The privacy and security implications of ‘smart meters,’ and the future of energy

Many power companies and municipalities around the world are rolling out ‘smart meters’ to customers’ properties to replace the older electromechanical induction meters that have been used for almost a century. The main goal of this is to increase the efficiency and stability of the electrical grid by carefully monitoring and controlling electrical supply and demand at every point in the grid. Smart meters contain embedded processors that are primarily intended to record accurate current and voltage measurements in both the amplitude and time domains. This data can be used in ways that are beneficial to both the customers and the power company. Some examples are:

• Providing consumers with live access to this data in order to help reduce energy consumption. The information can be served over the internet and downloaded to a PC or mobile device from anywhere.
• Dynamically adjusting the price of electricity based on supply and demand in real time in a way that is similar to the stock market. This could even allow for accurately adjusted per-second billing.
• Communicating grid health and status information to appliances. Certain appliances such as air conditioners, battery chargers or electric cars could either use less energy or turn themselves off when the grid is experiencing a brownout, or when the price of electricity is above a certain amount.
• Allowing distributed microgeneration devices, such as small wind or solar power stations, to reliably supply energy to the grid by enabling communication between energy sources and energy consumers.
• Allowing distributed energy storage systems, such as diesel generators, battery/capacitor banks, and flywheels to reliably supply energy to the grid, and at the correct times.
• Increased fault-tolerance and faster response times to power failures. Better grid health information can be supplied to the power company from both power station equipment and customers’ homes.
• Enabling communication between transformer stations. The best routes and voltages between different transmission lines could be selected dynamically.
• Enhanced power factor correction and the computation of phasors.
• Providing telecommunication data such as telephone or internet service over power lines.

Of course, the fact that the smart grid relies on so many computers controlling and monitoring such important things all over the place makes it a dangerous technology as well. There are still quite a few issues with smart grid infrastructure that need to be dealt with:

• Data about when you use electricity can be analyzed and correlated with the information that the power company has on you, which allows them to profile you. This information can be sold to other companies and correlated with other information about you, such as your Facebook account, online activities, and financial information. It is possible to tell when a person is home by measuring power consumption at different times of the day and comparing it to history logs from previous days. You would be able to make statistical guesses at things like what kind of job someone works, what their income bracket is, how many people are living in a home, etc.
• All of this data about you could be stolen or a subpoena can be filed for it.
• Smart meters and smart grid devices could contain flawed or exploitable code. This could have enormous consequences, such as catastrophic failure of the electrical grid, overbilling of customers, power stations or customer meters being hacked, or even computer viruses being deployed on the power grid. The code on smart grid devices is likely to be closed-source, so there is no way for you to verify that it is secure and bug-free.
  • Update: This has already happened in the wild.
• Smart meters could be made accurate enough to record current draw at the sub-millisecond level, which could provide an attacker with detailed information on any computers in your home. This can be used in a differential power analysis attack to crack encryption operations being executed on your computer.
• Transmitting data over power lines (sometimes known as BPL) raises the noise floor on the shortwave radio band quite a bit. This makes it difficult to receive transmissions via shortwave radio.

How to protect yourself from the smart grid – I’ve got a few ideas:

• Filter all frequencies above 60 Hz using an LC resonant tank circuit connected in series with your house’s main breaker. This will attenuate high-frequency signals and prevent them from entering or leaving your house’s wiring. This has two effects:
  • Most (but not all) smart metering systems transmit bidirectional data during the zero crossing of the power line’s AC voltage. Filtering out these signals might reduce the smart grid’s ability to send and receive data. It will prevent any smart grid devices inside your house from communicating with the grid. It will not prevent your house’s main smart meter from communicating with the grid, unless you put it on the ‘telephone pole’ side of the circuit (which is illegal.)
  • High frequency signals and interference will not enter your house from the grid or other houses, and any signals and interference inside your house will not enter the grid. This may reduce the noise floor of devices in your house, and it helps to prevent TEMPEST-style EM/RF snooping of the devices in your house.
• Inject loud bursts of RF noise into the power line at every zero crossing. This will actively jam any data signals transmitted over the power line itself. It’s ineffective against wireless meters, though.
• Use a constant amount of energy every day to charge a specially isolated battery bank, and run your house’s appliances off of that battery bank instead of the grid. Your house’s smart meter will only see the energy you are using to charge the battery bank, and not what your appliances are actually using. Any remaining current and voltage spikes should be small enough to be undetectable.
• Go off the grid entirely.

