DERauth: A Battery-based Authentication Scheme for Distributed Energy Resources

TL;DR

DERauth introduces a novel battery-based authentication scheme for distributed energy resources, utilizing the inherent entropy of BESS for secure, challenge-response authentication to enhance grid security.

Contribution

The paper proposes a new authentication method for DERs using BESS state-of-charge and voltage, addressing security vulnerabilities in smart grid control networks.

Findings

Prototype implementation with lithium-ion batteries demonstrates feasibility.

Authentication scheme resists neural network-based modeling attacks.

Dynamic BESS state updates improve security robustness.

Abstract

Over the past decades, power systems have experienced drastic transformations in order to address the growth in energy demand, reduce carbon emissions, and enhance power quality and energy efficiency. This shift to the smart grid concept involves, among others, the utilization of distributed energy resources (DERs) such as rooftop solar panels and storage systems, contributing towards grid decentralization while improving control over power generation. In order to seamlessly integrate DERs into power systems, embedded devices are used to support the communication and control functions of DERs. As a result, vulnerabilities of such components can be ported to the industrial environment. Insecure control networks and protocols further exacerbate the problem. Towards reducing the attack surface, we present an authentication scheme for DERs, DERauth, which leverages the inherent entropy of the DER battery energy storage system (BESS) as a root-of-trust. The DER authentication is achieved using a challenge-reply mechanism that relies on the corresponding DER's BESS state-of-charge (SoC) and voltage measurements. A dynamically updating process ensures that the BESS state is up-to-date. We evaluate our proof-of-concept in a prototype development that uses lithium-ion (li-ion) batteries for the BESS. The robustness of our design is assessed against modeling attacks performed by neural networks.