SlideShare a Scribd company logo

AMI-finalResearch.DOC

Download as DOC, PDF
D
Duaa Shoukat

This document discusses energy theft in Advanced Metering Infrastructure (AMI) systems. It describes how AMI systems are vulnerable to energy theft through various attacks, such as interrupting meter measurements, tampering with stored demand data, and modifying communications between meters and utilities. It presents an attack tree to categorize different goals and techniques for energy theft. The document also analyzes vulnerabilities in a studied AMI system, such as insufficient physical protections, unsecured optical communications, and failures to authenticate endpoints and detect replay attacks. It argues these vulnerabilities stem from design assumptions around the physical limitations of meters, insecure near-field communication, lack of firmware integrity protection, and an untrusted communications backhaul and endpoints.

Related slideshows

Advanced Metering Infrastructure Standards and protocol
Advanced Metering Infrastructure Standards and protocolAdvanced Metering Infrastructure Standards and protocol
Advanced Metering Infrastructure Standards and protocol
 
Automated Metering Infrastructure
Automated Metering InfrastructureAutomated Metering Infrastructure
Automated Metering Infrastructure
 
Db24664671
Db24664671Db24664671
Db24664671
 
1 of 3
Energy Theft in the Advanced Metering Infrastructure Energy Theft in the Advanced Metering Infrastructure Duaa Shoukat, Zohaib Sajid, Department of Computer Science Bahauddin Zakariya University, Multan, Pakistan. Abstract--The generation and delivering system of global energy is changing now to a computerized “smart grid”. The principle component of smart grid is Advanced Metering Infrastructure (AMI) which replace analogue meters to computerized systems which report usage over digital communication interfaces. This paper think about the opposite means of defrauding electrical grid by using AMI systems. It Describe methods will use to attempt the control of energy usage data and authenticate the availability of attacks by performing penetration testing. These techniques exhibit the possibility of theft in AMI systems and also that AMI devices establish a countless vectors for attaining it. Keywords – AMI, Attack tree, Tampering, digital Meters. I. INTRODUCTION To change the way of energy is used the smart grid is being deployed globally. Advanced Metering Infrastructure offers more efficient, lower cost and more environmental sound energy management. It consist of computer-based sensor system that extends up to homes and buildings use power to the utilities that manage it. AMI provides necessary communication and control functions needed to implement critical energy management services such as  Fine grained pricing  Automatic meter reading  Demand control  Power quality management. The smart grid has been widely deployed in Europe and Asia. AMI introduces some security challenges as AMI consist of so many unfaithful service devices present in the unsecure places, so it can cause “Energy Theft”. It occurs when a customer controls the energy usage that provides to the utility. Some Statistics of AMI are as follows: -Annual losses in the United States are estimated at $6 billion. -In AMI usage, data can be theft when it is recorded in the system or during the time when it is given to the utilities. -As AMI system is software based, so attacks are also happened through software. It shows that it requires less expert attacking group (just know how to handle the attacking software). -Criminal groups always monitor the attacking statistics and then each group trying its best. -Descrambler boxes cause $4 billion in cable theft per year. II. AMI BACKGROUND The advanced metering infrastructure (AMI) is the sensor network of smart grid. It provides information about energy usage or demand to utilities, consumers and the grid itself. It enables parties to make better decisions about reducing costs and excessive demand on the interconnected network for delivering electricity during time of highest demand. The necessary information about demand is combined with the energy distribution. This information is measured and collected by electronic devices which records the consumption of electric energy such as smart meters and digital electric meters. The two components of Metering Infrastructure needed to provide AMI services are smart meters and communication networks. In order to manage the power smart meters perform four basic functions  It monitors and records the demand of user  The outages of power  Delivery information of usage and sort information to the upstream utilities  The process of delivering and receiving control messages. E.g. controlling remote disconnect etc. AMI gives number of services related to demand measurement and billing as AMR Automatic Meter Reading provide facility to report the demand to utilities via communication networks. As we discuss previously, AMI gives us too many services such as billing of power usage and the figure shows network configurations. The two main network configurations are Local network and Backhaul network. Smart meter also promises the new anti-tamper measures. III.ENERGY THEFT For energy theft, AMI uses the security modelling technology known as attack tree. The attack tree is a technique