Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
1
ADVANCED METERING INFRASTRUCTURE SECURITY
Kunal Adak, Jawash Mohamed, Sri Haritha Darapuneni
[email protected], [email protected], [email protected]
A capstone paper submitted as partial fulfillment of the requirements for the degree of Masters in Interdisciplinary Telecommunications at the University of Colorado, Boulder,
6 December 2010. Project directed by Professor Timothy X Brown.
1 Introduction
The utility industry is making use of advanced technologies to increase the reliability, resilience,
intelligence, and efficiency of the existing power grid, which led to the concept of the Smart Grid
(SG) [11], [24]. Advanced Metering Infrastructure (AMI) is considered to be the heart of SG.
AMI has been the focus in recent times for vendors and utilities. Lack of security in AMI
systems can make the electrical distribution unreliable [13]. As far as AMI is concerned,
Electric/Power industries are new to the security challenges. The challenges if not addressed
could open AMI to attacks that could prove catastrophic to the economy and public safety [14].
Many organizations such as the National Institute of Standards and Technology (NIST) and
Open Smart Grid (OpenSG) are working on the security requirements of AMI in order to safely
integrate the SG technology into the power grid.
1.1 Statement of the Problem
The purpose of the research paper is to present security concerns relevant to AMI and to
recommend security requirements to AMI developers or implementers.
1.2 Scope (Limitations, Assumptions and Hypothesis)
The intent of this research is to provide potential threats, risk analysis and mitigation techniques
for those threats concerned with the Smart Meter, Communication Device, Meter Data
Management System (MDMS) and AMI Head End. The threats and the impact of threats to AMI
in this paper are limited to the components and interfaces that carry meter data and controlled by
the electric utility. The research takes into account all the communications between the MDMS
and consumer-facing-smart meter.
The security recommendations made will not apply to the entire Smart Grid network
since it only concentrates on the AMI part of the network. Depending upon the severity levels
derived from risk analysis, we will propose a set of authentication, encryption and key
management protocols to be used by utility industry, vendor communities, and other AMI
stakeholders for deploying a secure AMI.
2
Figure 1: AMI Infrastructure considered for research [5]
1.3 Importance of Study
The primary reason for choosing AMI security from the Smart Grid network is because of the
interdependency of AMI on communications infrastructure and information infrastructure, a
compromise on one domain could affect the other two domains [6]. As the challenges to be
addressed in AMI deployment are relatively new to the utility industry, an extensive research is
required because conventional Information Technology (IT) or Telecommunication security
measures cannot be applied to AMI. In the IT or Telecommunications industries the risk
tolerance of the network in terms of service disruption is high whereas the interdependencies of
various phases like generation, distribution of electricity, etc. in SG make it less risk tolerant to
service disruption. AMI is a key building block for a smart grid [5] [8] and lack of security in
AMI can cripple a business or cause a wide-scale blackout and hundreds of millions of dollars in
economic damage [4]. This makes a compelling case to safeguard the AMI networks and
metering assets.
2 Literature Review
Advance Metering Infrastructure technologies, are more sophisticated than older Automatic
Meter Reading (AMR) standards and have gained the interest of stakeholders, utilities, regulators
Devices in the scope of the project
Devices out of scope: Not under the control of electric utility
Devices out of scope: Under the control of electric utility but carry no AMI Meter data
3
and energy markets. However, very little has been done when it comes to cyber security [7]. The
National SCADA Test Bed (NSTB) drafted a document to list the kind of risks that create
vulnerabilities for Smart Grid systems and some security measures to alleviate them [11]. The
NIST Cyber Security Coordination Group (NCSCG) has also laid down guidance and security
controls with the motive to provide prescriptive, actionable guidance for how to build-in and
implement security for AMI functionality [24]. CERTICOM (adopted by the National Security
Agency) has also laid down their own authentication and encryption management protocols to
obtain site- to- site security for AMI systems [2]. Even with all these organizations coming up
with their own security standards, the U.S. electrical grid was penetrated by cyber-spies to leave
software programs open that could be used to disrupt the system. According to U.S national
security officials, spies from China and Russia were believed to be intent on navigating the U.S
electrical systems and its controls [23]. The comment usually is “If you encrypt everything, then everything is secure”. This kind of
an attitude just represents how AMI security is taken for granted. In November 2007, an AMI
SECURITY (AMI-SEC) TASK FORCE was formed by Open Smart Grid Users Group to
address AMI security issues [14]. The documents released by AMI-SEC include „Security
Specification and a Security Implementation Guide for AMI‟ which provides useful guidance.
