Beruflich Dokumente
Kultur Dokumente
The easiest way to determine the amount of non- theft resistant but they are capable of minimizing the
technical losses (NTL) is by merely calculating the tech- number of theft cases due to their immunity against
nical losses (TL) in the system & subtracting it from traditional electricity theft methods as well as the real
total losses (TD). time monitoring of data between the utility companies
We can evaluate it as follows: and the consumers.
Due to the complex architecture and large attack
NTL = Total Energy Losses (TD) - TL (1) surface of Advanced Metering Infrastructure (AMI), S-
mart Meters are vulnerable to tampering thereby re-
Total Energy Losses = Energy Supplied - Bills paid quiring effective theft prevention & detection techniques.
(2) In this paper, we present a survey of available energy
theft detection techniques.
Some of the losses such as TL are unavoidable. The
energy theft in India is majorly due to unmetered usage
of electricity. The concept of Transmission and Distri-
bution (TD) losses has been extended further to Aggre-
gate Technical & Commercial losses (AT&C). 2 Meter Tampering Methodologies
AT &C Losses = 1 − (BE × CE) × 100 (3)
There are various mechanisms through which an ad-
T &D Losses = 1 − (BE) × 100 (4) versary can tamper Smart Meters. Methods of meter
Where tampering can be divided into four classes:
Billing efficiency (BE)=
– Current related tampering methods
Total unit Billed / Total unit Inputs (5)
– Voltage related tampering methods
Collection efficiency (CE)= – Mechanical tampering methods
– Tampering by hacking and altering the memory
Revenue collected / Amount Billed (6)
TD loss is the difference in input energy and energy A summary of mechanisms that are generally used to
billed. There is no account for the losses arising due to tamper smart meters is presented in this section.
low collection. AT&C loss is the difference in input en-
ergy and energy for which revenue has been collected.
Simply stated AT& C Loss can be aggregated as:
Fig. 1 A Visual Representation of State-wise AT&C Losses (%) for the period Apr’14-Mar’15, According to catalog available
on Open Government Data Platform (OGD),India.[15]
2.6 Partial Earth Fault Condition Along with the adoption of new technologies such as
smart grid, a new era of attacks are expected to e-
It is a tampering method in which the load is connected merge. The government and the utilities are now be-
to the earth due to which the return current going back coming aware of these scenarios and are taking steps
to the meter is reduced. This generates a difference in towards mitigating next generation of threats. Rapid
the current flow in the neutral wire & phase wire leading developments in the AMI has attracted the attention of
to current in neutral wire become less than the current researchers from various organisations across the globe
in the phase wire. Under normal conditions, the current and a variety of approaches have been proposed to curb
in the phase wire and the neutral wire is equal. the menace of electricity theft. In this section we will
A Survey of Energy Theft Detection Approaches in Smart Meters 5
provide a survey of the available approaches for energy such as consumption, profile, and external information
theft detection. along with other parameters is used to design the pro-
file. In general, fraud identification is formulated as a
classification problem which utilizes supervised learning
3.1 Game Theory Based Detection Technique approach over the historical dataset of fraud cases that
occurred in the past [1]. The main criterion for evalu-
In this technique the stealing of electricity is represent- ation is the (Odds Ratio) OR. OR may be computed
ed as a game sandwiched between the electricity thief between the falsified clients and the non-falsified clients
and distribution utility. It is a model projected on the known as ORPN, or between the falsified clients against
concept of game theory where the main objective of the all the clients not incorporated in any campaign, called
electricity thief is to whip a predetermined quantity of as ORPG. The ratios based on some of the features ob-
electricity and at the same time minimizing the possi- tained from the campaign are mentioned in Table I in
bility of being identified, whereas the electricity utility [1]. Based on probability a fraud score is computed for
desires to maximize the chance of detection and the each customer according to which the customer can be
level of operational cost it will sustain in administer- summarized as Fraudulent, Non-fraudulent and Absent.
ing this anomaly recognition operation [5]. However it However this methodology has performance challenges
still remains a challenge to construct a potential game in scenarios where rate of campaigns is excessively high
plan and all players that includes regulators, thieves, or the size of campaigns is on a large scale.
