Smart Metering: Security threats and Counter measures

Energy theft and meter tampering are world-wide problems that contribute heavily to revenue losses. Consumers have been found manipulating their electric meters, causing them to stop, under-register or even bypass the meter, effectively using power without paying for it. Apart from preventing physical tampers requiring smart solutions on chip, smart grid technologies are now in the process of being deployed. These solutions require a combination of different technologies and rely on network connectivity, posing significant security issues that must be addressed from the beginning. This paper covers vulnerabilities, challenges and techniques to prevent tampering in an energy meter, improving overall security (hardware and software) in a smart grid.

 

Deciphering phone and embedded security – Part 4: Ideal platform for next-generation embedded devices

Smart Phones as it stands today have some of the most sophisticated security measures deployed by the manufacturers to be able to restrict the users from manipulating the device. Specifically on Android, that being open platform , the Greek or development community have been often successful in defeating these measures, thus installing custom ROMs to be able to customize the phone or even unlock the phone before the expiry of the term with service provider. Part I of the series cover general Android architecture to make readers aware about the basic Android platform and the associated framework including the common terminology used like Rooting and Flashing. Part II links it all together and takes a deep dive as to what really happens at the hardware level during an unlock operation and tricks hackers use to fool or bypass bootloaders and install custom ROMs. Part III covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised. Leveraging existing security measures discussed in first three parts, Part IV takes it further and describes ideal security capabilities that could be included on next generation embedded devices. Techniques describes are to rather to increase cost of attack with a acceptable level of risk for a particular application. Just like there is no free security, there is no full security!!

Deciphering phone and embedded security – Part 3: Unsigned, signed, locked and encrypted bootloaders

Smart Phones as it stands today have some of the most sophisticated security measures deployed by the manufacturers to be able to restrict the users from manipulating the device. Specifically on Android, that being open platform , the Greek or development community have been often successful in defeating these measures, thus installing custom ROMs to be able to customize the phone or even unlock the phone before the expiry of the term with service provider. Part I of the series cover general Android architecture to make readers aware about the basic Android platform and the associated framework including the common terminology used like Rooting and Flashing. Part II links it all together and takes a deep dive as to what really happens at the hardware level during an unlock operation and tricks hackers use to fool or bypass bootloaders and install custom ROMs. Part III covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised. Leveraging existing security measures discussed in first three parts, Part IV takes it further and describes ideal security capabilities that could be included on next generation embedded devices. Techniques describes are to rather to increase cost of attack with a acceptable level of risk for a particular application. Just like there is no free security, there is no full security!!

 

Deciphering phone and embedded security – Part 2: What really happens during an unlock operation

Smart Phones as it stands today have some of the most sophisticated security measures deployed by the manufacturers to be able to restrict the users from manipulating the device. Specifically on Android, that being open platform , the Greek or development community have been often successful in defeating these measures, thus installing custom ROMs to be able to customize the phone or even unlock the phone before the expiry of the term with service provider. Part I of the series cover general Android architecture to make readers aware about the basic Android platform and the associated framework including the common terminology used like Rooting and Flashing. Part II links it all together and takes a deep dive as to what really happens at the hardware level during an unlock operation and tricks hackers use to fool or bypass bootloaders and install custom ROMs. Part III covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised. Leveraging existing security measures discussed in first three parts, Part IV takes it further and describes ideal security capabilities that could be included on next generation embedded devices. Techniques describes are to rather to increase cost of attack with a acceptable level of risk for a particular application. Just like there is no free security, there is no full security!!

 

Flow metering tutorial – Part 2: Pulse-based counting in flow meters

In Part 1 of this series, we covered the fundamental concepts and principles incorporated by flow meters along with various flow measurement methods used in mechanical flow meters. Part 2 covers the pulse based counting method and the various sensors that are used in industry and the way they generate different pulse waveforms to be used in variety of flow meters.

 

Flow metering tutorial – Part 1: Understanding the fundamentals

Flow meters are used to measure the rate of flow of liquids or gases, just like electric meters measure the amount of electricity consumed. However, unlike electric meters, which are either electro-mechanical or electronic meters, there are just too many variants in flow-meters, all with different concepts on how the flow of fluid is measured, with some even customized to measure special fluids. A new generation of electronic flow meters provide better control and accuracy of fluid measurement, however still leave several choices on how fluid is measured. Part I of this series covers basic flow meter fundamentals including types of flow meters and the main considerations and challenges in selecting a flow meter.

 

Deciphering phone and embedded security – Part 1: Fundamentals of the Android architecture and terminologies

Smart Phones as it stands today have some of the most sophisticated security measures deployed by the manufacturers to be able to restrict the users from manipulating the device. Specifically on Android, that being open platform , the Greek or development community have been often successful in defeating these measures, thus installing custom ROMs to be able to customize the phone or even unlock the phone before the expiry of the term with service provider. Part I of the series cover general Android architecture to make readers aware about the basic Android platform and the associated framework including the common terminology used like Rooting and Flashing. Part II links it all together and takes a deep dive as to what really happens at the hardware level during an unlock operation and tricks hackers use to fool or bypass bootloaders and install custom ROMs. Part III covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised. Leveraging existing security measures discussed in first three parts, Part IV takes it further and describes ideal security capabilities that could be included on next generation embedded devices. Techniques describes are to rather to increase cost of attack with a acceptable level of risk for a particular application. Just like there is no free security, there is no full security!!

.entry-summary

Read More

How secure is AES against brute force attacks?

