System Architecture and Threat Modelling of Advanced Metering Infrastructure
DOI:
https://doi.org/10.33686/pwj.v20i1.1164Keywords:
AMI, CyberSecurity, LINDUNN, STRIDE, Threat Modelling, VulnerabilitiesAbstract
Advanced Metering Infrastructure (AMI) is a collection of smart meters, communications networks, and data management systems that have been specifically designed to facilitate the effective integration of energy resources. As AMI continues to become more complex and integrated with advanced functionalities, additional questions about cyber security must be considered. The security of an AMI is of critical importance. The implementation of secure protocols and the enforcement of strict security requirements may be able to stop vulnerabilities from being exploited. This research analyses AMI from a security standpoint. It also discusses potential flaws related to various smart meter attack surfaces, as well as the security and threat implications of these flaws. Threat modelling is an engineering undertaking that helps identify security threats, potential vulnerabilities, and their criticality and prioritize corrective or countermeasures. The results show how threat models, specifically STRIDE and LINDDUN, can be used in the case of an AMI and demonstrate the dangers connected to this AMI configuration.
Downloads
Metrics
Downloads
Published
How to Cite
Issue
Section
References
Mohassel RR, Fung AS, Mohammadi F, Raahemifar K. A survey on advanced metering infrastructure and its application in smart grids. In: 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE); 2014. p. 1-8. https://doi.org/10.1109/CCECE.2014.6901102 DOI: https://doi.org/10.1109/CCECE.2014.6901102
Potter B. Microsoft sdl threat modelling tool. Network Security. 2009; 2009(1):15-8. https://www.sciencedirect.com/science/article/pii/S135348580970008. https://doi.org/10.1016/S1353-4858(09)70008-X DOI: https://doi.org/10.1016/S1353-4858(09)70008-X
MS, VD, KBR, PK, Gupta P. Smart metering system. In: 2021 Innovations in Power and Advanced Computing Technologies (i-PACT). 2021. DOI: https://doi.org/10.1109/i-PACT52855.2021.9696950
Yan Y, Hu R, Das S, Sharif H, Qian Y. A security protocol for advanced metering infrastructure in smart grid. IEEE Network. 2013; 27:64-71. https://doi.org/10.1109/ MNET.2013.6574667 DOI: https://doi.org/10.1109/MNET.2013.6574667
Khan R, McLaughlin K, Laverty D, Sezer S. Stride-based threat modelling for cyber-physical systems. In: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE; 2017. p. 1-6. https://doi.org/10.1109/ISGTEurope.2017.8260283 DOI: https://doi.org/10.1109/ISGTEurope.2017.8260283
Sion L, Wuyts K, Yskout K, Van Landuyt D, Joosen W. Interaction-based privacy threat elicitation. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroSandPW). IEEE; 2018. p. 79-86. https:// doi.org/10.1109/EuroSPW.2018.00017 DOI: https://doi.org/10.1109/EuroSPW.2018.00017
Metke R, Ekl RL. Security technology for smart grid networks. IEEE Trans Smart Grid. 2010; 1:99-107. https:// doi.org/10.1109/TSG.2010.2046347 DOI: https://doi.org/10.1109/TSG.2010.2046347
Paverd J, Martin AP. Hardware security for device authentication in the smart grid. In: Cuellar J, editor. Smart Grid Security. Berlin, Heidelberg: Springer Berlin Heidelberg; 2013. p. 72-84. https://doi.org/10.1007/978-3-642-38030-3_5 DOI: https://doi.org/10.1007/978-3-642-38030-3_5
Wang W, Lu Z. Cyber security in the smart grid: Survey and challenges. Comput Netw. 2013; 57:1344-71. https://doi.org/10.1016/j.comnet.2012.12.017 DOI: https://doi.org/10.1016/j.comnet.2012.12.017
Fan Z, Kulkarni P, Gormus S, Efthymiou C, Kalogridis G, Sooriyabandara M, Zhu Z, Lambotharan S, Chin WH. Smart grid communications: Overview of research challenges, solutions, and standardization activities. IEEE Commun Surv Tutor. 2013; 15(1):21-38. https://doi.org/10.1109/SURV.2011.122211.00021 DOI: https://doi.org/10.1109/SURV.2011.122211.00021
Anzalchi, Sarwat A. A survey on security assessment of metering infrastructure in smart grid systems. In: SoutheastCon; 2015. p. 1-4. https://doi.org/10.1109/ SECON.2015.7132989 DOI: https://doi.org/10.1109/SECON.2015.7132989
Gupta H, Mondal S, Majumdar R, Ghosh NS, Suvra Khan S, Kwanyu NE, Mishra VP. Impact of side channel attack in information security. In: 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). 2019; 291-5. https://doi.org/10.1109/ ICCIKE47802.2019.9004435 DOI: https://doi.org/10.1109/ICCIKE47802.2019.9004435
Huseinovic, Mrdovic S, Bicakci K, Uludag S. A taxonomy of the emerging denial-of-service attacks in the smart grid and countermeasures. In: 2018 26th Telecommunications Forum (TELFOR); 2018. p. 1-4. https://doi.org/10.1109/ TELFOR.2018.8611847 DOI: https://doi.org/10.1109/TELFOR.2018.8611847
Patni P, Iyer K, Sarode R, Mali A, Nimkar A. Man-in-themiddle attack in http/2. In: 2017 International Conference on Intelligent Computing and Control (I2C2); 2017. p. 1-6. https://doi.org/10.1109/I2C2.2017.8321787 DOI: https://doi.org/10.1109/I2C2.2017.8321787
Marback, Do H, He K, Kondamarri S, Xu D. A threat model-based approach to security testing. Softw Pract Exp. 2013; 43(2):241-58. https://doi.org/10.1002/spe.2111 DOI: https://doi.org/10.1002/spe.2111
Hussain S, Kamal A, Ahmad S, Rasool G, Iqbal S. Threat modelling methodologies: a survey. Sci Int (Lahore). 2014; 26(4):1607-9.
Khan S. A stride model-based threat modelling using unified and or fuzzy operator for computer network security. Int J Comput Netw Technol. 2017; 5:13-20. https://doi.org/10.12785/ijcnt/050103 DOI: https://doi.org/10.12785/ijcnt/050103
Hussain S, Kamal A, Ahmad S, Rasool G, Iqbal S. Threat modelling methodologies: A survey. Sci Int (Lahore). 2014; 26(4):1607-9.
Wuyts K, Joosen W. Linddun privacy threat modelling: A tutorial. CW Reports; 2015.