Smart meter networks are part of the critical infrastructure and therefore central to IT security consideration. Besides various forms of access control a permanent monitoring of the network traffic is of utmost importance to the detection of malicious activities taking place. Such monitoring must happen in real time and should possibly be implementable everywhere in the network. These requirements do not allow for the decryption of the network traffic. The paper describes a method by which network packets can be assigned to use cases common in smart meter infrastructures without the need for decryption. It is based solely on metadata and reliably can establish the relationship between a network packet and a use case. The information calculated with this method can be used to detect packets that are not pertaining to any of the allowed use cases and hence are highly suspicious. Moreover, the execution of use cases not initiated by the central server become evident, too, and should raise corresponding alerts. The method was implemented as a proof-of-concept and tested in the real-world environment of a medium-sized city.

Top