Analysing data acquired from one or more buildings (through specialist sensors, energy generation capability such as PV panels or smart meters) via a cloud-based Local Energy Management System (LEMS) is increasingly gaining in popularity. In a LEMS, various smart devices within a building are monitored and/or controlled to either investigate energy usage trends within a building, or to investigate mechanisms to reduce total energy demand. However, whenever we are connecting externally monitored/controlled smart devices there are security and privacy concerns. We describe the architecture and components of a LEMS and provide a survey of security and privacy concerns associated with data acquisition and control within a LEMS. Our scenarios specifically focus on the integration of Electric Vehicles (EV) and Energy Storage Units (ESU) at the building premises, to identify how EVs/ESUs can be used to store energy and reduce the electricity costs of the building. We review security strategies and identify potential security attacks that could be carried out on such a system, while exploring vulnerable points in the system. Additionally, we will systematically categorize each vulnerability and look at potential attacks exploiting that vulnerability for LEMS. Finally, we will evaluate current counter measures used against these attacks and suggest possible mitigation strategies.


Internet of Things Security and privacy Smart grids 



This work was carried out in the InnovateUK/EPSRC-funded “Ebbs and Flows of Energy Systems” (EFES) project.


  1. 1.
    Ashton, K.: That ‘internet of things’ thing. RFiD J. 22(7), 97–114 (2009)Google Scholar
  2. 2.
    Barcena, M.B., Wueest, C.: Insecurity in the internet of things. In: Security Response, Symantec (2015)Google Scholar
  3. 3.
    Bera, S., Misra, S., Rodrigues, J.J.: Cloud computing applications for smart grid: a survey. IEEE Trans. Parallel Distrib. Syst. 26(5), 1477–1494 (2015)CrossRefGoogle Scholar
  4. 4.
    Bhattasali, T., Chaki, R., Sanyal, S.: Sleep deprivation attack detection in wireless sensor network. arXiv preprint arXiv:1203.0231 (2012)
  5. 5.
    Diaz-Montes, J., AbdelBaky, M., Zou, M., Parashar, M.: CometCloud: enabling software-defined federations for end-to-end application workflows. IEEE Internet Comput. 19(1), 69–73 (2015)CrossRefGoogle Scholar
  6. 6.
    Diaz-Montes, J., Xie, Y., Rodero, I., Zola, J., Ganapathysubramanian, B., Parashar, M.: Exploring the use of elastic resource federations for enabling large-scale scientific workflows. In: Proceedings of Workshop on Many-Task Computing on Clouds, Grids, and Supercomputers (MTAGS), pp. 1–10 (2013)Google Scholar
  7. 7.
    Dierks, T.: The transport layer security (TLS) protocol version 1.2 (2008)Google Scholar
  8. 8.
    Dlamini, M., Eloff, M., Eloff, J.: Internet of things: emerging and future scenarios from an information security perspective. In: Southern Africa Telecommunication Networks and Applications Conference (2009)Google Scholar
  9. 9.
    Falk, R., Fries, S.: Managed certificate whitelisting-a basis for internet of things security in industrial automation applications. In: SECURWARE 2014, p. 178 (2014)Google Scholar
  10. 10.
    Farooq, M., Waseem, M., Khairi, A., Mazhar, S.: A critical analysis on the security concerns of internet of things (IoT). Int. J. Comput. Appl. 111(7), 1–6 (2015)Google Scholar
  11. 11.
    Fossati, T., Tschofenig, H.: Transport layer security (TLS)/datagram transport layer security (DTLS) profiles for the internet of things. Transport (2016)Google Scholar
  12. 12.
    Frier, A., Karlton, P., Kocher, P.: The ssl 3.0 protocol, vol. 18, p.2780. Netscape Communications Corporation (1996)Google Scholar
  13. 13.
    Garcia-Morchon, O., Kumar, S., Struik, R., Keoh, S., Hummen, R.: Security considerations in the IP-based internet of things (2013)Google Scholar
  14. 14.
    Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S.L., Kumar, S.S., Wehrle, K.: Security challenges in the IP-based internet of things. Wirel. Personal Commun. 61(3), 527–542 (2011)CrossRefGoogle Scholar
  15. 15.
    Hummen, R., Wirtz, H., Ziegeldorf, J.H., Hiller, J., Wehrle, K.: Tailoring end-to-end IP security protocols to the internet of things. In: 21st IEEE International Conference on Network Protocols (ICNP), pp. 1–10. IEEE (2013)Google Scholar
  16. 16.
    Jha, A., Sunil, M.: Security considerations for internet of things. L&T Technology Services (2014)Google Scholar
  17. 17.
    Ji, L., Lifang, W., Li, Y.: Cloud service based intelligent power monitoring and early-warning system. In: Innovative Smart Grid Technologies-Asia (ISGT Asia), pp. 1–4. IEEE (2012)Google Scholar
  18. 18.
