Home
Introduction to Smart Meter Penetration Testing
16 March 2011
Introduction to Smart Meter Penetration Testing

Workshop Overview

IOACTIVE SMART METERING

NEW UPDATED CONTENT!
Today’s workshop hosted by IoActive is a technical workshop where the audience will learn the process, common pitfalls and specialized attacks against Smart Meters. The goal is to have the audience walk away better prepared to ensure they receive high quality results from their assessors and can determine whether the critical infrastructure they are deploying in the wild have truly been assessed properly for security

 Your workshop leaders:

Security Consultant

Michael Milvich is experienced in exploit development and network and application testing. As a security consultant at IOActive he performs penetration testing; identifies system vulnerabilities; and designs custom security solutions for clients in software development, telecommunications, financial services, and non-profit organizations. Mr. Milvich's focus has been on assessing SCADA systems within the electrical power industry, and he has reviewed numerous vendors including OSISoft, Live Data, and Areva.

 

Director of Services
David Baker is a subject matter expert on information security, CIPS compliance work, and Smart Grid architectures. Baker specializes in developing security requirements and identifying best practices for critical infrastructure and utility system management, having debriefed the Department of Homeland Security on AMI research. Baker has orchestrated large-scale network and application penetration tests, provided a long-term security roadmap and budgetary plans for enterprise customers, and written critical assessments of enterprise cyber security programs.
 

 

Workshop agenda

clock

8:30

Registration & Coffee

clock

9:00

Introduction to the workshop

  • Overview of AMI Architecture - meter to "relay" to network to collections to EMS
  • Overview of Meter Architecture - meterology board - disconnect relay - communications board - tamper resistance
  • Overview of Basic chip Architecture - flash, IC, crypto features
  • State of technology today versus 2008/2009
  •  

    clock

    10:15

    Morning Coffee

    clock

    10:45

    Threat Analysis

  • Attack Vectors
  • Threat Objectives
  • Threat Actors
  • Reputation, Regulatory, Customers

     

  • clock

    11:45

    The Methodology of an Assessment

  • Hardware perspective
        - Glitching attacks
        - Timing
        - Differential Power attacks
  • clock

    12:45

    Lunch

    clock

    13:45

    Software perspective

  • Fuzzing of serial line communication
  • Reverse engineering to identify a overflow conditions
  • Communication fuzzing
  • GSM / CDMA / WiMax / Wi-Fi
  • Software Radios
  • Weaponizing a communications board
     - Cryptography and Passcodes
    -  Brute Forcing  


     

  • clock

    15:30

    Afternoon Tea

    clock

    16:00

    Field Observations

  • Common pitfalls
  • Discussion of firmware extraction tools pros and cons
  • Recommendations for better security.
  • clock

    16:45

    Questions and answers

    Workshop leaders will take your questions from the day

    clock

    17:15

    Chairman’s Closing Remarks and Close of Day One

    Marriott Hotel Regents Park

    128 King Henry’s Road
    London NW3 3ST
    United Kingdom

    Marriott Hotel Regents Park

    This 4 star north London hotel in zone 2 is the perfect destination for the astute business traveler as well as the leisure guest that knows how convenient north London hotels are, as a base from which to explore the city .Bond Street is just 3 stops from Swiss Cottage underground station on the Jubilee Line, so you can be shopping, exploring the sights and taking in one of London’s world-renowned West End shows in less than 15 minutes when you stay at this hotel near central London. At the same time, the hive of activity that is Camden Town, the chic shops, cafes and restaurants of Primrose Hill and ZSL’s London Zoo in Regents Park are all just a short walk from this hotel in north London.

    HOTEL BOOKING FORM

    Title

    SubTitle
    speaker image

    Content


    Title


    Description

    Download

    Title


    Description

    Download

    Title


    Description


    Download


    WHAT IS CPD?

    CPD stands for Continuing Professional Development’. It is essentially a philosophy, which maintains that in order to be effective, learning should be organised and structured. The most common definition is:

    ‘A commitment to structured skills and knowledge enhancement for Personal or Professional competence’

    CPD is a common requirement of individual membership with professional bodies and Institutes. Increasingly, employers also expect their staff to undertake regular CPD activities.

