multi vendor penetration testing in the advanced metering
play

Multi-vendor Penetration Testing in the Advanced Metering - PowerPoint PPT Presentation

Jun 01, 2023 •253 likes •590 views

Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges DIMACS Workshop on Algorithmic Decision Theory for the Smart Grid Stephen McLaughlin - Penn State University Systems and Internet Infrastructure

  1. Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges DIMACS Workshop on Algorithmic Decision Theory for the Smart Grid Stephen McLaughlin - Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1 Tuesday, October 19, 2010

  2. Meter Data Management (for the last 100 years) Systems and Internet Infrastructure Security Laboratory (SIIS) Page 2 Tuesday, October 19, 2010

  3. Meter Data Management (now and in the near future) One Day 18 16 14 12 10 8 6 4 7 2 6.5 6 0 00:00 04:00 08:00 12:00 16:00 20:00 00:00 One Hour 5.5 5 Kw 4.5 4 3.5 3 2.5 2 18:00:00 18:10:00 18:20:00 18:30:00 18:40:00 18:50:00 19:00:00 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 3 Tuesday, October 19, 2010

  4. G Meter Data Management (now and in the near future) One Day 18 Peak Transient Peak Usage Peak Usage 16 14 Outages 12 Hourly Average 10 8 6 4 7 Time of Use 2 6.5 Repetitive Features Tampering 6 0 00:00 04:00 08:00 12:00 16:00 20:00 00:00 One Hour 5.5 5 Kw 4.5 Power Quality 4 3.5 over time 3 2.5 Types of appliances 2 18:00:00 18:10:00 18:20:00 18:30:00 18:40:00 18:50:00 19:00:00 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 4 Tuesday, October 19, 2010

  5. AMI - the justification • Automated Meter Reading Pre-smart meter automated reading and outage notification ‣ Now expanding to Internet-connected SCADA systems ‣ • Dynamic pricing schemes Time Of Use (peak load management) ‣ Maximum demand ‣ Demand response ‣ • Flexible energy generation Enable consumer generation ‣ Alternate energy sources ‣ Systems and Internet Infrastructure Security Laboratory (SIIS) Page 5 Tuesday, October 19, 2010

  6. AMI - the concerns • What should we be concerned about? Accuracy/Fraud ‣ Consumer privacy ‣ National security ‣ Systems and Internet Infrastructure Security Laboratory (SIIS) Page 6 Tuesday, October 19, 2010

  7. Penetration Testing AMI “The organization assesses the security requirements in the Smart Grid information system on an organization-defined frequency to determine the extent the requirements are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the Smart Grid information system.” -p 117 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 7 Tuesday, October 19, 2010

  8. Vulnerability Assessment • Penetration testing: the art and science of breaking systems by applying attacker tools against live systems. Destructive research attempts to illuminate the exploitable ‣ flaws and effectiveness of security infrastructure. • Bottom line Q/A Q: why are we doing this? ‣ A: part of Lockheed-Martin grant to aid energy industry in ‣ identifying problems before they are found “in the wild”. Q: what are we doing? ‣ A: evaluating a number of vendor products in the lab that ‣ are used in neighborhood-level deployments, i.e., we only look at the meters and collectors. Systems and Internet Infrastructure Security Laboratory (SIIS) Page 8 Tuesday, October 19, 2010

  9. AMI Architectures Collectors Repeaters • Cellular • Internet Meter LAN 1: Power Line Communication • PSTN Utility Server Backhaul Network ..................................... Collector Repeater Meter LAN 2: RF Mesh Systems and Internet Infrastructure Security Laboratory (SIIS) Page 9 Tuesday, October 19, 2010

  10. Attack Trees A means for pen-testing planning Tamper Usage Data OR OR Tamper Tamper Tamper in Measure- Stored (a) (b) (c) Network ment Demand OR OR AND Intercept Inject Reset Physically Bypass Reverse Communi- Usage Net Tamper Meter Meter cations Data Usage Storage A3.1 A2.3 AND AND AND OR Log In and Man in Clear Spoof Disconnect Meter Reset Net Logged the Meter Inversion Meter Usage Middle Events A2.2 A3.2 A3.3 A1.1 A1.2 AND Log In and Recover Clear Event Meter History Passwords A1.3 A2.1 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 10 Tuesday, October 19, 2010

