IEEE SYSTEMS JOURNAL, VOL. 8, NO.

2, JUNE 2014

509

Toward a Secure Wireless-Based Home Area

Network for Metering in Smart Grids
Vinod Namboodiri, Member, IEEE, Visvakumar Aravinthan, Member, IEEE,
Surya Narayan Mohapatra, Babak Karimi, Student Member, IEEE, and
Ward Jewell, Fellow, IEEE

AbstractCompared to the conventional grid, the smart grid

requires active participation of consumers to improve the quality
and reliability of power delivery. The increase in consumer participation is expected from the advanced metering infrastructure
(AMI), commonly known as the smart meter, which has the capability of supporting various functions beyond that of recording
energy usage. One of the primary objectives of the AMI is to
allow load and cost management for the utility. This is envisioned
partly through a communication system implemented between
the smart meter and consumer equipment, currently deployed
using wireless networking solutions such as ZigBee. Due to the
shared nature of the wireless medium, however, these deployments
face security challenges and interference issues, which must be
addressed, taking into account the interests of both the utility
company and the consumer. This work takes a comprehensive
look at wireless security in the smart-meter-based home area
network scenario and identifies possible vulnerabilities. Subsequently, some countermeasures are developed that can be used
by both the utility company and the customer and are integrated
into a common framework called SecureHAN that can be agreed
to by both. In addition, the experiences from implementing the
SecureHAN framework using commercial off-the-shelf hardware
are described, including possible challenges.
Index TermsAdvanced metering infrastructure (AMI), communications, home area network (HAN), security, smart grids,
smart meters (SM).

I. I NTRODUCTION

HE electrical power industry is experiencing major challenges in the twenty-first century. Two significant developments are based on smart grid technologyan automated
system with improved communication and electric vehicles
(EVs). These are expected to change the way energy is consumed by residential customers. Advanced metering infrastructure (AMI) is introduced at residential levels to incorporate
Manuscript received April 4, 2012; revised September 19, 2012; accepted
January 23, 2013. Date of publication August 7, 2013; date of current version
May 22, 2014. This work was supported in part by the Power Systems Engineering Research Center (PSERC) Project T-39, Communication Requirements
and Integration Options for Smart Grid Deployment, by the U.S. Department
of Energy Project DE-FG36-08GO88149, Sustainable Energy Solutions, and
by the contributions from the industrial and academic members of the PSERC
S-54 Project, Towards a Privacy-Aware Information-Sharing Framework for
Advanced Metering Infrastructures. A preliminary version of this paper was
presented in the conference proceedings at the IEEE Power and Energy Society
General Meeting at Detroit, MI, USA, in July 2011.
The authors are with the Department of Electrical Engineering and
Computer Science, Wichita State University, Wichita, KS 67260-0083 USA
(e-mail: vinod.namboodiri@wichita.edu; visvakumar.aravinthan@wichita.edu;
surymoha@cisco.com; bxkarimi@wichita.edu; ward.jewell@wichita.edu).
Color versions of one or more of the figures in this paper are available online
at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/JSYST.2013.2260700

these changes. With the introduction of AMI technology, a twoway communication between a smart meter and the control
center as well as the meter and residential power equipment
would be facilitated for demand response, dynamic pricing, and
system monitoring [1]. In addition, AMIs could be used for
greenhouse gas-emission mitigation [2]. According to Edison
Electric Institution compilation, by 2015, it is expected that
60 million AMIs (smart meters) would be installed in the U.S.
[3]. Such new technologies bring further challenges to the area
of power systems.
This work focuses on aspects of communication between
the AMI and terminal residential equipment. Any home area
network (HAN) used for a smart-meter application should have
enhanced security features to ensure that necessary and accurate
information is communicated to the smart meter by every piece
of equipment. Possible malicious behavior in complying with
this process could include any information not reported to
the smart meter by an intentional action of the consumer or
any action by a third party (like a neighbor) to modify the
information of a consumer that would give them higher priority
or other benefits.
Fig. 1 shows how different residential equipment or devices
could be classified into groups and controlled by a smart meter
provided by the utility.1 Equipment in each group could be
subjected to different restrictions on utilizing the grid. Communication between the smart meter and each equipment would
be used to realize one-on-one control to regulate the operation
of each equipment. From a power system point of view, all
loads should be served in a controlled manner, and none of
them can be refused service. Therefore, it is essential to build
a communication architecture that would ensure that the basic
principles of security are met toward a resilient monitoring
and control network. A recent paper in the IEEE S PECTRUM
highlights the importance placed on the issue of security and
role of communications for smart meters [3].
Although there has been some discussion about the mode
of communication to be used between the control center and
a smart meter at the distribution level, there is more consensus about the use of wireless communication as the mode of
communication between a smart meter and electrical devices in
the home [4], [5]. For example, ZigBee is a technology that
is being talked about in the power system community as a
good candidate solution [5]. A wireless-communication-based
1 Additional details on how equipment could be classified into groups and
what restrictions they could be subjected to are described in Section II.

1932-8184 2013 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

510

Fig. 1. HAN equipment classification for the smart-meter application.

network requires minimal infrastructure support in the home

in terms of cabling and allows zero configuration, where devices can be added or removed easily, and possible integration
with increasingly common wireless-based access networks and
home-security systems.
A wireless-based HAN2 for smart meters, with all of its
advantages, comes with more security challenges than possibly
any other solution due to the shared wireless medium. Based
on a survey of the literature and our discussions with engineers
and experts in the power system area, not much is known
about how secure a wireless HAN can be for the smart-meter
application. For example, there have been visionary documents
on smart grids which call for improved security [6], [7]. There
are researchers who have specifically focused on security and
AMI and called for more work to be done in ensuring a secure
framework, with some actually proposing such a framework
or architecture [8][13] on which to build solutions. What has
been lacking, however, is a concrete low-level approach that
looks at various possible attacks to such a wireless HAN.
This work takes a comprehensive interdisciplinary look at
wireless security in the smart-meter-based HAN by identifying
a wide range of possible attacks. Furthermore, we develop
countermeasures that can be taken by both the utility company
and the customer and integrate the various countermeasures
into a common framework that can be agreed upon by both. A
key aspect that differentiates security in the smart-meter HAN
from traditional work on wireless network security is that there
are two different entities whose interests must be kept secure:
1) the utility company, who must be sure that nobody, including
the customer, can tamper with the measurement and control of
devices as agreed upon; and 2) the customer, whose privacy must
be guarded at all times when the smart meter is collecting and
relaying data, and that personal device management preferences
are honored at all times. Such two-party agreements provide
a different dynamic than a traditional wireless sensor network
application for the home where all devices are under the control
of only one administrative authority, typically the consumer.
2 Although the HAN term could be used for any network, including access
networks and home-security networks, this term is currently widely used in the
power systems and smart grid community to mean a network in the residence
for the smart-metering application. We envision that, in the future, all networks
in the home may converge and collectively be called a HAN.

IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2, JUNE 2014

This work pays special attention to attacks made possible

and countermeasures needed due to the existence of multiple
parties.
This paper summarizes the communication and control
model of a wireless-based HAN, examines security requirements, possible threats, and their solutions, and subsequently
integrates all proposed solutions into an integrated framework called SecureHAN. A prototype implementation of
SecureHAN is then presented that includes details on building
all important interface between communication modules and
electric loads and what challenges exist in implementing wireless security solutions from commercial off-the-shelf (COTS)
components. Securing wireless networks is not a new topic,
and many solutions are well known (e.g., [14] and [15]). This
paper aims to contribute through its interdisciplinary nature
of applying networking techniques and their solutions to the
power and energy system area with the goal of hastening
the adoption of AMI by customers by alleviating security
concerns.
The rest of this paper is organized as follows. In Section II,
we describe in more detail the HAN concept for smart metering
in the envisioned smart grid. There, we specify in more detail
the communication requirements for participating equipment
and the overall communication and control model between a
smart meter and equipment. Section III then looks at relevant security objectives in the HAN scenario and discusses
possible attacks. In Section IV, we propose solutions to the
identified attacks, beginning with an authentication procedure
to be used by all equipment connecting to the network. An
integrated framework SecureAMI for securing HANs for smart
metering is proposed in Section V, along with a discussion
of its capabilities to meet security objectives, including the
preservation of customer privacy and mitigation of interference
from other networks and devices. Section VI then describes
how the SecureHAN framework can be implemented using
COTS hardware and what challenges may exist. Concluding
remarks with some directions for future work in the area are
made in Section VII.
II. HAN C ONCEPT FOR THE S MART G RID
The U.S. Department of Energy has defined smart grid [1]
as the power system which has the ability to self heal from
a disturbance, enables active participation by consumers in
demand response, operates resiliently against physical and cyber attacks, accommodates all generation and storage options,
provides power quality for the 21st century needs and optimizes
assets and operating efficiency. Much work has been done
to overcome these challenges and provide quality power to
consumers for their needs at various levels, to name a few:
generation [16], transmission [17], [18], distribution [19], smart
meters [20], [21], reliability [22], and communication [23].
Compared to the conventional grid, smart grid requires active
participation of consumers to improve the quality of the power.
The increase in the consumer participation is expected from the
AMI, which includes the smart meter, which has the capability to support various functions beyond recording the energy
usage [24].

NAMBOODIRI et al.: TOWARD SECURE WIRELESS-BASED HOME AREA NETWORK FOR METERING IN SMART GRIDS

A. Motivation for AMI

The AMI concept allows a utility to install a smart meter in
every customer premise that can communicate with appliances
and devices and control their operation. The smart meter has
the ability to control how many appliances/devices operate at a
given time and thus is a great tool to achieve load balancing.
The smart grid control center looks at aggregated load from
all its customers at a given time and can issue specific control
instructions to the smart meter in a customer premise. When
a customer signs up for a smart meter, the typical agreement is
that the smart meter would have control over some specific class
of devices (typically the high-load devices that the customer
can operate with some tolerance in delay) and can determine
when to let devices from that class operate. On the other hand,
the customer benefits by having his/her appliances operate at
times of lower demand, which typically have lower electricity
rates, thus saving money. Without the AMI infrastructure, the
customer would have to keep track of off-peak times and rates,
which would prove cumbersome. In fact, a recent paper claims
that customers typically are unmindful of electricity rates and
the benefits of running appliances at off-peak times [25]. Any
infrastructure that allows customers to simply sign up and not
worry about what actions to take to save money should be of
high interest.
B. Role of Communication
AMIs are expected to introduce two new categories of communication. The first, actively employed by many utilities in the
U.S., is the communication between the energy meter and the
utility control center. This facilitates utilities to observe realtime power conception and any abnormalities in the system and
impose demand response. If real-time pricing in introduced,
this category of communication will enable the consumer to
track the current price. In addition to the American National
Standards Institute C12.22 standard [24], significant work has
been done on ensuring secure communication between the
meter and the utility [20], [26]. Many utilities in the U.S.
have implemented smart meters that have the capability of this
level of communication [27][29]. If the AMI is to allow load
and cost management, a second category of communication
between the meter and the user devices is also necessary. One of
the major concerns of implementing this category of communication is the question of consumer privacy [3], [30]. Customers
will not prefer the utility knowing what electrical appliances
they are using at any given time. Therefore, a separate layer of
communication which will be limited to the property of concern
is required. The smart meter should be able to communicate
with all appliances connected at the property it is monitoring
and should control the use of power by switching the appliances
without sharing this information with any other stakeholder.
It should be noted that, if the second layer of control is
achieved by enabling load management and/or demand response, then greenhouse gas emission can be controlled as well.
Utilities, which would be governed by the proposed emission
regulations by several states in the U.S., could benefit greatly.
Furthermore, the introduction of EVs will be a serious concern
for utilities. EV charging will be stochastic in nature and a large

511

load on the distribution transformers. Therefore, EVs require

higher end communication; some of the information from the
EV charging should be communicated to the utility (e.g., time
required for charging, availability, and charge level of the
battery). Therefore, EVs should be categorized separately when
the communication architecture is developed. As this scenario
is still only emerging, we do not address this equipment class in
this work. As end-to-end communication is desirable between
the utility control center and EVs in this scenario, it would
be more appropriate to consider this together with the network
between the control center and the smart meter as future work.
This paper focuses only on the network within the home and
how the smart meter deals with equipment classified in groups
1, 2, and 3, as described previously.
C. Communication Requirements in a HAN
It may not be economical to have equal communication requirements for all components, for example, a light bulb needs
only minimal communication infrastructure whereas an EV
needs to communicate more information. Components could be
divided into four categories based on the communication needs.
Fig. 1 shows four typical types of terminal equipment.
Controlling small loads such as light bulbs, phone chargers,
and laptop computers will increase the installation cost and
increase the traffic. Since any control will not change the total
load profile significantly, these types of loads (Group 1 in
Fig. 1) need to inform the smart meter only when they are
connected to and disconnected from the system. Some large
loads like a stove (Group 2 in Fig. 1) should not be controlled
as the consumer needs to cook based upon his/her needs.
Therefore, this type of equipment needs minimum communication infrastructure but will need to send its power usage and
expected duration of usage whenever possible. Large loads like
air conditioner (AC) and washer/dryer (Group 3 in Fig. 1), for
which usage could be controlled, will request the smart meter
and wait for its acceptance to be switched on. They will need
to send extensive information such as expected load, expected
duration of usage, and duration of availability. Therefore, they
may send more packets than the other two types of loads.
Furthermore, the acknowledgment from the smart meter is
essential for this type of load as they wait to be turned on. The
decision to turn on a component will depend on the dynamic
pricing and duration of availability. The last type of load is
EVs, and they are new to the power grid. Since these are very
large and stochastic in nature, it is vital for the smart meter to
communicate in advance the time of charging of EVs and to
plan the charging. Due to the extensive need for communication, these are categorized as separate loads. It is essential to
build a communication architecture that could manage the load
through timely and adequate control.
D. Communication and Control Model in a HAN
There are two options for communication between appliances and the smart meter. The first option is to make appliances
smart, whereby they will have the capability to communicate
with the smart meter and make the decision (when to switch on,

