System Architecture and Threat Modelling of Advanced Metering Infrastructure

##plugins.themes.academic_pro.article.main##

Anurag Chevendra
Parul V. Sindhwad
Rigved Kulkarni
Mahita Samant
Sharal Deegoju
Faruk Kazi

Abstract

Advanced Metering Infrastructure (AMI) is a collection of smart meters, communications networks, and data management systems that have been specifically designed to facilitate the effective integration of energy resources. As AMI continues to become more complex and integrated with advanced functionalities, additional questions about cyber security must be considered. The security of an AMI is of critical importance. The implementation of secure protocols and the enforcement of strict security requirements may be able to stop vulnerabilities from being exploited. This research analyses AMI from a security standpoint. It also discusses potential flaws related to various smart meter attack surfaces, as well as the security and threat implications of these flaws. Threat modelling is an engineering undertaking that helps identify security threats, potential vulnerabilities, and their criticality and prioritize corrective or countermeasures. The results show how threat models, specifically STRIDE and LINDDUN, can be used in the case of an AMI and demonstrate the dangers connected to this AMI configuration.

##plugins.themes.academic_pro.article.details##

How to Cite
Chevendra, A. ., Sindhwad, P. V., Kulkarni, R., Samant, M., Deegoju, S., & Kazi, F. (2024). System Architecture and Threat Modelling of Advanced Metering Infrastructure. Power Research - A Journal of CPRI, 20(1), 27–33. https://doi.org/10.33686/pwj.v20i1.1164

References

  1. Mohassel RR, Fung AS, Mohammadi F, Raahemifar K. A survey on advanced metering infrastructure and its application in smart grids. In: 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE); 2014. p. 1-8. https://doi.org/10.1109/CCECE.2014.6901102 DOI: https://doi.org/10.1109/CCECE.2014.6901102
  2. Potter B. Microsoft sdl threat modelling tool. Network Security. 2009; 2009(1):15-8. https://www.sciencedirect.com/science/article/pii/S135348580970008. https://doi.org/10.1016/S1353-4858(09)70008-X DOI: https://doi.org/10.1016/S1353-4858(09)70008-X
  3. MS, VD, KBR, PK, Gupta P. Smart metering system. In: 2021 Innovations in Power and Advanced Computing Technologies (i-PACT). 2021. DOI: https://doi.org/10.1109/i-PACT52855.2021.9696950
  4. Yan Y, Hu R, Das S, Sharif H, Qian Y. A security protocol for advanced metering infrastructure in smart grid. IEEE Network. 2013; 27:64-71. https://doi.org/10.1109/ MNET.2013.6574667 DOI: https://doi.org/10.1109/MNET.2013.6574667
  5. Khan R, McLaughlin K, Laverty D, Sezer S. Stride-based threat modelling for cyber-physical systems. In: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE; 2017. p. 1-6. https://doi.org/10.1109/ISGTEurope.2017.8260283 DOI: https://doi.org/10.1109/ISGTEurope.2017.8260283
  6. Sion L, Wuyts K, Yskout K, Van Landuyt D, Joosen W. Interaction-based privacy threat elicitation. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroSandPW). IEEE; 2018. p. 79-86. https:// doi.org/10.1109/EuroSPW.2018.00017 DOI: https://doi.org/10.1109/EuroSPW.2018.00017
  7. Metke R, Ekl RL. Security technology for smart grid networks. IEEE Trans Smart Grid. 2010; 1:99-107. https:// doi.org/10.1109/TSG.2010.2046347 DOI: https://doi.org/10.1109/TSG.2010.2046347
  8. Paverd J, Martin AP. Hardware security for device authentication in the smart grid. In: Cuellar J, editor. Smart Grid Security. Berlin, Heidelberg: Springer Berlin Heidelberg; 2013. p. 72-84. https://doi.org/10.1007/978-3-642-38030-3_5 DOI: https://doi.org/10.1007/978-3-642-38030-3_5
  9. Wang W, Lu Z. Cyber security in the smart grid: Survey and challenges. Comput Netw. 2013; 57:1344-71. https://doi.org/10.1016/j.comnet.2012.12.017 DOI: https://doi.org/10.1016/j.comnet.2012.12.017
  10. Fan Z, Kulkarni P, Gormus S, Efthymiou C, Kalogridis G, Sooriyabandara M, Zhu Z, Lambotharan S, Chin WH. Smart grid communications: Overview of research challenges, solutions, and standardization activities. IEEE Commun Surv Tutor. 2013; 15(1):21-38. https://doi.org/10.1109/SURV.2011.122211.00021 DOI: https://doi.org/10.1109/SURV.2011.122211.00021
  11. Anzalchi, Sarwat A. A survey on security assessment of metering infrastructure in smart grid systems. In: SoutheastCon; 2015. p. 1-4. https://doi.org/10.1109/ SECON.2015.7132989 DOI: https://doi.org/10.1109/SECON.2015.7132989
  12. Gupta H, Mondal S, Majumdar R, Ghosh NS, Suvra Khan S, Kwanyu NE, Mishra VP. Impact of side channel attack in information security. In: 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). 2019; 291-5. https://doi.org/10.1109/ ICCIKE47802.2019.9004435 DOI: https://doi.org/10.1109/ICCIKE47802.2019.9004435
  13. Huseinovic, Mrdovic S, Bicakci K, Uludag S. A taxonomy of the emerging denial-of-service attacks in the smart grid and countermeasures. In: 2018 26th Telecommunications Forum (TELFOR); 2018. p. 1-4. https://doi.org/10.1109/ TELFOR.2018.8611847 DOI: https://doi.org/10.1109/TELFOR.2018.8611847
  14. Patni P, Iyer K, Sarode R, Mali A, Nimkar A. Man-in-themiddle attack in http/2. In: 2017 International Conference on Intelligent Computing and Control (I2C2); 2017. p. 1-6. https://doi.org/10.1109/I2C2.2017.8321787 DOI: https://doi.org/10.1109/I2C2.2017.8321787
  15. Marback, Do H, He K, Kondamarri S, Xu D. A threat model-based approach to security testing. Softw Pract Exp. 2013; 43(2):241-58. https://doi.org/10.1002/spe.2111 DOI: https://doi.org/10.1002/spe.2111
  16. Hussain S, Kamal A, Ahmad S, Rasool G, Iqbal S. Threat modelling methodologies: a survey. Sci Int (Lahore). 2014; 26(4):1607-9.
  17. Khan S. A stride model-based threat modelling using unified and or fuzzy operator for computer network security. Int J Comput Netw Technol. 2017; 5:13-20. https://doi.org/10.12785/ijcnt/050103 DOI: https://doi.org/10.12785/ijcnt/050103
  18. Hussain S, Kamal A, Ahmad S, Rasool G, Iqbal S. Threat modelling methodologies: A survey. Sci Int (Lahore). 2014; 26(4):1607-9.
  19. Wuyts K, Joosen W. Linddun privacy threat modelling: A tutorial. CW Reports; 2015.