Recent findings by two security researchers, Philipp Jovanovic of the University of Passau (Germany) and Samuel Neves of the University of Coimbra (Portugal), have exposed major flaws in a widely deployed smart grid system. As it turns out, the Open Smart Grid Protocol (OSGP), an essential pillar of the energy distribution technology, does not deliver the security required for critical infrastructures, such as smart grids, that potentially connect meters in millions of homes.
OSGP was originally developed by the Energy Service Network Association (ESNA) and became a standard of the European Telecommunications Standards Institute (ETSI) in 2012. It is currently deployed in over four million devices worldwide, according to members of OSGP Alliance.
In their paper Practical Cryptanalysis of the Open Smart Grid Protocol, presented at the annual workshop on Fast Software Encryption (FSE) in March 2015, Jovanovic and Neves identified multiple attack vectors which would allow an adversary to recover secret keys used in the underlying OSGP protocol.
Using these, the attacker could decrypt the protected communication within the smart grid and might even take over control by manipulating exchanged messages. The attacks have varying levels of applicability and are based on different assumptions about the capabilities of an attacker. The most practical of the attacks merely requires that the adversary intercepts and slightly modifies encrypted messages to recover the secret key.
Attackers would not need physical access to the smart meters themselves – remote communication is sufficient. These attacks make use of the fact that each message is checked for authenticity. The researchers showed that there is a dependency between the successful authentication of manipulated messages and the values of individual bits of the secret key. Exploiting this, as little as 168 manipulated encrypted messages are sufficient on average to fully expose the secret key.
“Basically, all our FSE’15 reviews pointed out how simple these attacks are on a conceptual level. We were quite a bit surprised that our paper got accepted in the end,” remarked Philipp Jovanovic, one of the co-authors of the paper. The success of the attacks is based on the weaknesses of the deployed cryptographic primitives and the way they are combined in OSGP.
The RC4 stream cipher is used for encryption and the OMA Digest for message authentication. It has been already known for a long time that RC4 has security issues and cryptographers have been advising for years against its usage. Due to the dwindling trust in its security, RC4 was recently prohibited for usage in TLS, the protocol that secures communication on the Internet (see RFC7465 for more information). However, the far more serious problem in OSGP is the OMA Digest.
This is a homespun primitive which has been found to be extremely weak and cannot be assumed to provide any authenticity whatsoever, as explained in the paper. This function is also the main reason that the presented attacks are so exceptionally simple. Finally, the fact that the RC4 encryption keys are derived from the secret keys used in the OMA Digest leads to the complete compromise of OSGP.
“These attacks show once more that cryptographic primitives must undergo a thorough analysis by qualified scientists before deployment,” said Professor Ilia Polian, who supervises Philipp Jovanovic. Professor Polian holds the Chair of Computer Engineering and is the Dean of the Faculty of Computer Science and Mathematics. “This is not only a technological issue,” added Professor Gerrit Hornung (Chair of Public Law, IT Law and Legal Informatics and speaker of the University’s Institute of IT Security and Security Law).
“Particularly in critical infrastructures like energy supply, the state is responsible for the prevention of security vulnerabilities. This is why we are discussing an EU Directive which aims at improving IT security in such infrastructures and obliges the providers to report incidents.” Hornung also believes that the described attack endorses the Institute’s interdisciplinary research approach, which looks at IT security from both the technical and the legal point of view: “There is a clear need for integrated work in this area.”
The researchers pointed out that the published attacks have been developed at the conceptual protocol level and have not been carried out in an actual smart grid installation. Demonstrating the attack would require access to proprietary hardware and substantial interfacing efforts. The uncovered weaknesses were communicated to OSGP Alliance members in November 2014. Although it is unlikely that these attacks have already been launched in practice, the warning signs are obvious.
As Klaus Kursawe and Christiane Peters from the European Network for Cyber Security (ENCS) recently wrote in “Structural Weaknesses in the Open Smart Grid Protocol” an overview article on OSGP’s security which was released independently of the work of Philipp Jovanovic and Samuel Neves: “...like cracks in a dam — a last warning sign that something needs to be fixed before the real damage has been done.”
links and references
http://www.osgp.org/ - Website OSGP
https://eprint.iacr.org/2015/428 - original paper by Jovanovic/Neves
https://tools.ietf.org/html/rfc7465 - further information on RC4
https://www.encs.eu/ - Website ENCS
https://eprint.iacr.org/2015/088 - original article by Kursawe/Peter
Katrina Jordan | idw - Informationsdienst Wissenschaft
Snake-inspired robot uses kirigami to move
22.02.2018 | Harvard John A. Paulson School of Engineering and Applied Sciences
Camera technology in vehicles: Low-latency image data compression
22.02.2018 | Fraunhofer-Institut für Nachrichtentechnik, Heinrich-Hertz-Institut, HHI
A newly developed laser technology has enabled physicists in the Laboratory for Attosecond Physics (jointly run by LMU Munich and the Max Planck Institute of Quantum Optics) to generate attosecond bursts of high-energy photons of unprecedented intensity. This has made it possible to observe the interaction of multiple photons in a single such pulse with electrons in the inner orbital shell of an atom.
In order to observe the ultrafast electron motion in the inner shells of atoms with short light pulses, the pulses must not only be ultrashort, but very...
A group of researchers led by Andrea Cavalleri at the Max Planck Institute for Structure and Dynamics of Matter (MPSD) in Hamburg has demonstrated a new method enabling precise measurements of the interatomic forces that hold crystalline solids together. The paper Probing the Interatomic Potential of Solids by Strong-Field Nonlinear Phononics, published online in Nature, explains how a terahertz-frequency laser pulse can drive very large deformations of the crystal.
By measuring the highly unusual atomic trajectories under extreme electromagnetic transients, the MPSD group could reconstruct how rigid the atomic bonds are...
Quantum computers may one day solve algorithmic problems which even the biggest supercomputers today can’t manage. But how do you test a quantum computer to...
For the first time, a team of researchers at the Max-Planck Institute (MPI) for Polymer Research in Mainz, Germany, has succeeded in making an integrated circuit (IC) from just a monolayer of a semiconducting polymer via a bottom-up, self-assembly approach.
In the self-assembly process, the semiconducting polymer arranges itself into an ordered monolayer in a transistor. The transistors are binary switches used...
Breakthrough provides a new concept of the design of molecular motors, sensors and electricity generators at nanoscale
Researchers from the Institute of Organic Chemistry and Biochemistry of the CAS (IOCB Prague), Institute of Physics of the CAS (IP CAS) and Palacký University...
15.02.2018 | Event News
13.02.2018 | Event News
12.02.2018 | Event News
23.02.2018 | Physics and Astronomy
23.02.2018 | Health and Medicine
23.02.2018 | Physics and Astronomy