Each year, utility providers around the world lose billions in revenue from nontechnical losses – losses not related to technical operation of the grid but caused by external factors.
According to the Research and Markets report, Electricity Theft and Non-Technical Losses: Global Markets, Solutions and Vendors, total nontechnical losses are an estimated US$96 billion annually, and a significant portion occurs in emerging market countries. These revenue losses not only affect utility providers but also customers, since a utility provider may try to make up for its losses by increasing prices.
One type of nontechnical loss is meter tampering, where individuals hack electricity meters (e-meters) to slow or stop the accumulation of usage statistics.
There are multiple ways to tamper with an e-meter, including intrusive methods, where individuals modify components inside the meter case; and nonintrusive methods, where the tampering occurs outside the meter. Meter tampering has led to greater requirements in new smart e-meters in order to make them more tamper-resistant. In this article, we’ll look at how to prevent and detect intrusive tampering methods.
First, let’s review how a smart e-meter works. A smart e-meter measures the active energy and bills customers for it by measuring the current drawn by the customer’s load (using a current sensor) and the mains voltage (using a voltage divider). The e-meter accumulates the voltage and current product to actively calculate the energy used.
Figure 1 shows an example singlephase e-meter and its connections, with a shunt used as the current sensor.
Intrusive tampering methods include current bypassing, reversing connections and bypassing leads. In current bypassing, which is one of the most common tampering techniques, a metal object is placed against the meter terminal block, as shown in Figure 2. The object forms a current divider with the current-sensing circuitry, causing the metal object to bypass the current and leading to a smaller active energy reading than actual consumption, and thus a less expensive utility bill.
To deal with current-bypass tampering, a design can measure both the line and neutral current, which ideally should both equal the current drawn by the customer’s load for a single-phase system. Actual energy calculation will use both the larger current between the sensed line and neutral currents. Bypassing both the neutral and line currents will affect the accuracy of metrology calculations; however, since it is more difficult to bypass the same current on both line and neutral channels, it is possible to detect the bypassing of both currents by determining if there is a large difference between them.
The first line of defense for all intrusive tampering is the actual case around the e-meter. Meter cases should be sealed to hamper access to the internal components, with an intrusion detection system added to determine whether someone has opened (or tried to open) the case. It is important that the intrusion detection system consumes minimal power to maximize the operating life of the backup power supply in the event of a blackout. In some cases, duty-cycling the power to the intrusion detection system ensures low power consumption.
Traditional case tamper detection uses a mechanical implementation, with a downward-protruding post attached to the meter case. The post makes physical contact with a push-button on the main printed circuit board (PCB), which causes the pushbutton to remain pressed. This push-button’s output connects to a general-purpose input/ output (GPIO) pin of a microcontroller, which monitors the state of the button. If someone opens the case, the post no longer makes contact with the push-button, changing the state of the push-button’s corresponding GPIO pin and alerting the microcontroller that the case has been opened.
Although this method achieves tamper detection with low cost and minimal power consumption, it has some significant limitations. First, there are issues with reliability. Because the push-button has a specific height at which it activates, it may get triggered during transportation, or the button activation tolerances may not actually press the button down at all.
Another issue is that the button may get stuck, which would inhibit the tampering detection functionality. It is possible to mitigate these issues by using highreliability switches and implementing an on-site reset of the meter, but that would lead to increased system cost.
To address the limitations of the mechanical approach, an alternative option is to use an inductive sensing implementation as shown in Figure 3. An inductive switch compares the inductances of a reference coil and a sense coil and changes its output depending on which coil has the least inductance.
Bringing a conductive target metal, such as copper tape, close enough to the sense coil decreases that coil’s inductance value.
In this application, an inductive switch can detect when the case cover is opened by first connecting metal onto the meter case, where the metal is assembled above the sense coil.
The metal should also be assembled to move with the case so that the metal increases its distance with respect to the sense coil whenever the case is opened.
Detecting the case opening requires meeting two conditions. First, the distance of the metal with respect to the sense coil when the case is opened should cause the sense coil inductance to be greater than the reference inductance. Second, the distance of the metal with respect to the sense coil when the case is closed should cause the sense coil inductance to be less than the reference inductance. If both of these conditions are met, the inductive switch will change its output whenever the case is opened, and therefore alert the system’s microcontroller that tampering is occurring.
This form of sensing is a highly robust solution that it is immune to interference from magnets, moisture, dust and other environmental contaminants. It also addresses the stability issues present with mechanical approaches.
A case tampering detection mechanism could thwart intrusive tampering attacks, enabling utility companies to take proper action and help reduce revenue losses from tampering. Because case tampering detection can only detect intrusive tampering attacks, in Part 2 of this series we’ll cover how to detect and harden an e-meter against nonintrusive tampering techniques such as magnetic tampering.
ABOUT THE AUTHOR
Mekre Mesganaw is a system engineer in the grid infrastructure group at Texas Instruments, where he primarily works on grid monitoring and electricity metering reference design development. Mekre received his Bachelor of Science and Master of Science in computer engineering from the Georgia Institute of Technology.
Texas Instruments Incorporated (TI) is a global semiconductor design and manufacturing company that develops analogue ICs and embedded processors.