in which the goal/destination is divided into sub-goals until a number of possible attacks are known. The root node is the first node which shows that there is only single goal of all possible attacks. Below the first node/root node there are number of sub-goals which shows that the same goal is achieved through no. of sub-goals. The leaf node also the last node which has no more children show the specific path which is followed to achieve the goal. AND&OR operations are used in this strategy to show that only one or all children in the given internal nodes needed to be completed to achieve the goal. a. Attacker Model Before describing the attack tree for energy theft, it is better to define the types of attackers that are motivated to commit energy theft. Types of Attackers: Customers: From a long time, the energy is stolen by the customers by using different techniques. The traditional analogue meters can be attached easily but for AMI the customers are not well enough to attack them by their own. So, they need to get help from the experts who have resources and also have the technical abilities as well. Organized Crime/Crime based attack: A type of attack, in which the crime groups are involved. These groups uses many techniques such as monitoring the sites of attack. The member of crime group leverage certain design aspects of AMI systems, such as widespread use of same password set over many meters. Utility Insiders: are trusted to be honest in case of analogue meters and AMI. Utility side systems impose proper user and group management to provide properties like separation of duties. For this purpose utility insiders are preferred. Nation States: opponent with the level of expertise have little inspiration to obligate theft. They may use vulnerabilities discovered in smart meters for denial of service attacks. b. Energy Theft Attack Tree 1
Energy Theft in the Advanced Metering Infrastructure We perform a top down, stepwise refinement, and heuristic strategy to construct the attack tree for energy theft. “Energy Theft” is a set of attacker’s overall goal. The procedure is described as follows: -Define the attacker’s overall goal “G: Energy Theft” in AMI. -Decompose the goal G into sub goals such as Interrupt Measurement, Tamper Stored Demand and Modify in Network. The Network. This list could be extended and sub-goals could be added. -Continue the stepwise decomposition until the task cannot be divided into smaller ones. Fig-1. Energy Theft in Advanced Metering Infrastructure Fig-1This figure shows the attack tree with detailed leaves telling about the attacks which are compulsory for the energy theft. Three classes for theft are defined. -before meter makes demand measurement. -before storing the demand values in meter. -after measurement and logs have left in trasnmission to utility. Each are labeled with attack lead by them. c. Classes of Attacks The only requirement for energy theft is the management of demand data. Three ways to tamper with demand data. 1. Though it is recorded 2. Though it is at relaxation in meter and 3. It is in airlift through the network. The first class of attacks aims to prevent from acuurately measurement demand also existed for analogue meters. Execution of this class is difficult in AMI by logging sensor data that fixes when power is cut to the meter. To excute the attacks like Disconnect Meter and Meter Inversion undetected, and also the deletion of logged events that specify the outage is compulsory before they recovered by utility. Second class of attacks is limited to AMR and AMI. As the smart meters store a large amount of data. It stores time-of-use pricing, logs of both physical events and executed commands, and recorded the left demand. Because the behavior of smart meter is controlled by the substances of its storage. Tamper storage attack provide ability to tamper with that storage, this attack refers to the overwritting of meter’s firmware and is limited to memebers of organised crime. For energy theft only some items are of intrust from storage like namely, audit logs and record of total demand. These all values can be accesed by administrative interfaces that requires passwords. Third class of attacks involves injecting forged values into communication between meters and utilities. The goal for subtree requires two different types of actions and interposittion of attaker on backhaul network (intercept communications) and modification of traffic between meter and utility (Man in the middle, spoof meter). Interposition is needed for capturing the protocol between meters and utilities. If the flaw is present between the authentication or integrity protocols of meter and utility then meter spoofing attack is sufficient for sending forged demand data. This attack refers to the replacement of meter by a common device like laptop and receive calls from the utility and provide created values for exact fields. IV. SYSTEM UNDER STUDY This section gives us the description of environment and tools used for smart meter security analysis in which reverse engineering, attacking meter communication protocols and details about the capabilities of meters is included. We also describe the functionality and features of plan execution relevant to the security analysis result. A footnote based PBX private branch exchange is used to produce a