Vulnerabilities in Advanced Metering Infrastructure

Open Access
- Author:
- Podkuiko, Dmitry
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Master of Science
- Document Type:
- Master Thesis
- Date of Defense:
- April 25, 2011
- Committee Members:
- Dr Patrick Mc Daniel, Thesis Advisor/Co-Advisor
Trent Ray Jaeger, Thesis Advisor/Co-Advisor - Keywords:
- computer security
smart grid
smart meter
advanced metering infrastructure
attack tree
penetration testing
reverse engineer - Abstract:
- Smart grid has become a reality in the United States. Billions of dollars are being poured into deploying a major component, - the Advanced Metering Infrastructure, which involves replacing old electromechanical electricity meters with more powerful smart meters. The smart meters are frequently enabled with powerful features, such as remote disconnect for non-paying customers. Millions are already deployed while serious and preventable security issues are present in these systems. Smart meter vulnerabilities enable new ways to commit energy fraud, perform large scale attacks to cripple power supply to consumers, and are hard to address across many versions of AMI solutions. Manufacturers appear to be failing to heed past lessons of security learned in the computer industry and require coherent effort to validate multiple AMI solutions for security. Developing attack trees to guide penetration testing efforts achieves a comprehensive view of vulnerabilities in smart meters, understanding of the causes, and assists in implementing countermeasures. In this work, attack tree methodology is used to ob- tain a global understanding of security vulnerabilities through evaluation of two currently deployed systems using reverse engineering and penetration testing to create a re-usable body of knowledge. Finally, countermeasures and recommendations for deployment of similar systems are suggested.