512

Fig. 2. Communication and control model of equipment by relying on adding

capability to power outlets.

when to switch off, etc.). The main disadvantage of this method

is the lack of communication/processing capability in currently
manufactured appliances. The second option is to make the
power outlets smarter by connecting a transceiver with processing capability. The work in this paper is based on this second
option as migrating to the first option in the future will not
change the security concerns, while making it easier to increase
adoption in a standardized way. We believe the wireless communication model would be most suitable and would require
no modification to the existing wiring or additional wiring in
the property. It should be noted that existing home wiring is
designed for low-frequency electric power transportation and
not high-frequency data transportation. Usage of the wireless
medium enables the communication between the smart meter
and the outlet, even with any fault in the electric connection
between them. Comparatively, options like Ethernet cabling
have extensive infrastructure costs comparatively with little
flexibility to reconfiguring the network architecture.
Fig. 2 shows two different models for the outlet communication model. The first model [Fig. 2(a)] is for the controlled
operation; this case is for appliances clustered in group 3,
where they need approval from the smart meter to operate.
The consumer will connect the device to the power outlet and
program the outlet with the following information: required
operation, availability, and priority. This information would be
communicated to the smart meter, and based on the system
loading profile and the information provided by the consumer,
it will allocate the time of operation of the device and send that
information back to the outlet transceiver. On the other hand,
for devices which will not be controlled by the smart meter, the
only information that the smart meter needs is type of device
(type of device could be identified by location of the outlet).
Fig. 2(b) shows the uncontrolled operation; once the consumer
switches on the device, the outlet will share this information
with the smart meter.
With many homes already having at least one type of wireless
network for Internet access, burglar alarms, or lighting control,
possible integration of all the application scenarios could be
possible in a few years. A downside to using wireless communication for the HAN scenario could be the data transfer rate,
which can be on the slower side compared to traditional wired
solutions. However, a HAN is used more for control than as a
high-speed access network, and thus, low data rates are adequate. Current wireless solutions that are possible candidates
to be use in a HAN are Wi-Fi, ZigBee, and Bluetooth, and

IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2, JUNE 2014

their comparison can be found in [31]. The ZigBee technology

based on the IEEE 802.15.4 standard [32] is considered a good
solution for the HAN scenario as it has a communication range
varying from 10100 m, allows large-scale network configurations, and uses a low-power radio. The data-rate capability for
this technology is a modest 250 kb/s but is more than adequate
for the HAN application scenario. As a result, ZigBee seems
to be the forerunner in the race to be the wireless solution of
choice. Thus, in this work, we make periodic references to the
security architecture in place for ZigBee; however, for the most
part, we assume a general wireless network that could easily
be based on any of the aforementioned solutions. The work in
[33] presents an integration point for different types of wireless
networks for HAN through unified metrics that could be utilized
to implement any of our proposed general solutions.
III. P OSSIBLE S ECURITY ATTACKS
In this section, we begin by describing the two-party dynamics that exist in the smart-metering HAN scenario and
challenges that it presents. Subsequently, we define the security
objectives of the network and possible attacks that it could face.
Solutions to these possible attacks are then presented in the
following section.
A. Two-Party Dynamics
In traditional home-area-based networks, the customer is the
only entity responsible for the operation of the network and
acquiring benefits from the deployed application. For example,
consider the case of a home surveillance system. It is in the
interests of the customer that the network functions properly as
intended, with the customer making all attempts to correct any
unintended behavior of the network.
Apart from typical security attacks possible on a wireless
network, the smart-meter HAN scenario has the additional
dynamic of there being two parties with interests in the network.
If the smart-meter communication network does not function
properly, it could prevent customer appliances from operating
at all. Similarly, a misbehaving network could take away the
crucial ability to control customer equipment that the utility so
dearly desires. For example, there could be incentives for the
customer if the smart meter is not able to control some of its
equipment on some occasions where the agreement could be a
liability.
The distributed control that exists between the two concerned
parties could allow a third misbehaving party to threaten the
security of the network by impersonating one, the other party,
or both. Furthermore, capturing shared secrets is easier when
two parties are involved than one.
B. Security Objectives
Typically there are four main objectives in ensuring a secure
network.
1) Confidentiality: The goal of confidentiality is to ensure
that any sensitive data are not disclosed to parties other
than those involved in the communication process. In
the HAN scenario, this could mean that, apart from the

NAMBOODIRI et al.: TOWARD SECURE WIRELESS-BASED HOME AREA NETWORK FOR METERING IN SMART GRIDS

customer and utility, no other party gets access to the

equipment usage behavior of the customer. Furthermore,
the customer may want the utility to have only an aggregate view of the power consumed.
2) Integrity: This requirement is to ensure that a received
message is not altered from the way it was transmitted
by the sender. In the HAN scenario, this is important to
allow timely and accurate control. If an attacker manages
to change the source of the request, it could happen that
the smart meter ends up communicating and controlling
the wrong device.
3) Authentication: Authentication is used by one node to
identify another node or verify the source of origin of data
in the network. Authentication is important for administrative tasks like association, beaconing, and identifier
collision. This concept is critical in the HAN scenario
to ensure that a customer is sure of the authenticity of a
smart meter to which its equipment is communicating to
and for the smart meter to ensure that it is communicating
only to the assigned customers equipment.
4) Availability: This property is to ensure that network
services are available and will survive possible attacks
made or failures that occur. The devices used in a HAN
are typically resource constrained and can suffer from
attacks that are aimed at depleting resources,or from
failures due to malfunctioning low-cost devices. In the
HAN scenario, resource depletion is typically not an issue
when it comes to a resource like energy which both the
smart meter and equipments are assumed to have access
to through power outlets. Computation capabilities and
memory constraints could be exploited by keeping these
resources fully loaded, affecting the ability of the network
to function as desired. Failures will possibly be more
common, particularly with equipment makers having to
include the cost of HAN radios into their products and
still keep the price point attractive to customers.
5) Time Sensitivity: Any message delayed over a specific
tolerable time frame may be of no use to the application.
Thus, a network must ensure the relevance of messages
communicated by enforcing latency constraints. In the
HAN scenario, customer requests for equipment operation must reach the smart meter in a timely manner;
similarly, control commands from the smart meter to
equipment must be timely to best utilize scheduling practices of the utility.
Security objectives common to more general wireless networks like fairness are not applicable in the HAN scenario as
all devices that compete for access to the medium belong to
the same customer. Furthermore, the HAN network is expected
to be used mainly as a control network and is not expected
to be highly loaded in terms of bandwidth, thus providing no
incentives for selfish behavior by nodes.
C. Attack and Misbehavior Scenarios and Relevance
to AMI HAN
Fig. 3 shows possible attacks on a wireless-based HAN for
smart metering. We classify these attacks as local attacks and