  11. Archetypal Trees • Idea : can we separate the issues that are vendor independent from those that are specific to the vendor/ device, e.g., access media? Archetypal Tree B ⇒ A Concrete Trees Adversarial Goal ↓ Attack S 1 ⇒ Grafting B A Archetypal Tree A Concrete Trees S 2 • ... then reuse an archetypal tree as a base for each vendor specific concrete tree . Systems and Internet Infrastructure Security Laboratory (SIIS) Page 11 Tuesday, October 19, 2010

  12. Pen Testing via Archetypal Trees 1. capture architectural description 2. construct archetypal trees (for each attacker goal) 3. capture vendor-specific description (for SUT) 4. construct concrete tree 5. perform penetration testing and graft leaves toward goals This paper : 3 Attack trees: fraud, DOS, disconnect, 2 "systems under test" (SUT) Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 Tuesday, October 19, 2010

  13. Construction of Archetypal Trees Forge Demand Systems and Internet Infrastructure Security Laboratory (SIIS) Page 13 Tuesday, October 19, 2010

  14. Construction of Archetypal Trees Forge Demand Interrupt Measurement Systems and Internet Infrastructure Security Laboratory (SIIS) Page 14 Tuesday, October 19, 2010

  15. Construction of Archetypal Trees Forge Demand Interrupt Measurement OR AND Erase Disconnect Meter Logged Meter Inversion Events Systems and Internet Infrastructure Security Laboratory (SIIS) Page 15 Tuesday, October 19, 2010

  16. Construction of Archetypal Trees Forge Demand Interrupt Measurement OR AND Erase Disconnect Meter Logged Meter Inversion Events OR Extract Tamper in Meter Flight Passwords Systems and Internet Infrastructure Security Laboratory (SIIS) Page 16 Tuesday, October 19, 2010

  17. Construction of Archetypal Trees Forge Demand Interrupt Measurement OR AND Erase Disconnect Meter Logged Meter Inversion Events A1.1 A1.2 OR Extract Tamper in Meter Flight Passwords Systems and Internet Infrastructure Security Laboratory (SIIS) Page 17 Tuesday, October 19, 2010

  18. Construction of Archetypal Trees Forge Demand Two rules for termination: Interrupt Measurement 1. Attack is on a vendor-specific OR AND component Erase Disconnect Meter Logged 2. Target may be guarded by a Meter Inversion Events protection mechanism A1.1 A1.2 OR Extract Tamper in Meter Flight Passwords A2.1 A2.2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 18 Tuesday, October 19, 2010

  19. System Under Test PSTN connected collector • 120V AC " " " " " ANSI C12.21 • Rcvr Radio PBX “intrusion detection” • Modem " " " " Collector Repeater Repeater Load Load Infrared Utility Attacker Machine Machine 900 MHz wireless mesh collector/meter network • Infrared “near-field” security for configuration port • Systems and Internet Infrastructure Security Laboratory (SIIS) Page 19 Tuesday, October 19, 2010

  20. Fraud Concrete Tamper Usage Data OR OR Tamper Tamper Tamper in Measure- Stored (a) (c) (b) Network ment Demand OR OR AND Intercept Inject Reset Physically Bypass Reverse Net Tamper Communi- Usage Meter Meter cations Data Usage Storage A3.1 AND AND AND A2.3 OR Log In and Clear Man in Disconnect Meter Spoof Logged Reset Net the Meter Meter Inversion Events Usage Middle A2.2 A3.2 A3.3 A1.1 A1.2 AND Log In and Recover Clear Event Meter History Passwords A1.3 A2.1 (AND) A3.1 A3.3 Intercept Spoof Communi- Meter cations OR OR AND AND Splice Into Via Initiate Run Transmit Via Meter I/O Wireless Session Diagnostic up Forged Telephone Bus Mesh with Utility to Usage Data Usage Data a1.1 AND a3.1 AND a5.1 a6.1 Interpose on Circumvent Identify Complete Collector Intrusion Self as Authentica- PSTN Link Detection Meter tion Round a2.1 a2.2 a4.1 a4.2 Systems and Internet Infrastructure Security Laboratory (SIIS) Page 20 Tuesday, October 19, 2010

