AbstractsComputer Science

Advanced metering infrastructure (AMI) is envisioned to be able to revolutionize the power grid and turn it into the ???smart grid???. AMI, through the use of ???smart meters??? and high-speed networks, promises to strengthen both the stability and sustainability of the grid. The vision of AMI is to enhance and improve the grid by providing fine-grained control over pricing and usage to both the utility and the customers. The promise is so convincing that there have been rapid, large-scale deployments all over the world in a very short time. In this frenzy of excitement, security of AMI, an issue of utmost importance, may have been overlooked. In this work, we present our in-depth study of the vulnerabilities in AMI to cyber-attacks. We also propose a scalable, content-aware methodology to stop propagating malware which exploits the vulnerabilities of AMI to disrupt the operation of service. Towards this end we design and implement a host-based policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads and look for evidence that malicious content is carried, rather than data. Our experimental results show that the policy engine is promising in controlling the malicious traffic and introducing negligible performance overhead.