David Grochocki et al
Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just a click away
Survey Various Threats Identify Common Attack Techniques Decompose the data to form a Attack Tree Identify the required information which would detech the attacks Model an IDS
Communication between NAN and Gateway (DCU) – Mostly or sometimes Communication between Gateway (DCU) and Utility company – 3G, Edge, WiMax. NAN Mesh offers reliability and robustness But., Complicates Security Monitoring Solution Few smart meter vendors distribute meters which can report to the utility company directly through user’s home internet.
Access to a communication infrastructure other than Internet Access to millions of low computation devices Access to sensitive customer information High visibility and Impact Financial Value of Consumption data
5 Attack motivations 30 Unique attack techniques Relevant ones to AMI are alone considered
Survey Various Threats Identify Common Attack Techniques Decompose the data to form a Attack Tree Identify the required information which would detech the attacks Model an IDS
DDoS attack Stealing Customer Information Remote Disconnection
Why? Results in data outage for many Meters How? Install malware on meter or remote network exploit Co-ordinate DDoS among compromised meters Flood DCU with large packets
Why? Eavesdropping, Social Engineering How? Stealing encryption keys of the smart meter by physically tampering or bruteforcing the cryptosystem Capture AMI traffic Decrypt to obtain clear text information
Why? Distrupt Business, Inflict loss How? Installing malware on the DCU through physical tampering or by exploiting a network vulnerability Identify the meters with corresponding address information Use that information to disconnect targeted users
Survey Various Threats Identify Common Attack Techniques Decompose the data to form a Attack Tree Identify the required information which would detech the attacks Model an IDS
System Information CPU Usage, Battery Level, Firmware Intergrity, Clock Synchronisation Network Information NAN Collision rate, Packet loss Policy Information Authorized AMI devices, Authorized Updates, Address Mappings, Authorized services
Survey Various Threats Identify Common Attack Techniques Decompose the data to form a Attack Tree Identify the required information which would detech the attacks Model an IDS
Centralized IDS Model Utility Company IDS DCU
Can detect attacks against Utility network But, will miss attacks against smart meters
DCU Meter + IDS Meter Meter + IDS
Will have access to meter specific information But., Attacks on DCU cannot be detected Functioning both as a meter and IDS can be resource intensive Keys of all other meters have to be stored in Meter + IDS devices to inspect data Not a good idea to store some one’s decryption key on some one else’s meter
DCU Meter IDS Meter IDS
More processing power Less number of IDS sensors required So less number of places where keys are stored But still, Attacks on DCU are not detected
DCU Meter IDS Meter IDS Utility Company IDS
Either Centralized + Embedded or Centralized + Dedicated sensors Can detect both attacks at both (DCS and NAN) ends
According to the architecure discussed in this paper, DCU is the device which is more likely to have a Public IP address Smart meter vendors or third parties may soon start integrating or GSM/3G into smart meters But, why?
Banner Grabbing! SHODAN – Exponse Online Devices Ipv4 computer search engine Webcams, Routers, Power Plants, iPhones, Wind Turbines, Refrigerators, VoIP Phones