Flaws found in smart grid consortium's home-grown crypto

News by Adrian Bridgwater

The Open Smart Grid Protocol (OSGP) project has continued to roll out its own cryptographic standard and application layer communication protocol in the face of a tangible degree of criticism.

The OSGP alliance is an independent not-for-profit group comprised of utilities and smart grid bodies, systems integrators and service providers. The group's ‘self standardisation' for cryptographic control has led to researchers uncovering a number of weaknesses.

Cryptographic standards emanating from the project are installed and deployed on millions smart meters and devices around the globe. The Open Smart Grid Protocol was developed by the Energy Service Network Association (ESNA) and has been a standard of the European Telecommunications Standards Institute (ETSI) since 2012.

Writing in the research paper ‘Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol' in April 2015 are authors Philipp Jovanovic and Samuel Neves.

“Unfortunately, failures in the design and implementation of authenticated encryption schemes are a common sight and there are numerous examples,” say Jovanovic and Neves who specify that they are concerned about the OSGP's cryptographic infrastructure, and not on the protocol itself.

Easy to break

The pair claim that the authenticated encryption scheme deployed by OSGP is a non-standard composition of RC4 and a home-brewed MAC, the “OMA digest” -- or in simpler terms, it is easy to break.

Authenticated encryption is the standard technology used to protect data that needs to be sent over communication channels (such as those used in part by smart meters for energy in home or commercial industrial control system environments) and is deployed in countless applications and protocols.

The above referenced OMA digest is essentially a homespun message authentication code. The digest has been criticised for its guarantee of authenticity and cited as the route of the concerns here.

OSGP working to update security

An April newsletter from the OSGP itself says that the group is preparing an update to the specifications to add additional security features to the existing security architecture currently defined in the specifications.

According to an official statement, “The OSGP Alliance undertakes this security update because the alliance understands that the systems built with the OSGP specifications are an important, vital asset for a utility, and also often an essential element for national security.”

The alliance's work on this security update is motivated by the latest recommended international cyber-security practices. The group says it will enhance both the primitives used for encryption and authentication as well as the key length, usage, and update rules and mechanisms.

Speaking to SCMagazineUK.com on this subject this week was TK Keanini, CTO of network visibility and security intelligence company Lancope.

“Cryptography is to digital, as physics is to analogue. It is only the rules of the game that both the attackers and defenders need to honour. Please don't mess with it,” said Keanini.

He suggests that it is “fine to experiment” with new forms of crypto, but that we should “keep it the hell away” from production.  Play with it, break it, fix it, learn from it and years after it has matured, then use it for something critical he says. 

Keanini finishes by saying that critical infrastructure needs to be built on tested and mature, cryptographic standards and implementations. “Cryptography, like security, is a process by which cryptographers author new methods and implementations, code-breakers then find ways to defeat them. You want your crypto to have seen a few years of this process before you place it in production.”

All okay, so far, says OSGP

Despite these machinations and discussions however, the OSGP asserts that it is important to note that there have “not been any reported security breaches” of any deployed smart metering or smart grid system built with the current OSGP specifications, and that systems built with these specifications include a “comprehensive multi-layer security system” that has always been mandatory.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews