View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Hardware
May 11, 2015

WARNING: Smart grid on the edge of cyberattacks

Paper exposes weak encryption points for hacker attacks.

By

A paper warned designers that a stronger encryptation architecture is needed in the smart grid network.

The study by Philipp Jovanovic of Germany’s University of Passau and Samuel Neves of Portugal’s University of Coimbra, found that "weak cryptography" puts at risk millions of smart meters, thermostats, and other internet-connected devices.

They analysed the cryptography used in the Open Smart Grid Protocol (OSGP), a group of specifications published by a European telecoms standards body.

Researchers tested several devices, and said hackers can easily break into most of them, and in one case, the authors said they could "completely" defeat a device’s cryptography.

The researchers said: "The authenticated encryption scheme deployed by OSGP is a non-standard composition of RC4 [Rivest Cipher 4] and a home-brewed MAC [message authentication code], the OMA digest.

"We present several practical key-recovery attacks against the OMA digest. The first and basic variant can achieve this with a mere 13 queries to an OMA digest oracle and negligible time complexity. A more sophisticated version breaks the OMA digest with only four queries and a time complexity of about two to the power of 25 simple operations.

"A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of 144 message verification queries, or one ciphertext-tag pair and 168 ciphertext verification queries."

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

The OSGP Alliance said: "The alliance’s work on this security update is motivated by the latest recommended international cybersecurity practices, and will enhance both the primitives used for encryption and authentication as well as the key length, usage, and update rules and mechanisms."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU