Flawed Open Smart Grid Protocol is a risk for Smart Grid

More than four million smart meters and similar devices worldwide are open to cyber attacks due to the security issued in the Open Smart Grid Protocol.

The Open Smart Grid Protocol (OSGP) is a family of specifications published by the European Telecommunications Standards Institute (ETSI) that are implemented today by more than four million smart meters other smart grid devices.

The Open Smart Grid Protocol was originally developed by the Energy Service Network Association (ESNA) for communication in smart grid.

Is it secure?

The security researchers, Phillip Jovanovic of the University of Passau in Germany and Samuel Neves of the University of Coimbra in Portugal, have recently published an interesting post that analyzes the encryption weaknesses in the Open Smart Grid Protocol.

The paper, titled “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol” details the security issues related to the Open Smart Grid Protocol and ways to exploit them with cyber attacks.



The experts have focused their analysis on the OMA Digest that is a homegrown message authentication code.

“This function has been found to be extremely weak, and cannot be assumed to provide any authenticity guarantee whatsoever,” the researchers wrote.

As reported by the colleagues at the ThreatPost, the opinion on the homegrown digest function is not positive within the security community. The security expert Adam Crain confirmed that the adoption of a homegrown digest function is a “big red flag,” due to the numerous security issues he found that can havoc the encryption scheme it implements.

“Protocol designers should stick to known good algorithms or even the ‘NIST-approved’ short list,” Crain said. “In this instance, the researchers analyzed the OMA digest function and found weaknesses in it. The weaknesses in it can be used to determine the private key in a very small number of trials.”

The experts highlight the importance to be compliant with existing standards, like the DNP3 Secure Authentication that is an IEEE standard.

For this reason, Crain implemented the DNP3 Secure Authentication that relies on strong digest functions known as HMAC-SHA256 and AES-GMAC.

“By contrast, they use the NIST-approved digest functions known as HMAC-SHA256 and AES-GMAC which are currently considered ‘strong authentication,’” Crain said. “The No. 1 rule of cryptography is ‘Don’t invent your own.’”

The security holes discovered by the researchers allowed them to easily recover private keys without a significant computational effort, an attack they made was composed by just 13 queries to an OMA digest Oracle.

In a second attack scenario proposed in the paper, they used four queries and 2^25 time complexity, too easy to attack an authentication schema used to secure of smart grid.

“We present several practical key-recovery attacks against the OMA digest. The first and basic variant can achieve this with a mere 13 queries to an OMA digest oracle and negligible time complexity. A more sophisticated version breaks the OMA digest with only 4 queries and a time complexity of about 2^25 simple operations” states the paper.

“A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of 144 message verification queries, or one ciphertext-tag pair and 168 ciphertext verification queries,” the researchers explained.

The researchers explained that it is possible to derive the encryption keys from the key used by the OMA digest and compromise the confidentiality and authenticity of Open Smart Grid Protocol.

I suggest you to give a look to the paper that basically demonstrates the threat related to the implementation of “weak cryptography“.

Pierluigi Paganini

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.