AMI-Presentation
- 1. Zohaib Sajid, Duaa Shoukat Institute of Computing Bahauddin Zakariya University Multan, Punjab, 60,000 Pakistan Email: zohaibsajid18@gmail.com, Duaam.shoukat@gmail.com www.bzu.edu.pk Energy theft in Advanced Metering Infrastructure 6th May 2015
- 2. Zohaib Sajid, Duaa Shoukat Presentation Overview What is AMI AMI Background Methods for attempting theft Protections against attacks Assumptions conclusion 2
- 3. Zohaib Sajid, Duaa Shoukat AMI - An architecture for automated two way communication between smart utility meter and utility company with an IP address. - An integrated system of smart meters, communication networks & data management systems Goal - To provides utility companies with real-time data about power consumption. - Allow customers to make informed choices about energy usage based on price at the time of use What is AMI? 3
- 4. Zohaib Sajid, Duaa Shoukat AMI Offers efficient, lower cost and sound energy management system. It consist of computer based sensor systems for managing itself. AMI provide services such as: --Fine Grained Pricing --Automatic meter reading --Demand control --Power quality management 4 Introduction to AMI
- 5. Zohaib Sajid, Duaa Shoukat AMI introduces some security challenges as it consists of many unfaithful service devices present in the unsecure places which are providing the cause of “Energy theft” AMI Statistics - Annual Losses in United States are about $6 billion - Data theft from records when it is given to the utilities - Attack through software (require less expert attacking group) - Criminal groups always monitors the attacking statistics and then attack - Descrambler boxes cause $4 billion in cable theft per year 5 Introduction to AMI
- 6. Zohaib Sajid, Duaa Shoukat AMI is the sensor network of Smart grid Provides information about energy usage It enables parties to make decisions about reducing costs and excessive demand on interconnected networks, for delivering electricity, during peak demand Information about demand is combined with energy distribution (which is collected by electronic devices that records the consumption of electric energy e.g., smart meters) 6 AMI Background
- 7. Zohaib Sajid, Duaa Shoukat Components of metering infrastructure providing AMI services are: - Smart meters - Communication networks Four basic functions performed by Smart meters - It monitors and records the demand of user - The outages of power - Provide delivery information of usage - And the process of delivering and receiving control messages 7 AMI Background
- 8. Zohaib Sajid, Duaa Shoukat AMI gives number of services related to demand measurement and billing by AMR (Automatic Meter Reading) facility to report the demand to utilities via communication networks. 8 AMI Background
- 9. Zohaib Sajid, Duaa Shoukat AMI uses security modeling technology for energy theft known as “attack tree” Attack Tree: - Is a technique in which the goals are divided into sub-goals until the number of possible attacks are known - Root node is first node shows the single goal of all possible attacks - Below root node number of sub-goals shows different approaches towards root goal - Leaf node is the last node that shows the specific path which is followed to achieve the goal - AND & OR operations are used 9 Energy Theft in AMI
- 10. Zohaib Sajid, Duaa Shoukat Who are the attackers - Before describing the attack tree we’ve to define about the types of attackers that are motivated to commit theft Following are the types of attackers: - Customers (energy is stolen through customers by using different techniques) - Organized crime (crime groups are involved for the attack & uses many techniques such as monitoring sites of attacks) - Utility insiders (are trusted to be honest in case of analogue meters and AMI) - Nation state (may use vulnerabilities discovered in smart meters for denial of service attacks) 10 Energy Theft in AMI
- 11. Zohaib Sajid, Duaa Shoukat Three classes of attacks are defined for theft in attack tree 1-Interrupt Measurement (Before meter makes demand measurement) 2-Tamper stored demand (Before storing the demand values in meter) 3-Modify in Network (After measurement and logs have left in transmission to utility) These classes are labeled by attack they are leading to 10 Energy Theft Attack tree
- 12. Zohaib Sajid, Duaa Shoukat Energy Theft Attack Tree 12
- 13. Zohaib Sajid, Duaa Shoukat The only requirement for energy theft is the management of demand data. There are three ways to tamper the demand data. when: - the data is recorded. - the data is at relaxation in meter. - the data in the airlift across the network. 13 Energy Theft Attack tree