    Undertaken over a period of time, CPD ensures that educational qualifications do not become obsolete, and allows for best practice and professional standards to be upheld.

    CPD can be undertaken through a variety of learning activities including instructor led training courses, seminars and conferences, e:learning modules or structured reading.

    CPD AND PROFESSIONAL INSTITUTES

    There are approximately 470 institutes in the UK across all industry sectors, with a collective membership of circa 4 million professionals, and they all expect their members to undertake CPD.

    For some institutes undertaking CPD is mandatory e.g. accountancy and law, and linked to a licence to practice, for others it’s obligatory. By ensuring that their members undertake CPD, the professional bodies seek to ensure that professional standards, legislative awareness and ethical practices are maintained.

    CPD Schemes often run over the period of a year and the institutes generally provide online tools for their members to record and reflect on their CPD activities.

    TYPICAL CPD SCHEMES AND RECORDING OF CPD (CPD points and hours)

    Professional bodies and Institutes CPD schemes are either structured as ‘Input’ or ‘Output’ based.

    ‘Input’ based schemes list a precise number of CPD hours that individuals must achieve within a given time period. These schemes can also use different ‘currencies’ such as points, merits, units or credits, where an individual must accumulate the number required. These currencies are usually based on time i.e. 1 CPD point = 1 hour of learning.

    ‘Output’ based schemes are learner centred. They require individuals to set learning goals that align to professional competencies, or personal development objectives. These schemes also list different ways to achieve the learning goals e.g. training courses, seminars or e:learning, which enables an individual to complete their CPD through their preferred mode of learning.

    The majority of Input and Output based schemes actively encourage individuals to seek appropriate CPD activities independently.

    As a formal provider of CPD certified activities, SAE Media Group can provide an indication of the learning benefit gained and the typical completion. However, it is ultimately the responsibility of the delegate to evaluate their learning, and record it correctly in line with their professional body’s or employers requirements.

    GLOBAL CPD

    Increasingly, international and emerging markets are ‘professionalising’ their workforces and looking to the UK to benchmark educational standards. The undertaking of CPD is now increasingly expected of any individual employed within today’s global marketplace.

    CPD Certificates

    We can provide a certificate for all our accredited events. To request a CPD certificate for a conference , workshop, master classes you have attended please email events@saemediagroup.com

    Event Title

    Headline

    Text
    Read More

    I would like to speak at an event

    I would like to attend an event

    I would like to sponsor/exhibit at an event

    SIGN UP OR LOGIN

    Sign up
    Forgotten Password?

    Contact SAE Media Group

    UK Office
    Opening Hours: 9.00 - 17.30 (local time)
    SAE Media Group , Ground Floor, India House, 45 Curlew Street, London, SE1 2ND, United Kingdom
    Tel: +44 (0) 20 7827 6000 Fax: +44 (0) 20 7827 6001
    Website: http://www.smgconferences.com Email: events@saemediagroup.com
    Registered in England - SMi Group Ltd trading as SAE Media Group




    Forgotten Password

    Please enter the email address you registered with. We will email you a new password.

    Thank you for visiting our event

    If you would like to receive further information about our events, please fill out the information below.

    By ticking above you are consenting to receive information by email from SAE Media Group.
    Full details of our privacy policy can be found here https://www.smgconferences.com/privacy-legals/privacy-policy/.
    Should you wish to update your contact preferences at any time you can contact us at data@smgconferences.com.
    Should you wish to be removed from any future mailing lists please click on the following link http://www.smgconferences.com/opt-out

    Fill in your details to download the brochure

    By ticking above you are consenting to receive information by email from SAE Media Group.
    Full details of our privacy policy can be found here https://www.smgconferences.com/privacy-legals/privacy-policy/.
    Should you wish to update your contact preferences at any time you can contact us at data@smgconferences.com.
    Should you wish to be removed from any future mailing lists please click on the following link http://www.smgconferences.com/opt-out