computer model of the telephone network for communication between meters and utility. The utility machine runs the back-end software that the utilities used for reading, programming and resetting meters. The communication of utility machine and collector meter is done over telephone by using voice- band modems. Auditing is used for the outage notification and reverse energy flow detection as well as other events. Optical port or telephone modems can recover the audit logs. The reverse energy flow detection can be disabled in case of customers have contracts to sell generated power back to the grid. Intrusion detection feature ensures that meter is only device off the hook while communicating with the utility, when any other user picked up the phone then the meter is automatically interrupted and hangs up. On utility machine additional monitoring software was run to capture the protocols of the telephone modem and optical port. In order to understand use of cryptography in communication and structures used to pass protocol messages, meter reading software was translated to symbolic language. The “adversarial machine” is used for attacking on communication between meters and utility machine. V. AMI SECURITY ANALYSIS The result of security analysis shows some design flaws of studied system that allows energy theft using AMI techniques. There is a description of existing protections and for each vulnerability and the description of how they may be circumvented and also describe the validation of attack. How the validation could be achieved in the future is also explained here. a. Physical tampering The studied meters provide two types of tamper detections Physical based and Firmware based. The identified attacks such as disconnect meter, meter inversion, extract meter passwords, tamper in flight requires some type of physical tampering of meters The physical tamper protection is same as the analogue meters tamper detection. Tamper evident seal is the meaning of detecting only the opening of meter enclosure. Basically two types of seals are used. One is the seal on the meter’s socket attachment provided by the utility. This seal is not defined in our study scope. The other seal is on the meter’s outer cover which is aluminum meter seal with a flag containing a stamped string between one and five characters and we were able to pick any stamp of our choice from tamper seal vendor without any special recommendation. b. Password Extraction The overwriting meter’s firmware requires that the meter password should be removed. The removed or extracted password can be achieved through optical port snooping. On the utility machine, monitoring software is used to capture the optical port protocol which is used to communicate with the meter and also used to found the cleared passwords. When the meter is opened once, one of the 2
Energy Theft in the Advanced Metering Infrastructure reader device is placed on the optical port pins or the optical lens to capture the rest of the passwords. c. Meter Spoofing Spoofing attack is another risk of placing a physically insecure device on a network to launch attacks against the network hosts and to spread malware. The standard ANSI (American National Standard Institute) protocol is used by the studied system for the authentication of meters and utilities. The protocol provide the cryptographic nonce- Attack Description Vulnerability Design Assumptions Measurement interruption Insufficient physical tamper protections a. Physical limitations Password extraction Optical communication is unsecured. b. Near field security Meter storage tampering Firmware integrity protection is not present c. Physical integrity of meter Communication Interception Intrusion detection is insufficient d. Trusted backhaul nodes Communication tampering Failure to check for replay e. Trusted endpoint node Table-1. Summary of vulnerabilities and attacks that can be enabled through them and also the design assumptions along them are shown. Label of assumptions will be used for reference. (an arbitrary number used only once.) created by the meter and sent to the utility. Now the MAC message authentication code is calculated by the utility software. In MAC, the password and nonce is being hashed. The data encryption algorithm ANSI X3.92-1981 is used for the calculation to be done. The MAC is then sent to the meter and the meter calculates its own MAC of the received MAC and then send it again to the utility software. After that process, mutual authentication is completed. The error in the utility software is that the freshness of nonce couldn’t be verified by the meter. Therefore the opposition that is able to eavesdrop on an authentication session can replay the nonce and authenticate itself as the meter. VI. UNDERSTANDING VULNERABILITIES Now, the attacks which may lead to energy theft has been handled and vulnerabilities of attacks on an AMI studied system are shown. Now after the vulnerabilities our goal is to understand design assumptions.Table-1 shows that the attacks are grouped with the assumptions and the effect of these assumptions on AMI attacks are clarified. And also show that these three properties of group increases the easiness and simplicity of energy theft. In Assumption a, we are assuming that the physical security of a meter is efficiently and concretely limited. An