More Web Proxy on the site http://driver.im/

research-article

Multi-vendor penetration testing in the advanced metering infrastructure

Authors:

Stephen McLaughlin,

Dmitry Podkuiko,

Sergei Miadzvezhanka,

Patrick McDanielAuthors Info & Claims

ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference

Pages 107 - 116

https://doi.org/10.1145/1920261.1920277

Published: 06 December 2010 Publication History

Abstract

The advanced metering infrastructure (AMI) is revolutionizing electrical grids. Intelligent AMI "smart meters" report real time usage data that enables efficient energy generation and use. However, aggressive deployments are outpacing security efforts: new devices from a dizzying array of vendors are being introduced into grids with little or no understanding of the security problems they represent. In this paper we develop an archetypal attack tree approach to guide penetration testing across multiple-vendor implementations of a technology class. In this, we graft archetypal attack trees modeling broad adversary goals and attack vectors to vendor-specific concrete attack trees. Evaluators then use the grafted trees as a roadmap to penetration testing. We apply this approach within AMI to model attacker goals such as energy fraud and denial of service. Our experiments with multiple vendors generate real attack scenarios using vulnerabilities identified during directed penetration testing, e.g., manipulation of energy usage data, spoofing meters, and extracting sensitive data from internal registers. More broadly, we show how we can reuse efforts in penetration testing to efficiently evaluate the increasingly large body of AMI technologies being deployed in the field.

References

[1]

B. T. Aluminum Tamper Seal. http://www.brooksutility.com/catalog/product-detail.asp?ID=302.

[2]

Nmap Reference Guide. http://nmap.org/book/man.html.

[3]

American National Standards Institute. ANSIX3.92-198 Data Encryption Algorithm, 1981.

[4]

American National Standards Institute. C12.18 Protocol Specification for ANSI Type 2 Optical Port, 2006.

[5]

A. Brothman, R. D. Reiser, N. L. Kahn, F. S. Ritenhouse, and R. A. Wells. Automatic Remote Reading of Residential Meters. IEEE Transactions on Communication Technology, 13(2):219--232, 1965.

[6]

E. Eilam. Reversing: Secrets of Reverse Engineering. Wiley, 2005.

Digital Library

[7]

W. Enck, P. Traynor, P. Mcdaniel, and T. L. Porta. Exploiting Open Functionality in SMS-capable Cellular Networks. In Proceedings of the 12th ACM Conference on Computer and Communication Security (CCS), pages 393--404. ACM Press, 2005.

Digital Library

[8]

C. A. Ericson, II. Fault Tree Analysis --- A History. In Proceedings of the 17th International System Saftey Conference, 1999.

[9]

K. Fehrenbacher. Smart Meter Worm Could Spread Like A Virus. http://earth2tech.com/2009/07/31/smart-meter-worm-could-spread-like-a-virus/.

[10]

M. Gegick and L. Williams. Matching attack patterns to security vulnerabilities in software-intensive system designs. In SESS '05: Proceedings of the 2005 workshop on Software engineering for secure systems---building trustworthy applications, pages 1--7, New York, NY, USA, 2005. ACM.

Digital Library

[11]

M. Goldberg. Measure Twice, Cut Once. IEEE Power and Energy Magazine, May/June 2010.

[12]

G. W. Hart. Residential Energy Monitoring and Computerized Surveillance via Utility Power Flows. IEEE Technology and Society Magazine, June 1989.

[13]

G. W. Hart. Nonintrusive Appliance Load Monitoring. Proceedings of the IEEE, 2004.

[14]

G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison Wesley, 2004.

Digital Library

[15]

D. Hull. PG&E details technical problems with SmartMeters. http://www.siliconvalley.com/news/ci_14963541, April 2010.

[16]

Infigo.hr. Infigo FTPStress Fuzzer. http://www.infigo.hr/en/in_focus/tools.