513

Fig. 3. List of attacks on smart-meter HAN scenario. Due to one-hop nature

of network considered in this work, we will focus only on local attacks. The
attacks most relevant to HANs are shown.

remote attacks. The scope of this work is limited to local

attacks within the HAN, where all devices communicate to
their smart meters using a one-hop network from their power
outlets. Remote attacks, which typically exploit weaknesses in
the routing mechanisms and multihop nature of networks, will
not occur in our one-hop scenario. We leave the exploration
of such attacks to future work when we also consider the long
haul, such as from the control center to smart meters.
When considering various attack scenarios, we make the
following assumptions: 1) the customer can be trusted with
a password provided by the utility for authentication; and
2) the available encryption level is strong. For the first assumption, the customer has an incentive to not let unauthorized
equipment to operate from their power outlet by not protecting
the password. We outline a common authentication procedure
in Section IV that will be used by equipment that joins the
network and prevent unauthorized access, shifting focus to
these postauthentication attacks. The second assumption is a
standard one and could be based on a stronger encryption
suite present in technologies like ZigBee. As a result of the
aforementioned precautions and assumptions, we can rule out
any authentication and snooping type of attacks from Fig. 3.
Local denial of service is typically based on deauthentication
attacks that force equipment to keep having to reauthenticate
instead of using the network for useful purposes. Instead of
considering such denial-of-service attacks, we focus on the
more stronger attack of jamming later in this section.
We do not consider the case of physical device tampering
of the smart meter, equipment, or power outlet in this work.
The smart meter could be made tamper proof by periodic
communication with the control center that allows adequate
monitoring of its operations. The case of customer equipment
and power outlet tampering would be handled by our attack
category of device impersonation described later in this section.
In Fig. 3, the attacks that we consider are marked inside the
highlighted box. The rest of this section describes these attacks
in more detail. We expect these attacks to be a representative
set of attacks possible in the HAN scenario; we believe that any

514

other attacks that we may have left out could be approached

using similar techniques, as outlined in the rest of this paper.
1) Jamming Attacks: In these attacks, an adversary disrupts
communications in a wireless network by sending deliberate
signals on the shared medium. In a wireless network, packet
communication is successful only if a receiver is able to successfully decode the sender packet. If the medium is jammed
by an adversary, the sender cannot begin communicating (if it
senses the medium to be busy beforehand), or its transmitted
packet will be corrupted with the adversarys signal when received. Jamming can be carried out by sending a continuous or
intermittent busy tone on the channel used for communication.
A more simpler form of jamming is for an adversary to send a
continuous stream of packets using the same wireless technology but at a much higher data rate, possibly after tampering
with the medium access control protocol to gain an unfair
advantage [34]. In a simple test that we carried out for a sixnode scenario using the NS-2 simulator [35], we found that a
jammer could reduce each nodes packet delivery ratio from
80%90% to about 40% by just using a data rate ten times that
of an average node with a data rate of 100 Kb/s on a 2-Mb/s
channel.
It is fairly simple for an adversary to use a signal analyzer
or similar based on common off-the-shelf components to determine the channel used in a network. Such attacks are the
most difficult to defend against and could cripple a HAN based
on a wireless architecture. These attacks differ in how they
impact smart grid applications compared to traditional wireless
networks by affecting both the utility data collection process
and customer appliance operations.
2) Equipment Impersonation: Based on the customer-utility
agreement, the customer agrees to let the utility control the
time of operation of certain equipment. However, there could
be instances where the customer would want to renege on this
agreement and not relinquish control. This could occur, for
example, when a customer wants the air conditioning to be on
at a low temperature after a period of intense physical activity.
Under the agreement, the utility gets to decide. This could lead
the customer to cheat by designing an attack that allows it to
misrepresent information and gain control of some equipment.
One such attack is an equipment impersonation attack. Under the customer-utility agreement, the utility gets control to
equipment from only a certain subset of classes, typically the
ones that consume a lot of power. The customer could therefore
exploit this fact and have high-power-consuming equipment
impersonate equipment from another class. An AC masquerading as a light bulb is a good example of a pair of devices
that could be involved in such an attack. The customer has
control over its equipment and gets to register its equipment
on the network and therefore has opportunities to misrepresent
information to the utility. For the utility, an inability to control
equipment could result in demand exceeding supply, possibly
resulting in a blackout in parts of the grid down.
The details of the attack are shown in Fig. 4, where we use
the example of a customer masquerading their AC as a light
bulb. This attack is one example of vulnerabilities arising out
of the two-party dynamic where one party might try to cheat
the other and is novel to the smart grid scenario.

IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2, JUNE 2014

Fig. 4. Example of a device impersonation attack where an AC tries to

impersonate a light bulb and gets permission to operate without any restrictions
as a class 1 device.

3) Replay Attack: A neighbor could capture an equipment

request made at some other time by a customer and replay it
another time when no actual request was made. The neighbor
does not gain any benefit, but it can hurt the customer and could
even be a safety hazard. Such fake requests could overload
the smart meter and have repercussions on the whole grid due
to overloading if not handled properly. This attack again has
new connotations in the smart grid scenario where a centralized
device like a smart meter can be overloaded or act inappropriately, possibly disrupting critical everyday appliance operation
of customers.
4) Nonrepudiation: Nonrepudiation is a concept whereby
no party can refute some aspect of their participation in the
communication process. Specific to the HAN scenario, the customer cannot later refute having got certain control messages
from the smart meter to operate their equipment. Alternately, a
smart meter cannot later refute how it tried to control customer
equipment. This is more important in the smart-meter scenarios
compared to wireless networks where multiple parties are involved and legal compliance and actions may be involved due
to the criticality of the network to the daily lives of customers.
IV. S ECURITY S OLUTIONS
In this section, we describe how each of the attacks mentioned previously can be overcome. We begin by sketching an
authentication procedure that will form the basis of the solution
to all attacks.
A. Authentication Procedure
To ensure strong authentication, we assume the following key
distribution algorithm.
1) The smart meter is installed by the utility at a customers
premise. The customer is given a password which they
need to manually supply to the power outlet through
which any equipment is supplied power. This password
can be used to generate a publicprivate key pair for
encryption purposes.
2) The power outlet for any equipment that connects to the
network for the first time is challenged by the smart meter

NAMBOODIRI et al.: TOWARD SECURE WIRELESS-BASED HOME AREA NETWORK FOR METERING IN SMART GRIDS

for the password. A correct response authenticates the

equipment to the smart meter and sets up the required
bidirectional control between the smart meter and the
power outlet. The communication in this step can use a
public key cryptographic technique.
3) The smart meter and the authenticated power outlet with
the newly joined equipment now decide on whether to use
the established encryption keys or to generate new ones
on a per-session basis.
When an equipment tries to authenticate and join the network, it uses the predefined authentication channel. Once
authenticated, it moves to a possibly different data channel
used by the smart meter. The smart meter is assumed to have
two interfaces: one for receiving authentication requests and
another for communication with authenticated devices. Any
attacks aimed at preventing this authentication can be handled
manually as these are rare and customer involvement can be
expected at a time when equipment is added. As mentioned in
Section III, it would be safe to assume that a customer can be
trusted to keep the utility-assigned password safe, allowing us
to focus on possible nonauthentication attacks.

