Fostering Trust in Smart Inverters: A Framework for Firmware Update Management and Tracking in VPP Context
Thusitha Dayaratne, Carsten Rudolph, Tom Shirley, Sol Levi, David Shirley
TL;DR
The paper addresses the security challenges of smart inverters in virtual power plants by proposing a verifiable credentials based framework to track firmware update history and establish a trust cycle between inverters and VPP operators. It introduces a consortium blockchain and DID/VC infrastructure to publish and verify firmware updates, issue updated inverter VCs, and categorize inverters into Trustable, Semi-Trust, and Distrust states to govern interactions. Key contributions include a VC-based update history model, a secure update workflow with smart contracts, and a comparative analysis against IEEE 2030.5/CSIP, along with performance metrics demonstrating scalable, low-overhead operation. The work enhances resilience, cybersecurity, and transparency in VPP operations, with potential extensions to broader grid metadata and formal security proofs in future work.
Abstract
Ensuring the reliability and security of smart inverters that provide the interface between distributed energy resources (DERs) and the power grid becomes paramount with the surge in integrating DERs into the (smart) power grid. Despite the importance of having updated firmware / software versions within a reasonable time frame, existing methods for establishing trust through firmware updates lack effective historical tracking and verification. This paper introduces a novel framework to manage and track firmware update history, leveraging verifiable credentials. By tracking the update history and implementing a trust cycle based on these verifiable updates, we aim to improve grid resilience, enhance cybersecurity, and increase transparency for stakeholders.