Security Testing Home Area Networks (HANs)


Background: Home Area Network (HAN), the consumer level Smart Grid communication is based on the wireless technologies like Wi-Fi and Zigbee. Use of the wireless technologies is most often wide open to the cyber attack. The security is totally dependent on the device level protection that are been provided during manufacture. No further precaution is taken by the utility company to give extra security to such devices. The questions on security issues of smart grid are being arisen, but not much research is done on these issues.

Aim: The aim of the project is to perform security test in HAN network and find the possible security threats.

Methods: For security analysis the method adapted will be the steps provided as mention by Open Source Security Testing Methodology Manual [OSSTMM] with some variation in way of making attack. Alternatively, for Zigbee specific devices, KillerBee framework will be the options. This framework is specially designed to security analysis of the Zigbee devices.

Result: From the test there is possibility of find some successful attack like jamming, packet capturing and packet replay. Other results like packet snooping, taking direct and control of home appliance may be possible.

Conclusion: The security test on smart meter is necessary as it is the only portal that decides the security in the HAN.


With the increase in the demand of the electric power, the proper management of the electricity is very important. For this propose the smart grid technology plays vital roll. Smart grid is the technologies build with two main infrastructures; Electrical and the communication technology. The communication technology is used to monitor the electric uses on the consumer ends. Smart grid not only supports the electrical energy but also for other appliances, for instant gas and water system.

The communication system in smart grid uses the wireless technology to provide the communication between consumer ends to the utilities provider. The use of the wireless technology is the best feasible, communication method compare to other wired or optical fibre. The wireless technology implementation reduces the cost, maintenance efforts and the communication hierarchy from the consumer level to utilities can be adjusted according to the need. The level of the hierarchy may be in sequence as Home Area Network (HAN), Neibhiourhood Area Network NAN, Wide Area Network (WAN) and any internet connection (mostly Fibre optic). There may be HAN to WAN connection only with no NAN. But is any case the consumer level Network is there.

Though the use of the wireless technologies has may advantage, it wide open to the cyber attack. Limiting the focus to the HAN, that is, consumer level network, security issues varies. The variations of the security in HAN are due to lack of standardization of encryption scheme system components. Furthermore, in HAN there is no specific wireless technology implement. The different wireless technologies like Wi-Fi (802.11 standards), Zigbee (802.15.4 standard) and Bluetooth are used. The utility companies have taken no extra precaution about security this and relay on the security provided by these wireless technologies. And as already know there are many threats related to these technologies in the term computer network systems.

As the first impact of threat is directly related to the consumers as the entry point of attacker is HAM. There is need of the analysis of these possible threats impact on Smart grid technology.


In a home there are various appliances used. To monitor and read the energy consumption of these appliances, communication is established between appliances and the monitoring and data reading device like Smart Meter. Typical scenario of such communication is shown in Figure 1.

The smart meter being the bidirectional communicating device is able to receive and transfer the information. This smart meter acts as potral for utility company to appliances installed on home. Using the smart meter the utilities company get the information about the consumption of energy and can even control the home appliances. This two way communication of the smart grid may allow an attacker to give entry to the home appliances and to collect data read by smart meter. [1]

2.1 Security Issues

The security issues according objectives in HAN wireless network can be classified as[2][3]

  1. Confidentiality: This means, except the consumer and the utility office, no other third person can get access to the data collected by smart meter and view the current status of the appliances. If such data goes to wrong hand, by analysis the nature consumptions of energy one make physical damage, like breaking into house by finding that at particular time, the security alarm is disable or finding that no one is in the house for some days.
  2. Integrity: This means that data being send should be secured so that it could not be modified in on its way. If this happens there may be change of terrible accident while AMI try to communicate and control the appliances. For instance the utility office send the message to switch of the heating system but the attacker modified the message and set the cooking gas on and food kept on gas over burn which make fire alarm on.
  3. Authentication: Authentication in this scenario means, no other appliances or device, except those assigned by the consumer’s, can communicate to the smart meter. If an attacker can connected to such device. He can temper the appliances inside the house.
  4. Availability: This means that network services should be available any time when needed. If the system is not available when need. It can cause the serious problem to the consumer. For instant, consumer has set the water heater on and went out. To switch of the heater from remote place, he could not get the connection due to non availability of the communication. This could just over heat the system and accident may occurs.
  5. Time Sensitive:Time sensitive is same like availability but for the messages which are to be deliver at that instant. While sending the time –sensitive message, the message must reach to the destination within specific tolerable time frame. Any delay over tolerable time frame is no use.

