Embedded Firmware Diversity for Smart Electric Meters

Smart meters are now being aggressively deployed worldwide, with tens of millions of meters in use today and hundreds of millions more to be deployed in the next few years. These low-cost (≃$50) embedded devices have not fared well under security analysis: experience has shown that the majority of current devices that have come under scrutiny can be exploited by unsophisticated attackers. The potential for large-scale attacks that target a single or a few vulnerabilities is thus very real. In this paper, we consider how diversity techniques can limit large-scale attacks on smart meters. We show how current meter designs do not possess the architectural features needed to support existing diversity approaches such as address space randomization. In response, we posit a new return address encryption technique suited to the computationally and resource limited smart meters. We conclude by considering analytically the effect of diversity on an attacker wishing to launch a large-scale attack, showing how a lightweight diversity scheme can force the time needed for a large compromise into the scale of years.

[1]  Sanjam Garg,et al.  Unified Architecture for Large-Scale Attested Metering , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[2]  Patrick D. McDaniel,et al.  Security and Privacy Challenges in the Smart Grid , 2009, IEEE Security & Privacy.

[3]  Lorenzo Martignoni,et al.  Surgically Returning to Randomized lib(c) , 2009, 2009 Annual Computer Security Applications Conference.

[4]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[5]  Miguel Castro,et al.  Securing software by enforcing data-flow integrity , 2006, OSDI '06.

[6]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[7]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[8]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[9]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[10]  Stephen B. Wicker,et al.  Inferring Personal Information from Demand-Response Systems , 2010, IEEE Security & Privacy.

[11]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[12]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[13]  Dongyan Xu,et al.  Polymorphing Software by Randomizing Data Structure Layout , 2009, DIMVA.

[14]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[15]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[16]  Gerardo Richarte Four dierent tricks to bypass StackShield and StackGuard protection , 2002, WWW 2002.

[17]  Christian S. Collberg,et al.  Protecting Against Unexpected System Calls , 2005, USENIX Security Symposium.

[18]  Dmitry Podkuiko,et al.  Energy Theft in the Advanced Metering Infrastructure , 2009, CRITIS.

[19]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.