[17]

R. Kelley and R. D. Pate. Mesh Networks and Outage Management. White Paper, September 2008.

[18]

C. S. King. The Economics of Real-Time and Time-of-Use Pricing For Residential Consumers. Technical report, American Energy Institute, 2001.

[19]

R. Kinney, P. Crucitti, R. Albert, and V. Latora. Modeling cascading failures in the North American power grid. The European Physical Journal B - Condensed Matter and Complex Systems, 46(1):101--107, July 2005.

[20]

N. Lewson. Smart meter crypto flaw worse than thought. http://rdist.root.org/2010/01/11/smart-meter-crypto-flaw-worse-than-thought.

[21]

M. A. Lisovich, D. K. Mulligan, and S. B. Wicker. Inferring Personal Information from Demand-Response Systems. IEEE Security and Privacy, 8:11--20, 2010.

Digital Library

[22]

Y. Liu, P. Ning, and M. K. Reiter. False Data Injection Attacks against State Estimation in Electric Power Grids. In Proceedings of the 16th ACM Conference on Computer and Communications Security, November 2009.

Digital Library

[23]

P. McDaniel and S. McLaughlin. Security and Privacy Challenges in the Smart Grid. IEEE Security & Privacy Magazine, May/June 2009.

Digital Library

[24]

S. McLaughlin, D. Podkuiko, and P. McDaniel. Energy Theft in the Advanced Metering Infrastructure. In Proceedings of the 4th International Workshop on Critical Information Infrastructure Security, 2009.

Digital Library

[25]

R. Meritt. Stimulus: DoE readies $4.3 billion for smart grid. EE Times, February 2009.

[26]

A. H. Rosenfeld, D. A. Bulleit, and R. A. Peddie. Smart Meters and Spot Pricing: Experiments and Potential. IEEE Technology and Society Magazine, March 1986.

[27]

B. Schneier. Attack Trees. Dr. Dobb's Journal, December 1999.

[28]

A. Takanen, J. DeMott, and C. Miller. Fuzzing for Software Security Testing and Quality Assurance. Artech House Publishers, 2008.

Digital Library

[29]

The Asterisk Project. Asterisk open source pbx. http://www.asterisk.org.

[30]

The Smart Grid Interoperability Panel -- Cyber Security Working Group. Smart grid cyber security strategy and requirements draft nistir 7628, February 2010.

[31]

P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In Proceedings of the 16th ACM Cnference on Computer and Communications Security (CCS), pages 223--234, New York, NY, USA, November 2009. ACM.

Digital Library

[32]

W. Vesely, F. Goldberg, N. Roberts, and D. Haasl. Fault Tree Handbook. U.S. Nuclear Regulator Commission, 1981.

[33]

K. Zetter. Security Pros Question Deployment of Smart Meters. Threat Level: Privacy, Crime and Security Online, March 2010.

Cited By

Alanazi FKim JCotilla-Sanchez E(2023)Load Oscillating Attacks of Smart Grids: Vulnerability AnalysisIEEE Access10.1109/ACCESS.2023.326624911(36538-36549)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3266249
Amirpour Giglou PJannati-Oskuee MFateh HNajafi-Ravadanegh S(2022)IGDT-based dynamic programming of smart distribution network expansion planning against cyber-attackInternational Journal of Electrical Power & Energy Systems10.1016/j.ijepes.2022.108006139(108006)Online publication date: Jul-2022
https://doi.org/10.1016/j.ijepes.2022.108006
Giglou PNajafi Ravadanegh S(2021)Defending against false data injection attack on demand response program: A bi-level strategySustainable Energy, Grids and Networks10.1016/j.segan.2021.10050627(100506)Online publication date: Sep-2021
https://doi.org/10.1016/j.segan.2021.100506
Show More Cited By

Index Terms

Multi-vendor penetration testing in the advanced metering infrastructure

Recommendations

Advanced Penetration Testing: Hacking the World's Most Secure Networks
Systematic survey of advanced metering infrastructure security: Vulnerabilities, attacks, countermeasures, and future vision
Abstract
There is a paradigm shift from traditional power distribution systems to smart grids (SGs) due to advances in information and communication technology. An advanced metering infrastructure (AMI) is one of the main components in an SG. ...
Highlights
- In-depth exploration and analysis of the state-of-the-art have been conducted.
- ...
Energy theft in the advanced metering infrastructure
CRITIS'09: Proceedings of the 4th international conference on Critical information infrastructures security

Global energy generation and delivery systems are transitioning to a new computerized "smart grid". One of the principle components of the smart grid is an advanced metering infrastructure (AMI). AMI replaces the analog meters with computerized systems ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference

December 2010

419 pages

ISBN:9781450301336

DOI:10.1145/1920261

Conference Chair:
Carrie Gates
CA Labs
,
Program Chairs:
Michael Franz
University of California, Irvine
,
John McDermott
Naval Research Lab

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 December 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ACSAC '10

Sponsor:

ACSA

ACSAC '10: 2010 Annual Computer Security Applications Conference

December 6 - 10, 2010

Texas, Austin, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

106
Total Citations
View Citations
1,102
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)8

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alanazi FKim JCotilla-Sanchez E(2023)Load Oscillating Attacks of Smart Grids: Vulnerability AnalysisIEEE Access10.1109/ACCESS.2023.326624911(36538-36549)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3266249
Amirpour Giglou PJannati-Oskuee MFateh HNajafi-Ravadanegh S(2022)IGDT-based dynamic programming of smart distribution network expansion planning against cyber-attackInternational Journal of Electrical Power & Energy Systems10.1016/j.ijepes.2022.108006139(108006)Online publication date: Jul-2022
https://doi.org/10.1016/j.ijepes.2022.108006
Giglou PNajafi Ravadanegh S(2021)Defending against false data injection attack on demand response program: A bi-level strategySustainable Energy, Grids and Networks10.1016/j.segan.2021.10050627(100506)Online publication date: Sep-2021
https://doi.org/10.1016/j.segan.2021.100506
Jain SBabu SNair ASawle Y(2021)Smart MeteringActive Electrical Distribution Network10.1002/9781119599593.ch22(573-595)Online publication date: 31-Dec-2021
https://doi.org/10.1002/9781119599593.ch22
Vitkus DSalter JGoranin NČeponis D(2020)Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert SystemsApplied Sciences10.3390/app1023842310:23(8423)Online publication date: 26-Nov-2020
https://doi.org/10.3390/app10238423
Luo BBeuran RTan Y(2020)Smart Grid Security: Attack Modeling from a CPS Perspective2020 IEEE Computing, Communications and IoT Applications (ComComAp)10.1109/ComComAp51192.2020.9398878(1-6)Online publication date: 20-Dec-2020
https://doi.org/10.1109/ComComAp51192.2020.9398878
Hossain MPeng C(2020)Cyber–physical security for on‐going smart grid initiatives: a surveyIET Cyber-Physical Systems: Theory & Applications10.1049/iet-cps.2019.00395:3(233-244)Online publication date: 22-Jul-2020
https://doi.org/10.1049/iet-cps.2019.0039
Belson BHoldsworth JXiang WPhilippa B(2019)A Survey of Asynchronous Programming Using Coroutines in the Internet of Things and Embedded SystemsACM Transactions on Embedded Computing Systems10.1145/331961818:3(1-21)Online publication date: 5-Jun-2019
https://dl.acm.org/doi/10.1145/3319618
Turan FVerbauwhede I(2019)Compact and Flexible FPGA Implementation of Ed25519 and X25519ACM Transactions on Embedded Computing Systems10.1145/331274218:3(1-21)Online publication date: 2-Apr-2019
https://dl.acm.org/doi/10.1145/3312742
Tabrizi FPattabiraman K(2019)Design-Level and Code-Level Security Analysis of IoT DevicesACM Transactions on Embedded Computing Systems10.1145/331035318:3(1-25)Online publication date: 7-May-2019
https://dl.acm.org/doi/10.1145/3310353
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents