
Outsmarting the smart meter - lelf
http://honeynet.org/node/1179
======
PhantomGremlin
I'm saddened by the naïveté (or perhaps it's simple incompetence) of the smart
meter manufacturers. Why isn't all communication encrypted? Why doesn't each
meter have a unique public/private key pair associated with it? That way even
if a key was extracted from a meter, it wouldn't be possible to use that key
to access any other meter. It's not like there's a shortage of 1024-bit
primes. Each meter in the world can have a unique 2048-bit key.

Maybe this isn't important for initial deployment. Maybe each meter is simply
read-only. But, eventually, I think utilities want to be able to signal to the
meter and associated devices in the house when to turn on and turn off. E.g.
temporarily shut off air conditioning during a demand peak. I don't want some
random hacker in another continent communicating with my meter, either for
malice or for lulz.

Anyway, that's just my simple view on how things should be done. Obviously the
real world isn't nearly as paranoid.

~~~
jgamman
as far as i can tell the ability to manage financial risk of non-payment is
the business driver for smart meters despite the rhetoric of 'smart'.
electricity companies hate the fact that you consume energy and then get
billed in arrears since obviously some people can't/won't pay. smart meters
let you move instantly to a pre-pay plan where the risk moves from the
provider to the user... it's also a more graceful method of cutting people off
- you can just transition to a pre-pay method with a fixed credit limit so
that it's clear what is going to happen when you get to zero - this is useful
if there are follow-on liabilities ie, people depend on power if they have
medical needs etc

~~~
enjo
From my experience (I work in this industry) the biggest driver is definitely
billing, but not quite what you picked out.

What providers really want is to move to tiered and time-of-use pricing across
the entire grid. Most utilities already do this with the various commercial
tariffs, but that only accounts for about 40% of the total grid. All of us, in
the near future, will be paying rates that vary by how much we use AND (more
critically) WHEN we use it.

It's not really something to fear, for a lot of people this is going to mean
lower utility bills in general. For the folks running swimming pools and the
like, things are probably going to get a bit more expensive.

This is a great place for startups, btw. There are a lot of interesting
opportunities around helping people make sense of the changing landscape
surrounding utility billing.

------
fiatmoney
If I were designing secure SCADA protocols, the first thing I'd think of is
the ways in which we communicate with submarines. Are any of those protocols
public?

~~~
dsl
Submarines communicate using extremely low frequency radio transmissions to
penetrate water. They have a bandwidth of 2-3 characters per minute, so the
messages are almost exclusively orders to surface and switch to standard
satellite based communications. Oh, and the transmitter requires a very unique
piece of land with low ground potential that only exists in a dozen or so
places worldwide.

Completely impractical for SCADA systems. :)

~~~
stevenrace
I'm really interested in learning more about underwater ULF - can you point to
any keywords, papers, or milspec prefixes to read up on?

I've explored all the ISM bands - I just want to play with something even
slower/longer range whilst sailing (in international waters, of course :)).

~~~
jmah
There a little here:
[http://en.wikipedia.org/wiki/Communication_with_submarines](http://en.wikipedia.org/wiki/Communication_with_submarines)

and interesting detail here:
[http://en.wikipedia.org/wiki/Project_Sanguine](http://en.wikipedia.org/wiki/Project_Sanguine)

~~~
stevenrace
Thanks guys.

I was familiar with Project Sanguine, but had hoped there were less ambitious
public projects I had overlooked (perhaps closer to VLF which operates <30m
seawater depths).

After reading about the Navy E-6B aircraft, which trails a 5km antenna behind
it to communicate with subs, I had presumed modern 'submarine -> other
underwater radios' were akin to large commercial fishing trawling nets - or
the really long antennas were packed into hilbert curves and epoxied to the
hulls or something.

Anyhow, it seems 'acoustic modems' using 'CSMA' [1] are the norm for
commercial underwater ROVs (such as James Gosling's 'wavegliders' [2]).

[1]
[http://www.mit.edu/~millitsa/resources/pdfs/royal.pdf](http://www.mit.edu/~millitsa/resources/pdfs/royal.pdf)

[2]
[http://liquidr.com/prodserv/wg/gateway.html](http://liquidr.com/prodserv/wg/gateway.html)

------
frik
As a consumer, you can usually still avoid the installation of a smart meter.
Ask yourself if it's practical that a washing machine starts in the middle of
the night and wakes you up you or your neighbours and the laundry will have
wrinkles in the morning? You can buy old refurbished analog/digital meters for
cheap and measure what you want and it will consume no power nor will it send
your confidential data (privacy). And you can combine it with a Arduino if you
want the data on your computer. Many smart meters also send the data over a
GPRS modem every 15min (have an inbuilt SIM card), that you cannot snoop so
easy.

The whole smart meter movement is not about technical advancement, it's about
they want that you pay higher prices for consuming less and they don't have to
build a better power grid infrastructure in the next few years. It reminds me
of the telcos 15 years ago when phone calls and internet over modem was
cheaper in the night when most people sleep, and very expensive during working
hours.

~~~
m4x
> You can buy old refurbished analog/digital meters for cheap and measure what
> you want

But can you use them? New Zealand power retailers install their own meters -
you can't supply your own. You can certainly install additional metering of
your own but you can't get rid of the smart meter.

Are things different where you live?

Also, I disagree with your final paragraph. Our local distributors have been
spending lots of money installing new lines and upgrading the network, and the
retailers are changing the meters because it means we get an accurate bill
every month (rather than an estimate for two out of every three months) and
they don't need a meter reader to visit every property every three months.
It's a significant improvement in service and it simplifies their operations
at the same time.

~~~
frik
> But can you use them? New Zealand power retailers install their own meters -
> you can't supply your own.

You can use you your own meters, but the last one facing the power grid is
installed by the infrastructure provider. So you can mearsure with old
refurbished meters your washing machine, swimming pool, etc. Ask your power
infrastructure provider, they may sell you old analog and/or digital meters.
And depending on the local law, you have the right to "say no" to the
installation of a smart meter.

> Our local distributors have been spending lots of money installing new lines
> and upgrading the network

That's great. At my location the power infrastructure is the same since around
1960 (old wooden power poles on the country side, etc.) and the power line
goes also from roof to roof, and if you want underground cable you have to pay
it yourself. Almost every thunderstorm we have a short power-outage, because
of the wooden poles. They only repair, and don't upgrade the infrastructure at
all.

> the retailers are changing the meters because it means we get an accurate
> bill every month.

Where I live, central Europe, you have to read the traditional (analog or
digital) meter yourself every month and send the data via email/postcard and
someone controls your meter infrequently every few months/years at your
location. If the device would be called digital meter (like the industrial
ones) and send the data only once a week or month, it would be fine. On the
other side the new smart meters send the data _every 15 minutes_ over GPRS
cell-phone technology.

~~~
chris_wot
Don't know about NZ, but in Australia the networks own the meters, and the law
is clear: you connect to the grid, you must give them access to their network
gear. And they send over their own meter readers.