However, the contemporary implementations of AMI, are known to have considerable security
concerns. The National Infrastructure Protection Plan (NIPP) and North American Electrical
Reliability Corporation – Critical Infrastructure Protection (NERC CIP) have proposed solutions
to AMI security in terms of Smart Grid PKI standards and tools, Attestation Certificates, and
Attributes [22]. Leading technology providers for global energy and water industries like ITRON
Inc. have also performed qualitative security risk analysis of AMI systems listing threat agents,
motivations, threats and vulnerabilities, controls and assets [15]. With these security measures
being out there, researchers like Goodspeed discovered several techniques to compromise
wireless devices used in AMI networks and successfully documented how invaders can extract
data from the memory of these devices including keys used for network validation [12]. It is
quite apparent that AMI security as of today is incapable of protecting the national power grid
from attack by malicious and knowledgeable groups; that is where our research starts. Resilience to cyber attacks has always been one of the key principles of the Smart Grid
vision and our research will be an attempt to provide security requirements for building and
deploying AMI by analyzing threats and risks associated with it [9][17]. Organizations all over
the world have only performed security risk analysis and have provided recommendations, but
are those recommendations really mitigating the attacks? Researchers have proved that all these
security measures being in place, vulnerabilities can still be exposed and attacks on AMI can still
be performed. This implies a need for more security research on AMI technology, even if
organizations like NIST have been working with vendors, stakeholders and utility to come up
with the best defense mechanisms. Our research makes an attempt not only to offer threats and
their associated risk levels at various links on the AMI system, but also provides security
recommendations; which if applied will lessen the severity levels associated with those threats.
Ultimately, the goal of our research is to inform AMI systems designers about security concerns
so that confidentiality, integrity and availability of Smart Grid network are protected on a long-
term basis.
4
3 Methodology
To define the attacks on the AMI requires assets of interests to be identified. In this case there
are four components: Smart Meter, AMI Head End, Communication Network and MDMS. Data
flow diagrams can be modeled in between the components, from which entry points to the
system such as data sources, network services, user interfaces etc. can be identified. AMI use
cases where researchers in the past have identified potential attacks and where hackers have
infiltrated the system will be analyzed to determine all the type of attacks which had been
performed on the AMI components [25]. To identify a possible attack on a given node, it is
imperative to understand what kind of security services are running at that particular node.
Depending on those security services, the attacker will choose a particular asset to manipulate
restricted information or gain access to systems, which are prohibited [3]. The risk analysis carried out in this research paper will be qualitative in nature to
determine the risk level involved. The impact of threats on the AMI components will be analyzed
considering the following parameters: severity of the threat, probability of the threat occurring
and potential loss to the consumer, utility or generation department. This will result in
concentrating on one threat at a time and the severity, probability and loss potential of each
threat can be viewed and known, so that the threat causing the greatest risk can be addressed
first.
4 Threat Model
Threat modeling is a practice of identifying threat agents, threats, categorization of threats, and
then defining counter measures to mitigate the threats [19]. Furthermore, “the threat model can
be used to assess the probability, severity, and reasoning of certain attacks and allow for
designers to implement proper controls for mitigation purposes” [15]. Figure 2 shows the
interaction of some these functions which we will develop in later sections.
