Advanced Metering Infrastructure Security

The Advanced Metering Infrastructure (AMI) is the next generation electric metering platform for smart grids. AMI links digital smart meters with electric utilities to provide advanced pricing schemes, remote meter reading, outage management, and a host of other automated services. With smart meters currently replacing the analog meters in millions of homes in the US and abroad, we wish to understand efficacy of the security mechanisms present in meters, networks, and utilities. To do so, we are performing a hands on security analysis of several commercially available smart metering products.

This project aims not only to identify security vulnerabilities in commercial smart meters, but to develop a methodology for the systematic security evaluation of current and future smart metering systems. This methodology uses attack trees to enumerate the types of attacks that can be used to achieve a particular adversarial goal against AMI. The example attack tree below shows some of the ways in which an adversary might attempt to fraudulently reduce an electric bill by forging the demand data reported to the utility. One of our first results was to successfully construct and execute the network based attack in subtree (c) with one of the commercial metering systems in our study.

Along with security analysis, we are also investigating practical methods for hardening smart meters against the discovered attacks. One such method that we have considered is the use of artificial firmware diversity to prevent large-scale compromises in smart meter monocultures. This vein of research has lead to a redundant address encryption scheme which improves the known technique of return address encryption for preventing control flow based exploits. In general purpose computers, address encryption will result in an invalid memory access in the event of a failed exploit. This is not true in an embedded system such as a smart meter, which only has single small address space. A failed exploit attempt in such an environment would cause potentially damaging random errors. Redundant address encryption gives a lightweight mechanism for providing arbitrarily strong guarantees against random control flow errors.

Related Publications

Stephen McLaughlin, Patrick McDaniel, and William Aiello. Protecting Consumer Privacy from Electric Load Monitoring. 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL, USA. October, 2011.

Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei Miadzvezhanka, and Patrick McDaniel. Multi-vendor Penetration Testing in the Advanced Metering Infrastructure. 26th Annual Computer Security Applications Conference (ACSAC 2010), Austin, TX, USA. December, 2010.

Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei Miadzvezhanka, and Patrick McDaniel. Embedded Firmware Diversity for Smart Electric Meters. 5th USENIX Workshop on Hot Topics in Security (HotSec 2010), Washington, DC. August, 2010.

Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel. Energy Theft in the Advanced Metering Infrastructure. 4th International Workshop on Critical Information Infrastructure Security (CRITIS 2009), Bonn, Germany. September, 2009.

Patrick McDaniel and Stephen McLaughlin. Security and Privacy Challenges in the Smart Grid. IEEE Security & Privacy Magazine, 7(3):75--77, May/June, 2009.