AMI has provided the advanced security features which are used to perfectly spoken about this limitation. On the other hand the existing firmware protections are not linked to the physical attachment of meter. But the meter internals and tamper detection mechanisms could not be affected or accessed due to the detection of electromechanical tampering. The Assumption b, shapes that the insecure and incorrect communication could be held with an untrusted device. So that, the optical signal would be verified or documented secretly in a cooperated meter. But to achieve a password from optical port the special equipment is needed. The payment would be doubled by using the achieved password. Assumption c is also the example of extension of opposite effort. The possibility for tampering with stored firmware of meter has some concerns outside the simple ability to steal power. First, hardness in detection of alteration at firmware level to detect the off-line review of firmware fillings. Second, the customer’s doe’s small amount of work needed to upload malicious software who are using tampered firmware for theft. Assumption d, in the studied system, this supposition is an indication that for the integrity and clever intrusion detection mechanism, the use of encryption and authentication is unsuccessful. This is only expected due to the confusion of security requirements for spreading the attack apparent to public networks. Assumption e, this supposition tells about the miscarriage of shared authentication of utilities and meters. It creates a well- known and easily consumable vulnerability. It provides the ability to easily substitute another device for a meter that encourages the making and delivery of meter spoofing software which allow energy theft without leaving any evidence of tampering at the meter. VII. CONCLUSION As we know that the basic requirements of AMI are in struggle with security. There are major reasons for the dangerousness of fully digitized metering system than analogue predecessors. Some of these reasons are given below. a. Amplification of Effort In most of the cases, power theft is easy with a single meter. Once the password is taken by attacks will be used for many times or to change all usage in an area are typical for the hacking of a head end meter. b. Division of Labor By using pre-made meter programs, customers can escape from a huge amount of risk and effort, programs used to overwrite meter’s firmware and spoof communications with utilities and the grid. The script kitty’s type attacks can be easily achievable on meters through the internet. c. Extended Attack Surface The attack apparent is spread by the AMI for metering to complete public networks. Tampering at the endpoints of these networks is mostly useful for energy theft as demand information for many meters that are passing through the collector meters and linking to the servers of utilities. REFERENCES [1]. 3CX. FXS, FXO Explained. http://www.3cx.com/PBX/FXS- FXO.html, 2009. [2]. American National Standards Institute. ANSIX3.92-198 Data Encryption Algorithm, 1981. [3]. McDaniel, P., McLaughlin, S.: Security and Privacy Challenges in the Smart Grid. IEEE Security & Privacy Magazine (May/June 2009) [4]. Electric Light and Power Magazine: Reducing revenue leakage (2009), http://uaelp.pennnet.com/ 3

More Related Content

AMI-finalResearch.DOC

  • 1. Energy Theft in the Advanced Metering Infrastructure Energy Theft in the Advanced Metering Infrastructure Duaa Shoukat, Zohaib Sajid, Department of Computer Science Bahauddin Zakariya University, Multan, Pakistan. Abstract--The generation and delivering system of global energy is changing now to a computerized “smart grid”. The principle component of smart grid is Advanced Metering Infrastructure (AMI) which replace analogue meters to computerized systems which report usage over digital communication interfaces. This paper think about the opposite means of defrauding electrical grid by using AMI systems. It Describe methods will use to attempt the control of energy usage data and authenticate the availability of attacks by performing penetration testing. These techniques exhibit the possibility of theft in AMI systems and also that AMI devices establish a countless vectors for attaining it. Keywords – AMI, Attack tree, Tampering, digital Meters. I. INTRODUCTION To change the way of energy is used the smart grid is being deployed globally. Advanced Metering Infrastructure offers more efficient, lower cost and more environmental sound energy management. It consist of computer-based sensor system that extends up to homes and buildings use power to the utilities that manage it. AMI provides necessary communication and control functions needed to implement critical energy management services such as  Fine grained pricing  Automatic meter reading  Demand control  Power quality management. The smart grid has been widely deployed in Europe and Asia. AMI introduces some security challenges as AMI consist of so many unfaithful service devices present in the unsecure places, so it can cause “Energy Theft”. It occurs when a customer controls the energy usage that provides to the utility. Some Statistics of AMI are as follows: -Annual losses in the United States are estimated at $6 billion. -In AMI usage, data can be theft when it is recorded in the system or