Embedded Cyber-Physical Anomaly Detection in Smart Meters

Raciti, Massimiliano; Nadjm‐Tehrani, Simin

doi:10.1007/978-3-642-41485-5_4

Cited by 28 publications

(15 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Raciti and Nadjm-Tehrani (2013) propose an architecture for embedded anomaly detection in smart meters and create an instance of a clusteringbased anomaly detection algorithm in a prototype meter. Tudor et al (2015) investigate the need to monitor encrypted traffic in a smart metering infrastructure.…”

Section: Related Workmentioning

confidence: 99%

Trading off Latency Against Security in Open Energy Metering Infrastructures

Kalns

Nadjm‐Tehrani

Vasilevskaya

2016

Electronic Workshops in Computing

Self Cite

View full text Add to dashboard Cite

Embedded devices are expected to transform the landscape of networked services in many domains, among them smart homes and smart grid systems. The reliable and optimised operation of smart grids is dependent on reliable data provided by end nodes (e.g. smart meters), and assurance of secure communication across networks. Understanding whether advanced security building blocks have a role to play in forthcoming infrastructures needs a basic understanding of each potential building block with respect to resource usage and impact on timing. In this paper we study the performance penalty of asymmetric cryptography techniques used for protection of wirelessly transmitted data in a prototype smart metering system. The prototype system is built using hardware and software components from "Open Energy Monitor" project using a wireless data link between the metering device and the data collector device. We investigate the use of the Elliptic Curve Integrated Encryption Scheme (ECIES) in two versions -with standard building blocks and with added Elliptic Curve Digital Signature Algorithm (ECDSA) support. The use of the ECDSA allows the system to achieve the non-repudiation property. We compare those cryptographic techniques with the Advanced Encryption Standard in Galois Counter Mode (AES-GCM) technique in two versions -with 128 bit and 256 bit keys. Performance is compared in terms of execution time of (1) preparing data, (2) unpacking it, and (3) roundtrip time. We then discuss the implications of the measurements, where the roundtrip time of sending one measurement ranges from 378 ms in case of AES128-GCM to 16.3 sec using ECIES with ECDSA.Smart meter infrastructure security, Elliptic Curve Cryptography, Performance and latency trade-off

show abstract

Section: Related Workmentioning

confidence: 99%

Trading off Latency Against Security in Open Energy Metering Infrastructures

Kalns

Nadjm‐Tehrani

Vasilevskaya

2016

Electronic Workshops in Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…In particular, an expert needs to extend the ToEParameter, DomainMetrics, and ResourceMetrics stereotypes. be characterised by the number of clusters (numberOfClusters) and cluster centroid distance threshold (clusterDistanceThreshold ) [81], while a cipher building block can be characterised by its key size (keySize), cipher mode (cipherMode), and cipher type (cipherType). Quality of service metrics for an anomaly detection are detection rate and false positive rate (see DM Anomaly) and for a cipher they are resistance to attacker's capabilities in terms of its skill, motivation, and duration of the attack(see DM Cipher ), and etc.…”

Section: The Uml Representationmentioning

confidence: 99%

“…Secure storage and security communication reduce the likelihood of breaching integrity and confidentiality of stored data and transmitted data respectively. The anomaly detection [81] aims to reduce the likelihood of integrity loss for measurements stored in the device. Reduction effect of implemented SBBs is visualised in Figure 6.3 as arrows that shift the initial confidentiality loss to lower values 2 .…”

Section: Figure 62: Stakeholder Security Profile Viewmentioning

confidence: 99%

Security in Embedded Systems: A Model-Based Approach with Risk Metrics

Vasilevskaya¹

2015

View full text Add to dashboard Cite

“…In this case, the devices should be instructed to report their communication exchanges to the head-end (at least, the ones that are required to detect a given attack). On the other extreme, the computation could be performed by the AMI's devices themselves, as investigated recently in [20]. This option would also be limited by the computational resources of the devices.…”

Section: Intrusion Detection In Advanced Metering Infrastructuresmentioning

confidence: 99%

“…For this reason, the Probabilistic Filter compares each tuple produced by the Data Preparer with its associated probability learned over the latest completed window. As an example, if parameters IM WS and IM WA are set to 10 and 5 time units, respectively, the window will cover periods P 1 = [0, 10), P 2 = [5, 15), P 3 = [10,20), and so on. Messages observed in period [10,15) would be matched with the probabilities learned during period P 1 , messages observed in period [15,20) would be matched with the probabilities learned during period P 2 , and so on.…”

Section: Continuous Query -Overviewmentioning

confidence: 99%

METIS: A Two-Tier Intrusion Detection System for Advanced Metering Infrastructures

Gulisano

Almgren

Papatriantafilou

2015

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Abstract. In the shift from traditional to cyber-physical electric grids, motivated by the needs for improved energy efficiency, Advanced Metering Infrastructures have a key role. However, together with the enabled possibilities, they imply an increased threat surface on the systems. Challenging aspects such as scalable traffic analysis, timely detection of malicious activity and intuitive ways of specifying detection mechanisms for possible adversary goals are among the core problems in this domain. Aiming at addressing the above, we present METIS , a two-tier streamingbased intrusion detection framework. METIS relies on probabilistic models for detection and is designed to detect challenging attacks in which adversaries aim at being unnoticed. Thanks to its two-tier architecture, it eases the modeling of possible adversary goals and allows for a fully distributed and parallel traffic analysis through the data streaming processing paradigm. At the same time, it allows for complementary intrusion detection systems to be integrated in the framework. We demonstrate METIS ' use and functionality through an energy exfiltration use-case, in which an adversary aims at stealing energy information from AMI users. Based on a prototype implementation using the Storm Stream Processing Engine and a very large dataset from a real-world AMI, we show that METIS is not only able to detect such attacks, but that it can also handle large volumes of data even when run on commodity hardware.

show abstract

Embedded Cyber-Physical Anomaly Detection in Smart Meters

Cited by 28 publications

References 13 publications

Trading off Latency Against Security in Open Energy Metering Infrastructures

Trading off Latency Against Security in Open Energy Metering Infrastructures

Security in Embedded Systems: A Model-Based Approach with Risk Metrics

METIS: A Two-Tier Intrusion Detection System for Advanced Metering Infrastructures

Contact Info

Product

Resources

About