Figure 2: Threat Model
5
4.1.1 Threat Model Development
This research paper goes through a series of steps to develop a threat model, which can be used
in future to deploy secure Advance metering infrastructure in a smart grid network.
Step 1: Identify critical threats to the AMI
Step 2: Categorize threats according to security domains
Step 3: Identify the threat agents for those critical threats and their motives
Step 4: Identify the AMI functional block the threats affect
4.1.2 Identify Critical Threats
Threat can be viewed as a harmful event, which targets a vulnerability of a system jeopardizing
its security in terms of confidentiality, accessibility and integrity [2]. Now a days, the AMI part
of the Smart Grid network has been exposed to threats and some of the specific ones are:
1. Tampering application services at AMI nodes
2. Masquerade as the control center
3. Authentication Bypass in metering protocols
4. Buffer Overflow through the AMI meter‟s firmware
5. Firmware Manipulation
4.1.3 Categorize threats according to security domain
The above-mentioned threats are categorized depending on which security aspect of the AMI
system is compromised as shown in Figure 3. The following security services counter these
threats
Confidentiality: Ensures that data is shared only with authorized individuals on a need-
to-know basis, and that intentional or unintentional disclosure of the data does not
occur.[7]
Integrity: Ensures that data is authentic, correct, and complete, and provides assurance
that the data can be trusted.[7]
Availability: Requires that data is accessible by authorized entities whenever in need.[7]
Figure 3: Security Requirements affected by the threats
6
Each threat exploits vulnerabilities present in the system or a protocol as shown in Figure
3. Table 1 lists the vulnerabilities and the impacts associated with the threats identified above.
4.1.4 Identify Threat Agents and their motives
The previous section describes specific possible threats to AMI systems. Considering those
threats, two types of attackers are possible. One is the internal attacker who is situated within the
system and has some privileged system access. The other one is the external attacker who uses
Internet, wireless channel access, or physical access to the system to perform any attack. For this
research paper, internal attackers are not taken into consideration as internal people of any
system/organization carry a sense of trust within themselves. So, taking external attackers into
account we assume that they all have one of three kinds of motives behind any attacks:
1. Disruption of service: Interruption or prevention of service
2. Stealing Electricity: Adding or modifying information
3. Unethical: Defaming an organization / individual
Table 1: Vulnerabilities and Impact associated with a threat [5]
Threat Vulnerability Impact
(C: Confidentiality, I:
Integrity, A: Availability)
Tamper
The management applications and
services remain exposed and available for all the nodes
Disrupting the communication
flow to reroute all the traffic to attacker‟s node for later
manipulation (I)
Masquerade
Lack of Authentication /
Encryption
Impersonating the control center
and send unauthorized
commands to meters or read metering data. (I)
Authentication Bypass
Poor implementation of metering
protocols
Manipulate reading parameters of
the smart meters (CI)
Buffer Overflow
Firmware makes certain assumptions regarding the data it receives,
particularly the size of each message
format
System instability or freeze, change values of parameters,
which are saved in the memory
stack or even execute arbitrary code (CI)
Firmware Manipulation
Firmware architecture with poor
access controls
Attacker can execute a
disconnect action and then make
the meter completely unresponsive till it is returned to
the manufacturer, thus making it
impossible for the network operator to reverse his actions
(CIA)
7
5 Risk Analysis
Efficient application of controls to alleviate the most likely attack vectors is possible by
constructing an array of attack scenarios. This reduces both the likelihood and consequence of a
successful attack [8]. This research paper makes use of Qualitative risk analysis where the
likelihood of an attack refers to the level of expertise of the attacker to perform the attack. The
consequence of an attack refers to the impact a threat has on the functionality of the device
and/or network performance.
Likelihood is measured in terms of Unlikely, Possible, Likely and Almost Certain. The
severity level of consequence includes Minor, Moderate, Major and Severe. The definitions of
these terms are listed in the tables below.