and distributors. Moreover, game theory is based on
assumption that the number of players participating in
the game are finite. In country like India which is one of 3.3 Linear Error Correction Block Codes
the largest in terms of population, equipping smart me-
ter in every household simply means a drastic increase Linear error-correcting block codes have a linear de-
in number of players which makes game theory difficult pendency between the bits of input message and the
to implement. parity bits. In other words the resultant of sum of any
two codewords is also a codeword. At the receiving end
these bits are utilized to detect and correct errors in
3.2 Supervised Learning Approach the transmission. A computation the total amount of
power in distinct combinations of the cables is comput-
In this approach load profiles for each customer is de- ed repetitively and then these readings are utilized to
veloped based upon the historical data which is used detect and correct errors in the meter readings [2]. In
as a classifier dataset. A pre-selection is made on the this approach the concept of syndrome decoding is ap-
subset of smart meters which are straightforwardly con- plied where a generator matrix (G) is used by sender to
firmed by the technicians within a specified region & generate the codeword and decoding matrix, also called
time. This process is carried out by the utility com- parity check matrix (H) is used by the receiver to detec-
pany and is referred to as campaign [1]. Information t and correct the errors. If G.H = 0, then the received
6 Divam Lehri1 , Arjun Choudhary1
codeword is correct. In case G.H 6= 0, we can determine in . The power consumption values along with other
the error using the position of non zero bit and correct instantaneous measurements are aggregated and sent
it. Additional meters, called check meters are used to back to the utility repeatedly after a fixed interval of
detect and correct single bit errors in meter readings. 30 minutes for calculation of NTL. Based on the thresh-
It is assumed that there are M check meters , which old value of NTL cases are classified as theft and non
are capable of computing the sum of energies of desired theft. Whenever NTL estimate is more than the thresh-
cable combinations [2]. However this Linear block code old value, it is assumed that there is a power theft in
detection mechanism is prone to magnetic interference the user group. Data from the first two days (no theft)
and can only detect that there is an error but could not is used to train the predictive model.
identify the actual meter on which the error exist.
as manufactured along with new meters. The module is different from other approaches as it classifies not
uses GSM network for communication which is already only suspected users but also classifies users without
well established in India. technical losses. Data mining is performed for fault &
theft sensing and to analyse load profiles of individual
customers. The neural network is trained with multiple
3.8 AMIDS Framework methods. Different neural network topologies are de-
veloped and at end of training the root mean square
Advanced Metering Infrastructure Intrusion Detection (RMS) value for each model is computed. The model
System (AMIDS) is a framework developed using an a- with minimum RMS value is presented as final neural
malgamation of variety of approaches for detection and network.
reporting of energy theft in smart meters. An attack
graph-based data fusion algorithm is used by AMIDS
to merge artefacts of ongoing attacks from numerous 3.11 Measuring Voltage Drop Between Smart Meters
sources [8]. The attack graph so composed is a directed
graph based on state which consists of different stages This approach shows that size of the voltage drop be-
from initial to final. To achieve information fusion on- tween two smart meters can be of great use to re-
line, the attack graph is considered as a Hidden Markov duce and identify unauthorized consumption.The con-
model (HMM). AMIDS make use of both a supervised cept is to seize data from the meter (voltage and power).
methodology that can compute individual application The condition is that transformer should be powered
usage and an unsupervised methodology that learns by by more than two consumers, because detection of u-
clustering load events. AMIDS takes into account nu- nauthorized spending is done by comparing the fall of
merous information sources to collect adequate amount voltage of each measuring point to the transformer. If
of evidence regarding an on-going attack prior to iden- the consumer is illegally connected to the front of the
tifying an action as a malicious energy theft. counter (meter) a drop of voltage will occur. [24]
[26] . FNFD utilizes linear functions to simulate the be- and UART are the most common debug ports and we
haviour of adversary. The main advantage of FNFD as can easily identify them by monitoring the voltage lev-
compared to other schemes are that it requires much els using a multimeter or with the help of oscilloscope.
