“A Survey on Threats and Vulnerabilities in Smart Metering Infrastructures”

What follows are selected quotations reprinted with permission from ETP, Engineering and Technology Publishing.  This article was published in the International Journal of Renewable Energy and Smart Grid (IJRESG), (Vol. 1, No. 1), September 2012.

A Survey on Threats and Vulnerabilities in Smart Metering Infrastructures

Abstract for Article:

“The smart grid initiative aims at transforming today’s public power grid into a flexible and intelligent energy utility.  The basis for this advancement is the detailed monitoring of the grid status and energy consumption behavior of connected stakeholders in order to implement powerful control mechanisms, flexible billing processes, and unmatched value-added services.  However, these advantages do not come without costs.  System components grow in complexity and increasing integration of power grid control systems with information and communication technology (ICT) leads to novel security and privacy challenges.  Therefore, this paper deals with a structured analysis of vulnerabilities and threats that have the potential to hinder the functioning and wide adoption of automatic metering in smart grids.  This analysis provides valuable input for further specification and development of critical system components and security and privacy protection mechanisms.”

Selected quotations from this article are as follows:

“In this paper, we structure the analysis on threats and vulnerabilities in three tiers:

  • Tier  1:  deals with threats to electric appliances, smart meters and their uplink to concentrator nodes.  This part is often referred to as the ‘last mile’ and is considered as most vulnerable to attacks due to the physical accessibility of devices.
  •  Tier  2:  deals with vulnerabilities of the uplink from smart meters over      concentrator nodes to data centers and interfaces to Web-based applications.
  • Tier  3:  deals with Web-based applications and value-added services that use      gathered meter data.”

“Security-sensitive topics [3] are typically discussed in context of the so-called CIA triangle:  confidentiality, integrity, and availability.  Metering services are essential to ensure reliable energy provisioning, and meter readings are highly sensitive data whose protection is a major objective in future infrastructures.”

“Confidentiality is concerned when it comes to creating, transferring, processing, and storing customer data, either dynamically produced data, such as meter readings and energy consumption profiles, or static data, including credit card information used by the energy provider to account for services.  In today’s information society, customer data is a highly important asset for every company, and the exploitation of user profiles has to be avoided by appropriate privacy preserving mechanisms.

Integrity of reported energy consumption data is of paramount importance since this information is used for accounting and billing.  Numerous possible frauds need to be prevented, such as a customer sends tampered meter data in order to pay less; or make someone else to pay more.  Thus, manipulation of the smart meter itself or injection of tampered messages in the network must be avoided (or at least detected and compensated).  Furthermore, injecting wrong status messages in the communication network might cause problems in the net management, e.g., reporting overload messages might urge the utility company to reshape the power grid’s structure.

Availability concerns are twofold:  From a customer’s perspective the availability of electricity is most vital; meaning, no one is able to turn off electricity accidentally or maliciously.  From a utility company’s perspective remote meter readings are essential to prevent energy theft and keep the business running.

Furthermore, status messages delivered from smart meters can be used to actively reconfigure the grid in case of (temporally) unexpected load conditions.  Thus, the availability of the smart meter communication is essential here.”

“Tier 1: Smart Meter Vulnerabilities

Smart meter vulnerabilities are exploited by attacks to the smart meter (device) itself and/or its interfaces in several ways, either by (i) manipulating the hardware, (ii) manipulating the firmware, or (iii) exploiting limitations design and implementation.”

“Tier 2: Utility Vulnerabilities

 The electric utility topology can be physically shaped in several ways [10]. However, here, more important is the (logic) topology of the communication overlay network, used to request readings from the smart meters.  Two fundamental approaches are broadly discussed here.  First, a meshed NAN [neighborhood area network] connects smart meters in a peer-to-peer fashion, thus even devices in different houses can communicate with each other.  This model foresees neighboring devices as relays if no direct uplink to a concentrator node is available.  This model is often assumed when assessing smart grid security, since it would easily enable viruses and worms to spread, and thus a vast field of potential attack strategies.  But actually, second, strictly hierarchical topologies are more likely to be implemented, where a meter can report to only one predefined concentrator node and avoids direct communication with other meters.”

