D4.2 Executive Summary

MAS2TERING platform offers a secure, reliable and interoperable smart grid management solution. WP4 is to specify, design and develop a set of components for cyber security of smart grids. To achieve these targets, the data protection and the security among the communication components becomes a vital issue to be tackled. Hence, D4.2 focuses on these secure communication and data protection requirements. The document presents detailed information about the secure communication technologies and availability for the proposed platform. Further it also presents data privacy protection technologies and anonymization process in detail.

Since the security among the communication components became highly important issue. The needs for the security requirement for these components is briefly defined in this deliverable. Further, JADA-S and Secure Communication Protocol (SSCP) is discussed in detailed. In MAS2TERING platform there are several layer of the communication protocol exist which start to communicate from Home Automation Network (HAN) to District Service Operator (DSO) using agent to agent, and agent to other services. Hence, the security of these huge networks needs to be fulfilled with highly trustable and robust security mechanism. Moreover, the data privacy protection is another big problem during the communication of the devices. The data protection becomes highly vital for the smart grids. Therefore, several anonymization technologies have been discussed in detailed in this deliverable such as K-Anonymity, K-Map, L-Diversity, P-Closeness and Differential Privacy.

Moreover, the protection of the HAN is highly vital to provide a reliable smart grid. In this deliverable a PANDA based framework is proposed to prevent the intrusion attacks to HAN.

In summary, this document describes several aspects of cybersecurity in smart grids, including secure communication, data access communication and data privacy protection / anonymization. These aspects are illustrated with strengths and weaknesses of the associated methodologies. Further, the final selection of technologies is also presented.

D4.2 Table of Contents

  • Executive summary
  • Document Information
  • Table of Contents
  • List of figures
  • List of tables
  • Abbreviations
  • 1       Introduction
  • 2       Protecting Data and Privacy, General Context
  • 2.1        What to Secure: Looking for High Risk Security Targets
  • 2.1.1         Data-Related Risks
  • 2.1.2         Protecting Privacy
  • 2.1.2.1      Risks Raised by Undue Data Accesses
  • 2.1.2.1.1     Undue Access to Local Computational Units
  • 2.1.2.1.2     Undue Access to Network Messages
  • 2.1.2.2      Risks Raised by Due Data Accesses
  • 2.2        Security and the Rest of MAS2TERING
  • 3       Data Protection Mechanisms
  • 3.1        Secure Communication within MASs
  • 3.1.1         Selection of the Solutions (to be) Implemented in MAS2TERING
  • 3.1.2         Securing Communication With JADE-S
  • 3.1.2.1      Security Features
  • 3.1.2.2      Technical Details
  • 3.1.2.2.1     JADE-S services
  • 3.1.2.2.2     Encryption
  • 3.1.2.2.3     Authentication
  • 3.1.2.2.4     Integration with other MAS2TERING components
  • 3.1.3         Secure Communication using SSCP
  • 3.1.3.1      Secure Smart Control Component Overview
  • 3.1.3.1.1     Enrolment Module
  • 3.1.3.1.2     Device Manager
  • 3.1.3.1.3     Fingerprint Database
  • 3.2        Data Access Control
  • 3.2.1         Data Access Control Component Overview
  • 3.2.2         Purpose in MAS2TERING
  • 3.2.3         Data Access Control Solution Design Decisions
  • 3.2.4         Data Access Control Component Architecture Design
  • 3.2.4.1      PANDA Subcomponents and Internal Interfaces
  • 3.2.4.1.1     Policy Decision Point
  • 3.2.4.1.2     Context Handler
  • 3.2.4.1.3     PANDA Analytics
  • 3.2.4.2      External Interfaces
  • 3.2.5         Integration with other MAS2TERING Components
  • 3.2.5.1      PEP to Context Handler (PEP Request)
  • 3.2.5.2      Context Handler to PEP (PDP Evaluation of a PEP Request)
  • 4       Data Privacy Protection
  • 4.1        Anonymization techniques
  • 4.1.1         Attribute vs. Identifier based Anonymization
  • 4.1.2         Types of Approaches
  • 4.2        K-Anonymization & Implementation
  • 4.3        Use of K-Anonymization in MAS2TERING
  • 5       Summary and Conclusion
  • References
  • Annex A      System Security Requirements

D4.2 Highlights

The overall MAS2TERING solution is module-based, as illustrated in Figure 1. This separation is useful for lowering the overall project complexity: each module can be handled while introducing the least conceptual complexity from other modules.

123

Figure 1: Global MAS2TERING Architecture

The security module follows this general perspective. The rest of this section describes the links that exist between the security module implemented in this deliverable (data protection and data privacy) and other modules.

