View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
May 11, 2015

WARNING: Smart grid on the edge of cyberattacks

Paper exposes weak encryption points for hacker attacks.

By Joao Lima

A paper warned designers that a stronger encryptation architecture is needed in the smart grid network.

The study by Philipp Jovanovic of Germany’s University of Passau and Samuel Neves of Portugal’s University of Coimbra, found that "weak cryptography" puts at risk millions of smart meters, thermostats, and other internet-connected devices.

They analysed the cryptography used in the Open Smart Grid Protocol (OSGP), a group of specifications published by a European telecoms standards body.

Researchers tested several devices, and said hackers can easily break into most of them, and in one case, the authors said they could "completely" defeat a device’s cryptography.

The researchers said: "The authenticated encryption scheme deployed by OSGP is a non-standard composition of RC4 [Rivest Cipher 4] and a home-brewed MAC [message authentication code], the OMA digest.

"We present several practical key-recovery attacks against the OMA digest. The first and basic variant can achieve this with a mere 13 queries to an OMA digest oracle and negligible time complexity. A more sophisticated version breaks the OMA digest with only four queries and a time complexity of about two to the power of 25 simple operations.

"A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of 144 message verification queries, or one ciphertext-tag pair and 168 ciphertext verification queries."

Content from our partners
How Midsona accelerated efficiency and reduced costs with a modern ERP system
Streamlining your business with hybrid cloud
A hybrid strategy will help distributors execute a successful customer experience

The OSGP Alliance said: "The alliance’s work on this security update is motivated by the latest recommended international cybersecurity practices, and will enhance both the primitives used for encryption and authentication as well as the key length, usage, and update rules and mechanisms."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.