Abstract
The Advanced Metering Infrastructure (AMI) is the core component in a smart grid. It exhibits highly complex heterogeneous network configurations comprising of different cyber-physical components. These components are interconnected through different communication media, protocols, and secure tunnels, and are operated using different modes of data delivery and security policies. The inherent complexity and heterogeneity in AMI significantly increase the potential of security threats due to misconfiguration or attacks, which can cause devastating damage to AMI. Therefore, creating a formal model that can represent the global behavior based on AMI configuration is evidently essential to verify, evaluate and harden its capabilities against dormant security threats. In this paper, we present a novel declarative logic approach for analyzing AMI configurations against various security threats. We develop a tool, called AMISecChecker, which offers manifold contributions: (i) modeling of AMI components’ configurations and their interactions based on property level abstraction; (ii) modeling of AMI topology and communication properties; and (iii) verifying the compliance of AMI configuration with security control guidelines. The efficacy and scalability of the tool have been evaluated in real and synthetic test networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Shaer, E., Marrero, W., El-Atawy, A., Elbadawi, K.: Network configuration in a box: towards end-to-end verification of network reachability and security. In: IEEE International Conference on Network Protocols, Princeton (2009)
Ami smart grid testbed at UNC Charlotte: http://www.cyberdna.uncc.edu/events.php
Ami system security requirements: volume 1.01: AMI-SEC Task Force, pp. 84–89 (1991). Available in http://osgug.ucaiug.org/utilisec/amisec/
Anwar, Z., Campbell, R.: Automated assessment of critical infrastructures for compliance to (cip) best practice. In: The 2nd IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Arlington (2008)
Anwar, Z., Shankesi, R., Campbell, R.: Automatic security assessment of critical cyber-infrastructures. In: IEEE/IFIP International Conference on Dependable Systems and Networks, Anchorage (2008)
Ashiqur Rahman, M., Al-Shaer, E.: A declarative approach for global network security configuration verification and evaluation. In: IM Miniconference (2011)
Ashiqur Rahman, M., Al-Shaer, E., Bera, P.: Smartanalyzer: a noninvasive security threat analyzer for ami smart grid. In: The 31st IEEE International Conference on Computer Communications, Orlando (2012)
Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electrical power grids. In: ACM Conference on Computer and Communications Security, Chicago (2009)
McDaniel, P., Smith, S.W.: Security and privacy challenges in smart grid. In: IEEE Security and Privacy (2009)
McLaughlin, S., Podkuiko, D., McDaniel, P.: Energy theft in the advanced metering infrastructure. In: The 4th International Workshop on Critical Information Infrastructure Security, Bonn (2009)
McLaughlin, S., Podkuiko, D., Miadzvezhanka, S., Delozier, A., McDaniel, P.: Multi-vendor penetration testing in the advanced metering infrastructure. In: International Conference ACSAC, Austin (2010)
Nistir 7628: Guidelines for smart grid cyber security. Smart Grid Interoperability Panel – Cyber Security Working Group (2010)
Ou, X., Govindavajhala, S., Appel, A.: Mulval: a logic-based network security analyzer. In: The 14th USENIX Security Symposium, Baltimore (2005)
Wang, Y., Ruan, D., Xu, J., Wen, M., Deng, L.: Computational intelligence algorithms analysis for smart grid cyber security. Lect. Notes Comput. Sci. 6146, 77–84 (1993)
Acknowledgements
It is a pleasure to thank the Engineers of Duke Energy Corp. for their feedback and support in design and evaluation of our tool. We would also like to thank Mohammad Mazumdar, MphasiS Corp., Texas, for his precious editorial help.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Rahman, M.A., Al-Shaer, E. (2013). A Declarative Logic-Based Approach for Threat Analysis of Advanced Metering Infrastructure. In: Al-Shaer, E., Ou, X., Xie, G. (eds) Automated Security Management. Springer, Cham. https://doi.org/10.1007/978-3-319-01433-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-01433-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-01432-6
Online ISBN: 978-3-319-01433-3
eBook Packages: Computer ScienceComputer Science (R0)