Fail-safe decentralized architecture for advanced metering infrastructure

Advanced Metering Infrastructure (AMI) is a key component of smart grid. Current AMI solutions employ a mesh network of routers, collectors and potentially hundreds of thousands of smart meters. Typically, a command center (head end) manages this whole infrastructure. This type of security solution suffers from a single point of failure, since in most current deployments, a single instance of the command center manages the whole network. Specifically, a compromise of the command center (or any of its instances) implies a compromise of the whole network--allowing one to arbitrarily control all the smart meters. I propose a decentralized architecture with multiple head ends, each of which is responsible for different domain of meters with some overlap of management amongst various head ends. The benefit of this architecture is that if there is a compromise of one head end, only a subset of meters will be affected and the rest of the system can continue to operate normally. We also discuss various classes of such architectures with varying security properties and analyze them in detail. We provide simulated graph based outputs to analyze security properties of different classes.