during the time when it is given to the utilities. -As AMI system is software based, so attacks are also happened through software. It shows that it requires less expert attacking group (just know how to handle the attacking software). -Criminal groups always monitor the attacking statistics and then each group trying its best. -Descrambler boxes cause $4 billion in cable theft per year. II. AMI BACKGROUND The advanced metering infrastructure (AMI) is the sensor network of smart grid. It provides information about energy usage or demand to utilities, consumers and the grid itself. It enables parties to make better decisions about reducing costs and excessive demand on the interconnected network for delivering electricity during time of highest demand. The necessary information about demand is combined with the energy distribution. This information is measured and collected by electronic devices which records the consumption of electric energy such as smart meters and digital electric meters. The two components of Metering Infrastructure needed to provide AMI services are smart meters and communication networks. In order to manage the power smart meters perform four basic functions  It monitors and records the demand of user  The outages of power  Delivery information of usage and sort information to the upstream utilities  The process of delivering and receiving control messages. E.g. controlling remote disconnect etc. AMI gives number of services related to demand measurement and billing as AMR Automatic Meter Reading provide facility to report the demand to utilities via communication networks. As we discuss previously, AMI gives us too many services such as billing of power usage and the figure shows network configurations. The two main network configurations are Local network and Backhaul network. Smart meter also promises the new anti-tamper measures. III.ENERGY THEFT For energy theft, AMI uses the security modelling technology known as attack tree. The attack tree is a technique in which the goal/destination is divided into sub-goals until a number of possible attacks are known. The root node is the first node which shows that there is only single goal of all possible attacks. Below the first node/root node there are number of sub-goals which shows that the same goal is achieved through no. of sub-goals. The leaf node also the last node which has no more children show the specific path which is followed to achieve the goal. AND&OR operations are used in this strategy to show that only one or all children in the given internal nodes needed to be completed to achieve the goal. a. Attacker Model Before describing the attack tree for energy theft, it is better to define the types of attackers that are motivated to commit energy theft. Types of Attackers: Customers: From a long time, the energy is stolen by the customers by using different techniques. The traditional analogue meters can be attached easily but for AMI the customers are not well enough to attack them by their own. So, they need to get help from the experts who have resources and also have the technical abilities as well. Organized Crime/Crime based attack: A type of attack, in which the crime groups are involved. These groups uses many techniques such as monitoring the sites of attack. The member of crime group leverage certain design aspects of AMI systems, such as widespread use of same password set over many meters. Utility Insiders: are trusted to be honest in case of analogue meters and AMI. Utility side systems impose proper user and group management to provide properties like separation of duties. For this purpose utility insiders are preferred. Nation States: opponent with the level of expertise have little inspiration to obligate theft. They may use vulnerabilities discovered in smart meters for denial of service attacks. b. Energy Theft Attack Tree 1
  • 2. Energy Theft in the Advanced Metering Infrastructure We perform a top down, stepwise refinement, and heuristic strategy to construct the attack tree for energy theft. “Energy Theft” is a set of attacker’s overall goal. The procedure is described as follows: -Define the attacker’s overall goal “G: Energy Theft” in AMI. -Decompose the goal G into sub goals such as Interrupt Measurement, Tamper Stored Demand and Modify in Network. The Network. This list could be extended and sub-goals could be added. -Continue the stepwise decomposition until the task cannot be divided into smaller ones. Fig-1. Energy Theft in Advanced Metering Infrastructure Fig-1This figure shows the attack tree with detailed leaves telling about the attacks which are compulsory for the energy theft. Three classes for theft are defined. -before meter makes demand measurement. -before storing the demand values in meter. -after measurement and logs have left in trasnmission to utility. Each are labeled with attack lead by them. c. Classes of Attacks The only requirement for energy theft is the management of demand data. Three ways to tamper with demand data. 1. Though it is recorded 2. Though it is at relaxation in meter and 3. It is in airlift through the network. The first class of attacks aims to prevent from acuurately measurement demand also existed for analogue meters. Execution of this class is difficult in AMI by logging sensor data that fixes when power is cut to the