DERauth: A Battery-based Authentication Scheme for Distributed Energy Resources

Over the past decades, power systems have experienced drastic transformations in order to address the growth in energy demand, reduce carbon emissions, and enhance power quality and energy efficiency. This shift to the smart grid concept involves, among others, the utilization of distributed energy resources (DERs) such as rooftop solar panels and storage systems, contributing towards grid decentralization while improving control over power generation. In order to seamlessly integrate DERs into power systems, embedded devices are used to support the communication and control functions of DERs. As a result, vulnerabilities of such components can be ported to the industrial environment. Insecure control networks and protocols further exacerbate the problem. Towards reducing the attack surface, we present an authentication scheme for DERs, DERauth, which leverages the inherent entropy of the DER battery energy storage system (BESS) as a root-of-trust. The DER authentication is achieved using a challenge-reply mechanism that relies on the corresponding DER's BESS state-of-charge (SoC) and voltage measurements. A dynamically updating process ensures that the BESS state is up-to-date. We evaluate our proof-of-concept in a prototype development that uses lithium-ion (li-ion) batteries for the BESS. The robustness of our design is assessed against modeling attacks performed by neural networks.