•   almost 12 years ago

Improve Apps for Energy through digital signatures for Green Button data

Greetings, all,

My name is Philip Johnson, and I lead a research project called the Kukui Cup
(http://kukuicup.org/) which is investigating ways to positively change energy behaviors
through a combination of feedback, incentives, game mechanics, and community-based social
marketing. To support this effort, we are developing open source technology called
Makahiki (https://github.com/csdl/makahiki).

Unfortunately, the current Green Button standard prevents a wide class of interesting
energy-related applications from being developed because it does not support verifiable
energy data. For example, Makahiki would be an excellent platform to develop a
multi-player game competition in which real-world energy data could be used as part of a
competition. Unfortunately, the current Green Button standard would make it trivial for
players to spoof their energy data in the game (download the files from their utility,
edit them to represent winning energy conservation values, and upload to the game).

A simple way to address this problem is to provide a standard but optional way for utilities to
digitally sign the Green Button data they provide to customers. That way, game platforms
can verify that uploaded Green Button data has not been tampered with, and the integrity
of competitions based on Green Button data would be maintained.

This is a simple, optional, backward compatible change to the Green Button
specification. My hope is that the Apps for Energy challenge will happen again next year,
and that a digital signature option could be implemented for Green Button data by that
time so that technologies such as Makahiki could be used.

Philip Johnson
Professor, Information and Computer Sciences
University of Hawaii
Honolulu, HI


  •   •   almost 12 years ago

    Hey Prof, what if Makahiki gamers' green button action redirected or cc'd their data directly from the utlity company to a game server instead of just downloading to their personal device?

  •   •   almost 12 years ago

    Hi Kary,

    That could also work. But it has a security issue. Currently, to get green button data, you need to login to your utility's website using an account and password that they provide to you (so that they can guarantee that they are providing just your data to you and only you).

    In order for a game engine like Makahiki to "automatically" get a player's data, it would need the player to supply these utility login credentials to the game engine. Many players wouldn't want to supply this information to some random game engine. In addition, the game engine would need to know how to navigate each utility site once logged in to get to the green button. That's also a barrier.

    I am proposing digital signatures because that's the solution that requires minimal effort from utilities to implement (just a few lines of code to attach a property to the XML with the signature), and does not change the existing security situation. It also avoids the need for the game engine to have to know about the particulars of each utility's site.

    With digital signatures, all that's needed is to come to agreement on what the name of the property is and where it would be found in the XML. Then, the game engine could look for it and if it was not found, disallow the green button data.

  • Manager   •   almost 12 years ago

    Thanks for these comments! I'll make sure that NIST sees them.

  •   •   almost 12 years ago

    First of all, congratulations with Makahiki initiative, I like it.
    As for data validation, I came to the similar conclusion.
    I thought about signature too, but that signature needs to be verified with the utitlity server I guess.
    Some games may require more frequent data upload (daily), so I think GB should go toward more automated solution.

  •   •   almost 12 years ago

    @Jacek S: Yes, the utility also has to publish their public key in addition to signing the energy data file so that the game can verify that the utility was responsible for generating the energy data and that the data has not been tampered with.

    I also agree that automated access through some kind of well-specified API would be best. But, short-term, digital signatures would provide significant value with very minimal implementation cost and impact on the current specification.

Comments are closed.