The typical public key infrastructure (PKI) does not meet the requirements of the smart grid or consider its unique characteristics and the variation is significant enough to introduce numerous unique chal- lenges. These characteristics include complexity, scala- bility, the nodes’ immobility, and the large geographical spread of the communication networks. Moreover, the security requirements of smart grid are different from those of other systems. For example, availability is the top priority in smart grid but access control is the top priority in wireless net-works. However, designing PKI for hundreds of millions of devices in a complex system like the smart grid is a challenge that has received little attention.

We propose hierarchical certificate authority architecture that addresses the complexity and scalability of the smart grid. Each certificate authority is responsible for manag- ing the certificates for devices of a small geographic area and one system, e.g., power transmission, distribution, etc. We also propose efficient and scalable certificate-renewing scheme to reduce the overhead of renewing certificates.

We also propose new certificate revocation schemes that would fit Smart Grid characteristics. A good certificate revocation scheme for AMI networks should balance the size of the CRLs and the overhead of forming and distributing the CRLs. It should also take into account the limited storage and computation power of the meters, and address the scalability and the large geographic deployment of the networks and require low communication overhead.  Instead of distributing deterministic CRLs, we use group-based classification or Bloom filter to distribute shorter probabilistic revocation lists. This can reduce the number of the revocation lists (by increasing the groups size) with acceptable overhead on the meters.