- This project received 1st award from Line Blockchain Competition!
- Korea News: https://plus.hankyung.com/apps/newsinside.view?aid=201901287542A&category=AA010&sns=y
Due to the emergence of people who can generate their own energy from Renewable Energy Sources (RESs), and the problems of central management overhead, peer-to-peer (P2P) energy trading has become a promising technology in smart grids. Blockchain technology has become popular in P2P transactions because of its disintermediation, transparency, tamper-proof transactions, and ensuring privacy and anonymity features [1, 2]. According to a report by Eurelectric in 2017, the Union of the electricity industry, more than 1000 projects are currently using Ethereum [3]. At the same time, in the absence of a central authority, the critical issue of providing security for transactions arises in decentralized systems. While research and development pertaining to the smart grid is prolific, we have observed that research into security issues in energy transactions is still limited. In this project, we identify 34 security issues in the blockchain-based P2P energy transactions and show the security limitations and speed limitations of other projects. We propose to solve these issues using blockchain technology, Transport Layer Security (TLS) cryptographic protocols, sensor checking modules, and hardware support from ARM TrustZone. We demonstrate an implementation of a smart grid node based on a Klaytn smart contract using a Samsung ARTIK Internet-of-Things (IoT) platform, a solar panel, a rechargeable battery, and a smartphone. The business model is also described in the last part of our paper.
[1] ANDONI, Merlinda, et al. Blockchain technology in the energy sector: A systematic review of challenges and opportunities. Renewable and Sustainable Energy Reviews, 2019, 100: 143-174.
[2] AITZHAN, Nurzhan Zhumabekuly; SVETINOVIC, Davor. Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams. IEEE Transactions on Dependable and Secure Computing, 2016, 15.5: 840-852.
[3] Eurelectric. Eurelectric launches expert discussion platform on blockchain, 〈http://www.eurelectric.org/news/2017/eurelectric-launches-expert-discussion-platform-on-blockchain/〉, [accessed 25 May 2019].
We investigate security issues in P2P Energy Trading Platforms and divide them into four categories: Device Security, Network, Trade System, and Data Security. The possible security issues in P2P energy trading platforms are collected from existing researches [1, 2, 3].
| Name | Description | Goal |
|---|---|---|
| Recalibration attack | This attack causes the value change of some registers that hold calibration parameters to make erroneous measurement adjustments during sensor's operation. | In the case of a Buyer, hackers adjust the current measurement sensor so that even if the hackers send less current, the buyer feels as if he or she has received more current. For Sellers, hackers lower the current measurement sensor to make them send more current to the hackers. It could be also performed for terror purpose. |
| Physical attacks such as sensor change, removal, and modification | This is an attack that physically damages or adjusts the sensor to cause the wrong recognition of power sales/purchase information. | In the case of a Buyer, hackers adjust the current measurement sensor so that even if the hackers send less current, the buyer feels as if he or she has received more current. For Sellers, hackers lower the current measurement sensor to make them send more current to the hackers. It could be also performed for terror purpose. |
| Reset attack | This attack makes the content of the energy accumulation registers to be removed. | Each time the amount of energy is read, it is executed to make it appear that little energy is stored and cannot be sold. An erroneous behavior also could be found. |
| Sleep mode attack | This attack puts the sensor into sleep mode, so that no measurements are taken. While in sleep mode, the sensor SPI interface still replies to the processor module, but the energy consumption is not accumulated. | The value cannot be read from the sensors and therefore the transaction cannot be made. |
| Changing the electrical wiring connection to other ESS | It Changes the wires connected to your ESS to be charged elsewhere. | Some, or all, of the electrical wiring is changed by the hacker to his or her home so that the ESS in the hacker's home is charged when the power deal takes place at the victim's home. |
| Injecting malicious codes into the memory of a smart meter | Hackers put malicious data or codes into the memory directly. | By putting malicious codes into the memory directly, the hacker can access critical data, monitor user key input, and connect remotely to steal user information. |
| Random number generator | Poor seed randomness helps hackers make public/private key-pair | Hackers can create public/private key-pair identical to victim’s to hijack transaction and signature. |
| Preimage attack | When a hash value is given, look for the input value to output the hash value. | The hash function is often used to authenticate data. These attacks are aimed at destroying hash functions and invalidating encryption so that data can be manipulated, faked authentication. |