meter. To excute the attacks like Disconnect Meter and Meter Inversion undetected, and also the deletion of logged events that specify the outage is compulsory before they recovered by utility. Second class of attacks is limited to AMR and AMI. As the smart meters store a large amount of data. It stores time-of-use pricing, logs of both physical events and executed commands, and recorded the left demand. Because the behavior of smart meter is controlled by the substances of its storage. Tamper storage attack provide ability to tamper with that storage, this attack refers to the overwritting of meter’s firmware and is limited to memebers of organised crime. For energy theft only some items are of intrust from storage like namely, audit logs and record of total demand. These all values can be accesed by administrative interfaces that requires passwords. Third class of attacks involves injecting forged values into communication between meters and utilities. The goal for subtree requires two different types of actions and interposittion of attaker on backhaul network (intercept communications) and modification of traffic between meter and utility (Man in the middle, spoof meter). Interposition is needed for capturing the protocol between meters and utilities. If the flaw is present between the authentication or integrity protocols of meter and utility then meter spoofing attack is sufficient for sending forged demand data. This attack refers to the replacement of meter by a common device like laptop and receive calls from the utility and provide created values for exact fields. IV. SYSTEM UNDER STUDY This section gives us the description of environment and tools used for smart meter security analysis in which reverse engineering, attacking meter communication protocols and details about the capabilities of meters is included. We also describe the functionality and features of plan execution relevant to the security analysis result. A footnote based PBX private branch exchange is used to produce a computer model of the telephone network for communication between meters and utility. The utility machine runs the back-end software that the utilities used for reading, programming and resetting meters. The communication of utility machine and collector meter is done over telephone by using voice- band modems. Auditing is used for the outage notification and reverse energy flow detection as well as other events. Optical port or telephone modems can recover the audit logs. The reverse energy flow detection can be disabled in case of customers have contracts to sell generated power back to the grid. Intrusion detection feature ensures that meter is only device off the hook while communicating with the utility, when any other user picked up the phone then the meter is automatically interrupted and hangs up. On utility machine additional monitoring software was run to capture the protocols of the telephone modem and optical port. In order to understand use of cryptography in communication and structures used to pass protocol messages, meter reading software was translated to symbolic language. The “adversarial machine” is used for attacking on communication between meters and utility machine. V. AMI SECURITY ANALYSIS The result of security analysis shows some design flaws of studied system that allows energy theft using AMI techniques. There is a description of existing protections and for each vulnerability and the description of how they may be circumvented and also describe the validation of attack. How the validation could be achieved in the future is also explained here. a. Physical tampering The studied meters provide two types of tamper detections Physical based and Firmware based. The identified attacks such as disconnect meter, meter inversion, extract meter passwords, tamper in flight requires some type of physical tampering of meters The physical tamper protection is same as the analogue meters tamper detection. Tamper evident seal is the meaning of detecting only the opening of meter enclosure. Basically two types of seals are used. One is the seal on the meter’s socket attachment provided by the utility. This seal is not defined in our study scope. The other seal is on the meter’s outer cover which is aluminum meter seal with a flag containing a stamped string between one and five characters and we were able to pick any stamp of our choice from tamper seal vendor without any special recommendation. b. Password Extraction The overwriting meter’s firmware requires that the meter password should be removed. The removed or extracted password can be achieved through optical port snooping. On the utility machine, monitoring software is used to capture the optical port protocol which is used to communicate with the meter and also used to found the cleared passwords. When the meter is opened once, one of the 2
