Assessing Insider Attacks and Privacy Leakage in Managed IoT Systems for Residential Prosumers

Abstract

The transition towards the massive penetration of Renewable Energy Resources (RESs) into the electricity system requires the implementation of the Smart Grid (SG) paradigm with innovative control systems and equipment. In this new context, Distributed Energy Resources (DERs), including renewable sources and responsive loads, should be redesigned to enable aggregators to provide ancillary services. In fact, by using the Internet of Things (IoT) systems, aggregators can explore energy usage patterns from residential users, also known as prosumers and predict their services. This is undoubtedly important especially for SGs facing the presence of several RESs, where understanding the optimal match between demand and production is desirable from several points of view. However, revealing energy patterns and information can be of concern for privacy if the entire system is not properly designed. In this article, by assuming that the security of low-level communication protocols is guaranteed, we focus our attention at higher levels, in particular at the application level of managed IoT systems used by aggregators. In this regard, we provide an overview of the best practices and outline possible privacy leakages risks along with a list of correlated attacks.