Recently, [11] demonstrated the possibility of spreading worms in a smart grid with a peer-2-peer topology.  This would effectively allow an attacker to take over a larger amount of smart meters similar to Internet worms which install backdoors on PCs.  Controlling a large-scale ‘smart meter botnet’ [12] would enable attackers to cause wide-range harm.  [emphasis added]  For instance, sending coordinated fabricated grid overload status messages from numerous devices could prompt the utility to shut down certain segments of the grid to avoid local overloads.  In another scenario, forcing thousands of smart meters to turn off and on simultaneously could cause major trouble due to quickly changing load conditions on the power grid.”

“Tier 3: Web Application Vulnerabilities

 The top-tier deals with smart metering data management and value added services, including semiautomatic or even fully automatic billing and accounting.  Since this is the most complex part of the smart metering infrastructures, a detailed threat analysis would require in-depth analysis of deployed components.  Therefore, we provide a basic overview which highlights threats on an abstract level only.

Basically, attacks on the Web application level will either aim at disrupting meter reading management services or stealing metering data in order to derive higher level information, such as individual consumption profiles.  Thus, typical threats are not only the unavailability of services through (D) DoS attacks, but also threats to privacy through user behavior profiling.  Aggregating and correlating smart meter readings allows the construction of detailed user profiles which is interesting information, for instance, for advertisement.  It is essential to support the creation of trust relations between customers and utility providers by establishing transparent billing processes and traceable pricing, as well as informing customers about stored data (personally identifiable information).   Nevertheless, appropriate countermeasures, such as anonymization and pseudonymization techniques for metering data [13] need to be employed to prevent misuse from the beginning.  [emphasis added]  Notice, that the data backend will make use of a wide variety of standard server software and technology.  Thus, this layer is generally vulnerable to all broadly applied server attacks against particular products and versions.  Their discussion however is far beyond the scope of this paper.”

“We [would] like to conclude with a set of recommendations for risk mitigation.  Derived from the analysis’ findings, the design of future smart grid infrastructures need to be centered around:  (i) Physical robustness and tamper resilience of smart meters and concentrator nodes; (ii) Authentication of users and devices using strong passwords, digital certificates and signatures; (iii) Authorization of users and devices to grant them least privileges to access resources and services. (iii) Encryption of communication data and user data in the utility data center; (iv) Integrity and plausibility checks of data, such as meter readings, grid status messages, and network traffic; (v) Training of technicians and service staff to prevent social engineering.”

“[3] Anderson RJ., Security Engineering – A Guide to Building Dependable Distributed Systems, 2nd ed. Wiley, 2008.”

“[10] Flick T and Morehouse J. Securing the Smart Grid: Next Generation Power Grid Security. Syngress Media, 2010.

[11] Davis M. Smartgrid device security:  Adventures in a new medium. Presented at: BlackHat Technical Security Conference, 2009.

[12] Abu Rajab M, Zarfoss J, Monrose F, and Terzis A. A multifaceted approach to understanding the botnet phenomenon. In: IMC. ACM, 2006:41–52.

[13] Efthymiou C and Kalogridis G. Smart grid privacy via anonymization of smart metering data. In: Proc. of 2010 First IEEE International Conference on Smart Grid Communications, 2010:238–243.”

[Above selected quotations reprinted with permission from ETP, Engineering and Technology Publishing.  Articles were published in the International Journal of Renewable Energy and Smart Grid (IJRESG), (Vol. 1, No. 1), September 2012.]

The complete article may be viewed at the following link:

http://www.ijsgce.com/uploadfile/2012/1011/20121011122317256.pdf

One Response to “A Survey on Threats and Vulnerabilities in Smart Metering Infrastructures”

  1. Mervyn says:

    This article totally misses one of the main security objections to smart meters – I.e. that, hacked or not, anyone at a utility company, and anyone they care to tell, will know immediately from usage drop-offs when a property is occupied. Totally defeating any attempt to disguise the fact that you’re on holiday of whatever.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s