  • 3. Energy Theft in the Advanced Metering Infrastructure reader device is placed on the optical port pins or the optical lens to capture the rest of the passwords. c. Meter Spoofing Spoofing attack is another risk of placing a physically insecure device on a network to launch attacks against the network hosts and to spread malware. The standard ANSI (American National Standard Institute) protocol is used by the studied system for the authentication of meters and utilities. The protocol provide the cryptographic nonce- Attack Description Vulnerability Design Assumptions Measurement interruption Insufficient physical tamper protections a. Physical limitations Password extraction Optical communication is unsecured. b. Near field security Meter storage tampering Firmware integrity protection is not present c. Physical integrity of meter Communication Interception Intrusion detection is insufficient d. Trusted backhaul nodes Communication tampering Failure to check for replay e. Trusted endpoint node Table-1. Summary of vulnerabilities and attacks that can be enabled through them and also the design assumptions along them are shown. Label of assumptions will be used for reference. (an arbitrary number used only once.) created by the meter and sent to the utility. Now the MAC message authentication code is calculated by the utility software. In MAC, the password and nonce is being hashed. The data encryption algorithm ANSI X3.92-1981 is used for the calculation to be done. The MAC is then sent to the meter and the meter calculates its own MAC of the received MAC and then send it again to the utility software. After that process, mutual authentication is completed. The error in the utility software is that the freshness of nonce couldn’t be verified by the meter. Therefore the opposition that is able to eavesdrop on an authentication session can replay the nonce and authenticate itself as the meter. VI. UNDERSTANDING VULNERABILITIES Now, the attacks which may lead to energy theft has been handled and vulnerabilities of attacks on an AMI studied system are shown. Now after the vulnerabilities our goal is to understand design assumptions.Table-1 shows that the attacks are grouped with the assumptions and the effect of these assumptions on AMI attacks are clarified. And also show that these three properties of group increases the easiness and simplicity of energy theft. In Assumption a, we are assuming that the physical security of a meter is efficiently and concretely limited. An AMI has provided the advanced security features which are used to perfectly spoken about this limitation. On the other hand the existing firmware protections are not linked to the physical attachment of meter. But the meter internals and tamper detection mechanisms could not be affected or accessed due to the detection of electromechanical tampering. The Assumption b, shapes that the insecure and incorrect communication could be held with an untrusted device. So that, the optical signal would be verified or documented secretly in a cooperated meter. But to achieve a password from optical port the special equipment is needed. The payment would be doubled by using the achieved password. Assumption c is also the example of extension of opposite effort. The possibility for tampering with stored firmware of meter has some concerns outside the simple ability to steal power. First, hardness in detection of alteration at firmware level to detect the off-line review of firmware fillings. Second, the customer’s doe’s small amount of work needed to upload malicious software who are using tampered firmware for theft. Assumption d, in the studied system, this supposition is an indication that for the integrity and clever intrusion detection mechanism, the use of encryption and authentication is unsuccessful. This is only expected due to the confusion of security requirements for spreading the attack apparent to public networks. Assumption e, this supposition tells about the miscarriage of shared authentication of utilities and meters. It creates a well- known and easily consumable vulnerability. It provides the ability to easily substitute another device for a meter that encourages the making and delivery of meter spoofing software which allow energy theft without leaving any evidence of tampering at the meter. VII. CONCLUSION As we know that the basic requirements of AMI are in struggle with security. There are major reasons for the dangerousness of fully digitized metering system than analogue predecessors. Some of these reasons are given below. a. Amplification of Effort In most of the cases, power theft is easy with a single meter. Once the password is taken by attacks will be used for many times or to change all usage in an area are typical for the hacking of a head end meter. b. Division of Labor By using pre-made meter programs, customers can escape from a huge amount of risk and effort, programs used to overwrite meter’s firmware and spoof communications with utilities and the grid. The script kitty’s type attacks can be easily achievable on meters through the internet. c. Extended Attack Surface The attack apparent is spread by the AMI for metering to complete public networks. Tampering at the endpoints of these networks is mostly useful for energy theft as demand information for many meters that are passing through the collector meters and linking to the servers of utilities. REFERENCES [1]. 3CX. FXS, FXO Explained. http://www.3cx.com/PBX/FXS- FXO.html, 2009. [2]. American National Standards Institute. ANSIX3.92-198 Data Encryption Algorithm, 1981. [3]. McDaniel, P., McLaughlin, S.: Security and Privacy Challenges in the Smart Grid. IEEE Security & Privacy Magazine (May/June 2009) [4]. Electric Light and Power Magazine: Reducing revenue leakage (2009), http://uaelp.pennnet.com/ 3