Threat Modeling Smart Metering Gateways

Conference: Smart SysTech 2013 - European Conference on Smart Objects, Systems and Technologies
06/11/2013 - 06/12/2013 at Erlangen/Nuremberg, Germany

Proceedings: Smart SysTech 2013

Pages: 5Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Authors:
Lunkeit, Armin (OpenLimit SignCubes GmbH, Berlin, Germany)
Voss, Tobias; Pohl, Hartmut (softScheck GmbH, Sankt Augustin, Germany)

Abstract:
In the traditional Software Development Lifecycle (SDL), measures aimed at increasing the security level are generally implemented only shortly prior to shipping, and frequently even after the system has been delivered. Because around half of all security-related bugs (vulnerabilities) can be traced back to design bugs, security measures will, however, have to be implemented shortly before or during the design. Costs of removing vulnerabilities are also lowest at this development phase. Threat Modeling supports the methodological development of a trustworthy system design and architecture at the design phase of software development. In this article, the Threat Modeling process is first applied to a Smart Metering Gateway as component of Smart Grid infrastructure. Smart Metering Gateways (SMGW) represent communication between the prosumer with his consuming and generating devices and the Smart Grid with distribution network operators, meter operators, metering service providers, suppliers etc.; they represent the “security core” of the Smart Grid and thus have a significant influence on public perceptions of the entire Smart Grid Infrastructure. Keywords — fuzzing, smart metering gateway, smart grid infrastructure, smart metering, testing, threat modeling, security, vulnerability