Security analysis of Smart Grids Joaquı́n Márquez Gabriel Rodrı́guez Gustavo Betarte Juan Diego Campo Eduardo Grampı́n Universidad de la República near real-time information regarding the energy consumption in order to help in balancing its Abstract generation and distribution according to the demand and also to help the customers in dy- The benefits of Smart Grids are beyond namically adapting their consumption behavior. doubt. However, thinking of a future where Smart Meters are ubiquitous raises Our investigation is framed within a collab- a lot of concerns regarding security and oration between the Engineering School of the privacy. Some of these concerns include Universidad de la República(UdelaR) and UTE, the disclosure of the personal information the public electric utility company of Uruguay. of consumers, the provision of false con- This collaboration aims to identify and develop sumption data to the utility, or even con- methodological proceedings and technical tools cerns of national security such as attacks which aid in providing guarantees of the correct- to attempt to bring down parts of the ness of the adopted solutions for the design and grid or even the whole grid. The goal of implementation of a Smart Grid, in particular in our investigation is to identify and develop relation with the security properties which must methodological proceedings and technical be guaranteed by those solutions. In this context tools which aid in providing guarantees our investigation aims mainly to contribute in the of the correctness of the adopted solu- development of a threat model and in defining tions for the design and implementation preventive and reactive measures to diminish the of a Smart Grid, in particular in relation impact of the exploitation of those vulnerabilities. with the security properties which must be guaranteed by those solutions. We are still in an early stage of the investiga- tion, studying the state of the art of Smart Grids 1 Introduction and Smart Meters, with an emphasis on inves- The deployment of Smart Grids has become a tigating the security issues in the context of an matter of great interest throughout the world, Advanced Metering Infrastructure (AMI). with some countries heavily investing in research regarding this topic due to all the benefits 2 Advanced Metering Infrastructure they could potentially provide to both Electric (AMI) Utility Companies and their customers. The key Usually, the network of transmission lines, feature of this type of system is the provision of substations, transformers and more that deliver electricity is known as the electric grid. An smart Copyright c by the paper’s authors. Copying permitted for private and academic purposes. grid is the result of the integration between a In: Proceedings of the IV School of Systems and Networks grid and digital technology in order to provide (SSN 2018), Valdivia, Chile, October 29-31, 2018. Pub- the grid with more capabilities that optimize its lished at http://ceur-ws.org operations. consideration. Some of the possible attacks In this context, an Advanced Metering In- include[Ur-Reh15]: frastructure is a crucial component of a smart grid, which handles the two way communication 1. Eavesdropping between smart meters and data management Resulting in the disclosure of personal infor- systems, allowing to send, receive and process mation from costumers. It has been shown consumption data of the clients, and also addi- that a very accurate user profile can be ex- tional operations over the network. trapolated from the collected data [Mol10]. 2. Denial of Service attacks The most common architecture used to address With the purpose of shutting down parts of the features of smart metering systems is pre- the grid or even the whole grid. sented in the following diagram [Pop14]. It con- sists of: 3. Packet injection attacks For example providing false billing informa- • Smart meters (SM): local electronic meters tion, generating costs for the customers or the utilities. • Data concentrators (DC): process data from several meters 4. Malware injection attacks Affecting the communication between de- • Head End System (HES): central data collec- vices with the goal of compromising the tion point billing and reporting process, disrupting the • Local area network (HAN, NAN): allows Demand/Consumption information affecting bi-directional communication between the the load on the grid. smart meters and a data concentrator 5. Remote Connect/ Disconnect • Wide area network (WAN): allows bi- Potentially leaving users without access to directional communication between the data the service. concentrators and the head end system 6. Firmware manipulation For example with the intention of manipulat- ing the metering functionality to report false consumption data. 7. Man-in-the-middle attacks With the goal of providing false consump- tion information to the gateway or to send commands to the Smart Meters, potentially bringing down the whole grid. The consequences of such attacks range from the disclosure of information affecting the privacy of customers, which can have legal consequences to utilities, to concerns of national security. Figure 1: Example of AMI architecture [Pop14] 4 Security Countermeasures Different countermeasures can be used to address 3 Security Concerns in Advance Me- the concerns presented in the previous section. tering Infrastructures Many of them may be familiar to the reader, as As with any communication network there are they are commonly used in general purpose net- many security concerns that must be taken into works. 1. Encrypted Communication This topic has been proven of great importance Dual encryption is recommended, encrypting nowadays, especially when security threats could at the application layer to ensure end-to-end have a wide range of unwanted consequences, encryption and at the transport layer using where even national security is at risk. existing protocols such as TLS. We plan to continue this path, analyzing 2. Integrity Protection the security concerns in depth, reviewing the Integrity protection, such as using message protocols involved and trying to propose security authentication codes (MAC) to assure the in- countermeasures specifically designed for the tegrity of the transmitted consumption data, particular needs of UTE. is vital in the context of smart grids. 3. Authenticity Verification 6 References Standard approaches can be used, such as digital signatures. [Ur-Reh15] O. Ur-Rehman, N. Zivic and C. Ruland, ”Security issues in smart metering 4. Gateway based Approach systems,” 2015 IEEE International Conference This is a novel approach, proposed by Eu- on Smart Energy Grid Engineering (SEGE), ropean countries, such as Germany and the Oshawa, ON, 2015. UK. It consists of having a Smart Meter- ing Gateway to act as an intermediary in [Pop14] Z. Popovic and V. Cackovic, ”Ad- the communication between the Smart Me- vanced Metering Infrastructure in the context of ters installed in the customer’s premises and Smart Grids,” 2014 IEEE International Energy the utility. The gateway receives the con- Conference (ENERGYCON), Cavtat, 2014, pp. sumption measurements from the meters and 1509-1514. communicates periodically, after a set inter- val, with the utility servers to send this data, [Mol10] Molina-Markham, A., Shenoy, P., Fu, being responsible of ensuring the privacy of K., Cecchet, E., Irwin, D.: Private memoirs of the customer. Also, the gateway receives a smartmeter. In: Proceedings of the 2nd ACM commands from the utility servers, such as Workshop on Embedded Sensing Systems for instructions to act based on the load on the Energy-Efficiency in Building, Zurich. ACM grid. (2010). 5. Intrusion Detection and Prevention Systems This type of systems help in the identification of intrusions, detection of rogue nodes and source of attacks and exclusion of these nodes from further communication in the network. Apart from the presented countermeasures a security by design approach is worth taking into account[Ur-Reh15]. 5 Conclusions An introduction to our investigation was pre- sented in this summary. Initial considerations on AMI and security were described as starting points on our research.