Table 2: Qualitative Risk Assessment Interpretations
Consequence
Minor Threatens the functionality of the device/ Threatens the performance of the network
Moderate Device malfunctions to an acceptable level / Degrades the performance of the network but
still functional
Major Device malfunctions beyond acceptable level / Degrades the performance of the network
beyond acceptable level
Severe Permanent damage to the device / Permanent damage of the network causing wide spread
blackout
Likelihood
Unlikely The attacker needs to be a „guru‟ or requires very high level of expertise to perform an attack
Possible The attacker requires high expertise to perform an attack
Likely The attacker requires medium level of expertise to perform an attack
Certain The attacker requires minimum expertise to perform an attack
Based on the likelihood and consequence, a risk matrix is derived as shown below:
8
Table 3: Risk Analysis Matrix
The table below shows the likelihood and consequence of a threat with respect to the
location of the attacker and the key to determining the risk level with respect to likelihood and
consequence. The links listed in the table are labeled in Figure 1.
Table 4: Likelihood and Consequence of attack on interfaces shown in Figure 1
Key to determining the risk level w.r.t likelihood and consequence
Consequence
Likelihood Minor Moderate Major Severe
Unlikely Low Low Medium Critical
Possible Low Medium High Critical
Likely Medium Medium High Critical
Certain Medium High Critical Critical
9
Below is the explanation for choosing likelihood and consequence for a particular threat:
Masquerade: For masquerading, the attacker will try to impersonate the device, which is nearest
to the AMI meter.
Impersonating to be AMI Head End: The consequence will be Major, because all the major
functionalities of the meter can be changed and the meter could be turned off. The AMI Head
End is complex and has more functionality as compared to AMI Communications Network
Device, which will result into additional and compound security measures. Hence, the likelihood
is Unlikely. Similar logic is applied if the attacker is situated at LINK 3 and LINK 4.
Impersonating to be AMI Communication Network Device: It will cause Moderate damage
because by doing that false power outage and restoration messages will be sent out causing
performance degradation. The AMI Communications Network Device doesn‟t have much
functionality as compared to AMI Head End and MDMS, which will result into less security
measures. Hence, the likelihood is Possible.
Tampering: For Tampering, the attacker will attempt to tamper the data on the link where he/she
is located.
10
LINK 1: Tampering data such as meter readings, pricing details, load-shedding messages, meter
on/off commands, meter provisioning details would cause Major consequence as it could lead to
network performance degradation beyond acceptable level. It will require high level of expertise
of tamper the data on LINK 1 because of the nature and the number of messages flowing on it.
Hence, the likelihood is Possible.
LINK 2: Tampering data such as meter last gasp messages would only threaten the network
performance. Hence the consequence is Minor. Tampering meter gasp messages requires
medium level expertise, due to which the likelihood is Likely.
LINK 3: Tampering data such as power outage and restoration notifications and gasp messages
would cause Moderate damage to network performance. Tampering data such as power outage
and restoration notifications and gasp messages will require more expertise, due to which the
likelihood is Possible.
LINK 4: Tampering data such as HAN equipments responses and commands, event logs, meter
read requests and planned outage information would cause Severe degradation to network
performance as it would also affect communications between MDMS and the distribution part of
the Smart Grid. This link contains highest number of communication messages and would be
most secure one among all the other 3 links, due to which tampering of data on LINK 4 will
require highest amount of expertise. Hence the likelihood is Unlikely.
Authentication Bypass: The attacker will attempt to bypass authentication credentials present on
the AMI meter, irrespective on which link he/she is located. Here the consequence of the attack
will be consistent on all the links and if the meter credentials are compromised, he/she can get
root-level-access to AMI meter and can manipulate all the functionalities of the meter causing to
malfunction beyond acceptable level or would shut the meter itself. Hence the consequence is
Major.