| Second preimage attack | When an input value is given, look for another input that outputs hash values such as that input. | The hash function is often used to authenticate data. These attacks are aimed at destroying hash functions and invalidating encryption so that data can be manipulated, faked authentication. |
| Collision attack | This attack tries to find two inputs producing the same hash value. | The hash function is often used to authenticate data. These attacks are aimed at destroying hash functions and invalidating encryption so that data can be manipulated, faked authentication. |
| Man in the middle attack | This attack involves a middleman breaking in between two people connecting the communication, who think they have connected to the other side, but in reality the two are connected to the middleman. | The middleman eavesdrops and manipulates the information delivered from one side and forwards it to the other. |
| Packet sniffing | It is a hacking method that uses computer programs or computer hardware that can intercept or record traffic through a digital network or part of a network. | Similar to man in the middle attack, the purpose is to see important information such as ID and password. |
| Distinguishability of the profiles | Anyone can view other people's transactions on the Blockchain network. This attack analyzes the transaction patterns of etherium network accounts, matches them with people with similar patterns, | By monitoring specific users, privacy is violated. Homes which has rarely trade history can be considered deserted, so they would be easily targeted. |
| Sybil attack | This attack occurs when an actor acts as several separate entities. Since many distributed systems have no form of identity management beyond the account, any actor can create unlimited accounts. | Because many distributed systems have no form of identity management beyond accounts, a user can make a lot of accounts in P2P network to gain control of the network. |
| DDoS attack | A Denial of Service (DoS) attack is a malicious attempt to adversely affect the availability of target systems, such as websites or applications, and legitimate end users. Typically, an attacker generates a large amount of packets or requests. | The attacks paralyze and disable the network. Hackers sometimes demand money from service providers in return for stopping the attacks. |
| Spamming transactions | This attack increases the size of transactions by artificially padding valid transactions inside each other. | The attacks paralyze and disable the network. |
| Spreading illegal content | An attacker can send illegal content via message or insert illegal content into a transaction to broadcast it on the network. | The purpose of this is to record what is not legally permissible on the blockchain network. This includes illegally writing books that are banned or copyrighted. |
| Finney attack | Finney attack is an attack that must cooperate with a malicious minor. 1.The Miner creates new blocks, including transactions from the attacker's wallet address (A) to another attacker's wallet address (B), and has not broadcast them. 2.Pay from the attacker's purse address (A) to the victim's purse address (C), buy electricity and leave. 3.If attacker B broadcasts a new block, invalidate an unidentified transaction (A→C). | It is a double spending attack. The goal is to purchase power without spending. |
| Race attack | Race Attack is an attack that takes advantage of the fact that only one faster transaction is accepted in the network. 1.When purchasing a product to a seller (the victim), it sends two transactions in rapid succession. Transaction1-Transfer from attacker wallet address (A) to other attacker's wallet address (B) Transaction2-Transfer from attacker wallet address (A) to seller's wallet address (C) 2.The attacker takes the electicity and leaves. 3.The transaction with the seller is canceled with a probability of one-half, depending on the transaction that was first accepted by the other nodes, and no cryptocurrency is obtained. | It is a double spending attack. The goal is to purchase power without spending. |
| Re-entrancy | This is an issue when allowing a new call to a call contract before the initial execution of an external contract call is completed. | Hackers get the money by repeatedly executing the code which withdraws the money. |
| Timestamp dependency | This is a problem that uses timestamp as an important part of the code. Timestamp could be manipulated by minors. | Hackers manipulate timestamp to earn undue profits. |
| Transaction ordering dependency | There is a moment in the memory pool before the behavior of smart contracts appears in the network. | It's a way for hackers to know and use transaction information illegally. |
| Mishandled exceptions | This issue is generated by mishandled exceptions such as underflow and overflow. This makes unexpected behaviors in smart contract. | Hackers may not actually meet the conditions set by the smart contract author, but may be checked as satisfied, resulting in unexpected code execution. |
| External calls | This is a problems that arise when a function that is not accessible is accessible to users who are not allowed to access it. | Hackers are able to own smart contracts. They can drain all of the money which smart contract has. |
