Showing posts with label Smart Grid. Show all posts
Showing posts with label Smart Grid. Show all posts

Tuesday, January 10, 2012

Hacking smart meter

Smart Meter

Smart grid security is a hot topic in the prediction of security issues for 2012. I've found an interesting video about hacking smart metering coming from the "Chaos Communication Congress". 

It illustrates how it is possible to expose consumer privacy if authentication and encription are not effectively in place. For example the researchers were able to demonstrate that it is possibile to manipulate the data going to the service provider simulating a negative consumption and even the TV movie being watched ! 



28th Chaos Communication Congress
Behind Enemy Lines
SPEAKERS
Dario Carluccio
Stephan Brinkhaus
SCHEDULE
DayDay 4 - 2011-12-30
RoomSaal 2
Start time16:00
Duration01:00
INFO
ID4754
Event typeLecture
TrackHacking
Language used for presentationEnglish
FEEDBACK

Smart Hacking For Privacy


Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings.
Unfortunately, smart meters are able to become surveillance devices that monitor the behavior of the customers leading to unprecedented invasions of consumer privacy. High-resolution energy consumption data is transmitted to the utility company in principle allowing intrusive identification and monitoring of equipment within consumers' homes (e. g., TV set, refrigerator, toaster, and oven) as was already shown in different reports.
This talk is about the Discovergy / EasyMeter smart meter used for electricity metering in private homes in Germany. During our analysis we found several security bugs that range from problems with the certificate management of the website to missing security features for the metering data in transit. For example (un)fortunately the metering data is unsigned and unencrypted, although otherwise stated explicitly on the manufacturer's homepage. It has to be pointed out that all tests were performed on a sealed, fully functionally device.
In our presentation we will mainly focus on two aspects which we revealed during our analysis: first the privacy issues resulting in even allowing to identify the TV program out of the metering data and second the "problem" that one can easily alter data transmitted even for a third party and thereby potentially fake the amount of consumed power being billed.
In the first part of the talk we show that the analysis of the household’s electricity usage profile can reveal what channel the TV set in the household is displaying. We will also give some test-based assessments whether it is possible to scan for copyright-protected material in the data collected by the smart meter.
In the second part we focus on the data being transmitted by the smart meter via the Internet. We show to what extent the consumption data can be altered and transmitted to the server and visualize this by transmitting some kind of picture data to Discovergy’s consumption data server in a way that the picture content will become visible in the electricity profile. Moreover, we show what happens if the faked power consumption data reflects unrealistic extreme high or negative power consumptions and how that might influence the database and service robustness.

Saturday, September 17, 2011

Smart Grid (ITA + ENG)



Nelle reti elettriche siamo alla soglia di una importante rivoluzione, la più significativa in questo contesto da almeno un secolo. L’introduzione negli anni recenti dei contatori elettronici nelle nostre abitazioni (non tutti sanno forse che l’Enel è l’utility che ne ha introdotto il maggior numero nel mondo...circa 30 milioni!) è stato solo il preludio iniziale ad un cambiamento epocale che vedremo arrivare nei prossimi anni, quello determinato dal crescente impiego di reti di comunicazioni e sistemi IT e dalla maggiore diffusione di sistemi di controllo e dispositivi intelligenti. 

Si tratta in definitiva dell’evoluzione verso le cosiddette Smart Grid



I gestori elettrici seguiranno delle strategie di introduzione delle Smart Grid differenti a seconda delle loro esigenze di business o operative. Alcuni stanno pensando di dare priorità alla realizzazione delle Smart Grid per rendere più affidabile l’immissione nella rete elettrica dell’energia prodotta tramite fonte alternative (eolico, fotovoltaico, etc.) da grandi produttori business. Per altri gestori la priorità può essere quella di introdurre delle funzionalità che consentono di gestire al meglio la richiesta da parte della clientela di picchi di energia per poter rendere meno onerosa la gestione di tali situazioni “critiche”. 

In ogni caso è universalmente riconosciuto che le Smart Grid in un modo o nell’altro hanno il potenziale di trasformare la generazione, la distribuzione e per finire anche il consumo di energia da parte della clientela finale perché si arriverà a fornire loro la possibilità di controllare e gestire i propri consumi in accordo alle proprie esigenze e profili tariffari. 

Come detto una delle componenti principali della Smart Grid è rappresentata dalla rete di comunicazione che risulterà in realtà composta da diverse reti. Tali reti possono includere WiMax, WLAN, UMTS/LTE, fibra ottica, microwave, land mobile radio, reti wireline dedicate o commutate etc. Questo dipende anche dal fatto che aree differenti di una Smart Grid possono richiedere soluzioni wireless differenti per via delle caratteristiche del territorio e delle condizioni ambientali. 