LINK 1 and LINK 2: If the attacker has a point-to-point direct access to the device who‟s
credentials he/she wants to bypass, the level of expertise required will be less compared to if
he/she is located multiple hops away from the targeted device. Also, even if the attacker has
direct access to targeted device, to get root level access to the device, he needs a high level
expertise to do so. Hence the likelihood is Likely.
LINK 3 and LINK 4: Attacker has to take at least one hop before he attempts to get root level
access to the AMI meter, due to which he needs to have a very high level of expertise. Hence the
likelihood is Unlikely.
Buffer Flow: The attacker attempts to overflow the buffer of the AMI meter by broadcasting
malformed messages irrespective of the link he/she is using. Here the consequence of the attack
will be consistent on all the links and if the meter is overloaded with excess data it can damage
the user's files, change data, or disclose confidential information stored in the AMI meter as well
arbitrary code can be generated which can lead to system instability. Hence the consequence will
be Severe on all the links.
LINK 1 and LINK 2: Buffer flow attacks are one of most common attacks performed in today‟s
world. If the attacker has direct access to the AMI meter, he will require medium level expertise
to overflow the buffer of the meter. Hence the likelihood is Likely on LINK 1 and LINK 2.
LINK 3 and LINK 4: The expertise level rises to a higher level when the attacker doesn‟t have
direct access to the meter. He/She needs to compromise additional device before the targeted
device is compromised. Hence the likelihood is Possible on LINK 3 and LINK 4.
11
Firmware Manipulation: The attacker is targeting to manipulate the firmware running on the
AMI meter. The entire functionality of the AMI meter depends on how the firmware is coded.
The consequence of this attack will be consistent irrespective from where the attack is attempted.
Firmware manipulation could lead to catastrophic results as the attacker can make the AMI meter
to function the way he/she wants. Hence, the consequence of this attack from any link would be
Severe. Also, as far as likelihood is concerned, successful firmware manipulation requires very
high level of expertise and most of the attempts to perform firmware manipulation are done
remotely. Hence the likelihood would be Unlikely on all the links.
From Table 4 it can be concluded that:
The most critical attacks are:
o Buffer Overflow: It has severe consequence across all the links with a
likelihood of Likely/Possible resulting in risk severity of Critical.
o Firmware Manipulation: It has severe consequence across all the links with a
likelihood of Unlikely resulting in risk severity of Critical.
Other attacks that need security recommendations are Authentication Bypass and
Tamper as both have a risk severity of High.
6 Security recommendations
From the risk analysis, we concluded that the attacks that have critical severity are:
1. Buffer Overflow
2. Firmware manipulation
3. Authentication Bypass
4. Tamper
In this section, we will provide security recommendations for the above-mentioned attacks.
6.1 Controls for Buffer Overflow:
Prevention from the buffer overflow can be achieved by using a Libsafe2.0 - middleware
software created by Bell Labs [17]. By intercepting all the call function calls made to the
vulnerable library functions, it avoids the attacker from overwriting the return address and
hijacking the control flow of the running program. Another method to detect buffer overflow
attacks is to use „stack canaries‟ [21]. Buffer overflow attacks overwrites memory from lower to
higher memory addresses, so it has to overwrite the canary value before it overwrites the return
pointer. If the canary value is changed, attack can be detected before the execution of the
malicious code can occur.
6.2 Controls for Firmware Manipulation:
One of the ways by which meter firmware can be prevented from being directly accessed, read
and downloaded is to use microcontrollers that can be locked, so that attacker cannot analyze or
re-install the firmware [20]. One way to prevent the firmware from getting overwritten by
corrupted/unauthorized firmware is by validating it for integrity and authentication before it gets
placed in the boot loader, so that spoofing and injection of malicious code can be blocked [12].
Vendor design teams can also encrypt the firmware, because by encryption, confidentiality and
12
integrity of the new firmware image can be preserved by facilitating secure transport through the
utility network where it is then decrypted in metering devices [21].