| tx.origin usage | tx.origin can set the attacker’s address as the owner of the contract. The attacker obtains full access to the smart contract funds. It should be removed from critical authorization point. | Hackers are able to own smart contracts. They can drain all of the money which smart contract has. |
| Gas costly patterns | This is a problem that stops smart contracts from operating by reaching the Gas Limit. | This attack disables the smart contract. |
| Blockhash usage | This is a problem that smart contract uses blockhach for an important code part. | Minors can manipulate it and change the output to their favor. |
| False data injection | This is an attack that the buyer or seller fakes trade system. A typical example is to pretend to have paid money or current, but not actually send it. | This is an attack that the buyer receiving power without paying the seller, or the seller receiving the money gives less power to the buyer. |
| Manipulated data | An adversary makes an attack by manipulating data from a set of smart meters. | The goal of this attack is influencing revenues of the market. |
| Memory forgery attack | Before the smart meter sends the checksum, the hacker attempts to forward pre-computed checksum. | While the defense mechanism investigates changed memory addresses, the attacker can change a position in memory where it stores the original values. |
| Parallel checksum computation attacks | This is an attack which attempts to speed up checksum computation. | The goal of this attack is to perform another illegal operation during extra time. |
| Cyber-attacks in control and commands, and bulk data | This attack is a cyber-attack in control and commands, and bulk data. | To make undue profits by demanding data as hostages or deceiving victims' smart meters with false data. Hackers make undue profits by demanding money for their data as hostages or deceiving their smart meters with false data. |
| Privacy problem such as illegal access to stored data | This attack is the act of planting reporting software into a smart meter or reading information through hacking into a smart meter. | The purpose is to read the user's confidential information and to violate privacy. |
| Eavesdropping of messages sent by smart meter | This attack secretly or stealthily listen to the smart meter's private conversation or communications without any consent. | The purpose is to read the user's confidential information and to violate privacy. |
[1] HALIM, Fatemeh; YUSSOF, Salman; RUSLI, Mohd Ezanee. Cyber Security Issues in Smart Meter and Their Solutions. International Journal of Computer Science and Network Security, 2018, 18.3: 99-109.
[2] AITZHAN, Nurzhan Zhumabekuly; SVETINOVIC, Davor. Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams. IEEE Transactions on Dependable and Secure Computing, 2018, 15.5: 840-852.
[3] DIKA, Ardit. Ethereum Smart Contracts: Security Vulnerabilities and Security Tools. 2017. Master's Thesis. NTNU.
This is the overall design of our system. It consists of cloud server which has web interface, a smart meter that becomes an electricity managing node, and an Klaytn network, a power trading system. The first thing happening on our platform is building mutual TLS (Transport Layer Security) setting between cloud server and smart meter. After setting mutual TLS, we can generate actions and send it securely. Cloud server serves website and provides options to the users (check transactions, purchase, or sell). Before sending these actions to the Klaytn network, actions should be signed with private key of the user’s account. The process of signing in TLS communication and signing in Klaytn transaction takes place in a physically separate Secure World which is not interfered with by Normal World. After signing action, serialized transaction value is generated and Secure World pass the value to the Normal World. Then, the transaction moves to the Klaytn smart contract which mediate energy seller and buyer. When energy trade occurs, smart contract matches the buyer with the seller, holds the money from the buyer until the transaction is over, and pays the seller after the transaction is over.
There are a lot of famous P2P energy trading platforms such as Ponton, LO3 Energy, Electrify, and Power Ledger. However, we can hardly find P2P energy security research or projects. P2P energy trading platforms utilize the security methods used in the past, which are dangerous. A typical example is data security. In the past, data was encrypted in the smart meter, and decrypted when used. However, smart meter now has possibility of getting memory attack, which can hack memory when the data is used. Smart contracts did not contain very important data in the past, but now it can be a serious problem as it has a number of important functions, including billing. Our system defends memory hacking by protecting sessions from independent hardware beyond data encryption. In addition, other platform mainly use Ethereum, which takes a lot of time to check transactions several times to prevent the above mentioned race attack, finney attack, and false data injection. We use Klaytn which has a quick consensus algorithm to help users make power transactions quickly. With the extensive research of security issues in P2P energy trading system, we made an implementation which can resolve each security issues. Our platform gives a quick and secure P2P energy trading system for the users.
