TY - GEN
T1 - Specification-based intrusion detection for advanced metering infrastructures
AU - Berthier, Robin
AU - Sanders, William H.
PY - 2011
Y1 - 2011
N2 - It is critical to develop an effective way to monitor advanced metering infrastructures (AMI). To ensure the security and reliability of a modernized power grid, the current deployment of millions of smart meters requires the development of innovative situational awareness solutions to prevent compromised devices from impacting the stability of the grid and the reliability of the energy distribution infrastructure. To address this issue, we introduce a specification-based intrusion detection sensor that can be deployed in the field to identify security threats in real time. This sensor monitors the traffic among meters and access points at the network, transport, and application layers to ensure that devices are running in a secure state and their operations respect a specified security policy. It does this by implementing a set of constraints on transmissions made using the C12.22 standard protocol that ensure that all violations of the specified security policy will be detected. The soundness of these constraints was verified using a formal framework, and a prototype implementation of the sensor was evaluated with realistic AMI network traffic.
AB - It is critical to develop an effective way to monitor advanced metering infrastructures (AMI). To ensure the security and reliability of a modernized power grid, the current deployment of millions of smart meters requires the development of innovative situational awareness solutions to prevent compromised devices from impacting the stability of the grid and the reliability of the energy distribution infrastructure. To address this issue, we introduce a specification-based intrusion detection sensor that can be deployed in the field to identify security threats in real time. This sensor monitors the traffic among meters and access points at the network, transport, and application layers to ensure that devices are running in a secure state and their operations respect a specified security policy. It does this by implementing a set of constraints on transmissions made using the C12.22 standard protocol that ensure that all violations of the specified security policy will be detected. The soundness of these constraints was verified using a formal framework, and a prototype implementation of the sensor was evaluated with realistic AMI network traffic.
KW - AMI
KW - formal method
KW - intrusion detection
KW - specification-based security
UR - http://www.scopus.com/inward/record.url?scp=84857771025&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84857771025&partnerID=8YFLogxK
U2 - 10.1109/PRDC.2011.30
DO - 10.1109/PRDC.2011.30
M3 - Conference contribution
AN - SCOPUS:84857771025
SN - 9780769545905
T3 - Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC
SP - 184
EP - 193
BT - Proceedings - 2011 17th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2011
T2 - 17th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2011
Y2 - 12 December 2011 through 14 December 2011
ER -