    Jing, Q., Vasilakos, A.V., Wan, J., Lu, J., Qiu, D.: Security of the internet of things: perspectives and challenges. Wirel. Netw. 20(8), 2481–2501 (2014)CrossRefGoogle Scholar
  19. 19.
    Kasinathan, P., Pastrone, C., Spirito, M.A., Vinkovits, M.: Denial-of-service detection in 6LoWPAN based internet of things. In: IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 600–607. IEEE (2013)Google Scholar
  20. 20.
    Kim, H., Kim, Y.-J., Yang, K., Thottan, M.: Cloud-based demand response for smart grid: architecture and distributed algorithms. In: IEEE International Conference on Smart Grid Communications (SmartGridComm), pp. 398–403. IEEE (2011)Google Scholar
  21. 21.
    Krishnaswami, J.: Denial-of-service attacks on battery-powered mobile computers. Ph.D. thesis, Virginia Polytechnic Institute and State University (2004)Google Scholar
  22. 22.
    Laustsen, J.: Energy efficiency requirements in building codes, energy efficiency policies for new buildings. Int. Energy Agency (IEA) 2, 477–488 (2008)Google Scholar
  23. 23.
    Li, X., Lo, J.-C.: Pricing and peak aware scheduling algorithm for cloud computing. In: Innovative Smart Grid Technologies (ISGT), IEEE PES, pp. 1–7. IEEE (2012)Google Scholar
  24. 24.
    Li, X., Lu, R., Liang, X., Shen, X.: Side channel monitoring: packet drop attack detection in wireless ad hoc networks. In: IEEE International Conference on Communications (ICC), pp. 1–5. IEEE (2011)Google Scholar
  25. 25.
    Li, X., Lu, R., Liang, X., Shen, X., Chen, J., Lin, X.: Smart community: an internet of things application. IEEE Commun. Mag. 49(11) (2011)Google Scholar
  26. 26.
    Li, Z., Parashar, M.: A computational infrastructure for grid-based asynchronous parallel applications. In: Proceedings of the 16th International Symposium on High Performance Distributed Computing, pp. 229–230. ACM (2007)Google Scholar
  27. 27.
    Lin, X., Lu, R., Shen, X., Nemoto, Y., Kato, N.: SAGE: a strong privacy-preserving scheme against global eavesdropping for eHealth systems. IEEE J. Sel. Areas Commun. 27(4), 365–378 (2009)CrossRefGoogle Scholar
  28. 28.
    Maheshwari, K., Lim, M., Wang, L., Birman, K., van Renesse, R.: Toward a reliable, secure and fault tolerant smart grid state estimation in the cloud. In: Innovative Smart Grid Technologies (ISGT), IEEE PES, pp. 1–6. IEEE (2013)Google Scholar
  29. 29.
    Mayer, C.P.: Security and privacy challenges in the internet of things. Electron. Commun. EASST 17, 1–12 (2009)Google Scholar
  30. 30.
    Montes, J.D., Zou, M., Singh, R., Tao, S., Parashar, M.: Data-driven workflows in multi-cloud marketplaces. In: IEEE 7th International Conference on Cloud Computing, pp. 168–175. IEEE (2014)Google Scholar
  31. 31.
    Moonsamy, V., Batten, L.: Mitigating man-in-the-middle attacks on smartphones-a discussion of SSL pinning and DNSSec. In: Proceedings of the 12th Australian Information Security Management Conference, pp. 5–13. Edith Cowan University (2014)Google Scholar
  32. 32.
    University of Waikato: Weka 3 - data mining with open source machine learning software in Java (2017). Accessed 13 Jan 2017
  33. 33.
    OWASP: Man-in-the-middle attack (2016). Accessed 18 Apr 2016
  34. 34.
    Pérez-Lombard, L., Ortiz, J., Pout, C.: A review on buildings energy consumption information. Energy Build. 40(3), 394–398 (2008)CrossRefGoogle Scholar
  35. 35.
    Perrig, A., Stankovic, J., Wagner, D.: Security in wireless sensor networks. Commun. ACM 47(6), 53–57 (2004)CrossRefGoogle Scholar
  36. 36.
    Pirretti, M., Zhu, S., Vijaykrishnan, N., McDaniel, P., Kandemir, M., Brooks, R.: The sleep deprivation attack in sensor networks: analysis and methods of defense. Int. J. Distrib. Sens. Netw. 2(3), 267–287 (2006)CrossRefGoogle Scholar
  37. 37.
    Poslad, S., Hamdi, M., Abie, H.: Adaptive security and privacy management for the internet of things (ASPI 2013). In: Proceedings of the 2013 ACM Conference on Pervasive and Ubiquitous Computing Adjunct Publication, pp. 373–378. ACM (2013)Google Scholar
  38. 38.
    United Nations Environment Programme: Why buildings (2016). Accessed 11 Jan 2017
  39. 39.
    Rajeev, T., Ashok, S.: A cloud computing approach for power management of microgrids. In: Innovative Smart Grid Technologies-India (ISGT India), IEEE PES, pp. 49–52. IEEE (2011)Google Scholar
  40. 40.
