Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems Ishtiaq Rouf, Hossen Mustafa Rob Miller Marco Grutese Presented By.

Published byMaude Christal Sanders Modified over 8 years ago

Similar presentations

Presentation on theme: "Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems Ishtiaq Rouf, Hossen Mustafa Rob Miller Marco Grutese Presented By."— Presentation transcript:

1 Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems Ishtiaq Rouf, Hossen Mustafa Rob Miller Marco Grutese Presented By Krishna Rawali Puppala 131-03-2015 Security and Privacy Analysis of AMR Systems

2 What is a Smart Meter?? 231-03-2015 Security and Privacy Analysis of AMR Systems

3 Benefits of having a Smart Meter No more manual readings. More accurate bills. Improves efficiency and reliability. Real time reports. And many more..... But is it SECURE ???? 331-03-2015 Security and Privacy Analysis of AMR Systems

4 Beware!! Smart Meters are tracking us 431-03-2015 Security and Privacy Analysis of AMR Systems

5 Recent Articles 531-03-2015 Security and Privacy Analysis of AMR Systems

6 Architecture AMR Meters Hasmetering engine & ERT(Encoder-Re -ceiver-Transmitter) AMR Readers Handheld devices Mobile collectors Fixed Network AMR - No manual walk. 631-03-2015 Security and Privacy Analysis of AMR Systems

7 Communication Protocol Meters use simple modulation schemes- – OOK ( on-off Keying) or FSK ( Frequency Shift Keying) included with the Manchestor Encoding Scheme. Two types of Communication models- Wake-up Model  Two-way communication Reader sends an Activation signal to wake-up the meter. Bubble-up Model  One-way communication There is a meter reading broadcast for every 30s. 731-03-2015 Security and Privacy Analysis of AMR Systems

8 Reverse Engineering to discover meter protocol  First step is to capture few transmissions from each meter.  Built a detection software to capture, replay and verify signals. 831-03-2015 Security and Privacy Analysis of AMR Systems

9 AMR Transmission Packets Pilot Packet- A high priority control packet associated with the data packet. 931-03-2015 Security and Privacy Analysis of AMR Systems

10 Reverse Engineering to discover meter protocol (cont) Decoding Packets 1031-03-2015 Security and Privacy Analysis of AMR Systems

11 1131-03-2015 Security and Privacy Analysis of AMR Systems

12 Lessons Learned Reverse Engineering requires modest effort. - Anyone can reverse engineer with low cost and effort. No Encryption. - Anyone can eavesdrop on real time consumption packets. Battery drain attacks. - Wake-up meters transmit a packet as soon as they receive an activation signal. 1231-03-2015 Security and Privacy Analysis of AMR Systems

13 Packet Spoofing Spoofing a packet has become easier. Packet is spoofed with an arbitrary meter ID and reading. Observations- No Authentication. No Input Validation. 1331-03-2015 Security and Privacy Analysis of AMR Systems

14 1431-03-2015 Security and Privacy Analysis of AMR Systems

15 Neighborhood Monitoring Eavesdropping Range- – Tested two locations in a state: Rural and Urban Location Range Rural 150m Urban 70m Results- Attacker can able to sniff packets in any area without entering private property. 1531-03-2015 Security and Privacy Analysis of AMR Systems

16 Neighborhood Monitoring (con t) Boosted Eavesdropping Range How to boost the range at low cost? - Adding LNA ( Low Noise Amplifier). - LNA amplifies received signal strength. Increases eavesdropping range in the urban area from 70m to 300m 1631-03-2015 Security and Privacy Analysis of AMR Systems

17 1731-03-2015 Security and Privacy Analysis of AMR Systems

18 Neighborhood Monitoring Number of Observed Meters Used two RF Sniffers – - Narrowband Sniffer 4 MHz - Wideband Sniffer 12.5MHz Meter w/o LNA w LNA Narrowband 72 161 Wideband 106 485 1831-03-2015 Security and Privacy Analysis of AMR Systems

19 Neigborhood Monitoring Packet Reception Rate – Received packets per hour (pph) – Larger pph maps to more frequent energy consumption and high level of information leakage. 1931-03-2015 Security and Privacy Analysis of AMR Systems

