Security Threats in Advanced Metering Infrastructure He-Ming Ruan 1 , Yu-Sheng Yang 1 , I-An Fan 1 , Christine Peijinn Chai 1 , Chun-Ying Huang 2 , and Chin-Laung Lei 1 1 Department of Electrical Engineering, National Taiwan University 2 Department of Computer Science and Engineering, National Taiwan Ocean University Abstract. Advanced metering infrastructure (AMI) is drawing more and more attention due to various benefits which it brings. Compared to traditional power grid systems or advanced meter reading (AMR) systems, AMI systems possess capabilities to provide improved manage- ment and predictability of power utilization, to monitor and detect fault occurrences, and to conserve energy. However, behind the various benefits brought by AMI, there still exist plenty of security threats. The open network used by AMIs is an ex- tremely convenient interface for malicious attackers or network hackers to damage the AMI systems; on the other hand, the immature hardware design for AMI devices might cause physical breach points. Keywords: Advanced metering infrastructure, smart grid, security, vulnerabil- ity 1 Introduction The advanced metering infrastructure (AMI) deployed globally nowadays will change our viewpoints on energy utilization forever. It provides precise, efficient, and low cost energy management via various services such as dynamic pricing, automatic meter reading, on demand energy delivery, and quality of services (QoS) control. All these services and benefits are enabled by the necessary com- munication and control functionalities provided by this new infrastructure. In the meantime, the AMI also introduces new security threats due to semi- open networks, improper security mechanisms and immature hardware design for AMI devices. The essence of AMI is a vast and distributed sensor system which is tethered by the open Internet and some neighborhood networks (NANs) which can be open networks or close ones. It implies that anyone on the Internet might find their way to interfere the AMI, especially the Internet service providers (ISPs) who can possibly control partial or all of the connections in an AMI system. Besides, the computationally weak meters can be easily accessed by anyone who can stand before the meter, and this makes them vulnerable to compromise. Furthermore, even the internal threats which traditional power grid suffers still threaten the security of AMI.