Vulnerabilities in Advanced Metering Infrastructure

Open Access
Podkuiko, Dmitry
Graduate Program:
Computer Science and Engineering
Master of Science
Document Type:
Master Thesis
Date of Defense:
April 25, 2011
Committee Members:
  • Dr Patrick Mc Daniel, Thesis Advisor
  • Trent Ray Jaeger, Thesis Advisor
  • computer security
  • smart grid
  • smart meter
  • advanced metering infrastructure
  • attack tree
  • penetration testing
  • reverse engineer
Smart grid has become a reality in the United States. Billions of dollars are being poured into deploying a major component, - the Advanced Metering Infrastructure, which involves replacing old electromechanical electricity meters with more powerful smart meters. The smart meters are frequently enabled with powerful features, such as remote disconnect for non-paying customers. Millions are already deployed while serious and preventable security issues are present in these systems. Smart meter vulnerabilities enable new ways to commit energy fraud, perform large scale attacks to cripple power supply to consumers, and are hard to address across many versions of AMI solutions. Manufacturers appear to be failing to heed past lessons of security learned in the computer industry and require coherent effort to validate multiple AMI solutions for security. Developing attack trees to guide penetration testing efforts achieves a comprehensive view of vulnerabilities in smart meters, understanding of the causes, and assists in implementing countermeasures. In this work, attack tree methodology is used to ob- tain a global understanding of security vulnerabilities through evaluation of two currently deployed systems using reverse engineering and penetration testing to create a re-usable body of knowledge. Finally, countermeasures and recommendations for deployment of similar systems are suggested.