    Raymond, D.R., Midkiff, S.F.: Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Comput. 7(1), 74–81 (2008)CrossRefGoogle Scholar
  41. 41.
    Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the internet of things. Ad Hoc Netw. 11(8), 2661–2674 (2013)CrossRefGoogle Scholar
  42. 42.
    Saxena, M.: Security in wireless sensor networks-a layer based classification. Department of Computer Science, Purdue University (2007)Google Scholar
  43. 43.
    Simmhan, Y., Aman, S., Kumbhare, A., Liu, R., Stevens, S., Zhou, Q., Prasanna, V.: Cloud-based software platform for big data analytics in smart grids. Comput. Sci. Eng. 15(4), 38–47 (2013)CrossRefGoogle Scholar
  44. 44.
    Simmhan, Y., Kumbhare, A.G., Cao, B., Prasanna, V.: An analysis of security and privacy issues in smart grid software architectures on clouds. In: IEEE International Conference on Cloud Computing (CLOUD), pp. 582–589. IEEE (2011)Google Scholar
  45. 45.
    Stajano, F., Anderson, R.: The resurrecting duckling: security issues for ubiquitous computing. Computer 35(4), supl22–supl26 (2002)Google Scholar
  46. 46.
    Suo, H., Wan, J., Zou, C., Liu, J.: Security in the internet of things: a review. In: International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 3, pp. 648–651. IEEE (2012)Google Scholar
  47. 47.
    Tang, L., Li, J., Wu, R.: Synergistic model of power system cloud computing based on mobile-agent. In: 3rd IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC), pp. 222–226. IEEE (2012)Google Scholar
  48. 48.
    Ugale, B.A., Soni, P., Pema, T., Patil, A.: Role of cloud computing for smart grid of India and its cyber security. In: Nirma University International Conference on Engineering (NUiCONE), pp. 1–5. IEEE (2011)Google Scholar
  49. 49.
    Wang, Y., Attebury, G., Ramamurthy, B.: A survey of security issues in wireless sensor networks (2006)Google Scholar
  50. 50.
    Wang, Y., Deng, S., Lin, W.-M., Zhang, T., Yu, Y.: Research of electric power information security protection on cloud security. In: International Conference on Power System Technology (POWERCON), pp. 1–6. IEEE (2010)Google Scholar
  51. 51.
    Wen, M., Lu, R., Zhang, K., Lei, J., Liang, X., Shen, X.: PaRQ: a privacy-preserving range query scheme over encrypted metering data for smart grid. IEEE Trans. Emerg. Top. Comput. 1(1), 178–191 (2013)CrossRefGoogle Scholar
  52. 52.
    Weng, T., Agarwal, Y.: From buildings to smart buildings—sensing and actuation to improve energy efficiency. IEEE Des. Test 29(4), 36–44 (2012)CrossRefGoogle Scholar
  53. 53.
    Wijayasekara, D., Linda, O., Manic, M., Rieger, C.: Mining building energy management system data using fuzzy anomaly detection and linguistic descriptions. IEEE Trans. Ind. Inform. 10(3), 1829–1840 (2014)CrossRefGoogle Scholar
  54. 54.
    Yang, C.-T., Chen, W.-S., Huang, K.-L., Liu, J.-C., Hsu, W.-H., Hsu, C.-H.: Implementation of smart power management and service system on cloud computing. In: 9th International Conference on Ubiquitous Intelligence & Computing and 9th International Conference on Autonomic & Trusted Computing (UIC/ATC), pp. 924–929. IEEE (2012)Google Scholar
  55. 55.
    Zanella, A., Bui, N., Castellani, A., Vangelista, L., Zorzi, M.: Internet of things for smart cities. IEEE Internet Things J. 1(1), 22–32 (2014)CrossRefGoogle Scholar
  56. 56.
    Zhang, K., Liang, X., Lu, R., Shen, X.: Sybil attacks and their defenses in the internet of things. IEEE Internet Things J. 1(5), 372–383 (2014)CrossRefGoogle Scholar
  57. 57.
    Zhang, Y.: Technology framework of the internet of things and its application. In: International Conference on Electrical and Control Engineering (ICECE), pp. 4109–4112. IEEE (2011)Google Scholar
  58. 58.
    Zhao, K., Ge, L.: A survey on the internet of things security. In: 9th International Conference on Computational Intelligence and Security (CIS), pp. 663–667. IEEE (2013)Google Scholar
  59. 59.
    Zia, T., Zomaya, A.: Security issues in wireless sensor networks. In: International Conference on Systems and Networks Communications (ICSNC 2006), p. 40. IEEE (2006)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Eirini Anthi
    • 1
    Email author
  • Amir Javed
    • 1
  • Omer Rana
    • 1
  • George Theodorakopoulos
    • 1
  1. 1.School of Computer Science and InformaticsCardiff UniversityCardiffUK

Personalised recommendations