515

Fig. 5. Channel switching algorithm employed by all nodes of the network.

B. Jamming
Jamming is one of the most difficult denial-of-service attacks
to defend against. The best defense against intentional jamming
is the usage of multiple alternate frequency channels if the current channel has significant interference that results in packet
losses above a certain threshold. The smart meter and any nodes
deployed could be hard coded to move through a predefined and
common random sequence of channels if communication on the
default channel is unsuccessful for a specified period.
The nature of the HAN scenario is different from other typical wireless sensor network research problems in that battery
energy is not a constraint due to access to power outlets for
recharging. Hence, each packet could possibly be retransmitted
multiple times, on multiple channels until it succeeds. The
smart meter, being a high functionality node compared to
typical customer nodes, could be equipped with more spread
spectrum capabilities that could reject interference to a greater
degree and possibly help monitor the network and call for
manual intervention. Directional reception taking into account
equipment locations in the residence and appropriate smartmeter placement can further mitigate the impact of jamming.
In this paper, we propose the approach shown in Fig. 5 to
move the whole network through a sequence of predefined
channels, which could mitigate the impact of a jammer. Each
smart meter on deployment has a predefined sequence of channels through which it moves as a function of time. When a
new node authenticates to the network on the control channel,
the smart meter sends the channel sequence encrypted to the
node using the customers public key. Each node can then decrypt using the customers private key and adopt the sequence,
beginning with the current data channel being used. Methods
for generating and exchanging pseudorandom sequences using
public key encryption are well known [36], with the U.S.
National Institute for Standards and Technology offering several standards from which to pick [37]. If such pseudorandom

Fig. 6. Example loading patterns of a microwave, AC, and refrigerator over

time for different operating durations. It is clear that, by looking at both the
peak load and pattern of the load, the type of device being used can be verified.

sequences are used, the jammer can, at best, make a guess on

what channel will be used, with prior history of channels used
being of no help. Depending on tolerable complexity and cost
factors, additional protections like directional reception capabilities could be used at the smart meter and possibly nodes at
the power outlet. It is important to note that, in technologies like
ZigBee, the physical layer is based on direct sequence spread
spectrum [32] which provides some protection against noise
on a channel. Our channel switching algorithm complements
this by moving across channels as well to avoid attacks based
on overloading a specific channel with data.3 Our approach
is different from the one in [15], which assumes that some
3 This makes our scheme mimic the behavior of frequency hopping spread
spectrum which is not possible under ZigBees underlying 802.15.4 standard
specifications. ZigBee defines a frequency agility capability, and our algorithm
can be used as one way to implement this capability.

516

IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2, JUNE 2014

Fig. 7. Load profiling algorithm to counter the possibility of device impersonation. Actions to be taken by equipment, power outlet, or the smart meter are clearly
demarcated.

communication is possible between the smart meter or network

coordinator and nodes to move to a different channel upon
interference. We assume the worst case that communication
may not be possible under a strong jamming scenario, and thus,
our approach is more resilient.

C. Load Profiling Algorithm to Prevent Impersonation

Device impersonation, as mentioned in the previous section,
could be done by a customer to bypass stringent control on
some equipment on an a s-needed basis. This prevents the
utility from having control of the load that it has to handle. We
propose a load profiling scheme whereby the utility compares
the load consumed by a device to the type of device that it is
announced to be. Our algorithm is based on the premise that
different appliances or devices have unique signatures that can
be exploited to identify them. A simple experiment collecting
power values of common household appliances with a power
meter supports this premise, as shown in Fig. 6.
Fig. 7 shows the sequence of steps that will be taken by
thev equipment, the power outlet, and the smart meter. On
receiving an equipment operation request, the power outlet
seeks permission from the smart meter. Based on the advertised
class of device that needs to be operated, the smart meter either
allows operation (for classes 1 and 2) or schedules operation
based on current load that it is handling (for classes 3 and
4). For all cases, the smart meter sends a previously formed
load profile of the advertised device to the power outlet for
verification. If the peak load of the currently operating device

(Lcurrent is higher than the known peak of the advertised device

L by factor or if the loading pattern does not match the known
profile,4 the power outlet does not allow device operation. Each
devices profile can be prestored based on manufacturers data
or verified prior device operation history.
D. Replay Attack
Replay attacks where a neighbor could request operation of
a customers device can be prevented using time stamps, packet
sequence numbers, or session keys. If the network is time
synchronized, each packet can include the time at which it was
sent. If the smart meter sees a packet that differs significantly
from the current time, it can ignore it. Similarly, if packets from
each equipments power outlet have sequence numbers, the
smart meter can filter packets significantly out of sequence. The
usage of session-based keys can also catch replayed packets
but is more complex than the time stamp or sequence number
methods. If the overall security framework uses session-based
keys, then additional mechanisms will not be needed to prevent
replay attacks.
Fig. 8 shows an example scenario where the smart meter
could detect the presence of a replay attack by monitoring
sequence numbers of packets sent from the power outlet of
an equipment. The time-stamp-based approach would work
similarly.
4 Loading profiles can be compared using a technique like mean square error
with a threshold error signifying impersonation.

NAMBOODIRI et al.: TOWARD SECURE WIRELESS-BASED HOME AREA NETWORK FOR METERING IN SMART GRIDS

Fig. 8. Sequence number technique to detect packet replay attacks. A packet

with a sequence number significantly different from the recent packets received
could indicate the presence of a packet replay attack.