- 14. Zohaib Sajid, Duaa Shoukat Interrupt measurement: This class leads two forms of attacks: Disconnect Meter & Meter Inversion - The aim of this class is to provide prevention from accurately measuring the demand and is also existed for analogue meters. - In AMI, the execution of this class is difficult by logging sensor data that fixes when power is cut off. - For undetected execution of attacks like Disconnect meter and Meter Inversion, the deletion of logged events is compulsory before the recovery process 14 Classes of Attacks
- 15. Zohaib Sajid, Duaa Shoukat Tamper Stored Demand Leading attacks: Erase logged events & Tamper Storage - This class of attacks is limited to the AMR and AMI - Tamper storage attack provide ability to tamper with the storage of time-of-use pricing, logs of physical events and executed commands - This attack refers to the overwriting of meter’s firmware and is limited to members of organized crime - Items of interest: audit logs and record of total demand - These values can be accessed by administrative interfaces that requires password 15 Classes of Attacks
- 16. Zohaib Sajid, Duaa Shoukat Modify in Network leads attacks: Intercept Communication & Inject traffic - It involves injecting forged values into communication b/w meters and utilities - Man in the middle or spoof meter technique is used to inject traffic - Meter spoofing attack refers to the replacement of meter by a common device and is sufficient when flaws are present b/w integrity protocols of meter and utility - Interposition of attacker is needed on backhaul network for capturing the protocol from the path between meters and utilities 16 Classes of Attacks
- 17. Zohaib Sajid, Duaa Shoukat Environment and tools used for smart meter security analysis are: - Reverse Engineering - Attacking meter communication Protocols - details about the capabilities of meters 17 System Under Study
- 18. Zohaib Sajid, Duaa Shoukat Security analysis shows the design flaws which causes energy theft. This can be protected by using different techniques. Physical tampering Physical based tampering is same as the analogue meter tamper detection. It identifies attacks such as: - Disconnect meter - Meter inversion - Extract meter password - Tamper in flight Tamper evident seal is the mean of detecting only the opening of meter enclosure. AMI Security Analysis 18
- 19. Zohaib Sajid, Duaa Shoukat Password Extraction - To protect from overwriting, the password should be hidden or removed. - The physical tampering can be achieved through optical port snooping. - Optical port protocol is used to communicate with meter and also found that password is not tampered and transferred to the clear. Meter Spoofing - Spoofing attack is used to launch attack against the network host by placing an unsecure device in the network. - For authentication of meters and utilities standard ANSI protocol is used. - Utility software calculates MAC in which password is being hashed AMI Security Analysis 19
- 20. Zohaib Sajid, Duaa Shoukat Attack Description Vulnerability Design Assumptions Measurement interruption Insufficient physical tamper protections a. Physical limitations Password extraction Optical communication is unsecured. b. Near field security Meter storage tampering Firmware integrity protection is not present c. Physical integrity of meter Communication Interception Intrusion detection is insufficient d. Trusted backhaul nodes Communication tampering Failure to check for replay e. Trusted endpoint node AMI Security Analysis 20 Table-1. This table shows the summary of vulnerabilities and name of attacks that can be enabled through them and also the design assumptions along them.
- 21. Zohaib Sajid, Duaa Shoukat As the attacks leads to energy theft are defined or handled and vulnerabilities are shown. So, now we have to understand the design assumptions also shown in table-1. Physical Limitations -Physical security of a meter is limited. -Existing firmware protections are not linked to the physical attachment of meter. Near Field Security -Insecure communication -Cooperated meter -Password can be achieved through special equipment and payment would be doubled by using that password. Assumptions 21
- 22. Zohaib Sajid, Duaa Shoukat Physical Integrity of meter - Extension of opposite effort. - Possibility to tampered with meter’s stored firmware have simple ability to steal power. 1- hardness in detection of alteration/modification. 2- uploading of malicious software is easy for customers Trusted backhaul nodes - Use of encryption & authentication is unsuccessful - Expected due to confusion of security requirements Trusted endpoint node - provides the ability to easily substitute another device for a meter that encourages the making and delivery of meter spoofing software which allows theft without leaving any evidence. Assumptions 22
- 23. Zohaib Sajid, Duaa Shoukat We concluded that it is dangerous to use digital metering system as compared to analogue predecessors. Some of the reasons are: - Amplification of efforts - Division of labor - Extended attack surface Conclusion 23
- 24. Zohaib Sajid, Duaa Shoukat 24 Thanks for listening ! »Questions ?