In the world of embedded and computer security, one of the often debated topics is whether 128-bit symmetric key, used for AES (Advanced Encryption Standard) is computationally secure against brute-force attack. Governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken, despite some of the inherent flaws in AES. This article describes the strength of the cryptographic system against brute force attacks with different key sizes and the time it takes to successfully mount a brute force attack factoring future advancements in processing speeds.

.entry-summary

Public key cryptography and security certificates

Public Key Cryptography offers ultimate security being based asymmetric keys and is the backbone for popular protocols like SSL (Security Socket Later) to be able to communicate securely between web-servers and browsers. However whole ecosystem is based on passing or exchanging security certificates. Article explains public key cryptography and the role of security certificates and the way they are used by the secure protocols to provide ultimate security.

.entry-summary

Securing your apps with Public Key Cryptography & Digital Signature

Public Key Cryptography offers ultimate security being based asymmetric keys; however it does have a specific purpose and is often not a replacement of symmetric crypto algorithms like AES. This article provides the security behind Public Key Cryptography with practical details on how this is used by some of the popular tools like PGP, SSL as well as Digital signature.

.entry-summary

Understanding the security framework behind RSA SecurID

RSA SecurID® is a pretty popular mechanism for performing secure remote access for a user to a network resource. However this gets often confused with RSA public key algorithm that is based on Asymmetric or Public key cryptography. RSA SecurID is based on two-factor Authentication that makes it different than publically known RSA algorithm. The Article presents the underlying security architecture behind RSA Secure ID and potentially vulnerabilities.

.entry-summary

Advanced Metering : Security Threats, Challenges and Counter Measures

Energy theft and meter tampering are world-wide problems that contribute heavily to revenue losses. Consumers have been found manipulating their electric meters, causing them to stop, under-register or even bypass the meter, effectively using power without paying for it. Apart from preventing physical tampers requiring smart solutions on chip, smart grid technologies are now in the process of being deployed. These solutions require a combination of different technologies and rely on network connectivity, posing significant security issues that must be addressed from the beginning. This paper covers vulnerabilities, challenges and techniques to prevent tampering in an energy meter, improving overall security (hardware and software) in a smart grid.

.entry-summary

Kinetis ARM Cortex-M4 Microcontrollers -The most scalable portfolio of low power, mixed-signal MCUs

Technical Session on Freescale most scalable MCU: Kinetis based on ARM Cortex M4 core. Presentation covers Key Positioning, Key differentiators, Kinetis overview along with Tools and Enablement offering from Freesale.

.entry-summary

Industrial apps reap benefits from PFC device

How often are home owners approached by a salesperson at the doorstep selling a device that can go in a wall and supposedly save energy or reduce the monthly electricity bill substantially? The so-called “power-saver device” (known by different names) is nothing but a power-factor correction (PFC) device that connects to the mains and improves power factor, and thus the apparent power measured by the meter. However, it’s important to notice that a residential user’s utilities bill is based on real power rather than apparent power, and thus none of these devices really reduce their monthly bills. In this article, I explain the different power types that an electricity meter measures, power factor and power factors’ implications on power measurement. Although a PFC device may be useful for industrial applications, the additional cost does not really justify this device to be used in residential applications, contrary to the claims.

.entry-summary

Why a power-factor correction device is better suited to industrial applications

How often are homeowners approached by a salesperson at the doorstep selling a device that can go in a wall and supposedly save energy or reduce the monthly electricity bill substantially? The so-called "power-saver device" (known by different names) is nothing but power-factor correction (PFC) device that connects to the mains and improves power factor, and thus the apparent power measured by the meter. However, it's important to notice that a residential user's utilities bill is based on real power rather than apparent power, and thus none of these devices really reduce their monthly bills. In this article, I explain the different power types that an electricity meter measures, power factor, and power factors' implications on power measurement. Although a PFC device may be useful for industrial applications, the additional cost does not really justify this device to be used in residential applications, contrary to the claims.

.entry-summary

ADC ‘accuracy’ and ‘resolution’ are not the same

Analog-to-digital converters (ADC) are advertised as having "n" bit resolution, which often is misunderstood to mean accuracy. Resolution does not imply accuracy nor does accuracy imply resolution. Application determines if missing codes are allowed and degree of accuracy required. This article illustrates some of the application examples to show significant difference between accuracy and resolution

.entry-summary

Advanced Metering: Ecosystem, Security threats and Counter measures

The operation and control of the current power grid depends on a complex network of computers, software, and communication technologies that, if compromised by hackers, could be used to cause great damage, including extended power outages and destruction of electrical equipment. Therefore, known vulnerabilities in these systems must be mitigated in order to increase the security and success of the Smart Grid. Advanced Metering Infrastructure (AMI) offers a more sophisticated two way communication system that collects measure and analyzes energy usage, from network-connected devices such as electricity meters, gas meters, and/or water meters. But all these devices are susceptible to hackers. This article highlights what is needed to secure a smart grid.

.entry-summary

Anti tamper real time clock (RTC) – make your embedded system secure

The implementation of security features in embedded applications like utility metering, power distribution etc is becoming increasingly important. Lot of hacks around this area are related to tampering the time. While most of the anti-hacking techniques known can be handled in software, it is always secure and accurate to implement necessary ones in hardware. It is also efficient and cheaper to implement these techniques in System on Chip(SoC) than adding additional necessary logic on board that may open up more security holes. These hardware techniques need to be active at all times and must be monitored in all conditions. Since the Real Time Clock or RTC is a module that functions independently (both in terms of power supply and system clocks) with respect to rest of the blocks in a SoC, it inherently becomes the choice to implement the anti tamper functions. This article describes some of the techniques that can be well handled by RTC within a SoC by providing efficient protection against hardware as well as software tampers, thereby making it an essential item in every secure system. A small yet powerful block.

.entry-summary