Authors:
Oliver Langthaler
;
Günther Eibl
;
Lars-Kevin Klüver
and
Andreas Unterweger
Affiliation:
Salzburg University of Applied Sciences, Urstein Süd 1, 5412 Puch/Hallein, Austria
Keyword(s):
Threat Modeling, Privacy, Local Energy Communities, LINDDUN.
Abstract:
While security is considered an essential aspect of the design and implementation of many systems, privacy is often overlooked, especially in early planning phases. Although methodologies for the identification of privacy threats have been proposed, the number of studies outlining their practical application is limited. As a consequence, practical experience with these methods is sparse. This raises questions about their practicality and applicability for the energy domain. As a first step towards the assessment of the practical properties, we apply a lightweight version of the most prominent methodology, LINDDUN GO, to an intelligent charging use case for local renewable energy communities that is based on load forecasting. We find that one of the main advantages of LINDDUN GO is the completeness of the analysis, which was able to identify not only a built-in privacy deficiency but also unforeseen privacy threats for the considered use case. However, we also found that LINDDUN GO is
not applicable for all privacy categories: Detectability was not assessable since it required detailed information that was not contained in our data flow graph in the design phase. In contrast, non-compliance was treated too generically, its intention is more to complete the list of important topics.
(More)