1 / 32

AMI Threats Intrusion detection requirements deployment recommendations

AMI Threats Intrusion detection requirements deployment recommendations. David Grochocki et al. Why security?. Lures Potential attackers Smartmeters do two way communication Millions of Meters has to be replaced Serious damages just a click away. Paper description. Survey Various Threats.

kizzy
Download Presentation

AMI Threats Intrusion detection requirements deployment recommendations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AMI ThreatsIntrusion detection requirements deployment recommendations David Grochocki et al

  2. Why security? • Lures Potential attackers • Smartmeters do two way communication • Millions of Meters has to be replaced • Serious damages just a click away

  3. Paper description Survey Various Threats Identify the required information which would detech the attacks Identify Common Attack Techniques Model an IDS Decompose the data to form a Attack Tree

  4. Ami architecture

  5. Ami architecture • Communication between NAN and Gateway (DCU) – Mostly 802.15.4 or sometimes 802.11 • Communication between Gateway (DCU) and Utility company – 3G, Edge, WiMax. • NAN Mesh offers reliability and robustness • But., • Complicates Security Monitoring Solution • Few smart meter vendors distribute meters which can report to the utility company directly through user’s home internet.

  6. Attack motivation • Access to a communication infrastructure other than Internet • Access to millions of low computation devices • Access to sensitive customer information • High visibility and Impact • Financial Value of Consumption data

  7. Attack survey • 5 Attack motivations • 30 Unique attack techniques • Relevant ones to AMI are alone considered

  8. Paper description Survey Various Threats Identify the required information which would detech the attacks Identify Common Attack Techniques Model an IDS Decompose the data to form a Attack Tree

  9. Decomposed attack cases • DDoS attack • Stealing Customer Information • Remote Disconnection

  10. DDoS against dcu • Why? • Results in data outage for many Meters • How? • Install malware on meter or remote network exploit • Co-ordinate DDoS among compromised meters • Flood DCU with large packets

  11. Stealing customer info • Why? • Eavesdropping, Social Engineering • How? • Stealing encryption keys of the smart meter by physically tampering or bruteforcing the cryptosystem • Capture AMI traffic • Decrypt to obtain clear text information

  12. Remote disconnect • Why? • Distrupt Business, Inflict loss • How? • Installing malware on the DCU through physical tampering or by exploiting a network vulnerability • Identify the meters with corresponding address information • Use that information to disconnect targeted users

  13. Attack Tree

  14. Paper description Survey Various Threats Identify the required information which would detech the attacks Identify Common Attack Techniques Model an IDS Decompose the data to form a Attack Tree

  15. Information required • System Information • CPU Usage, Battery Level, Firmware Intergrity, Clock Synchronisation • Network Information • NAN Collision rate, Packet loss • Policy Information • Authorized AMI devices, Authorized Updates, Address Mappings, Authorized services

  16. Information required

  17. Paper description Survey Various Threats Identify the required information which would detech the attacks Identify Common Attack Techniques Model an IDS Decompose the data to form a Attack Tree

  18. IDS Models • Centralized IDS Model Utility Company DCU IDS

  19. Centralized ids • Can detect attacks against Utility network • But, will miss attacks against smart meters

  20. Embedded ids Meter Meter+IDS Meter DCU Meter + IDS Meter + IDS Meter

  21. Embedded ids • Will have access to meter specific information • But., • Attacks on DCU cannot be detected • Functioning both as a meter and IDS can be resource intensive • Keys of all other meters have to be stored in Meter + IDS devices to inspect data • Not a good idea to store some one’s decryption key on some one else’s meter

  22. Dedicated ids sensors Meter IDS Meter DCU IDS Meter Meter

  23. Dedicated ids sensors • More processing power • Less number of IDS sensors required • So less number of places where keys are stored • But still, Attacks on DCU are not detected

  24. Hybrid sensors Meter IDS Meter DCU IDS Meter Meter IDS Utility Company

  25. Hybrid sensors • Either Centralized + Embedded or Centralized + Dedicated sensors • Can detect both attacks at both (DCS and NAN) ends

  26. Anything else? • According to the architecure discussed in this paper, DCU is the device which is more likely to have a Public IP address • Smart meter vendors or third parties may soon start integrating 802.11 or GSM/3G into smart meters • But, why?

  27. Home panel

  28. So what? • Banner Grabbing! • SHODAN – Exponse Online Devices • Ipv4 computer search engine • Webcams, Routers, Power Plants, iPhones, Wind Turbines, Refrigerators, VoIP Phones

  29. Schneider PLC gateway

  30. Siemens simatic hmi

  31. Ipv6 indexing

  32. Questions?

More Related