Mühlberg, Cleemput, Mustafa, Van Bulck, Preneel and Piessens: An Implementation of a High Assurance Smart Meter using Protected Module Architectures

An Implementation of a High Assurance Smart Meter using Protected Module Architectures

Jan Tobias Mühlberg, Sara Cleemput, Mustafa A. Mustafa, Jo Van Bulck, Bart Preneel, and Frank Piessens
iMinds-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium
KU Leuven, ESAT-COSIC and iMinds, Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium

This page contains suplementary material for WISTP 2016 submission 15: "An Implementation of a High Assurance Smart Meter using Protected Module Architectures"

Abstract. Due to ongoing changes in the power grid towards decentralised and highly volatile energy production, smart electricity meters are required to provide fine-grained measurement and timely remote access to consumption and production data. This enables flexible tariffing and dynamic load optimisation. As the power grid forms part of the critical infrastructure of our society, increasing the resilience of the grid's software components against failures and attacks is vitally important. In this paper we explore the use of Protected Module Architectures (PMAs) to securely implement and deploy software for smart electricity meters. Outlining security challenges and an architectural solution in the light of security features provided by PMAs, we evaluate a proof-of-concept implementation of a security-focused smart metering scenario. Our implementation is based on Sancus, an embedded PMA for low-power microcontrollers. The evaluation of our prototype provides strong indication for the feasibility of implementing a PMA-based high assurance smart meter with a very small software Trusted Computing Base, which would be suitable for security certification and formal verification.

Implementation and Evaluation Scenario. Below we provide the source code for our smart electricity evaluation scenario as discussed in the paper. To compile the code you will need the Sancus tools and MSP430-GCC installed on your system. Note that the demo scenario cannot be executed in the Sancus simulator (simulating the CPU behaviour at the gate level, the Sancus simulator is too slow to perform network operations) but must be run on an FPGA programmed with the Sancus core. In our experiments we used a Spartan 6 FPGA: hasm.tar.gz (3.4 KiB)

For convenience we provide quick links to the source code and the deployment descriptor, as described in the paper. Drivers, scheduler and module loader are part of recent Sancus distributions.

File		Description
esme-scenario.json		The deploymend descriptor.
esme.c		The meter core, measurement and management of operational data.
esme_load_switch.c		The Load Switch component.
central_system.c		A simplified Central System to periodicly send rewuests to the meter and Load Switch.
han-if.c		Our Home Area Network Interface.
ihd.c		The untrusted In-Home Display component.
wan_commands.h, ihd.h		Supporting C header files.

Jan Tobias Mühlberg, Wed, 13 Jul 2016 21:47:41 +0200