Authentication on high critical infrastructures using interoperable federated identities
نویسندگان
چکیده
The technical guideline TR-03109 divides between the roles of the SMGW technician and the Gateway administrator whereas the Gateway administrator gains full access to the SMGW and the service technician has only very limited access rights. In many scenarios the service technician will also need full access to the Smart Meter Gateway which means that he must be able to change its role. Federated identities can help to create a solution that keeps the strict role enforcement between service technician and Gateway Administrator. This article presents an approach on the background of the current Smart Grid development and identity technology adopting approaches used for the German national ID card. A short discussion pertaining threats and risks completes the discussion. 1 Smart Grid Infrastructures – German approach Based on the European Directive 2003/54/EG the EU member states are required to introduce intelligent measurement devices for electricity. The German government regulates this requirement in the law on energy industry (Energiewirtschaftsgesetz – EnWG), especially in §21c, §21d and §21e. The ministry of economics (BMWi) requested the Federal Agency for Security in Information Technology (Bundesamt für Sicherheit in der Informationstechnik BSI) to set up a technical guideline [3109-1] and Common Criteria protection profile [PP] addressing security and interoperability. The German smart grid approach requires a gateway component for data collection, consumption displaying and secure communication with meters, users and external entities. This component is called “Smart Meter Gateway (SMGW)”. The Smart Meter Gateway itself is not a measurement device; it is a data aggregation and communication unit that protects the privacy, integrity and authenticity of the consumer data during local storage and network communication. A hardware security module is built into the Smart Meter Gateway for protection of key material and cryptographic operations. Three logical and physical distinct networks are defined for the Smart Meter Gateway: • The Wide Area Network (WAN)
منابع مشابه
Durchgängiges Identity-Management und interoperable E-Portfolios zur Unterstützung lebenslangen Lernens
The transformation of our society into a knowledge society has made lifelong learning and education in general the predominant topics. Various education initiatives and statistics initiated by politicians emphasize the necessity of sustainable knowledge management. The global labour market also confronts people with completely new challenges. The technological progress and short half-life of kn...
متن کاملA Federated Authorization and Authentication Infrastructure for Unified Single Sign On
Currently federated authorization and authentication infrastructures are deployed to offer services to large groups of users while increasing the usability and scalability of the security architecture. Connection of domains using a variety of technologies brings new challenges and requires the utilization of standardized communication languages between these components. The presented architectu...
متن کاملFederating e-identities across Europe, or how to build cross-border e-services
This work discusses the main challenges and requirements of technical and legal authentication interoperability in eservices involving organizations from different countries. We present the Stork cross-border authentication framework that satisfies these requirements by establishing interoperability between existing European national eID infrastructures in a federated manner. As a sample applic...
متن کاملCore Structure Elements Architectures to Facilitate Construction and Secure Interconnection of Mobile Services Frameworks and Advanced IAM Systems
The impressing penetration rates of electronic and mobile networks provide the unique opportunity to organizations to provide advanced e/mservices, accelerating their entrance in the digital society, and strengthening their fundamental structure. Service Oriented Architectures (SOAs) is an acknowledged promising technology to overcome the complexity inherent to the communication among multiple ...
متن کاملPRIMA: Privacy-Preserving Identity and Access Management at Internet-Scale
The management of identities on the Internet has evolved from the traditional approach (where each service provider stores and manages identities) to a federated identity management system (where the identity management is delegated to a set of identity providers). On the one hand, federated identity ensures usability and provides economic benefits to service providers. On the other hand, it po...
متن کامل