Attualmente le innovazioni più significative nel Grid sono tipicamente realizzate nel cosidetto ambito AMI (Advanced Metering Infrastructure) consistente dei cosiddetti smart meters (es. i contatori elettronici) interconnessi tra loro per mezzo di concentratori o collettori. In questo ambito le soluzioni di networking adottate possono essere reti meshed o point-to-point, con copertura locale o a lunga distanza. Le opzioni per il backhauling possono essere molteplici, ad es. fibra, il broadband wireless oppure il broadband sulle linee elettriche (broadband over powerline). Le soluzioni wireless possono essere con o senza licenza, e ciò dipende dai bisogni specifici dell’utility (ad es. l’utilizzo di WiFi senza licenza può servire per espandere la portata delle reti a banda larga per l'erogazione di servizi mesh) anche se le soluzioni con licenza garantisco di norma livelli di affidabilità più alti. 

In ogni caso tutte le opzioni considerate presentano vantaggi e svantaggi, ma quello che è generalmente vero per tutte le soluzioni è che risulta necessario introdurre anche una soluzione di sicurezza scalabile, multilayer ed end-to-end che comprenda cioè anche i sistemi di controllo SCADA e l’infrastruttura AMI. 

Infatti come al solito con le opportunità arrivano anche delle complessità aggiuntive da gestire e mi riferisco alla necessità di mantenere la confidenzialità, integrità e riservatezza dei dati e di garantire il rispetto dei requisiti previsti dalla normativa vigente. Per non dimenticare poi che secondo l’Electric Power Research Institute (EPRI) la Cybersecurity è il problema più rilevante per questo nuovo ambito. 

Cyber security is a critical issue due to the increasing potential of cyber attacks and incidents against this critical sector as it becomes more and more interconnected. Cyber security must address not only deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists, but inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, and alter load conditions to destabilize the grid in unpredictable ways.” 



English version



In electrical networks we are at the threshold of a major revolution, the most significant in this context from at least a century. The introduction of electronic meters in recent years at our homes (not all may know that an Italian energy provider, Enel, is the utility that it has introduced the largest number in the world ... 30 million!) Was only the prelude to what you're going to see in the next years, as determined by the increasing use of communications networks and IT systems and greater diffusion of control systems and intelligent devices.

It is definitely the evolution towards the so-called Smart Grid.


Energy providers will adopt different strategies for the introduction of the Smart Grid according to their different business and operational needs. Some will give priority to the implementation of the Smart Grid to manage in a reliable and effective way the energy coming into the power grid by third party provider's renewable sources (wind, solar, etc..). For others, the priority may be introducing features that allow to control customers demand of peak energy to make more efficient managing these critical situations.

In any case, it is universally acknowledged that the smart grid in one way or another, have the potential to transform the generation, distribution and finally the consumption of energy by the end customers, because it will provide them with the ability to control and manage their consumption according to their needs and fares.

As mentioned, one of the main components of the Smart Grid is represented by the communication network that will be composed of several networks. Such networks may include WiMax, WLAN, UMTS/LTE, optical fibers, microwave, land mobile radio, dedicated or switched wireline networks, etc.. This also depends on the fact that different areas of a Smart Grid may require different wireless solutions due to the characteristics of the area and environmental conditions.

Currently, the most significant innovations in the Grid have been introduced in the so-called field AMI (Advanced Metering Infrastructure), consisting of the so-called smart meters (e.g. electronic meters) interconnected with concentrators or collectors. In this area networking solutions that can be adopted are meshed networks or point-to-point, covering local or long distance. The options for backhauling can be multiple, eg. fiber, wireless broadband, or broadband over the powerline. Wireless solutions can be licensed or not, and that depends on the specific needs of the utility (e.g. the use of unlicensed WiFi can be useful to expand broadband networks to provision mesh services), even if usually licensed solutions assure the highest levels of reliability.

In any case, all options have advantages and disadvantages, but what is generally true for all, it is that is necessary to introduce a scalable security solution, multi-layer, end-to-end that also includes SCADA control systems and AMI.

In fact, as usual with the opportunities also come additional challenges to be faced, and I refer to the need to maintain confidentiality, integrity and availability of data and ensure compliance with law requirements. Not to forget that according to the Electric Power Research Institute (EPRI), the Cybersecurity is the biggest problem for this new field.

Cyber security is a critical issue due to the increasing potential of cyber attacks and incidents against this critical sector as it becomes more and more interconnected. Cyber security must address not only deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists, but inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, and alter load conditions to destabilize the grid in unpredictable ways.