ZigBee Based Smart Meter Networks Aniqua Z. Baset CSCE 813 Internet Security, Spring 2014

Smart meter ▪ Automated reading ▪ Appliance specific usage ▪ Near real-time Electricity Meters 2 Conventional ▪ Manual reading ▪ Total usage AMR ▪ Automated reading ▪ Total usage

Why Smart Meters? Appliance specific real-time usage data Energy consumption adjust Renewable energy usage monitoring Two way communication Pricing notification Load control Power quality monitoring 3

Smart Meter Adoption in US 4 Number of entities reported: 81 Updated on April 1, 2014 Source: Smart Grid Investment Grant (SGIG)

Smart Meter Market Forecast 5 Source: Navigant Research

Smart Meter Hacks Reprogram through infrared ports – Widespread incidents of power thefts in Puerto Rico – laptop, an optical converter device and a free downloadable program from internet – According to FBI, former employees of the meter manufacturer and employees of the utility company were involved Termineter – An open source hacking tool by researchers Need physical access Wireless??? 6

Smart Meter Network 7

ZigBee: The Wireless Technology for Smart Meters 8 Global standard for control and sensor networks Based on IEEE standard Low cost, low data rate, low power Wireless Personal Area Networks and device-to-device networks Mesh network, up to 216 nodes Maintained by ZigBee Alliance Got it name from Honeybees!

9 ZigBee vs. Other Wireless Technologies

ZigBee Protocol Stack 10

ZigBee Applications 11

ZigBee Smart Energy Profile Defines commands and attributes for smart meters, home energy display devices, smart appliances and load control devices Supports for – Network join, re-join, leave – Key establishment – Pricing – Demand response and load control – Metering – Messaging – Time synchronization Versions 1.0, 1.1, 2, widely used

ZigBee Smart Energy Home Area Network 13 Smart Energy Device Every SED shares a pre- configured trust center link key with ESI Network operations are carried out using network key Every device in the network establishes a pairwise link key with other devices

Current Work Goal: – A formal protocol analysis using automated tool Analyzed – Network join and key establishment Tool used – AVISPA (Automated Validation of Internet Security Protocols and Applications) – HLPSL (High Level Protocol Specification Language) 14

Network Join role sed(S,E:agent, Ktcl:symmetric_key, JoinReq:protocol_id, SND,RCV:channel(dy)) played_by S def= local State:nat, Knwk:symmetric_key init State := 0 transition 1. State = 0 /\ RCV(start) =|> State':= 2 /\ SND({S.JoinReq}_Ktcl) 2. State = 2 /\ RCV({Knwk'}_Ktcl) =|> State':= 4 end role role esi(E:agent, Knwk,Ktcl:symmetric_key, JoinReq:protocol_id, SND,RCV:channel(dy)) played_by E def= local State:nat,S:agent init State := 1 transition 1. State = 1 /\ RCV({S'.JoinReq}_Ktcl) =|> State':= 3 /\ SND({Knwk}_Ktcl) /\ secret(Knwk,network_key,{S,E}) end role 15

Key Establishment 16

Key Establishment: AVISPA Attack Trace 17

Future Work Practicality analysis of attack found by AVISPA AVISPA is not so expressive, analysis using other tool Analysis of other processes from ZigBee Smart Energy Profile 18

Any Question ?? 19

References NaturalNews. " How privacy-conscious consumers are fooling, hacking smart meters.".url: zz2zg3XEyL2url: zz2zg3XEyL2 ZigBee Alliance. "ZigBee Smart Energy Profile Specification". Revision 16 Kinney, Patrick. "Zigbee technology: Wireless control that simply works." Communications design conference. Vol ZigBee Alliance. URL: ZigBee Alliance. "ZigBee Specification". ZigBee Alliance. "ZigBee Smart Energy Overview. " The AVISPA project. URL: AVISPA, Team. "AVISPA v1. 1 User manual." (2006) 20

Image References Smart meter adoption in US. URL: systems systems Smart meter market forecast. URL: penetration.jpg penetration.jpg ZigBee vs. other wireless technologies. URL: ZigBee protocol stack. URL: 21