Security evaluation of communication interfaces on smart meters
Abstract
By 2019, almost all households in Norway will have a smart meter installed. The digitization of the electrical grid may create new vulnerabilities to the critical infrastructure. In this thesis, we evaluated the security in communication interfaces on smart meters. The reason for our research is that we wanted to find out if the technology used for communication on smart meters provide adequate security to protect assets in the grid infrastructure. To answer this question, we conducted a literature review of technology used in AMI solutions and smart meters and an analysis of a smart meter used in Norway. The findings were used to create a threat model and risk analysis to scope down potential vulnerabilities to test. Our findings suggest that confidentiality of communication between the smart meter and HES is maintained. It is protected using application layer encryption based on AES-128 CBC mode. The integrity of communication may be vulnerable because some of the messages are integrity protected using CRC16-CCITT. Data from the HAN interface is currently not encrypted which may pose a threat to the confidentiality of a user's consumption data. This thesis is a contribution to increased security awareness surrounding the implementation of smart meters in Norway.