6.3 Controls for Authentication Bypass:
Metering protocols like DLMS and IEC 60870 must support HMAC_ MD5 authentication, since
this type of authentication uses secret key combined with the data being protected to compute a
hash [21]. Also, metering protocols should support Internet Key Exchange (IKE), which defines
mechanisms for key generation and exchange, and manages security association (SAs) [20].
6.4 Controls for hijacking data:
Security measures should be implemented at the Application and Network level of the AMI
communication module. As far as network level hijacks are concerned, packets can be ciphered
to prevent packet headers getting hijacked. Encryption can be provided by using protocols such
as IPSEC, SSL and SSH in the AMI network. Application session hijacking can be prevented by
using Strong Session ID‟s and expiring sessions can also be used since require re-authentication
to make attacks futile [20].
7 CONCLUSION
Smart Grids in today‟s world are still in its nascent stage when it comes to security even though
they are helping in efficient power and energy management [16]. Security will be truly effective
only when it is built in from the beginning, but as all the other competing demands are pursued,
it is considered on the list of low priorities [18]. It is important to remember that though AMI
offers a remarkable amount of potential, it still calls for an industry driven, resilient and scalable
standard security [10]. Organizations such as NIST, OpenSG and AMI-SEC Task force are
coming up with their own security standards for AMI, yet none of them have a defense
mechanism that would provide complete secure solutions for AMI deployment. The motive of
our research is to present a list of potential security concerns to the AMI in terms of threats and
threat agents, to perform qualitative risk analysis on each of those threats with respect to each
motive and link and then propose security measures for critical threats. The purpose of these
findings is to convey information essential to deploy proper controls that will lessen the security
issues revolving around AMI. It will require tremendous amount of coordinated and collective
effort of the utilities, regulators, consumers to make Smart Grids not only secure but also a
reality.
13
References:
[1] A. Gerra, “Security strategy that should be adopted by utilities for Smart Grid implementation before standards
hit the industry,” M.S. dissertation, University of Colorado at Boulder, United States, October 25th, 2010.
[2] Certicom, “Critical Infrastructure Protection for AMI Using a Comprehensive Security Platform,” Certicom
white paper, February 2009.
http://certicomcenterofexcellence.com/pdf/white_paper-ami_advanced_metering_infrastructure.pdf
[3] C4, “The Dark Side of the Smart Grid - Smart Meters (in)Security,” C4 security white paper, September 2010.
http://www.c4-security.com/The%20Dark%20Side%20of%20the%20Smart%20Grid%20-
%20Smart%20Meters%20(in)Security.pdf
[4] D.G. Hart, “Using AMI to realize the Smart Grid,” in Proceedings of the Conference on Power and Energy
Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, Pittsburgh, PA, July
20-24, 2008.
[5] D. Wei, Y. Lu, M. Jafari, P. Skare and K. Rohde, “An Integrated Security System of Protecting Smart Grid
against Cyber Attacks,” in Proceedings of the conference on Innovative Smart Grid Technologies, Gaithersburg,
MD, January 19-21, 2010.
[6] E. Liu, M. L. Chan, C. W. Huang, N. C. Wang, and C. N. Lu, “Electricity grid operation and planning related
benefits of advanced metering infrastructure” presented at the conference on Critical Infrastructure, Beijing, China,
September 20-22, 2010.
[7] F.M. Cleveland, “Cyber security issues for Advanced Metering Infrastructure (AMI),” in Proceedings of the
conference on Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, Pittsburgh, PA, July 20-24, 2008.
