Embedded firmware diversity for smart electric meters

Stephen McLaughlin, Dmitry Podkuiko, Adam Delozier, Sergei Miadzvezhanka, Patrick McDaniel

Research output: Contribution to conferencePaperpeer-review

32 Scopus citations

Abstract

Smart meters are now being aggressively deployed worldwide, with tens of millions of meters in use today and hundreds of millions more to be deployed in the next few years. These low-cost (?50) embedded devices have not fared well under security analysis: experience has shown that the majority of current devices that have come under scrutiny can be exploited by unsophisticated attackers. The potential for large-scale attacks that target a single or a few vulnerabilities is thus very real. In this paper, we consider how diversity techniques can limit large-scale attacks on smart meters. We show how current meter designs do not possess the architectural features needed to support existing diversity approaches such as address space randomization. In response, we posit a new return address encryption technique suited to the computationally and resource limited smart meters. We conclude by considering analytically the effect of diversity on an attacker wishing to launch a large-scale attack, showing how a lightweight diversity scheme can force the time needed for a large compromise into the scale of years.

Original languageEnglish (US)
StatePublished - 2010
Event5th USENIX Workshop on Hot Topics in Security, HotSec 2010 - Washington, United States
Duration: Aug 10 2010 → …

Conference

Conference5th USENIX Workshop on Hot Topics in Security, HotSec 2010
Country/TerritoryUnited States
CityWashington
Period8/10/10 → …

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Embedded firmware diversity for smart electric meters'. Together they form a unique fingerprint.

Cite this