Abstract
Smart meters are now being aggressively deployed worldwide, with tens of millions of meters in use today and hundreds of millions more to be deployed in the next few years. These low-cost (?50) embedded devices have not fared well under security analysis: experience has shown that the majority of current devices that have come under scrutiny can be exploited by unsophisticated attackers. The potential for large-scale attacks that target a single or a few vulnerabilities is thus very real. In this paper, we consider how diversity techniques can limit large-scale attacks on smart meters. We show how current meter designs do not possess the architectural features needed to support existing diversity approaches such as address space randomization. In response, we posit a new return address encryption technique suited to the computationally and resource limited smart meters. We conclude by considering analytically the effect of diversity on an attacker wishing to launch a large-scale attack, showing how a lightweight diversity scheme can force the time needed for a large compromise into the scale of years.
| Original language | English (US) |
|---|---|
| State | Published - 2010 |
| Event | 5th USENIX Workshop on Hot Topics in Security, HotSec 2010 - Washington, United States Duration: Aug 10 2010 → … |
Conference
| Conference | 5th USENIX Workshop on Hot Topics in Security, HotSec 2010 |
|---|---|
| Country | United States |
| City | Washington |
| Period | 8/10/10 → … |
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality