david grochocki et al. lures potential attackers smartmeters do two way communication millions of...
TRANSCRIPT
![Page 1: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/1.jpg)
AMI THREATSINTRUSION DETECTION
REQUIREMENTS DEPLOYMENT
RECOMMENDATIONSDavid Grochocki et al
![Page 2: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/2.jpg)
WHY SECURITY? Lures Potential attackers Smartmeters do two way
communication Millions of Meters has to be replaced Serious damages just a click away
![Page 3: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/3.jpg)
PAPER DESCRIPTION
Survey Various Threats
Identify Common Attack Techniques
Decompose the data to form a Attack Tree
Identify the required information which would detech the
attacks
Model an IDS
![Page 4: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/4.jpg)
AMI ARCHITECTURE
![Page 5: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/5.jpg)
AMI ARCHITECTURE Communication between NAN and
Gateway (DCU) – Mostly 802.15.4 or sometimes 802.11
Communication between Gateway (DCU) and Utility company – 3G, Edge, WiMax.
NAN Mesh offers reliability and robustness
But., Complicates Security Monitoring
Solution Few smart meter vendors distribute
meters which can report to the utility company directly through user’s home internet.
![Page 6: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/6.jpg)
ATTACK MOTIVATION Access to a communication
infrastructure other than Internet Access to millions of low computation
devices Access to sensitive customer
information High visibility and Impact Financial Value of Consumption data
![Page 7: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/7.jpg)
ATTACK SURVEY 5 Attack motivations 30 Unique attack techniques Relevant ones to AMI are alone
considered
![Page 8: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/8.jpg)
PAPER DESCRIPTION
Survey Various Threats
Identify Common Attack Techniques
Decompose the data to form a Attack Tree
Identify the required information which would detech the
attacks
Model an IDS
![Page 9: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/9.jpg)
DECOMPOSED ATTACK CASES DDoS attack Stealing Customer Information Remote Disconnection
![Page 10: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/10.jpg)
DDOS AGAINST DCU Why? Results in data outage for many
Meters How? Install malware on meter or remote
network exploit Co-ordinate DDoS among
compromised meters Flood DCU with large packets
![Page 11: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/11.jpg)
STEALING CUSTOMER INFO Why? Eavesdropping, Social Engineering How? Stealing encryption keys of the
smart meter by physically tampering or bruteforcing the cryptosystem
Capture AMI traffic Decrypt to obtain clear text
information
![Page 12: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/12.jpg)
REMOTE DISCONNECT Why? Distrupt Business, Inflict loss How? Installing malware on the DCU
through physical tampering or by exploiting a network vulnerability
Identify the meters with corresponding address information
Use that information to disconnect targeted users
![Page 13: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/13.jpg)
ATTACK TREE
![Page 14: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/14.jpg)
PAPER DESCRIPTION
Survey Various Threats
Identify Common Attack Techniques
Decompose the data to form a Attack Tree
Identify the required information which would detech the
attacks
Model an IDS
![Page 15: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/15.jpg)
INFORMATION REQUIRED System Information CPU Usage, Battery Level,
Firmware Intergrity, Clock Synchronisation
Network Information NAN Collision rate, Packet loss Policy Information Authorized AMI devices,
Authorized Updates, Address Mappings, Authorized services
![Page 16: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/16.jpg)
INFORMATION REQUIRED
![Page 17: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/17.jpg)
PAPER DESCRIPTION
Survey Various Threats
Identify Common Attack Techniques
Decompose the data to form a Attack Tree
Identify the required information which would detech the
attacks
Model an IDS
![Page 18: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/18.jpg)
IDS MODELS Centralized IDS Model
Utility Company IDS DCU
![Page 19: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/19.jpg)
CENTRALIZED IDS Can detect attacks against Utility
network But, will miss attacks against smart
meters
![Page 20: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/20.jpg)
EMBEDDED IDS
DCU
Meter + IDS
Meter + IDS
Meter
Meter
MeterMeter
+IDS
![Page 21: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/21.jpg)
EMBEDDED IDS Will have access to meter specific
information But., Attacks on DCU cannot be detected Functioning both as a meter and IDS can
be resource intensive Keys of all other meters have to be
stored in Meter + IDS devices to inspect data
Not a good idea to store some one’s decryption key on some one else’s meter
![Page 22: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/22.jpg)
DEDICATED IDS SENSORS
DCU
Meter IDS
Meter
Meter
MeterIDS
![Page 23: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/23.jpg)
DEDICATED IDS SENSORS More processing power Less number of IDS sensors required So less number of places where keys are
stored But still, Attacks on DCU are not
detected
![Page 24: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/24.jpg)
HYBRID SENSORS
DCU
Meter IDS
Meter
Meter
MeterIDS
Utility Company
IDS
![Page 25: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/25.jpg)
HYBRID SENSORS Either Centralized + Embedded or
Centralized + Dedicated sensors Can detect both attacks at both (DCS
and NAN) ends
![Page 26: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/26.jpg)
ANYTHING ELSE? According to the architecure discussed
in this paper, DCU is the device which is more likely to have a Public IP address
Smart meter vendors or third parties may soon start integrating 802.11 or GSM/3G into smart meters
But, why?
![Page 27: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/27.jpg)
HOME PANEL
![Page 28: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/28.jpg)
SO WHAT? Banner Grabbing! SHODAN – Exponse Online Devices Ipv4 computer search engine Webcams, Routers, Power Plants,
iPhones, Wind Turbines, Refrigerators, VoIP Phones
![Page 29: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/29.jpg)
SCHNEIDER PLC GATEWAY
![Page 30: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/30.jpg)
SIEMENS SIMATIC HMI
![Page 31: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/31.jpg)
IPV6 INDEXING
![Page 32: David Grochocki et al. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d825503460f94a687e1/html5/thumbnails/32.jpg)
QUESTIONS?