“Security Auditing of a DLMS/COSEM Smart Grid Communication Protocol Implementation”
Master’s thesis, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Apr. 2018
Abstract: The electrical grid is a critical infrastructure for modern society. It has been evolving into a smart(er) grid, allowing infrastructure aware decisions based on data collected in real-time from smart meters and other devices. This enables better monitoring and management solutions which would result in higher efficiency in matching generation and consumption. Smart meters and their uplinks have, however, limited physical security due to their location within customer premises. Many of the proposed smart grid communication protocols are also being evaluated because of other security and privacy concerns, which were raised mainly due to the high probability for misuse of the extended apabilities of smart meters. DLMS/COSEM is one of the emerging communication protocols designed for use in the smart grid, mainly for its energy-type-agnostic interface model, and the separation from the communication media which allows future expandability. The protocol allows remote interactions with smart meters, often being deployed above power-line communication links. The present dissertation aims to contribute to validity and security assessments of the DLMS/COSEM protocol and its implementations. In a first instance, an overview of the protocol is presented, followed by a compilation of information about the relevant vulnerabilities and attacks exposed in the existing literature. Then, we explain the design of our ValiDLMS framework, the first open source solution for validation and security auditing of DLMS/COSEM implementations using this communication profile. The framework was developed as an extension to Wireshark and was used to analyse an industry partner’s DLMS/COSEM implementation. The results show that ValiDLMS can effectively support the discovery of bugs and/or other non-conformance problems.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)