E. Nonrepudiation
In the proposed approach, nonrepudiation can be achieved
by ensuring that customers and the smart meter use unique
keys for encryption, possibly after initial authentication using
preassigned publicprivate key pairs. Furthermore, the smart
meter would be required to keep a log of all communications
for a specified number of days. If either party files a complaint,
the logs can be used to trace back events. Regulations will need
to be enforced to ensure that the utility does not tamper with
these logs and are available for third-party investigations.
V. D ESIGN OF A C OMMON S ECURITY F RAMEWORK
AGAINST ATTACKS
In this section, we describe a common framework
SecureAMI that integrates all the solutions to possible attacks
on the HAN scenario. Subsequently, we discuss how this framework preserves customer privacy and deals with interference
from other wireless equipment in the vicinity.
A. Integrated Security Framework for HANs
An integrated framework for providing a secure HAN for
smart metering will need to address the security challenges
mentioned previously with a clear demarcation of responsibility
between the three entities involved: the smart meter that obtains
aggregate power consumption behavior from the network and
controls the load, the device that is requesting operation, and
the power outlet which represents the devices request to the
smart meter and executes control decisions.
Our integrated framework SecureAMI for HANs provides a
logical ordering of operation of the HAN with the integration
of various techniques to counter possible attacks. An overview
of this framework is shown in Fig. 9. Each devices request
for operation is sent electronically to the power outlet, if
capable, or manually entered by the customer. Upon receiving
such a request, the power outlet completes an authentication
exchange with the smart meter and sends a packet including the
details of the device that it is representing and the requested

517

Fig. 9. Overview of the SecureAMI framework for smart metering. The

overview shows how actions are executed at the three important entities: the
smart meter, power outlets, and devices.

operation. The device is not allowed to operate if authentication fails or if the smart meter finds the request to have
an invalid sequence number or any other means to detect a
replay attack. Jamming could be done when the power outlet
and smart meter are exchanging packets. In our SecureAMI
framework, the power outlet and smart meter move through
a predecided sequence of channels that make it very difficult
for an adversary to intentionally jam communications. Prior
work done for a pair of nodes that move through a sequence
of channels shows that reasonable throughput can be expected
from the network if the time spent on each channel is very
small [34]. The jammer has to keep guessing what channel
might be used for communication, presenting opportunities for
the communicating nodes. Our proposed approach outlined in
Section IV is similar but works between one coordinator and
many other nodes in the network. The fact that communication
throughput expectation in our smart-meter HAN scenario is low
reduces the impact of jamming significantly. Other techniques
like directional reception at the smart meter, as mentioned in
Section IV, could be employed as well.
Once the smart meter confirms that the requested operation
is from one of the customers equipment, it can allow device
operation based on the load profiling algorithm introduced
in the previous section. The load profiling algorithm serves
the dual purposes of controlling the load when necessary and
detecting device impersonation. Any decisions are then sent
as control messages to the power outlet, which then enforces
them to the device that it controls. A decision to reschedule can
lead to the request being queued at the power outlet for a later
attempt without customer intervention or have the customer
manually retry at a later time. All decisions taken by the smart
meter on requests from power outlets are logged for later review
if needed at the power outlet. These logs can help provide
nonrepudiation of actions in the network.
B. Progress Toward Meeting Security Objectives
Our authentication procedure, along with our defense
to packet replay attacks, is directed toward the objectives

518

of integrity and authentication. Here, we discuss how our

SecureAMI framework can help meet the remaining security
objectives defined in Section III-B.
In our SecureAMI HAN framework mentioned earlier, we
allow the utility to only have an aggregated view of the whole
residence to meet the objective of confidentiality. Load profiles of devices are checked by individual power outlets for
impersonation, leading to decisions on controlling the device.
Requests for device operation by a power outlet to the smart
meter present the loading pattern of the device to the latter.
Decisions are taken by the smart meter without involving the
utility except for collecting directions on how to handle loading
requests in any given time period. Any decisions taken by the
smart meter are then relayed to the power outlets which keep a
log of all decisions taken relevant to the equipment connected
to them. Power outlets are assumed to be tamper proof, and
their logs can only be read by the utility with permission from
the customer or through a trusted third party. If tampered
with, these units should be configured to disallow operation of
equipment until manually resolved by the utility in cooperation
with the customer.
If the smart-metering HAN uses an unlicensed band like the
2.4-GHz spectrum, it would need to consider the impact of
interference from other wireless equipment on those frequencies. Currently, this spectrum is shared by technologies like
Wi-Fi, Bluetooth, ZigBee, wireless USB, microwave ovens, and
cordless phones. Technologies like Wi-Fi and ZigBee have collision avoidance mechanisms built in at the medium access level
(e.g., carrier sense multiple access) to minimize impact of other
node operations of the same technology. However, interference
across technologies is more difficult to handle. The most likely
scenario of interference would be an access network based
on heavy-data-rate Wi-Fi impacting the HAN. This is where
our SecureAMI HANs channel switching function is useful
in moving communication to a frequency that has reduced
interference. Furthermore, directional reception capabilities of
smart meters will allow interference from other networks to
be limited to certain directions only. Current technologies like
ZigBee do not provide such automatic channel switching or
directional reception capability by default and require manual
configuration. The low data-rate requirements of the smartmetering application are also an advantage in reducing interference to other networks.
Interference and jamming attacks would be the primary
reason for reduced availability and delays in the HAN, and our
aforementioned description would help address these aspects
as well. As the smart-metering application in residences is
expected to be low data rate, impact of queuing delays and other
high-data-rate issues are not likely to have an impact. Issues
like power failures impact not only the network but also all the
devices that need to operate and hence need not be addressed
by our framework.
VI. E XPERIENCE W ITH P ROTOTYPE I MPLEMENTATION
Finally, this section will describe how the SecureHAN framework can be implemented using COTS hardware and what
challenges may exist. Special attention is given to interfacing

IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2, JUNE 2014

Fig. 10. Overview of the prototype implementation of the SecureHAN

framework.

a wireless communication module with an electric power load

to achieve the communication and control desired in a HAN.
A. Experimental Platform
The IEEE 802.15.4-compliant ZigBee-based MICAz motes
running TinyOS were used as communicating modules in the
HAN at smart meters and power outlets to which loads are connected. The MDA300CA, which is a MICA2 data acquisition
board designed for low-power wireless data acquisition, was
found suitable for the HAN implementation in this work as it
interfaces easily with the MICAz motes and can support heating, ventilation, and air conditioning instrumentation. MIB510,
a programming and serial interface board that facilitates the
flow of data from the mote to the PC and vice versa, was used
for data logging at the smart meter to keep track of events in the
HAN and provide nonrepudiation. Fig. 10 gives an overview of
the prototype design.
Activation and deactivation of loads through communication
from a smart meter were two of the fundamental implementation
challenges in realizing the proposed HAN model. An interface
circuit was built at the power outlet that translated incoming
commands from the communication module to excitation voltage. The excitation necessary for activating the power outlet
is controlled by the software with the help of MDA300CA.
Due to difficulty in finding MDA300CA drivers for TinyOS
2.1.1, TinyOS 1.x was used as the operating system on MICAz
motes. Fig. 11 shows the circuit diagram for the interface
between the communication module and the power outlet. A
light bulb was used as the load in this example but can be
replaced by other loads as well. A MICAz mote is mounted on
the MDACA300 and programmed to activate the 5-V excitation
pin on receiving an activation request from the smart meter. A
metaloxidesemiconductor field-effect transistor (MOSFET)5
was used in the implementation to amplify the output of the
5 MOSFET is a type of transistor which amplifies or switches electronic
signals.