[8] Idaho National Laboratory, “Study of Security Attributes of Smart Grid Systems - Current Cyber Security
Issues,” Idaho National Laboratory, April 01, 2009. http://www.smartgridinformation.info/pdf/1335_doc_1.pdf
[9] J. Ketchledge, “Future Proofing AMI Systems to Support Smart Grid Adoption,” Enspiria Inc white paper,
September 2009.
http://www.enspiria.com/Article%20pdfs/Futureproofing_AMI_to_Support_SmartGrid_Adoption.pdf
[10] J. S. John, (2009, April 8), “Hacking the Grid: Is Smarter Less Secure?,” Blog post on Greentech Media, April
8, 2009. http://www.greentechmedia.com/articles/read/hacking-the-grid-is-smarter-less-secure-6017/
[11] K. Cornish, “The Migration from AMI to Smart Grid,” Enspiria white paper, August 2010.
http://www.enspiria.com/Article%20pdfs/Migration_from_AMI_to_Smart_Grid.pdf
[12] K. Moslehi and R. Kumar, “Smart Grid - A Reliability Perspective,” presented at the Conference on Innovative
Smart Grid Technologies, Gaithersburg, MD, January 19-21, 2010.
[13] M. Carpenter, T. Goodspeed, B. Singletary, E. Skoudis and J. Wright, “Advanced Metering Infrastructure
Attack Methodology,” InGuardians. January 5, 2009. http://inguardians.com/pubs/AMI_Attack_Methodology.pdf
[14] OpenSG Users Group, “AMI Task Force Roadmap,” Open Smart Grid white paper, September 30, 2008.
http://osgug.ucaiug.org/utilisec/amisec/.../AMI-SEC_Roadmap_Document_v0_4-20080930_NCG.doc
[15] R. C. Parks, “Advanced Metering Infrastructure Security Considerations,” Sandia National Laboratories white
paper, November 2007. www.sandia.gov/ccss/documents/Parks-2007-7327.pdf
14
[16] R. E. Robinson and M. G. Stuber, “Risk Analysis for Advanced Metering,” Itron white paper, September 29,
2010. www.itron.com/asset.asp?path=support/whitepaper/pdf/itr_016898.pdf
[17] R. L. Ekl and A. R. Metke, “Smart Grid Security Technology,” in Proceedings of the Conference on Innovative
Smart Grid Technologies, Gaithersburg, MD, January 19-21, 2010.
[18] R. Shein, “Security Measures for Advanced Metering Infrastructure Components,” in Proceedings of the
Conference on Power and Energy Engineering, Chengdu, China, March 28-31, 2010.
[19] R. V. Gerwen, S. Jaarsma, and R. Wilhite, “Smart Metering,” Leonardo Energy Inc. white paper, July, 2006.
http://www.leonardo-energy.org/webfm_send/435
[20] S. Harris, CISSP Certification All-in-One Exam Guide, 2007, pp. 53-107.
[21] S. Kapoor, “Session Hijacking Exploiting TCP, UDP and HTTP Sessions,” Info-point security white paper,
July 2006. https://www.info-point-security.com/open_downloads/alt/SessionHijacking.pdf
[22] S. McLaughlin, D. Podkuiko and P. McDaniel, “Energy Theft in the Advanced Metering Infrastructure,” Lecture Notes in Computer Science, vol. 6027/2010, pp. 176-187, 2010.
[23] The Advanced Security Acceleration Project,”Security Profile For Advanced Metering Infrastructure,” OpenSG
Users Group, December 10, 2009.
http://osgug.ucaiug.org/utilisec/amisec/Shared%20Documents/AMI%20Security%20Profile%20(ASAP-
SG)/AMI%20Security%20Profile%20-%20v1_0.pdf
[24] T. M. Chen, “Survey of cyber security issues in smart grids,” in Proceedings of the Conference on Cyber
Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and
Security II, Orlando, FL, April 28, 2010.
[25] U.S Department of Energy, “The Smart Grid: An Introduction,” U.S Department of Energy, August 6, 2010.
http://www.oe.energy.gov/DocumentsandMedia/DOE_SG_Book_Single_Pages(1).pdf
[26] W. Sikora, M. Carpenter, and J. Wright, “Smart Grid and AMI Security Concerns,” Inguardians, July 23, 2009.
http://inguardians.com/pubs/Smart_Grid_AMI_Security_Concerns-20090723.pdf