less data and supports NTL fraud verification,a unique Once debug ports are identified we will start interact-
feature that is not available in other schemes & it is ing with the device by making connections between the
much faster than the other similar frameworks. debug ports and any USB bridge. USB bridge will pro-
vide us with the capability to interact with the device
through console and finally we will begin the process
4 Proposed Work of extracting data\firmware from the device. We will
modify the data dump that we acquired and rewrite
All the existing works available on energy theft detec- it to the device such that we can manipulate the de-
tion in smart meters are dealing only with types of vice. In continuation to this paper we will be showcas-
thefts where by some means either phase or neutral ing this kind of meter tampering using the these men-
wires were swapped or removed which led to significant tioned method alongwith the experimental results. We
change in the voltage or current values or due to billing will also propose mitigation measures for such type of
irregularities. Our work extends the existing approach- chip level energy theft approach such as assembly code
es to a new threat scenario where theft detection in obfuscation.
smart meter occurs due to tampering of the hardware
chip of the meter itself. Our approach is mainly con-
cerned with the chip level tampering of smart meter-
s. An adversary could Reverse engineer the meter and
obtain the low level assembly instructions of the me-
ter. Further Disassembling of the smart meter could be 5 Conclusion
done,thereby attempting to read the firmware direct-
ly from the chip. Obtaining of the low level assembly Curbing the energy theft menace is a huge concern for
instructions would reveal the hardcoded cryptograph- the governments and utilities. The scope of tampering
ic keys among other sensitive information that can be comprises of straightforward techniques like controlling
used in later attacks. Moreover, by exploiting the low live or neutral wires to more grave ones like retriev-
level assembly code the adversary could alter the con- ing device firmware. Appliances like smart meters are
sumption readings. The common methods of exploiting part of critical infrastructure and any compromise to it
the hardware chip includes: would be causing chaos in the power sector and huge
loss of revenue to the government. Most of the critical
– Logical Analyzer
infrastructure devices are procured from global sources
– Circuit Bending
and may come pre installed with hardware backdoors.
– JTAG Method
Adversary can also intrude through the weakest point
– Hacking Over UART
in the supply chain and compromise the device by in-
The Logical Analyzer is an instrument which sniffs the stalling hardware backdoor. This shows that attackers
signals when placed on different test points on the cir- are now moving down the stack from application lay-
cuit board thereby revealing potential information that er attacks to embedded hardware of the devices.The
could be interpreted into something useful, adding or tools required to carry out physical attacks are also
removing circuit components such that the functionali- proliferating and becoming inexpensive. Such scenarios
ty of the circuit is effected,also known as Circuit Bend- call for importance to hardware level security which is
ing and using Joint Test Action Group (JTAG) method not usually considered as important as application lev-
to read full memory hex dump. el security. Organisations need to reshape their security
We will begin with exploring the embedded hardware approach from the viewpoint of an attackers and con-
of the smart meter, examining individual components duct red team assessments to enhance security of the
present on the circuit board. To get a better under- assets. In recent years, the advancement of smart grid
standing of the working of each component we will and adoption of smart meters has called for proposals
probe the datasheets associated with each component. from industry, Universities and governments to tackle
Extending our approach further we will examine the in- the vulnerabilities existing in the AMI. In this paper we
terconnections between different components using mul- have classified various ways of energy theft and detec-
timeter. This will provide us insight of how data & sig- tion techniques along with there challenges. However it
nal transmission is taking place on the device. Now we still remains a fresh topic and has a lot of room to be
will hunt for debug ports present on the device. JTAG worked upon in future.
A Survey of Energy Theft Detection Approaches in Smart Meters 9
31. Yip, S. C., Wong, K., Hew, W. P., Gan, M. T., Phan,
R. C. W., Tan, S. W. (2017). Detection of energy theft
and defective smart meters in smart grids using linear re-
gression. International Journal of Electrical Power Energy
Systems, 91, 230-240.
32. U.S. Energy Information Administration - Eia - In-
dependent Statistics and Analysis, available at http-
s://www.eia.gov/todayinenergy/detail.php?id=23452
33. Securing the smart grid of tomorrow, https://segrid.eu/
34. Glossary of terms- National Power Portal, http-
s://npp.gov.in/glossary