  21. Enabling Attacks (Fraud) • Defeating modem “ intrusion detection ” “off hook” events on the line are detected by sensing ‣ presence Foreign Exchange Office (FXO) of dial-tone voltage on the line. current calls are dropped if off hook is detected ‣ such events can simply be suppress easily by preventing ‣ voltage from arriving at the FXO Systems and Internet Infrastructure Security Laboratory (SIIS) Page 21 Tuesday, October 19, 2010

  22. Enabling Attacks (Fraud) Valid Authentication Session Identify Nonce Hash(Password,Nonce) Utility Hash(Password,Nonce') Systems and Internet Infrastructure Security Laboratory (SIIS) Page 22 Tuesday, October 19, 2010

  23. Enabling Attacks (Fraud) Valid Authentication Session Valid Authentication Session Identify Identify Nonce Nonce Hash(Password,Nonce) Hash(Password,Nonce) Utility Hash(Password,Nonce') Utility Systems and Internet Infrastructure Security Laboratory (SIIS) Page 22 Tuesday, October 19, 2010

Recommend

World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST

World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST

World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST certified CREST Certified Cronus is the 1 st CREST certified Automatic Penetration Testing vendor One of top 12 tech companies transforming

611 views • 13 slides
BOARD OF MUNICIPAL UTILITIES ADVANCED METERING INFRASTRUCTURE ADVANCED METERING INFRASTRUCTURE

BOARD OF MUNICIPAL UTILITIES ADVANCED METERING INFRASTRUCTURE ADVANCED METERING INFRASTRUCTURE

SIKESTON BOARD OF MUNICIPAL UTILITIES ADVANCED METERING INFRASTRUCTURE ADVANCED METERING INFRASTRUCTURE AMI is an integrated system of advanced meters, communications networks, and data management systems that enables two-way communication

543 views • 7 slides
Advanced Metering Infrastructure Item #180141 July 9, 2018 What is Advanced Metering

Advanced Metering Infrastructure Item #180141 July 9, 2018 What is Advanced Metering

Advanced Metering Infrastructure Item #180141 July 9, 2018 What is Advanced Metering Infrastructure? (AMI) 2 Advanced metering infrastructure is an architecture for automated, two-way communication between a smart meter and a

406 views • 19 slides
Multi-Vendor Carrier Ethernet Interoperability Test 2008 Carsten Rossenhvel, Managing Director

Multi-Vendor Carrier Ethernet Interoperability Test 2008 Carsten Rossenhvel, Managing Director

Multi-Vendor Carrier Ethernet Interoperability Test 2008 Carsten Rossenhvel, Managing Director European Advanced Networking Test Center (EANTC AG) Agenda Participants and Testing Goals Growth Areas Interoperability Achieved

337 views • 21 slides
Penetration testing auditability Alexandros Tsiridis & Stamatios Maritsas What is the purpose

Penetration testing auditability Alexandros Tsiridis & Stamatios Maritsas What is the purpose

MSc System and Network Engineering Penetration testing auditability Alexandros Tsiridis & Stamatios Maritsas What is the purpose of penetration testing auditability? Research questions What are the sources of penetration testing

554 views • 13 slides
Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview of the web Web proxy tool Reporting Gaps in the process app penetration testing process Penetration testing vs vulnerability assessment What

301 views • 17 slides
Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com

Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com

Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com Outline Common Criteria Evaluation Assurance Levels JHAS Penetration Testing and Countermeasures 2 Design and security of cryptographic

523 views • 40 slides
Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system Legal if

455 views • 9 slides
Is a single DNS vendor enough? How can we make multi-vendor setups manageable? Petr paek

Is a single DNS vendor enough? How can we make multi-vendor setups manageable? Petr paek

Is a single DNS vendor enough? How can we make multi-vendor setups manageable? Petr paek petr.spacek@nic.cz 2019-02-03 Outline A single vendor Selection Why not ... Multiple vendors Recommendations

642 views • 26 slides
Advanced Metering Infrastructure (AMI) Overview February 19, 2020 1 Agenda Metering at WSSC

Advanced Metering Infrastructure (AMI) Overview February 19, 2020 1 Agenda Metering at WSSC

Advanced Metering Infrastructure (AMI) Overview February 19, 2020 1 Agenda Metering at WSSC Water Summary of AMI as a Capital Project Project Scope and Goals Benefits of AMI Project Milestones & Timeline Communications

159 views • 12 slides
Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com <http://www.cymru.com> Penetration Testing Agenda Pentesting Basics Pentesting Defined Vulnerability Scanning vs. Penetration testing Pentesting

879 views • 83 slides
Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Testing That Digs Deeper Penetration testing is about attempting to exploit as much as possible

516 views • 18 slides
INTERACTIVE TEST TOOL FOR INTEROPERABILITY TESTING OF MULTI- VENDOR CACC Alexey Voronov ,

INTERACTIVE TEST TOOL FOR INTEROPERABILITY TESTING OF MULTI- VENDOR CACC Alexey Voronov ,

INTERACTIVE TEST TOOL FOR INTEROPERABILITY TESTING OF MULTI- VENDOR CACC Alexey Voronov , Viktoria Swedish ICT (alexey.voronov@viktoria.se) Cristofer Englund, Viktoria Swedish ICT & Halmstad Hgskola Hoai Bengtsson, Viktoria Swedish ICT

543 views • 20 slides
Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June

Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June

What? Classical Attack Graphs POMDPs MDPs Taxonomy And Now? Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June 26, 2015 J org Hoffmann Simulated Penetration Testing 1/58 What? Classical

2.44k views • 184 slides
An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack

An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack

An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack Surface l OWASP IoT Top 10 l -1 Ring in IoT n Wireless Topics in IoT n IoT Pen Testing Tools & Examples n Q&A 2 Getting Started in IoT

923 views • 52 slides
Advanced Metering Infrastructure Attack Methodology Document Matthew Carpenter ASAP Red Team

Advanced Metering Infrastructure Attack Methodology Document Matthew Carpenter ASAP Red Team

Advanced Metering Infrastructure Attack Methodology Document Matthew Carpenter ASAP Red Team Lead matt@inguardians.com Introduction to Attack Methodology Guide for consistent testing Authors: Matthew Carpenter Travis

105 views • 8 slides
Smart Metering Smart Metering The Power of Smart Metering The Power of Smart Metering MOST

Smart Metering Smart Metering The Power of Smart Metering The Power of Smart Metering MOST

an energy technology company Smart Metering Smart Metering The Power of Smart Metering The Power of Smart Metering MOST EFFICIENT USE OF ENERGY 41 Watchung Plaza #175 Montclair, NJ 07042-4117 Tel 1.800.781.1232 Fax 973.783.3047 8001

846 views • 12 slides
Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY February 22. 2019 whoami AND HOW DID I GET HERE? Cecillia Tran Kelly Albrink External network pen testing & web Network pen testing,

882 views • 31 slides
CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS RFP #2416 OUR DIFFERENTIATORS Global Risk Atlantic has a deep understanding of Risk Assessment and Penetration Testing on a Assessment global

519 views • 7 slides
Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything you do to a remote system without authorization is illegal Use common sense Federal prison is bad Overview of Today Brief overview

348 views • 13 slides
Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL

Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL

Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL Injection Vulnerabilities in Web Services Nuno Antunes, Marco Vieira PRDC 2009 nmsa@dei.uc.pt, mvieira@dei.uc.pt University of Coimbra

370 views • 24 slides
Answer ALL of your Vendor Management Questions. 3 1 10/17/2019 Learning Objectives

Answer ALL of your Vendor Management Questions. 3 1 10/17/2019 Learning Objectives

10/17/2019 Vendor Management Fundamentals Jill Donnelly, Katie Germain, Robert Lehmann, and Karisa Stowell 1 1 Road Map NYS Vendor File Vendor Registration Vendor Maintenance eCommerce Initiative 1099 Reporting

330 views • 19 slides
Some advantages and disadvantages of smart water metering for single and multi - unit

Some advantages and disadvantages of smart water metering for single and multi - unit

Some advantages and disadvantages of smart water metering for single and multi - unit developments Dr Cara Beal IPIQ Seminar & Expo Urban Brisbane Hotel, Spring Hill, November 29 th , 2013 Presentation outline Background on our

600 views • 44 slides
Outline: Metering ! What makes metering hard? ! the meter doesnt know what youre

Outline: Metering ! What makes metering hard? ! the meter doesnt know what youre

Outline: Metering ! What makes metering hard? ! the meter doesnt know what youre looking at ! The Art, Science and Algorithms histograms ! Rule of thumb ! of Photography ! metering technologies ! metering modes

436 views • 6 slides

More recommend