Attack surface analysis and mitigation for near-field communication networks and devices in smart grids

Abstract

With growing demand and increasing concern for energy sustainability, smart grids (SGs) have emerged as a promising solution by integrating information and communication technologies to enhance the efficiency, reliability, and flexibility of power systems. While SGs enable real-time monitoring, they also introduce new security risks, particularly for endpoint and edge devices such as smart meters and inverters. Although earlier attacks primarily targeted centralized systems, recent studies have highlighted vulnerabilities on the consumer side, especially in the context of MadIoT-style attacks (MadIoT, short for Manipulation of Demand via IoT, refers to a class of coordinated attacks exploiting high-wattage IoT devices to destabilize power grids). This paper analyzes the attack surfaces of near-field communication network (NFN) protocols and devices within SGs, with a focus on widely adopted public protocols. We propose mitigation strategies to address these risks, including a reverse engineering-based edge device firmware emulation and execution method, a large language model-based protocol analysis approach, and a fuzzing-based malicious behavior simulation technique in a NFN. In our experiments, the proposed AFL-Netzob framework discovered 6 vulnerabilities across 3 firmware samples and achieved up to a 2× improvement in fuzzing efficiency compared to Boofuzz. These results demonstrate the practical effectiveness and general applicability of our framework in real-world smart grid scenarios.