Solutions deployed in MAS2TERING regarding data protection only influence communication protocols. Concretely, implemented solutions simply add extra protection steps when initiating communications. Regarding the implementation itself, the addition of this security is nearly transparent regarding the rest of the system.

Solutions deployed in MAS2TERING regarding data privacy influence agent models and communication protocols. Concretely, the implemented technique relies on the execution of anonymization operations from the AGR agent and to protect communications with external entities. Again, the deployed solutions are highly independent from the rest of the project, thus keeping low conceptual complexity.

Anonymization Techniques:

There are two types of approaches that can be used to support anonymization of data that has been stored in a database, shown in Figure 12: (i) Interactive Scenario – which is akin to the use of a statistical database; (ii) Non-interactive Scenario – which involves publishing data to run subsequent external queries. These two approaches are illustrated in the figure below. The choice of the approach determines how much data is “exposed” to external third parties and the complexity of queries that can be carried out on the data. Two general approaches to support anonymization include [8]:  (i) Randomisation involves modifying the content of the data set; (ii) Suppression involves removing values associated with particular attributes to limit possible disclosure. The type of approach adopted in a particular context is very much dependent on the types of data mining queries a user is likely to make on the data (after it has been anonymized).

222

Figure 12: Anonymization approaches (general) –from [9]

The “Interactive Scenario” approach suggests that a user queries data that is kept on a server – and the data is not generally released to other parties. In this approach, the types of queries that can be submitted to the data can be controlled – which increases the potential privacy of the data. However, due to this limit, complex queries cannot be directly supported on the data, making it difficult to undertake more complex analysis and aggregation of data with other sources. This approach assumes that as new data becomes available, the data owner has the ability to control access to it, and to restrict/limit queries that can be submitted to previous versions of the data.

The “Non-Interactive Scenario” involves publishing the data externally – so users can run any queries they prefer whilst keeping the data locally. The benefit of this approach is that an external user can store the data locally and process it in any way desired. A key distinguishing characteristic of this approach is that once the data has been released, it is no longer within the control of the data owner. It is therefore necessary to ensure that enough information is removed from the released data to prevent any privacy breaches.

D4.2 Conclusion

This document presents the design and implementation of a cybersecurity solution for smart grids in general, and then how these can be made use of within the MAS2TERING project. This cybersecurity process has two main layers including the data protection mechanism to provide secure communication and data access control, and the data privacy protection using anonymization process.  

The proposed data protection mechanism consists of two main aspects: (i) securing communication among the devices (agent to agent, agent to other services) and (ii) secure data access control for these devices.

The secure communication among the devices can be achieved with a sufficient encrypted communication and data integration protocols. To achieve this target, a JADE-S based authentication and encryption solution is discussed and presented in detail. The proposed solution uses a Java runtime environment, which is scalable, extendable and flexible solution with a simple implementation methodology. To encrypt the data during the communication, JADE-S utilises symmetric and asymmetric encryption protocols.

To provide the authentication with JADE-S, the proposed system categorised a device as being trustworthy (or not). However, it has been found that the JADE-S based authentication process was not efficient for the scope of the MAS2TERING project. This is due to the particular security approach adopted in JADE-S which relies on the use of either local passwords or on extensive server-management solutions. Hence the JADE-S based solution is enhanced by implementing additional services within MAS2TERING with a baseline login module.

The second step of the secure communication and authentication process is based on the use of the secure smart communication protocol (SSCP). This solution enables evaluation of security levels associated with communicating devices involved in the data capture. CCS has developed a secure smart control process within the scope of MAS2TERING project to provide the security levels to the multi agent systems (MAS).

Another stage of security is also introduced to protect the home level communications using a prioriety system, called PANDA – a policy authoring, analysis and evaluation framework. When an agent needs to connect to another agent, a PANDA based decision and authentication process will be activated to evaluate the access control level for the home level communication networks.

Finally a data privacy protection process is presented in detail. The available models were discussed in detail based on interactive and non-interactive use case scenarios. Moreover, the need for the anonymization process is also presented briefly. In addition, the requirement for an anonymization process is defined in detailed. Based on existing literature, it has been found that the most popular and efficient anonymization process in the context of the MAS2TERING project is the use of k-anonymization. Further design is carried out using a K-anonymization process using an existing open source software library called ARX (a comparison with another software library UTA anonymization is also presented). An available data set is utilized for testing using Elecon energy data set. Based on the use of the ARX library, we evaluate quality metrics (such as information loss and generalization) that can be associated with the anonymization process – and the potential benefit/limitation the process has on the resulting data.

D4.2 Download Link

mas2tering_deliverable_4-2_development-of-privacy-protection-and-anonymization-mechanisms