NAMBOODIRI et al.: TOWARD SECURE WIRELESS-BASED HOME AREA NETWORK FOR METERING IN SMART GRIDS

519

C. Limitations
All packets were encrypted and then decrypted based on
the authentication mechanism specified earlier in this paper
and used a simple ceaser cipher at this time. The encryption
used must be much stronger in practice. The jamming attack
implementation and its solution were not implementable as
TinyOS1.x does not allow dynamic channel shifting at run time.
It can be expected that this can be done by using a higher
version of TinyOS with more capable hardware.6 Additional
work that can be done includes scaling up the implementation to
many appliances in a home with commodity smart meters available that are ZigBee capable. Additional scenarios that include
EVs should be considered as well, including the challenges to
predict and control such large stochastic loads.
Fig. 11. Circuit diagram of the interface between the communication module
and the power outlet/load.

MDA300CA excitation pin to drive the single-pole singlethrow (SPST) relay. SPST relays are used to provide isolation
between a low-voltage circuit and a high-voltage circuit.

B. Implementation Details
Most of the security solutions mentioned in the SecureHAN
framework were successfully implemented, but there were challenges as well.
A request packet from an appliance sent through the power
outlet to the smart meter had the following fields: device type,
pass key, sequence number, and power outlet identification
(ID). The response packet from the smart meter has only an
activation field and a time duration field. An activation value
of 0xFFFF signified that the device could be activated with the
corresponding time duration field having the value of NULL.
A 0x0000 value in the activation field signifies that the device
connected to the power outlet cannot be operated at that time.
The time field value denotes the delay after which the outlet
can repeat the request. If device operation is allowed, the power
outlet requests a stored load profile of the device from the smart
meter according to the load profiling algorithm in Fig. 7 which
it can use to compare loads. The current implementation just
uses a simple comparison of the peak power consumed by the
load and has left the development of the load profile signature
comparison algorithm for future work.
The power outlet ID uniquely identifies an appliance connected to it from the smart meters perspective. The sequence
number in the packet is tracked in the smart meter for every
device in an array data structure to prevent replay attack. The
device type field is used to communicate what group the load
belongs to; in the implementation, only group 2 and 3 loads
in Fig. 1 were specified since group 1 loads do not need to
request activation, and group 4 loads were not considered in
this work. Every packet exchanged between a transmitter and a
receiver has a pass key field whose value can be configured by
a customer. The receiver decrypts the packet and authenticates
the packet by validating this pass key.

VII. C ONCLUSION AND F UTURE W ORK

This paper has presented the first secure framework for smart
metering in a wireless-based HAN scenario toward building
an advance metering infrastructure for smart grids. Such a
framework was built by first examining the communication
requirements for AMI in the HAN scenario and studying the
security challenges that had to be addressed. This work defined
the security objectives to be met and outlined possible attacks
that are possible. Solutions to vulnerabilities identified were
integrated into a common framework involving the utility and
customers and their equipment that can be utilized to build
secure HANs in future. Through a prototype implementation,
we tested the ability to implement some of the countermeasures
proposed in this paper on COTS hardware. Although more
threats are possible as this application scenario matures, we
believe that the foundation laid by the framework can be useful
for adding new solutions to emerging threats.
ACKNOWLEDGMENT
The authors would like to thank Dr. V. Aravinthan, Wichita
State University, Wichita, KS, USA for his help with their prior
work in this area that laid the foundation of this work.
R EFERENCES
[1] U.S. Dept. of Energy. (2007). What the Smart Grid Means to Americans,
Washington, DC, USA, Tech. Rep. [Online]. Available: http://energy.gov/
sites/prod/files/oeprod/DocumentsandMedia/ConsumerAdvocates.pdf
[2] F. Derbel, Trends in smart metering, in Proc. 6th Int. Multi-Conf. SSD,
Mar. 2326, 2009, pp. 14.
[3] W. Sweet, The smart meter avalanche, IEEE Spectr., Oct. 2009.
[4] Going green with AMI and Zigbee smart energy, Los Altos, CA, USA,
White Paper, 2008.
[5] C. Bennett and D. Highfill, Networking AMI smart meters, in Proc.
IEEE Energy 2030 Conf., Nov. 2008, pp. 18.
[6] F. Cohen, The smarter grid, IEEE Sec. Privacy, vol. 8, no. 1, pp. 6063,
Jan./Feb. 2010.
[7] Securing the smart grid, San Jose, CA, USA, White Paper, 2009.
[8] R. Shein, Security measures for advanced metering infrastructure components, in Proc. APPEEC, Mar. 2010, pp. 13.
[9] C. Bennett and S. Wicker, Decreased time delay and security enhancement recommendations for AMI smart meter networks, in Proc. ISGT,
2010, pp. 16.
6 Note that TinyOS1.x was preferable due to its easy compatibility with
the MDA300 module; by upgrading an alternative solution to interfacing to
MDA300 would need to be found.

