Attack–Defense Trees for Abusing Optical Power Meters: A Case Study and the OSEAD Tool Experience Report

  • Barbara FilaEmail author
  • Wojciech Wideł
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11720)


Tampering with their power meter might be tempting to many people. Appropriately configured home-placed meter will record lower than the actual electricity consumption, resulting in substantial savings for the household. Organizations such as national departments of energy have thus been interested in analyzing the feasibility of illegal activities of this type. Indeed, since nearly every apartment is equipped with a power meter, the negative financial impact of tampering implemented at a large scale might be disastrous for electricity providers.

In this work, we report on a detailed analysis of the power meter tampering scenario using attack–defense trees. We take various quantitative aspects into account, in order to identify optimal strategies for customers trying to lower their electricity bills, and for electricity providers aiming at securing their infrastructures from thefts. This case study allowed us to validate some advanced methods for quantitative analysis of attack–defense trees as well as evaluate the OSEAD tool that we have developed to support and automate the underlying computations.



We would like to thank the following students and researchers for their (far from being trivial) contribution to the estimation of parameter values used in this study: Jean-Loup Hatchikian-Houdot (INSA Rennes, France), Pille Pullonen (Cybernetica AS, Estonia), Artur Riazanov (Saint Petersburg Department of V.A. Steklov Institute of Mathematics of the Russian Academy of Sciences, Russia), Petr Smirnov (Saint Petersburg State University, Russia), and Aivo Toots (Cybernetica AS, Estonia).

Supplementary material


  1. 1.
    ANSSI: La Méthode EBIOS Risk Manager (2018).
  2. 2.
    Arnold, F., Belinfante, A., Van der Berg, F., Guck, D., Stoelinga, M.: DFTCalc: a tool for efficient fault tree analysis. In: Bitsch, F., Guiochet, J., Kaâniche, M. (eds.) SAFECOMP 2013. LNCS, vol. 8153, pp. 293–301. Springer, Heidelberg (2013). Scholar
  3. 3.
    Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014). Scholar
  4. 4.
    Aslanyan, Z.: TREsPASS toolbox: attack tree evaluator (2016). Presentation of a tool developed for the EU project TREsPASS. Accessed 16 Aug 2019
  5. 5.
    Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015). Scholar
  6. 6.
    Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute decoration of attack–defense trees. IJSSE 3(2), 1–35 (2012)Google Scholar
  7. 7.
    Berkelaar, M., Eikland, K., Notebaert, P.: lp\(\_\)solve: Open source (Mixed-Integer) Linear Programming system (2005). Version, dated 24 September 2016. Accessed 04 Apr 2019
  8. 8.
    Bossuat, A., Kordy, B.: Evil twins: handling repetitions in attack–defense trees. In: Liu, P., Mauw, S., Stølen, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 17–37. Springer, Cham (2018). Scholar
  9. 9.
    Carpenter, M.: Advanced metering infrastructure attack methodology (2009). Accessed 20 Feb 2019
  10. 10.
    Dürrwang, J., Braun, J., Rumez, M., Kriesten, R., Pretschner, A.: Enhancement of automotive penetration testing with threat analyses results. SAE Int. J. Cybersecurity 1, 91–112 (2018). Scholar
  11. 11.
    EAC Advisory Board and Standards Board: Election Operations Assessment - Threat Trees and Matrices and Threat Instance Risk Analyzer (TIRA) (2009). Accessed 13 June 2018
  12. 12.
    Edge, K.S., Dalton II, G.C., Raines, R.A., Mills, R.F.: Using attack and protection trees to analyze threats and defenses to homeland security. In: MILCOM, pp. 1–7. IEEE (2006)Google Scholar
  13. 13.
    Fila, B., Wideł, W.: Efficient attack–defense tree analysis using Pareto attribute domains. In: CSF, pp. 200–215. IEEE Computer Society (2019)Google Scholar
  14. 14.
    Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016). Scholar
  15. 15.
    Frederic Byumvuhore: FEATURED: REG steps up crackdown on electricity theft (2019). Accessed 05 Apr 2019
  16. 16.
    Gadyatskaya, O., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Poulsen, D.B.: Modelling attack-defense trees using timed automata. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 35–50. Springer, Cham (2016). Scholar
  17. 17.
    Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016). Scholar
  18. 18.
    hashcat (2016). Accessed 27 Mar 2019
  19. 19.
    Kelly-Detwiler, P.: Electricity theft: a bigger issue than you think (2013). Accessed 20 Feb 2019
  20. 20.
    Wilburg, K.: GPL lost US\$450M in 19 years to electricity theft, poor networks (2018). Accessed 05 Apr 2019
  21. 21.
    Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P.: Attack–defense trees. J. Log. Comput. 24(1), 55–87 (2014)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Kordy, B., Mauw, S., Schweitzer, P.: Quantitative questions on attack–defense trees. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 49–64. Springer, Heidelberg (2013). Scholar
  23. 23.
    Kordy, B., Pouly, M., Schweitzer, P.: Probabilistic reasoning with graphical security models. Inf. Sci. 342, 111–131 (2016)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Kordy, B., Wideł, W.: How well can I secure my system? In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 332–347. Springer, Cham (2017). Scholar
  25. 25.
    Kordy, B., Wideł, W.: On quantitative analysis of attack–defense trees with repeated labels. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 325–346. Springer, Cham (2018). Scholar
  26. 26.
    Krebs, B.: FBI: Smart Meter Hacks Likely to Spread (2012). Accessed 20 Feb 2019
  27. 27.
    Kumar, R., et al.: Effective analysis of attack trees: a model-driven approach. In: Russo, A., Schürr, A. (eds.) FASE 2018. LNCS, vol. 10802, pp. 56–73. Springer, Cham (2018). Scholar
  28. 28.
    LLC, N.G.: World Loses \$89.3 Billion to Electricity Theft Annually, \$58.7 Billion in Emerging Markets (2014). Accessed 20 Feb 2019
  29. 29.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2011). Scholar
  30. 30.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). Scholar
  31. 31.
    McCullough, J.: Deterrent and detection of smart grid meter tampering and theft of electricity, water, or gas (2010). Accessed 20 Feb 2019
  32. 32.
    Ms. Smith: FBI Warns Smart Meter Hacking May Cost Utility Companies \$400 Million A Year (2012).–400-million-a-year.html. Accessed 05 Apr 2019
  33. 33.
    National Electric Sector Cybersecurity Organization Resource (NESCOR): Analysis of selected electric sector high risk failure scenarios, version 2.0 (2015).
  34. 34.
    Ophcrack (2016). Accessed 17 Mar 2017
  35. 35.
    Ophcrack (2016). Accessed 27 Mar 2019
  36. 36.
    adtrees Python package (2019). Accessed 05 Apr 2019
  37. 37.
    Refsdal, A., Solhaug, B., Stølen, K.: Cyber-Risk Management. Springer, Cham (2015). Scholar
  38. 38.
    Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
  39. 39.
    T&D World: India To Spend \$21.6 Billion On Smart Grid Infrastructure By 2025 (2015). Accessed 05 Apr 2019
  40. 40.
    Weber, D.C.: Optiguard: A Smart Meter Assessment Toolkit (2012). Accessed 20 Feb 2019
  41. 41.
    Wideł, W., Audinot, M., Fila, B., Pinchinat, S.: Beyond 2014: formal methods for attack tree-based security modeling. ACM Comput. Surv. 52(4), 75:1–75:36 (2019). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Univ Rennes, INSA Rennes, CNRS, IRISARennesFrance

Personalised recommendations