Novos métodos para prover segurança à comunicação no âmbito de redes elétricas inteligentes

Abstract

Information and communication technologies (ICT) incorporated into the power grid allows the full implementation of the smart grids (SG) concept. Among the segments of the power grid, providing this integration to energy distribution systems is a major challenge due to the vast geographic dispersion, and high number of devices. Furthermore, it is imperative to guarantee the security of the information exchanged for each application of SG, ensuring several essential security aspects, such as authenticity, integrity, availability, confidentiality, non-repudiation, and anonymity. Thus, this thesis proposes a data-driven distributed data security system called Secure Communications Platform (SCP), acting in the form of a framework to provide secure communications to each application. For this, it uses application profiles, called Application Data Profile (ADP), which determine the security prerogatives to be met by an application, associated with the Application Data Context (ADC) that specifies the set of devices which must communicate each other in the context of a particular application. The ADC is based on a Public Key Infrastructure (PKI) architecture, where authorization information is summarized through a high-performance data structure called the cuckoo filter. The information is propagated in the distribution system through an overlay network and, once available on the device, the entire authentication and authorization process is performed locally, without the need to contact the third part. None of the related works showed a security system based on this format that allows the authentication to be performed locally in an efficient and scalable way considering the communication contexts of an application. SCP presents security solutions for unicast and multicast traffic to the Advanced Metering Infrastructure (AMI) scenario, providing the security prerogatives required by each application integrated into the same platform. Tests were performed for the proposed platform in a network emulator, where the prototype applications were implemented considering parameters and real aspects of the networks to which they apply, through the use of the CORE emulator application. The tests not only demonstrate the viability of the architecture but also show high efficiency in the treatment of undue connection requests, rejecting them quickly, as well as the effectiveness of the proposed multicast system, thus reducing the use of resources and contributing to higher availability services and applications of the SG distribution segment.