20 Even at a low packet reception rate, it is very easy to infer data of the residents. 2031-03-2015 Security and Privacy Analysis of AMR Systems

21 Inferring Household Events Visual Observation Mechanisms - on-board LCD display - infrared (IR) LED using cameras or IR photodiodes. 2131-03-2015 Security and Privacy Analysis of AMR Systems

22 Inferring Household Events Automated LCD Screen Monitoring For every consumption of Wh( Watt-hour), one of the dot toggles Tracks the toggles on a laptop and generates electricity trace. 2231-03-2015 Security and Privacy Analysis of AMR Systems

23 Inferring Household Evemts Infrared LED Monitoring – For every consumption of 1Wh, IR LED flashes. – Designed IR circuit to capture the IR flashes. – Once the diode detects the flash, the voltage becomes high. 2331-03-2015 Security and Privacy Analysis of AMR Systems

24 Experiments & Results Examined whether RF Sniffing can reveal sensitive information. Found that RF sniffing suffered from low granularity of data. Question: RF eavesdropping information sufficient to infer sensitive data? Ans: Conducted two experiments and found that both camera and IR based methods captured data with high granularity than RF Eavesdropping. 2431-03-2015 Security and Privacy Analysis of AMR Systems

25 Results 2531-03-2015 Security and Privacy Analysis of AMR Systems

26 Defense Strategies Spoofing Defenses for Legacy Meters – Radio fingerprinting techniques. – Anomaly Detection. Cryptographic Mechanisms – Encrypting data packets using standard block encryption algorithms. – Requires upgrading of the meters. Jammer add-on – add-on device PPJ (Privacy Preserving Jammer). No upgradation. 2631-03-2015 Security and Privacy Analysis of AMR Systems

27 Privacy Preserving Jammer Deactivation Protocol 2731-03-2015 Security and Privacy Analysis of AMR Systems

28 Conclusion AMR systems are vulnerable to spoofing attacks. Continuous broadcast of readings for every 30s risking millions of meters. Offered a security solution that the authors call PPJ. – No modification of current meters. – Prevents information leakage. 2831-03-2015 Security and Privacy Analysis of AMR Systems

Download ppt "Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems Ishtiaq Rouf, Hossen Mustafa Rob Miller Marco Grutese Presented By."

Similar presentations

INDIVIDUAL PROJECT BY R.KARTHIKMANOJ

INDIVIDUAL PROJECT BY R.KARTHIKMANOJ
I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.

1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.
GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.

GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.
RF Circuit Design Chris Fuller 952-607-8506 11/7/2012.

RF Circuit Design Chris Fuller /7/2012.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Wireless Security David Wagner University of California, Berkeley.

Wireless Security David Wagner University of California, Berkeley.
Low Power Design for Wireless Sensor Networks Aki Happonen.

Low Power Design for Wireless Sensor Networks Aki Happonen.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Integrated Circuits Design for Applications in Communications Dr. Charles Surya Department of Electronic and Information Engineering DE636  6220

Integrated Circuits Design for Applications in Communications Dr. Charles Surya Department of Electronic and Information Engineering DE636  6220
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
IT-101 Section 001 Lecture #15 Introduction to Information Technology.

IT-101 Section 001 Lecture #15 Introduction to Information Technology.
RF Wakeup Sensor – On-Demand Wakeup for Zero Idle Listening and Zero Sleep Delay.

RF Wakeup Sensor – On-Demand Wakeup for Zero Idle Listening and Zero Sleep Delay.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.
Advanced Metering Infrastructure

Advanced Metering Infrastructure
ENERGY INDUSTRY FUNDAMENTALS: MODULE 5, UNITS A & B: Emerging Technologies.

ENERGY INDUSTRY FUNDAMENTALS: MODULE 5, UNITS A & B: Emerging Technologies.
1 Department of Water and Power City of Los Angeles Automatic Meter Infrastructure Program Mariko Marianes and John Yu.

1 Department of Water and Power City of Los Angeles Automatic Meter Infrastructure Program Mariko Marianes and John Yu.
InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

Similar presentations

Ads by Google