, in this context, the place holding
the description of the access control policies to all
access controlled “resources” in the ecosystem.
For example,
PMU devices may publish their data
on specific information topics using the MQTT
protocol, and it is certainly necessary to define
which software entity may publish or subscribe on
a specific topic. The “information topic” is then
modeled as an “access controlled resource.” The
delegated authorization scheme insures dynamic
life cycle management of the access controlled
resources in the authorization server, by enabling
the resources’ servers (for example the publish/
subscribe brokers), in charge of enforcing access
control, to register and delegate the manage-
ment of access control for their resources to the
authorization server via the UMA REST API. This
delegated authorization scheme is one of the
two main structural security choices made in the
proposed architecture. It opens the possibility to
achieve a centralized access control management
for resources located in many dispersed hetero-
geneous platforms. As a result, client applications
need only to authenticate with the authorization
server to dynamically receive credentials granting
them access to multiple heterogeneous platforms.
This results not only in enhanced security, but
also in a great simplification of authentication and
authorization management.
The authorization rights granted to requesting
clients are negotiated using the Oauth protocol
and materialized as etokens possibly carrying cre-
dentials. The idea is to distribute dynamically to
every client application (located in the
PMU or
PMC devices or in remote cloud servers) the set of
credentials required to perform the tasks it should
perform with a given workflow scenario. For exam-
ple, a client application implementing a historical
data archive may need to subscribe to the
information topics via the MQTT protocol and then
store the received data in an archival database. This
client application should then dynamically receive
credentials enabling both the reception of informa-
tion and its storage in the archival database.
Another structural security choice relates to the
decision to protect the credentials stored in the
PMU and PMC devices via the use of embed-
ded secure elements, similar to the ones used for
manufacturing embedded UICCs [9] in cellular IoT
devices. Commercially available secure elements
provide a credible protection for credentials stored
inside their memory, which are meant to be used
in place and cannot be read back, thereby signifi-
cantly complicating the setup of attacks involving
credential stealing and/or device cloning.
The protection of communications relies upon
the use of the Transport Layer Security (TLS) pro-
tocol involving both Public Key Infrastructure (PKI)
clients’ and servers’ certificates. Client certificates
are dynamically generated in an initial security
bootstrapping process between the
PMU and
PMC devices and the authorization server. On the
device, the PKI private and public keys are dynam-
ically generated within the secure element. While
the public key is sent out and serves as the starting
point to generate the client certificate, the private
key will remain securely stored inside the secure
element which exposes an API, enabling clients
to request the on-chip execution of cryptographic
primitive operations such as signing or ciphering.
In order to simplify deployment, secure ele-
ments are pre-personalized at the time of man-
ufacture. Each of them comes with a unique
identifier (which is also used to identify the device),
and these identifiers are initially provisioned in a
secure element management platform along with
root secrets. No software or configuration opera-
tion needs to be performed when deploying the
secure elements. They are to be considered as
any other electronic component and only need
to be soldered on the circuit board of the devices
to secure. A bootstrap process will occur transpar-
ently upon the first connection of the device to an
IP network, resulting in the possibility to remotely
manage the credentials stored inside the secure
element from a remote web interface.
Finally, particular attention was given to ease
the use of the proposed security mechanisms by
application developers that are often requesting
simple to use security solutions. They want reason-
able assurance that their application will provide
robust data protection without having to dive into
the details of the cryptographic operations. The use
of TLS to protect data communications is a good
example. TLS in its most common implementation
involves the use of server certificates, enabling serv-
ers to be authenticated by clients. Clients may also
be authenticated using client certificates, but the
complexity involved in generating and distributing
those has greatly limited the use of such authen-
tication methods. A very common demand from
application developers is to simplify the process of
obtaining the credentials they need, whatever their
form. In many cases, those credentials themselves
are not even handled in the developer’s code, but
rather passed to third party libraries or modules
that the developer may be using.
In addition to ensuring the security of com-
municated information in the smart grid, another
cornerstone is to ensure reliable and timely deliv-
ery of the information through the used cellular
networks, which is considered in the following
The existing LTE cellular networks carry various
types of traffic, e.g. mobile broadband traffic,
and are expected to additionally serve the traf-
fic originated by many IoT applications, includ-
ing the smart grid applications such as DSSE and
demand-response. In this section the focus is on
the uplink of an LTE cellular network that carries
the reports from the installed measurement devic-
es (
PMU, PMC, and SM) toward the publish-sub-
scriber servers.
When the (shared) existing LTE cellular net-
works are used to facilitate this measurement col-
lection, from a communication performance point
of view there are two possible bottlenecks that
can have detrimental effects:
•The bottleneck in the random access phase,
i.e. when a large number of smart grid devices
would like to randomly or periodically transmit
their measurement reports. Here, each device
needs to go through the steps in the Access Res-
ervation Protocol (ARP). Due to the large number
A very common demand
from application devel-
opers is to simplify the
process of obtaining the
credentials they need,
whatever their form. In
many cases, those cre-
dentials themselves are
not even handled in the
developer’s code, but
rather passed to third
party libraries or mod-
ules that the developer
may be using.
1...,5,6,7,8,9,10,11,12,13,14 16,17,18,19,20,21,22,23,24,25,...132
Powered by FlippingBook