The future of smart grid technology holds some disturbing technological paths as well:

• It’s entirely possible for smart grid technology to move inside the home as well. Each power outlet and appliance could have its own smart metering device built right in. This would not only allow you to monitor individual appliances, but for those individual appliances to monitor you. You could track the movement of a person through a house with this…
• A system could be developed where devices must authenticate for power.
  • This already exists (in a way) in the USB specification – you would know this if you have ever received a “USB Hub Power Exceeded” error when plugging in too many USB devices into a single unpowered hub.
  • This could be extended to the normal 120v outlets and power supplies that you use every day. Imagine going to a coffee shop, pulling out your laptop, and sneakily plugging it in to a power outlet, only to receive an error message about not having the correct encryption keys to draw the required amount of current.
  • Limits could be set with different asymmetrically encrypted data streams that must be transmitted continuously every zero crossing in order to receive certain amounts of current. If you draw too much current, the outlet will drop the voltage to keep the current draw under the limit, or just shut the power off entirely. ‘Free’ unencrypted power could be limited to something like 100mA.
  • Money could be charged to accounts linked with specific encryption keys, essentially allowing you to bill the owner of a specific appliance in a building with tons of outlets. Imagine situations like these:
    • Going to a hotel and having to pay the hotel for your electricity.
    • Having your account with the power company billed for electricity you use at someone else’s house.
    • Going to your office and having to pay for electricity that you use to charge your phone. However, the office pays for electricity that is used by an office PC plugged into the same power bar.
  • This might be like those WiFi hotspots that you have to pay for.
  • You might be thinking that this will never happen, because how would light bulbs be connected to this system? People could just unscrew the light bulb and steal power from the light socket. The answer lies in the new compact fluorescent light bulbs (CFLs) and LED lights that are being produced now. Some municipalities are now making it illegal to sell incandescent light bulbs, which means you’ll only be using CFL and LED lights in the near future.
    • Those CFL and LED bulbs already contain driver circuits (inverters, buck converters) that allow the bulb to function correctly. These bulbs are cheap enough that you just throw the entire thing away after they stop working, which means the circuit boards are mass produced cheaply. The cost of chips is going to go down as time goes on. Just add a monolithic smart grid IC to the boards’ designs and these bulbs will be able to authenticate for their power, and transmit data about their usage at the same time.
  • All devices that are not using ‘digital power’ will be phased out, like they did with digital over-the-air TV. You can buy digital converter boxes for your old ‘analog power’ appliances.

Authenticating for power is pretty disturbing on its own, but when you throw in the smart grid, it’s even worse. I hope it doesn’t have to come to this…

Related Posts:

• Tunisian government executes man-in-the-middle attack on Facebook, steals passwords and identities
• A few notes on technology, WikiLeaks, data mining, and privacy
• Tightening up server security: SSL/TLS/HTTPS tips
• FAA warns of ongoing GPS issues in southeastern US due to Defense Department ‘tests’
• DIY Solar Energy System, Part 2: Batteries
• DIY Solar Energy System, Part 1: Basic Theory and Charge Controllers
• Leaked PS3 Service Manual and CPU Exploit
• WikiLeaks deleting and editing cables – you can’t trust them
• Wouxun KG-UVD1P Handheld Tranceiver Review
• Probability analysis of the insurance.aes256 file posted by WikiLeaks