We present our research findings on the novel NDN protocol. In this work, we defined key attack scenarios for possible exploitation and detail software security testing procedures to evaluate the security of the NDN software. This work was done in the context of distributed energy resources (DER). The software security testing included an execution of unit tests and static code analyses to better understand the software rigor and the security that has been implemented. The results from the penetration testing are presented. Recommendations are discussed to provide additional defense for secure end-to-end NDN communications.
This document will detail a field demonstration test procedure for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation procedure for field demonstration of the device; this includes primarily functional testing and implementation testing at Public Service Company of New Mexico's (PNM's) Prosperity solar site environment. Specifically, the Module OT devices will be integrated into the Prosperity solar site system; traffic will be encrypted between several points of interest at the site (e.g., inverter micrologger and switch). The tests described in this document will be performed to assess the impact and effectiveness of the encryption capabilities provided by the Module OT device.
Distributed energy resource (DER) systems are rapidly being adopted and integrated within the electric power grid. Developments in smart grid devices and communication protocols are advancing the power system domain but are also introducing new cyber attack vectors. In particular, the ability to maintain the confidentiality, integrity, and availability of data is of increasing concern. Cryptography is a powerful tool that can be leveraged to protect DER systems and their critical information. This paper discusses prominent methods of cryptographic authentication and encryption that can be used to secure DER communications. Specific considerations and recommendations for applying cryptography to DER systems are provided, including system design constraints and system impact. These will be demonstrated with two case studies that assess cryptography hardware requirements and communications latency in DERs.
This document will detail a test procedure, involving bench and emulation testing, for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation protocol for the module for lab-level testing; this includes checklists and experiments for information gathering, functional testing, cryptographic implementation, public key infrastructure, key exchange/authentication, encryption, and implementation testing in the emulation environment.
In this study we review literature on machine to machine (M2M) authentication and encryption pertaining to communication with grid-attached power inverters. We regard security recommendations from NIST, constrained device recommendations from CoAP, as well as influences from the existing markets. We will not focus on passwordless or multifactor schemes of user authentication, the handover/roaming authentication of mobile systems, or the group authentication of WiMAX/LTE communications. The de-facto standards for authentication and encryption are certificate-based public key cryptography and AES, respectively. While certificate-based public key cryptography is widely adopted, certificate management is seen as an Achilles heel of public key infrastructure (PKI). State of the art authentication system research includes work on certificateless authentication; however, much work in the areas of privacy preservation, efficient or lightweight systems continue to be based in public key methods. We will see efforts such as bilinear pairing, aggregate message authentication codes, one-time signatures, and Merkle trees surface and resurface with improved authentication approaches. Though research continues to produce new encryption schemes, AES prevails as a viable choice, as it can be implemented across a variety of resource constrained devices. Other lightweight encryption algorithms often employ the same fundamental addition-rotation-xor operations as AES while achieving higher efficiency, but at steep tradeoffs to security. Despite mathematical proofs of the security of cryptographic algorithms, in practice the greatest weaknesses continue to be incurred during implementation. Security researchers will find edge cases and bugs that allow unintentional behavior. In the following sections, accepted methodologies of authentication and encryption are discussed. Due diligence for securing M2M communications requires consideration during planning, design, implementation and product lifetime, as opposed to a set-it and forget-it policy. Best practices can be gleaned from published successes and failures, with no single end-all, be-all detailed solution.