2.2 Attacks on Basis of Security Issues

Typically, the attack that can be performed on wireless network is shown Figure 2.

Figure 2: List of Attack in Wireless scenario

The attacks are classified into two major group; remote attacks and local attacks. The remote attack that makes use of weakness of routing mechanism and multi-hop nature of network is not possible in case of HAN network. Hence, the scope of attack is narrowed within the local attacks, that is, making attack by connecting directly to smart meter.

To make attack on such device is much different than that of attacking other wireless network.

Some scenario of the type of attack is explained below.[2]

  1. Jamming: Jamming is like a Denial of Service (DoS) attack in which the attacker send the deliberate signal on shared medium by sending the continuous packet with much higher speed. The Jamming attack is only possible if the packet form the sender can be decoded.
  2. Replay Attack: Replay attack is the scenario in which the attacker captures packets of message and replays it again and again. For instant the utility office send message to increase 10 degree Celsius of the temperature. If a attacker capture the message and replay it 10 times the condition is raise in temperature 100 degree Celsius
  3. Tempering: Tempering device is another way of attack. For such type of attack the device is access physically. Reverser engineering also come under tempering of device. This case is not considered on the test scenario due to ethical issues.


The there is no well developed methodology for the attacking such type of the network. But being Wireless technology, the general methodology as given by Open Source Security Testing Methodology Manual [OSSTMM] will be followed.

  1. Information Gathering: In this phase, using all the possible technical or non-technical information about the target is gathered by using internet. Like in case of Zigbee devices the source code is available.
  2. Scanning: In scanning, identification of target device is done. In this case smart meter is the target.
  3. Vulnerability Identification: Since smart meter is two way communication there must be way to enter the through the device. This step target is to find out the way by which the utility office communicates with home appliances.
  4. Exploit: After discovering the vulnerabilities, next step is to gain unauthorized access to the smart meter.

Other steps like maintaining access, gaining access (smart meter) and covering track as mentioned on OSSTMM and ISSFA methodology is not possible. This is because of the nature of device. We cannot store any data on the device as program is embedded on the microchip. Making changes in smart meter is only possible through the microcontroller device and need to be attached physical.

Alternatively, there is an open framework called “KillerBee” for the Zigbee implemented devices. This framework is much different than OSSTMM or any penetration methodology in general. KillerBee is linux base framework and use python as programming platform. The source code are available and is permitted to change or add as requirement. The requirement of this framework are as follow:[4][5]

  1. Software Requirement: The dependency files that are need to run the framework is to be installed in advance. The dependency files are crypto, usb, pygtk and cairo. These files are of python modules. Also AVR Studio and KillerBee Firmware are required to program the hardware. These both software are free.
  2. Hardware Requirement: Two Atmel RZ Raven USB stick and a Atmel JTAGICE mkII On-Chip Programmer are the hardware requirement.

The first methodology that is chosen is the based on the common penetration testing. And this methodology is chosen on the basis that it is a wireless technology. All the consideration done is the theoretical possibilities. There may be possibility that no attack can be made using the general tools for the smart meter.

The alternative framework choice is the specially designed for the Zigbee devices. And there is a lot that can be done using this framework in smart grid for Zigbee implemented smart grid. The features that are provided in the KillerBee framework are packet sniffing from the air interface, packet capture, arbitrary packets injection and replay the capture files.


Though the smart grid has many benefits, the main concern should always be the consumer’s security. For this purpose the need of the security analysis of Smart grid is must. The needs of consumers in term of primary security are confidentiality, integrity, and availability. The security issues authentication and time sensitive add the extra security to primary security concern. The types of attacks that can be employed to hinder these issues HAN level are internal attacks on the smart devices and its communication channels.

To achieve, this objective there is no perfect framework. The assumption is made that the nature and way off attack is same like what were found on the wireless technologies. Special case of the Zigbee is considered in which the KillerBee framework could be implemented. It is hard to predict the outcomes of the test that will be carried out.

Cite This Work

To export a reference to this article please select a referencing stye below:


Leave a Reply