Firewalls and Separate Communications Channels

Privacy and security in smart meter systems is a major headache. How can we manage conflicting requirements such as these?

  • Privacy for the householder (with the meter system divulging the minimum data).
  • Useful services for the householder (by analysing consumption data).
  • Ensuring that data is kept from unauthorised parties.
  • Secure, accurate billing for the energy suppliers.
  • Protection against hackers taking control of data or equipment in the home.
  • Updating software and changing tariffs.
  • Sending load management messages.
  • Support for new services over time (photo-voltaic generators, electric vehicles, telecare).

A conventional model (below) does not provide separation of different sets of data as it passes between the home, the communications network and servers of the Data Comms Company (DCC). And each supplier of the in-house equipment gets to implement security in his own fashion.

Conventional systems don't separate data

The Hydra architecture solves this. A single, well-tested security architecture – GlobalPlatform – is used throughout the smart meter system. Firewalls running on the secure micro keep each applet’s data separate from other applets. GlobalPlatform provides for a separate logical Secure Communication Channel between each applet and its server-side entity. Each Secure Communications Channel has its own cryptographic keys, so energy data can’t be accessed by telecare suppliers, and health data can’t be accessed by energy suppliers (or the Data Comms Company).

GlobalPlatform separates data with Secure Channels

The GlobalPlatform architecture allows for dynamic management of the applets: new applets can be installed and old applets deleted. Software updates are managed securely, in a standard way. Advantages include:

  • Reuse of the proven secure microcontroller/GlobalPlatform/Java Card technology.
  • All data (including gas and electricity) is kept separate from end to end.
  • Secure mechanism for software upgrades.
  • Secure mechanism for altering tariffs.
  • Secure mechanism to add new energy-related functionality, such as water metering, electric vehicles and home-based micro-generation.
  • Secure mechanism to support value-added services, such as telecare and home security.

Solution to Privacy Problem

The applet concept also solves the privacy problem implicit in smart metering.

It is not necessary to send half-hour consumption data from every meter to a single central server. Instead, the same electricity consumption data can be processed within the meter by different applets for different stakeholders.

Different applets for different stakeholders

One applet with knowledge of the tariff can provide the energy supplier with a single monthly sum to bill the customer (but nothing else). Another can check for power quality data and send that (but nothing else) to the distribution company. If the householder agrees, extra applets can be installed to provide optional services to help manage electricity use and reduce bills. Source code of the applets can be published, scrutinised and thus trusted by all.