| Name | Solution |
|---|---|
| Recalibration attack | Our system makes sure that the sensors are working properly by selling and purchasing certain amps themselves before making a power deal. If a problem occurs during this process, report to the user without proceeding the transaction. |
| Physical attacks such as sensor change, removal, and modification | Our system makes sure that the sensors are working properly by selling and purchasing certain amps themselves before making a power deal. If a problem occurs during this process, report to the user without proceeding the transaction. |
| Reset attack | Our system is protected by a separate session by a secure execution environment in the process of recalling values written in the hardware-isolated secure world when we call up the value of stored energy. |
| Sleep mode attack | Our system initializes the status of the sensors each time before trading in power. Resets the sensor to return to normal just before trading, even if it is in sleep mode. |
| Changing the electrical wiring connection to other ESS | Our ESS is being tracked by a power measurement sensor in real time. If you physically change the wiring connected to the ESS, you will be sent an error report to the user because tracking is not possible or a value change occurs. |
| Injecting malicious codes into the memory of a smart meter | A Secure Boot scheme adds cryptographic checks to each stage of the boot process. TEE and TEE related codes are validated every time by ARTIK's secure boot sequence. On top of this process, all data storage and user authentication procedures take place in a hardware-independent secure world. Even if the hackers have the Root privilege of Normal World, it is not possible to view the information in Secure World or to see what is happening in the Trust Execution Environment. |
| Random number generator | A well-designed seed generator can resolve this attack. We create a private key through the following process: 1. Create random values (entropy) 2. Generate mnemonic code from entropy 3. Create master seed with mnemonic code and passphrase 4. Generate private keys from master seed |
| Preimage attack | Although SHA-1 is broken now with this attack, Klaytn is based on Keccak-256 which is considered secure. |
| Second preimage attack | Although SHA-1 is broken now with this attack, Klaytn is based on Keccak-256 which is considered secure. |
| Collision attack | Although SHA-1 is broken now with this attack, Klaytn is based on Keccak-256 which is considered secure. |
| Man in the middle attack | We use SSL/TLS for communication. The SSL and TLS protocols allow two parties to identify, authenticate, and communicate with each other, ensuring confidentiality and data integrity. Symmetric key encryption can effectively prevent these attacks by securely encrypting and authenticating messages in this process. |
| Packet sniffing | We use SSL/TLS for communication. The SSL and TLS protocols allow two parties to identify, authenticate, and communicate with each other, ensuring confidentiality and data integrity. Symmetric key encryption can effectively prevent these attacks by securely encrypting and authenticating messages in this process. |
| Distinguishability of the profiles | The only information in our system is the trading time and the amount of electricity, and nothing else. We don't store information such as user's address or power usage patterns, so the hackers can't pose any threat just by looking at user's purchase history. |
| Sybil attack | It is prevented by IBFT (Istanbul Byzantine Fault Tolerant) consensus algorithm. If user's full node suddenly finds itself connected to fake nodes spawned by an attacker which claim that difficulty of the block they are sending you is different, user's node knows the fake blocks and discard those blocks. |
| DDoS attack | The Klaytn network introduced the concept of gas and paid for it to stop DDOS. Every command carried out on the network has to be paid by gas. |
| Spamming transactions | The gas introduced in previous section stops this attack. Gas does not have a fixed price per transaction, but it increases with the size of the transaction. If the attackers deliberately inflate the size of the transaction information to disrupt the network, they'll have to pay as much. |
| Spreading illegal content | Our system only receives numerical information for transactions. You can only enter integers, but you cannot enter a number that is too large. Therefore, it is not suitable to be used to distribute illegal information. |
| Finney attack | Unlike Ethereum, Klaytn has proposer and committee selection. This process goes randomly and deterministically, so the block propagation is deterministic in one way. |
| Race attack | Unlike Ethereum, Klaytn has proposer and committee selection. This process goes randomly and deterministically, so the block propagation is deterministic in one way. |
| Re-entrancy | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| Timestamp dependency | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| Transaction ordering dependency | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| Mishandled exceptions | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| External calls | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| tx.origin usage | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| Gas costly patterns | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| Blockhash usage | This attack is aimed at smart contract author coding mistakes. You can easily avoid these attacks if you code them according to the correct guidelines. With Remix and Mythril, you can create smart contracts, validating whether there are vulnerabilities or not in all of these attacks. |
