Privacy Risk Analysis. Sourya Joyee De
Читать онлайн книгу.functionalities of a hypothetical smart grid system. This choice is not insignificant: smart grid initiatives, which are now under deployment in many countries, already face a large number of privacy related questions. As utility providers promise benefits in terms of home energy management, researchers [20, 36, 64, 88, 95, 98, 122, 159] warn against the potential privacy harms posed by the collection of highly granular energy consumption data. Many potential privacy harms of various levels of likelihood and severity have already been identified, including surveillance by governments and law enforcing bodies [25, 43, 88, 94, 96], burglary [88, 94, 122] and targeted advertising [19, 25, 88, 93, 94, 122]. Utility providers are facing the task of taking appropriate measures and convincing both their consumers and regulatory bodies that these measures are sufficient to handle potential harms. Carrying out privacy impact assessments is therefore inevitable for the smart grid industry [36]. Needless to say, our goal is not to provide a full scale privacy risk analysis for a smart grid system here but, more modestly, to use some of its features as a working example to illustrate the notions presented in this book.
The system attributes introduced in the previous section are defined as follows for the BEMS System:
1. Functional specification.
– The User Registration System is used to register new consumers with the utility provider.
– The Consumer Information System stores and manages all consumer identification, contact, billing and energy management information. It consists of the Consumer Data Store and the Consumer Information Management Application. The latter implements security functions for the protection of the Consumer Data Store. In particular, it is involved in ensuring that only authorized applications, sub-systems and actors get access to the data. It also performs other functions such as the creation of the meter ID and the user portal account number.
– The Meter Data Management System stores and manages the energy consumption data and the corresponding meter ID. It consists of the Meter Data Store and the Meter Data Management Application. The Meter Data Management Application ensures that only authorized sub-systems, applications and actors can access the data and implements other security-related functions to ensure the protection of the Meter Data Store.
– The Utility Gateway collects energy consumption data (corresponding to meter IDs) from smart meters. It contributes to the implementation of some functionalities of the Meter Data Management Application by ensuring that only the authorized subsystems, applications and actors can access the data.
– The Smart Meter collects energy consumption data from home appliances. It includes a security module to encrypt and sign the data before sending it to the utility gateway.
– The Payment Management System handles all billing, payment and energy management related functions. It consists of three applications: the Billing Application that generates the bills, the Energy Management Application that generates the energy management suggestions and the Payment Application that updates the payment status for each consumer.
– The Price Determination System computes the fees for the different time periods of the billing cycle.
– The User Interface is used by the consumers to get access to their bills and the energy management suggestions as well as to update or correct any identification or contact information whenever necessary. Table 3.2 defines all the abbreviations for the BEMS sub-systems used in this book.
2. Interfaces. The interactions with the consumer take place through the User Interface component. The Smart Meter collects the energy consumption data from the home appliances. The Payment Application interacts with the bank to receive information about payments.
3. Data flows. The data flows between the main components of the system are depicted in Fig. 3.1. The Smart Meter and the Utility Gateway are located in the consumers’ premises. The User Interface can be accessed by the consumer through the Internet from his PC. All other systems are located with the utility provider and cannot be accessed by the consumer.
Each new consumer registers with the utility provider using the User Registration System by providing his identification and contact details. The User Registration System transfers this information to the Consumer Information System which creates a meter ID and a user portal account number for each new registered user.
Within the consumer premises, energy consumption data from home appliances are collected by the smart meter. This communication is based on the Zigbee standard. The smart meter then transfers this data to the utility gateway, along with the meter ID, every 15 minutes. The utility gateway gathers data from several smart meters. These data are then transferred to the utility provider to be stored and managed by the Meter Data Management System.
During each billing cycle,2 the Payment Management System accesses the energy consumption data for each meter ID from the Meter Data Management System and the tariffs per time period from the Price Determination System. The Billing Application within the Payment Management System computes the bills associated with each meter ID, whereas the Energy Management Application creates the energy management suggestions based on the bills and the energy consumption data during each billing cycle. The Payment Application within the Payment Management System updates the payment status for each meter ID based on the bills and the payment information received from the bank, corresponding to the bank account number obtained from the Consumer Information System. The resulting bill, the energy management suggestions and the payment status per meter ID are transferred to the Consumer Information System for storage.
Table 3.1: Supporting assets
Types of Supporting Assets | Examples |
Hardware | One database server, application server, load balancers, clients (PC, notebook, tablet, mobile phone, printer etc.), storage media (semiconductor, optical, paper), network components (switch, router, bridge, gateway, firewall, modem), smart meter, security module |
Applications | Billing Application, Energy Management Application, Meter Data Management Application, Consumer Information Management Application, Payment Application |
Data stores | Meter Data Store, Consumer Data Store |
Software environment | Standard software, operating systems, device driver, firmware, services (mail, file etc.) |
Table 3.2: List of abbreviations
Abbreviation | Meaning |
URS | User Registration System |
CIS | Consumer Information System |
MDMS | Meter Data Management System |
UG | Utility Gateway |
SM | Smart Meter |
PMS | Payment Management System |
PDS | Price Determination System |
UI | User Interface |
BA | Billing Application |
EMA | Energy Management Application |
MDMA | Meter Data Management Application |
CIMA |
Consumer Information Management |