Internet of Things (IoT) based Solar Energy System security considerations
1. 1
SMARTSOLARPANEL - SECURITYAND CHALLENGES
SIMPA ENERGY INDIA
SIMPANETWORKS,INC.
Simpa sells solar power systems on financing to households and shops in rural India.
Bohitesh Misra
Vice President – IT & BI
Simpa Networks, Inc.
Email: bohitesh.misra@gmail.com
2. 2
100million
households
with no connection
to the electricity grid
or inadequate supply
500million
people
relying on kerosene
as primary source
of lighting
multi-billion
dollar opportunity for
solar-as-a-service
in rural India
THE PROBLEM
AND OPPORTUNITY
OUR AIM
SIMPA WILLCREATE10MILLIONSOLARROOFTOPSIN
10YEARS
3. 3
SIMPA EVOLUTION
Registered in
United States
in 2011
Inception
Started
operations in
Karnataka in
2011. Moved to
Uttar Pradesh
in 2013
Operation
Reached
29,500
customers by
February 2017
Scale up
01 THE COMPANY
Startup, growth stage. award-
winning with experienced
leadership team.
energy poverty
02 THE PROBLEM
03 OUR SOLUTION
solar-as-a-service
for the energy-poor
4. 4
AWARDS & RECOGNITION
‘Make in India’ Award
• July, 2016
• The India Today ‘Make
in India’ Award in the
Renewable Energy
category
Millennium Alliance
Award
• April, 2016
• Award sponsored by
FICCI for clean energy
sector.
Parivartan Award
• October 2015
• Sustainability
Leadership Awards
2015 in Delhi
Climate Solver Award,
WWF
• September 2015
• Energy Access
category- recognized in
the Distributed
Renewable Energy
category
May 2015: OPIC Impact Award in the renewable energy category which recognized
exceptional achievement in international private-sector development.
November 2014: Off-Grid Energy Challenge Award as part of The Climate Group’s
access to rural energy project in India, Bijli – Clean Energy for All.
5. 5
5, 890,151
clean energy
days bought
1.003
GWh of clean energy
generated
3,500
solar
entrepreneurs
empowered
1471
tons of CO2
emissions saved
1500
rural jobs created
139,297
people with
clean energy
48%
female
beneficiaries
served
As of December 2016
OUR IMPACT TODAY
6. 6
OUR CUSTOMERS
off-grid households poor-grid households micro-enterprises
energy-poor households and micro-enterprises in rural India
rural households with no
connection to the national
electricity grid.
aspirational, investing in a
brighter future for their
children
rural households getting less
than 12 hours per day from
unreliable grid
needing reliable back-up for
lighting and cooling to survive
the blistering summer heat
small shops such as tea stalls,
village shops, and restaurants
located in areas where staying
open later will generate new
income every day
Existing
Solutions
• Kerosene & candles: dirty and expensive.
• Small solar lanterns: cheap, but inadequate and poor quality.
• Local Solar Products on cash: too expensive, too risky.
• Bank financed SHS: advertised, but not readily available. Also too risky.
8. 8
SIMPA : PRODUCT RANGE
Solar Home Systems Charging Systems TV Entertainment System
Plug n Play Systems Power House Systems
Solar as a service
9. 9
SIMPA : IOT SOLUTION
Requirement of Solar energy meter system
• Tracking of power usage, payment, alerts and activations
• Pay-as-you-Go
• True Solar-As-A-Service
• Tamper protection
• Control moved closer to source
• Bluetooth Connectivity for Recharge, Balance and Monitoring
• Consumption based metering
• Energy Credit monitoring
10. 10
SIMPA : IOT SOLUTION
Features of IoT Solution
• GSM/GPRS module with an M2M embedded SIM to transmit the required information
to the host server
• MCU+BLE chip for all calculation and processing,
• Flash memory to store information for backup
• Temperature sensor to monitor the ambient temperature
• Circuitry to sense the input voltage, input current or reverse voltage
• The device to be powered from the SPV input power
11. 11
WHAT IS IOT?
• The Internet of Things (IoT) refers to the
ever-growing network of physical objects
that feature an IP address, and the
communication that occurs between these
objects and other Internet-enabled devices
and systems.
