System Architecture and Threat Modelling of Advanced Metering Infrastructure
##plugins.themes.academic_pro.article.main##
Abstract
Advanced Metering Infrastructure (AMI) is a collection of smart meters, communications networks, and data management systems that have been specifically designed to facilitate the effective integration of energy resources. As AMI continues to become more complex and integrated with advanced functionalities, additional questions about cyber security must be considered. The security of an AMI is of critical importance. The implementation of secure protocols and the enforcement of strict security requirements may be able to stop vulnerabilities from being exploited. This research analyses AMI from a security standpoint. It also discusses potential flaws related to various smart meter attack surfaces, as well as the security and threat implications of these flaws. Threat modelling is an engineering undertaking that helps identify security threats, potential vulnerabilities, and their criticality and prioritize corrective or countermeasures. The results show how threat models, specifically STRIDE and LINDDUN, can be used in the case of an AMI and demonstrate the dangers connected to this AMI configuration.
##plugins.themes.academic_pro.article.details##
References
- Mohassel RR, Fung AS, Mohammadi F, Raahemifar K. A survey on advanced metering infrastructure and its application in smart grids. In: 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE); 2014. p. 1-8. https://doi.org/10.1109/CCECE.2014.6901102 DOI: https://doi.org/10.1109/CCECE.2014.6901102
- Potter B. Microsoft sdl threat modelling tool. Network Security. 2009; 2009(1):15-8. https://www.sciencedirect.com/science/article/pii/S135348580970008. https://doi.org/10.1016/S1353-4858(09)70008-X DOI: https://doi.org/10.1016/S1353-4858(09)70008-X
- MS, VD, KBR, PK, Gupta P. Smart metering system. In: 2021 Innovations in Power and Advanced Computing Technologies (i-PACT). 2021. DOI: https://doi.org/10.1109/i-PACT52855.2021.9696950
- Yan Y, Hu R, Das S, Sharif H, Qian Y. A security protocol for advanced metering infrastructure in smart grid. IEEE Network. 2013; 27:64-71. https://doi.org/10.1109/ MNET.2013.6574667 DOI: https://doi.org/10.1109/MNET.2013.6574667
- Khan R, McLaughlin K, Laverty D, Sezer S. Stride-based threat modelling for cyber-physical systems. In: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE; 2017. p. 1-6. https://doi.org/10.1109/ISGTEurope.2017.8260283 DOI: https://doi.org/10.1109/ISGTEurope.2017.8260283
- Sion L, Wuyts K, Yskout K, Van Landuyt D, Joosen W. Interaction-based privacy threat elicitation. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroSandPW). IEEE; 2018. p. 79-86. https:// doi.org/10.1109/EuroSPW.2018.00017 DOI: https://doi.org/10.1109/EuroSPW.2018.00017
- Metke R, Ekl RL. Security technology for smart grid networks. IEEE Trans Smart Grid. 2010; 1:99-107. https:// doi.org/10.1109/TSG.2010.2046347 DOI: https://doi.org/10.1109/TSG.2010.2046347
- Paverd J, Martin AP. Hardware security for device authentication in the smart grid. In: Cuellar J, editor. Smart Grid Security. Berlin, Heidelberg: Springer Berlin Heidelberg; 2013. p. 72-84. https://doi.org/10.1007/978-3-642-38030-3_5 DOI: https://doi.org/10.1007/978-3-642-38030-3_5
- Wang W, Lu Z. Cyber security in the smart grid: Survey and challenges. Comput Netw. 2013; 57:1344-71. https://doi.org/10.1016/j.comnet.2012.12.017 DOI: https://doi.org/10.1016/j.comnet.2012.12.017
- Fan Z, Kulkarni P, Gormus S, Efthymiou C, Kalogridis G, Sooriyabandara M, Zhu Z, Lambotharan S, Chin WH. Smart grid communications: Overview of research challenges, solutions, and standardization activities. IEEE Commun Surv Tutor. 2013; 15(1):21-38. https://doi.org/10.1109/SURV.2011.122211.00021 DOI: https://doi.org/10.1109/SURV.2011.122211.00021
- Anzalchi, Sarwat A. A survey on security assessment of metering infrastructure in smart grid systems. In: SoutheastCon; 2015. p. 1-4. https://doi.org/10.1109/ SECON.2015.7132989 DOI: https://doi.org/10.1109/SECON.2015.7132989
- Gupta H, Mondal S, Majumdar R, Ghosh NS, Suvra Khan S, Kwanyu NE, Mishra VP. Impact of side channel attack in information security. In: 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). 2019; 291-5. https://doi.org/10.1109/ ICCIKE47802.2019.9004435 DOI: https://doi.org/10.1109/ICCIKE47802.2019.9004435
- Huseinovic, Mrdovic S, Bicakci K, Uludag S. A taxonomy of the emerging denial-of-service attacks in the smart grid and countermeasures. In: 2018 26th Telecommunications Forum (TELFOR); 2018. p. 1-4. https://doi.org/10.1109/ TELFOR.2018.8611847 DOI: https://doi.org/10.1109/TELFOR.2018.8611847
- Patni P, Iyer K, Sarode R, Mali A, Nimkar A. Man-in-themiddle attack in http/2. In: 2017 International Conference on Intelligent Computing and Control (I2C2); 2017. p. 1-6. https://doi.org/10.1109/I2C2.2017.8321787 DOI: https://doi.org/10.1109/I2C2.2017.8321787
- Marback, Do H, He K, Kondamarri S, Xu D. A threat model-based approach to security testing. Softw Pract Exp. 2013; 43(2):241-58. https://doi.org/10.1002/spe.2111 DOI: https://doi.org/10.1002/spe.2111
- Hussain S, Kamal A, Ahmad S, Rasool G, Iqbal S. Threat modelling methodologies: a survey. Sci Int (Lahore). 2014; 26(4):1607-9.
- Khan S. A stride model-based threat modelling using unified and or fuzzy operator for computer network security. Int J Comput Netw Technol. 2017; 5:13-20. https://doi.org/10.12785/ijcnt/050103 DOI: https://doi.org/10.12785/ijcnt/050103
- Hussain S, Kamal A, Ahmad S, Rasool G, Iqbal S. Threat modelling methodologies: A survey. Sci Int (Lahore). 2014; 26(4):1607-9.
- Wuyts K, Joosen W. Linddun privacy threat modelling: A tutorial. CW Reports; 2015.