| False data injection | The buyer does not send money to the seller directly, but pays the smart contract. Buyer checks whether power is still being sent and report to the smart contract every seconds during the power transaction. When the transaction is complete, the smart contract pays the seller the money received from the buyer. If the amount of power reported from the two smart meters is different, the smart contract will pay the seller as much as the reported charging power and refund the rest to the buyer. Normal transactions raise each other's credit rating by one, and if the transaction is cut in the middle, we reduce each other's credit by three. People with low credit are hard to deal with, so they will try to trade honestly. |
| Manipulated data | All the important data in our system is stored in a secure zone that is hardware-independent. Access here from the smart meter requires the ID and password of that session. |
| Memory forgery attack | We do all the data storing and checking in physically separate secure world memory. Therefore, "Hacker's memory readable and writable" cannot be established, which is the precursor to these attacks. |
| Parallel checksum computation attacks | We do all the data storing and checking in physically separate secure world memory. Therefore, "Hacker's memory readable and writable" cannot be established, which is the precursor to these attacks. |
| Cyber-attacks in control and commands, and bulk data | Our system uses asymmetric key cryptography (ECDSA and secp256k1) to encrypt, and this command encryption occurs in secure world. |
| Privacy problem such as illegal access to stored data | We store data in a hardware-independent secure world. The process of storing or recalling this data is also safely handled by opening a secure session in the secure world. The data they can see is already encrypted by asymmetric keys in the secure world and cannot be hacked. |
| Eavesdropping of messages sent by smart meter | When our system performs important authentication or processing of data, it opens, processes, and returns secure sessions in a hardware-independent secure world. The returned data is encrypted by an asymmetric key and cannot be hacked. |
With the evolution of the electrical grid and the ability of individuals to harvest and sell renewable green energy, the network in a smart grid is moving toward a decentralized network structure such as a peer-to-peer network. The inherent value-exchange mechanism embedded in blockchain technology makes it a promising candidate for implementing energy trading in smart grids, and most of the smart grid projects that address security issues adopt blockchain as a solution to security issues.
Although the heavy encryption and distributed nature of a blockchain network enhances its ability to solve today’s smart grid security, it is apparent that this approach solves only part of the problem. We addressed 34 security issues in a smart grid, as identified by 23 studies.
In an effort to provide security in all of these areas, we incorporated OpenSSL TLS encryption, ARM Trustzone, sensor checking algorithm, and Klaytn to provide trust and privacy in fast trading condition. A mini smart grid was implemented with an ARTIK IoT platform, a relay module, a current sensor, a smartphone, a rechargeable battery, and a solar panel. The software modules were implemented on this system.
With 1.5 billion electric meters around the world, about 50 percent have been replaced by smart meters, and the share of smart meters continues to grow, according to the 2018 survey. Also, the global smart meter market is forecast to grow 9.34 percent annually from $12.79 billion in 2017, reaching $19.98 billion in 2022. Major corporations in the smart meter market are Landis+Gyr (Japan), Itron Inc. (USA), Honeywell International (USA), Sensus (USA), Kamstrup A/S (Denmark), and Schneider Electric (France). These companies do not have a P2P energy trading platform.
However, EVlock is a P2P energy trading platform. In addition, smart meters should be used together to make a reliable transaction. Users who use the P2P energy trading platform to make reliable transactions fast and cheap will be able to use our platform to take advantage of fast, secure and cheap transactions, which will allow EVlock to increase its share of the smart meter market.
There is no one who doesn't use electricity, so smart meters will become essential devices in life in the near future. And smart meters have the ability to pay for a transaction, and basically have high specifications. When these factors are put together, they are likely to be used to replace the existing home IOT.
Moreover, smart meters are not products that end with primary sales alone. Just as smartphone users use applications, applications can be used in smart meters. We plan to support applications so they can be used in EVlock's blockchain network. Developers targeting users of EVlock will develop many useful applications for smart meters. We also expect to use our products to use useful applications made by developers. Therefore, the EVlock ecosystem can be finally established.