13. 13
IOT SOLUTIONS
Mobility
Drinking water
Waste water
Pollution
Fire safety
Medical emergency
Public Order
Cities
Flooding
Waste treatment
Energy
Grid
Gas distribution
Solar & wind energy
Fuel distribution
Power plant
Nuclear waster
Oil & gas production
Coal Mines
Toll roads
Monitor traffic
Air traffic control
Public transport
Traffic reports
Road network
Violations
Airports
Taxi
Healthcare
Patient
Mobile care
Surgical equipment
Monitoring
Implants
Tooling
Labs
Radiology
DiabetesSafety
Buildings
Water
Lifts and escalators
Fire safely, Pollution, drinking water, traffic
Light, water, air, power, lifts, sign posts
Solar, wind, power plants, oil & gas plants
Patients, labs, implants, monitoring,
Traffic, violations, air traffic, tolls, taxi
15. 15
IOT SECURITY ISSUES
• August 2014, a sweep of more than 32,000 devices found “at least 2000 devices
with hard-coded Telnet logins.
• IoT devices may also act as wireless access points (WAPs).
• There has been a rise in IoT devices being hacked and added to botnets to
order to carry out malicious attacks
• IoT devices are typically tiny and lack physical security or are locked to factory
default passwords
• These small internet connected devices often have low computing power,
making them too weak to support advanced encryption
16. 16
IOT SECURITY CONSIDERATIONS
• Device Considerations
– Are communications encrypted?
– Is storage encrypted?
– How is logging performed? Is there logging and alerting?
– Is there an updating mechanism?
– Are there default passwords?
– What are the offline security features?
– Digitally signed and encrypted firmware is a necessity
• Gateway considerations
– Is there replay and denial of service defensive capabilities?
– Is there local storage? Is it encrypted?
– Is there anomaly detection capability?
17. 17
IOT SECURITY CONSIDERATIONS
• Cloud considerations
– Is there a secure web interface?
– Is there security event reporting?
– How are 3rd party components tracked and updated?
– Is there an audit capability?
– Is there complex, multifactor authentication allowed?
• Mobile considerations
– What countermeasures are in place for theft or loss of device?
– Does the mobile authentication degrade other component security?
– Is local storage done securely?
– Is there an audit trail of mobile interactions?
– Can mobile be used to enhance authentication for other components?
18. 18
Category IoT Security Consideration Recommendations
I1: Insecure Web Interface •Ensure that any web interface coding is written
to prevent the use of weak passwords
When building a web interface consider
implementing lessons learned from web
application security.
I2: Insufficient Authentication
/ Authorization
•Ensure that applications are written to require
strong passwords where authentication is needed
Refer to the OWASP Authentication Cheat Sheet
I3: Insecure Network Services •Ensure applications that use network services
don't respond poorly to buffer overflow, fuzzing
Try to utilize tested, proven, networking stacks
and interfaces that handle exceptions gracefully.
I4: Lack of Transport
Encryption
•Ensure all applications are written to make use of
encrypted communication between devices
Utilize encrypted protocols wherever possible to
protect all data in transit
I5: Privacy Concerns •Ensure only the minimal amount of personal
information is collected from consumers
Data can present unintended privacy concerns
when aggregated
I6: Insecure Cloud Interface •Ensure all cloud interfaces are reviewed for
security vulnerabilities, e.g. API interfaces and
cloud-based web interfaces
Cloud security presents unique security
considerations, as well as countermeasures.
I7: Insecure Mobile Interface •Ensure that any mobile application coding is
written to disallows weak passwords …
Mobile interfaces to IoT ecosystems require
targeted security. Consult the OWASP Mobile
I8: Insufficient Security
Configurability
•Ensure applications are written to include
password security options or enabling two-factor
authentication
Security can be a value proposition. Design
should take into consideration a sliding scale of
security requirements
I9: Insecure
Software/Firmware
•Ensure all applications are written to include
update capability and can be updated quickly …
Many IoT deployments are either brownfield
and/or have an extremely long deployment
cycle...
I10: Poor Physical Security •Ensure applications are written to utilize a
minimal number of physical external on the
device
Plan on having IoT edge devices fall into
malicious hands.
OWASPIOT TOP 10