Application of Spritz Encryption for Improving Cyber Security and Privacy for Electrical Smart Meters

Abstract

The electrical grid has been undergoing improvements by integrating advanced communication to convert it to a better system known as Smart Grid. Better communication makes Smart Grid better, but it also makes it vulnerable to problems associated to telecommunications. This thesis aims to reduce the problem of privacy leakage and cyber security in electrical smart meters by applying fast and secure cryptography. Smart meters have limited computational capacity, thus care is needed when choosing an algorithm to use, without compromising on security. Researchers have found severe weaknesses in the first version of Open Smart Grid Protocol (OSGP) which used the popular RC4 (Rivest Cipher 4) encryption algorithm to secure smart meters. With OSGP being broken, there is need for a more secure encryption algorithm for smart meters. In this thesis, Spritz, an encryption algorithm developed in 2014, was examined and found to have suitable properties for smart meters. It offers good security while introducing fairly low computational overhead. Encryption was tested using data from a typical household over a 24-hour period. This data was extracted from a graph using image processing. After encryption, a plot of the data showed that it appeared random and thus obscuring a customer’s usage patterns. Data privacy was thus achieved since data mining techniques can no longer work. Spritz was compared to RC4 in terms of performance speed and found to be slower by a small margin. Encryption with Spritz took on average 0.851 milliseconds (compared to 0.449ms for RC4), which would not adversely affect the operation of a smart meter, being less than 2 times slower. A key generation method is also presented for creating cryptographic keys from meter numbers. A test of 100 keys from consecutive meter numbers revealed that adjacent keys had, on average, about half the bits being different bits (49.39%) being different. To compare the strength of Spritz to RC4, attacks were mounted against weakened versions of the ciphers. The time taken to break Spritz was found to be considerably higher than RC4. For an 8 bit key, it took over 3 times longer to break Spritz than RC4. Thus although Spritz is slightly slower, it is significantly more secure than RC4 and is thus a better candidate for smart meter encryption.