Back in the late 80’s I worked on ANSI banking key management standards as a NSA representative. I was particularly active in writing and editing the retail key management standard which dealt with one-to-many banking transactions such as ATM machines and point of sale units. This standard was very different than wholesale key management that dealt with securing bank-to-bank transactions.

Control systems have much in common with retail banking from a crypto perspective:

• A small number of master units talking with many 1000’s of field units
• Field unit cost is extremely important because there will be so many units
• The field site units may have limited power - - processing and electric
• The field sites may have limited bandwidth so overhead must be minimized

There is one additional similarity with Automated Metering Infrastructures and retail banking. Both are passing transaction information with a financial impact. That’s right, AMI is a control system application that does directly affect financial systems.

The one-to-many nature of control systems goes beyond AMI. In fact most SCADA networks will have a small number, typically two or four, communication gateways that communicate with 50, 100, 500, … PLC’s or RTU’s. So this is an interesting research problem, and this is the first research I’ve seen addressing it.

Grant Gilchrist of EnerNex, who doesn’t come at this from a banking background, will propose an authentication protocol and the associated key management that will work in this constrained environment. AMI or AMR is an extreme example of one-to-many environments with literally millions of endpoints at homes and businesses. This is an area of passion for the EnerNex team as they have recently founded AMI-SEC.