'Dumb crypto in smart grids': Smart meter encryption standard fundamentally flawed, claim researchers

Open Smart Grid Protocol Alliance 'should stick to known good algorithms', argue security experts

An encryption standard intended to secure smart grid networks is fundamentally flawed and "cannot be assumed to provide any authenticity guarantee whatsoever", according to a team of university researchers.

The standard, developed by the Open Smart Grid Protocol (OSGP) Alliance and adopted by the European Telecommunications Standards Institute (ETSI), provides both authentication and encryption for smart grid implementations, electrical grids capable of gathering, transmitting and acting on information gathered over it.

However, the technology behind smart grids have been repeatedly criticised for providing inadequate security and privacy.

The OSGP smart grid security standard was dissected in a paper by Philipp Jovanovic, a PhD student at the department of informatics and mathematics at the University of Passau, and Samuel Neves, a PhD student at the faculty of sciences and technology at the University of Coimbra in Portugal.

"The authenticated encryption scheme deployed by OSGP is a non-standard composition of RC4 [Rivest Cipher 4] and a home-brewed MAC [message authentication code], the OMA digest," claim the researchers.

They continue: "We present several practical key-recovery attacks against the OMA digest. The first and basic variant can achieve this with a mere 13 queries to an OMA digest oracle and negligible time complexity. A more sophisticated version breaks the OMA digest with only four queries and a time complexity of about two to the power of 25 simple operations.

"A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of 144 message verification queries, or one ciphertext-tag pair and 168 ciphertext verification queries."

The heart of the problem, they conclude, is that the organisation has tried to put together its own cryptography system and thereby introduced a number of basic flaws. They describe a number of attacks, which enabled them to retrieve decryption keys with relative ease and speed.

Instead of focusing on the RC4 encryption system, they focused instead on the home-grown OMA digest algorithm used by the OSGP Alliance.

The OSGP Alliance, however, claims that it is planning to upgrade its security standards. It was presented with a draft of the paper in November 2014, and in April 2015 announced an update "to add additional security features to the existing security architecture".