Periodic Reporting for period 2 - SealedGRID (Scalable, trustEd, and interoperAble pLatform for sEcureD smart GRID)
Période du rapport: 2020-01-01 au 2022-12-31
The SealedGRID project aimed to achieve a scalable, highly trusted and interoperable SG security platform to abide by the recommendation of the EC and the existing standardization work. Towards this direction, SealedGRID has been committed to creating a fully-integrated and multi-disciplinary programme, while all efforts and funding were focused on this purpose. In harmony with the scope of the MSCA RISE call, SealedGRID targeted and succeeded the following general, research and technological outcomes.
General Outcomes: 1) To both enhance and promote the industry-academia cooperation, and create a long-term cooperation programme among beneficiaries, towards devising a secure platform tailored to the SG characteristics; 2) To organise secondments of ERs and ESRs with the main objective to foster exchange of knowledge and strengthen the collaboration among academia and industry, as well as putting in place mechanisms to take advantage of the acquired know-how; 3) To conduct top-notch research complemented by practical experimentations and measurements, besides pursuing research excellence at national, European and international levels; 4) To develop a high quality knowledge sharing and career plans that are personalized to the needs of ERs and ESRs and are in agreement with the short- and long-term objectives of the RISE programme; 5) To offer to each seconded researcher top-level knowledge-sharing programmes, equipment, facilities and real-life experimentation platforms with a view to reinforcing their own background and complementing it with the active participation in a multi-disciplinary programme between industry and academia; 6) To organise networking activities to foster sharing of knowledge among the participants of the project, as well as disseminating the results of SealedGRID to the widest possible scientific and industrial communities.
Research Outcomes: 1) Analysis, design and optimization of key management and authentication in the SG; 2) Analysis, design and optimization of trusted computing and privacy protection in the SG; 3) Analysis, design and optimization of authorization and security interoperability mechanisms.
Technological Outcomes: 1) Design and development of simulation/emulation tools; 2) Design and development of a proof of concept testbed; 3) Assessment and release of a prototype.
The final result of the project was a platform that includes the following modules: 1) Key management and Authentication; 2) Trusted Computing and Privacy Protection and 3) Authorization and Security Interoperability.
By the end of the project the following goals have been achieved: 1) The SealedGRID platform was presented to the interested stakeholders; 2) The participating secondees have gained cross-sectorial research knowledge; 3) The secondees have widened their network circle; 4) They have assisted the strong connection between industry and academia; 5) They will have participated and become familiar with state-of-the-art technologies and have obtained and increased scientific skills; 6) They have found new potential that may be helpful in their career development either as independent researchers or as prominent engineers inside their institution; 7)The cross-national notion of the secondments will also contribute to the researcher’s personal development and fulfillment.
The geographical mobility will indirectly set a new culture and enhance the lifestyle of the participants. They may participate in multicultural research teams and experience the benefits of cultural diversity. Not only will the SealedGRID platform impact the participated fellows and the beneficiaries but it also benefit to utility companies, distribution operators, security companies and the European and global society.
General Outcomes: 1) To both enhance and promote the industry-academia cooperation, and create a long-term cooperation programme among beneficiaries, towards devising a secure platform tailored to the SG characteristics; 2) To organise secondments of ERs and ESRs with the main objective to foster exchange of knowledge and strengthen the collaboration among academia and industry, as well as putting in place mechanisms to take advantage of the acquired know-how; 3) To conduct top-notch research complemented by practical experimentations and measurements, besides pursuing research excellence at national, European and international levels; 4) To develop a high quality knowledge sharing and career plans that are personalized to the needs of ERs and ESRs and are in agreement with the short- and long-term objectives of the RISE programme; 5) To offer to each seconded researcher top-level knowledge-sharing programmes, equipment, facilities and real-life experimentation platforms with a view to reinforcing their own background and complementing it with the active participation in a multi-disciplinary programme between industry and academia; 6) To organise networking activities to foster sharing of knowledge among the participants of the project, as well as disseminating the results of SealedGRID to the widest possible scientific and industrial communities.
Research Outcomes: 1) Analysis, design and optimization of key management and authentication in the SG; 2) Analysis, design and optimization of trusted computing and privacy protection in the SG; 3) Analysis, design and optimization of authorization and security interoperability mechanisms.
Technological Outcomes: 1) Design and development of simulation/emulation tools; 2) Design and development of a proof of concept testbed; 3) Assessment and release of a prototype.
The final result of the project was a platform that includes the following modules: 1) Key management and Authentication; 2) Trusted Computing and Privacy Protection and 3) Authorization and Security Interoperability.
By the end of the project the following goals have been achieved: 1) The SealedGRID platform was presented to the interested stakeholders; 2) The participating secondees have gained cross-sectorial research knowledge; 3) The secondees have widened their network circle; 4) They have assisted the strong connection between industry and academia; 5) They will have participated and become familiar with state-of-the-art technologies and have obtained and increased scientific skills; 6) They have found new potential that may be helpful in their career development either as independent researchers or as prominent engineers inside their institution; 7)The cross-national notion of the secondments will also contribute to the researcher’s personal development and fulfillment.
The geographical mobility will indirectly set a new culture and enhance the lifestyle of the participants. They may participate in multicultural research teams and experience the benefits of cultural diversity. Not only will the SealedGRID platform impact the participated fellows and the beneficiaries but it also benefit to utility companies, distribution operators, security companies and the European and global society.
The project started with the reference platform architecture that was delivered in the first project year. In this architecture, the fellows defined the use-cases, the requirements, the candidate technologies and the communication between the involved entities. The next step was the release of the key-management component that is responsible for actions of join/leave for the nodes. This component is based on WoT and supports decentralized creation, distribution, exchange and revocation of certificates. Its final version was based on digital certificates and blockchain technology. Also, the first version of the authorization component was released in the end of the second year, based on a hybrid access control mechanism comprising RBAC and ABAC. Its final version was submitted at the end of the third year, including security interoperability by implementing SSO protocols and contain the trust computing module. The trust computing module was released around the middle of the project, containing the following features: 1) root-of-trust; 2) remote attestation mechanism and 3) a secure application execution mechanism that provides a complete assurance that the application was not altered before and during execution. The final version was released at the end of the third year. The SealedGRID consortium has successfully delivered the SealedGRID final platform at the end of the fifth year, containing all the SealedGRID modules as a result of platform integration. The consortium also organized and participated in many events to promote and disseminate its goals, impact and progress. The feedback from the audience and stakeholders was very positive since there is interest in learning about it. Moreover, there are many publications which promote the project progress, appearing in well-known journals and conferences.
SealedGRID consortium committed itself to going beyond the state of the art from the early beginning of the project. First and fore most the Key-management component submitted in the M18 was a revolutionary idea. This was accepted and published in the well-know journal IEEE Transactions on Industrial Informatics, 2019. It utilizes authentication based on digital certificates based on WoT and supports decentralized creation, distribution, exchange and revocation of the used certificates and integrates the technology of the trust execution environment. This is the first hybrid key management and authentication scheme that combines PKI and WoT concepts in microgrids. The utilization of trusted computing is also revolutionary in the SG ecosystem since we aim to achieve in parallel the highest security and the best efficiency. Furthermore, the utilization of MASKER provides the SealedGRID with a privacy-preserving metering data aggregation mechanism based on masking to achieve private data protection, efficiency, low resource complexity, economic feasibility and scalability. Moreover, it will protect against non-repudiation. Consumption related data will be protected with established trust relationships from the key management component, while all operations will be executed in the protected environment of the trusted computing component. Finally, the implementation of the authorization mechanism will be based on a hybrid RBAC and ABAC.