520

[10] L. AlAbdulkarim and Z. Lukszo, Information security implementation

difficulties in critical infrastructures: Smart metering case, in Proc.
ICNSC, Apr. 2010, pp. 715720.
[11] F. Cleveland, Cyber security issues for advanced metering infrastructure
(AMI), in Proc. 21st IEEE Power Energy Soc. Gen. MeetingConvers.
Del. Elect. Energy Century, Jul. 2024, 2008, pp. 15.
[12] A. Metke and R. Ekl, Security technology for smart grid networks,
IEEE Trans. Smart Grid, vol. 1, no. 1, pp. 99107, Jun. 2010.
[13] C. Bennett, B. Brown, B. Singletary, D. Highfill, D. Houseman,
F. Cleveland, H. Lipson, J. Ivers, J. Gooding, J. McDonald, N. Greenfield,
and S. Li, AMI System Security Requirements, Utility Commun. Arch.
Int. User Grp. (UCAIUG), Raleigh, NC, USA, UCAIUG: AMI SEC
ASAP, Dec. 2008.
[14] R. Vines, Wireless Security Essentials: Defending Mobile Systems From
Data Piracy. Hoboken, NJ, USA: Wiley, 2002.
[15] P. Yi, A. Iwayemi, and C. Zhou, Frequency agility in a ZigBee network
for smart grid application, in Proc. ISGT, Jan. 2010, pp. 16.
[16] R. Currie, G. Ault, R. Fordyce, D. MacLeman, M. Smith, and
J. McDonald, Actively managing wind farm power output, IEEE Trans.
Power Syst., vol. 23, no. 3, pp. 15231524, Aug. 2008.
[17] A. Bose, Smart transmission grid applications and their supporting infrastructure, IEEE Trans. Smart Grid, vol. 1, no. 1, pp. 1119, Jun. 2010.
[18] D. Das and D. Divan, Power flow control in networks using controllable
network transformers, in Proc. IEEE Energy Convers. Congr. Expo., Sep.
2009, pp. 22242231.
[19] B. Russell and C. Benner, Intelligent systems for improved reliability and
failure diagnosis in distribution systems, IEEE Trans. Smart Grid, vol. 1,
no. 1, pp. 4856, Jun. 2010.
[20] S.-W. Luan, J.-H. Teng, S.-Y. Chan, and L.-C. Hwang, Development of
a smart power meter for AMI based on Zigbee communication, in Proc.
Power Electron. Drive Syst., Nov. 2009, pp. 661665.
[21] A. De Almeida and E. Vine, Advanced monitoring technologies for the
evaluation of demand-side management programs, IEEE Trans. Power
Syst., vol. 9, no. 3, pp. 16911697, Aug. 1994.
[22] K. Moslehi and R. Kumar, A reliability perspective of the smart grid,
IEEE Trans. Smart Grid, vol. 1, no. 1, pp. 5764, Jun. 2010.
[23] B. Heile, Smart grids for green communications [industry perspectives],
IEEE Wireless Commun., vol. 17, no. 3, pp. 46, Jun. 2010.
[24] A. Snyder and M. Stuber, The ANSI C12 protocol suiteUpdated and
now with network capabilities, in Proc. Power Syst. Conf., Adv. Meter.,
Protect., Control, Commun. Distrib. Resourc., Mar. 2007, pp. 117122.
[25] P. Behr, Do smart meters mean smart electricity use? Sci. Amer., New
York, NY, USA, Tech. Rep., Sep. 10, 2010.
[26] H. Sui, H. Wang, M.-S. Lu, and W.-J. Lee, An AMI system for the
deregulated electricity markets, IEEE Trans. Ind. Appl., vol. 45, no. 6,
pp. 21042108, Nov. 2009.
[27] PG & E leads the nation in smartmeter deployment, PG & E Corp., San
Francisco, CA, USA, 2009, Retrieved on: Aug. 20, 2010.
[28] Southern company reaches milestone in smart meter program with
1 million installations, Southern Company, Atlanta, GA, USA, 2009,
Retrieved on: Aug. 20, 2010.
[29] Your meter is about to get smarter, Georgia Power, Atlanta, GA,
USA, 2009, Retrieved on Aug. 20, 2010. [Online]. Available: http://
www.georgiapower.com/residential/products-programs/smart-meter/
pdfs/smartmeter.pdf
[30] J.-M. Bohli, C. Sorge, and O. Ugus, A privacy model for smart metering,
in Proc. IEEE Int. Conf. Commun. Workshops, May 2010, pp. 15.
[31] J.-S. Lee, Y.-W. Su, and C.-C. Shen, A comparative study of wireless
protocols: Bluetooth, UWB, Zigbee, and Wi-Fi, in Proc. 33rd IEEE
Annu. Conf. Ind. Electron. Soc., Nov. 2007, pp. 4651.
[32] IEEE Standard 802, Part 15.4: Wireless Medium Access Control (MAC)
and Physical Layer (PHY) Specifications for Low Rate Wireless Personal
Area Networks (WPANs), IEEE Std. 802.15.4, 2003.
[33] T. Godfrey and C. Rodine, Unified metrics for management of smart grid
home area networks, in Proc. IEEE Int. Conf. Commun. Workshops, May
2010, pp. 15.
[34] V. Navda, A. Bohra, and S. Ganguly, Using channel hopping to increase
802.11 resilience to jamming attacks, in Proc. IEEE INFOCOM, 2007,
pp. 25262530.
[35] The Network Simulator NS-2. [Online]. Available: http://www.isi.edu/
nsnam/ns/
[36] A. Shamir, On the generation of cryptographically strong pseudorandom sequences, ACM Trans. Comput. Syst., vol. 1, no. 1, pp. 3844,
Feb. 1983.
[37] National Institute of Standards and Technology (NIST), Cryptographic
Toolkit, Gaithersburg, MD, USA, Retrieved on: Sep. 25, 2010. [Online].
Available: http://csrc.nist.gov/groups/ST/toolkit/index.html

IEEE SYSTEMS JOURNAL, VOL. 8, NO. 2, JUNE 2014

Vinod Namboodiri (M03) received the B.E. degree in instrumentation and control engineering from
Gujarat University, Ahmedabad, India, and the M.S.
degree in computer science from the University of
North Carolina, Charlotte, NC, USA.
He is currently an Assistant Professor with the
Department of Electrical Engineering and Computer Science, Wichita State University, Wichita,
KS, USA. He is an Active Reviewer for numerous
journals and conferences in the mobile computing
and green computing areas, including smart grids.
His research interests include designing algorithms and protocols for energyintelligent and sustainable computing, and designing an effective communication architecture for smart electric grids.
Prof. Namboodiri has served or is currently serving on the Technical Program
Committees of IEEE INFOCOM, IEEE International Conference on Smart
Grid Communications, IEEE Global Communications Conference, IEEE International Conference on Communications, IEEE International Performance,
Computing, and Communications Conference, and IEEE GREENCOM.
Visvakumar Aravinthan (M03) received the B.Sc.
degree in engineering and the M.Sc. degree in electrical engineering from the University of Moratuwa,
Moratuwa, Sri Lanka, in 2002 and 2005, respectively, and the M.S. and Ph.D. degrees in electrical
engineering from Wichita State University, Wichita,
KS, USA, in 2006 and 2010, respectively.
He is currently an Assistant professor with the
Department of Electrical Engineering and Computer Science, Wichita State University, Wichita,
KS, USA, where he teaches electric power system
courses. He performs research in smart distribution systems, power system
reliability, integration of distributed energy sources, and electric vehicles.
Surya Narayan Mohapatra received the B.E. degree from Biju Patnaik University of Technology,
Bhubaneswar, India, and the M.S. degree in computer networking from Wichita State University,
Wichita, KS, USA.
He is currently a Software Engineer with the Substation Automation Team, Connected Energy Network Business Unit, Cisco Systems, San Jose, CA,
USA. He is currently working on designing and developing networking devices for smart grid market.
He has worked in developing networking protocols
for embedded system platform for several years.
Babak Karimi (S10) received the M.S. degree in
information technology from Amirkabir University
of Technology, Tehran, Iran, in 2008 and the M.Sc.
degree in computer networking from Wichita State
University, Wichita, KS, USA, in 2012, where he is
currently working toward the Ph.D. degree, working
on application of wireless communications in the
smart grid.
He is actively involved in research areas such
as designing architecture for smart grid communications and solving problems related to advanced
metering infrastructure and data concentration along with its security and
privacy issues.
Ward Jewell (M77F03) received the B.S.E.E.
degree from Oklahoma State University, Stillwater,
OK, USA, in 1979, the M.S.E.E. degree from Michigan State University, East Lansing, MI, USA, in
1980, and the Ph.D. degree from Oklahoma State
University in 1986.
Since 1987, he has been with Wichita State University, Wichita, KS, USA, where he is currently a
Professor of electrical engineering. He is the Wichita
State Site Director of the Power System Engineering
Research Center (pserc.org). His current research
interests include advanced energy technologies and climate change as it affects
the electric energy system.