Researchers Exposed Open Smart Grid Protocol Encryption Weaknesses

It seems the Energy Service Network Association (ESNA); the body that developed the Open Smart Grid Protocol (OSGP) will have to go back to the drawing board with the Open Smart Grid Protocol.  Researchers, Phillip Jovanovic from the University of Passau in Germany and Samuel Neves from the University of Coimbra in Portugal have identified weaknesses in the authenticated encryption of the protocol.

According to the researchers Open Smart Grid Protocol is a standard of the European Telecommunications Standards Institute (ETSI) since 2012.  It is used in more than four million smart meters and similar devices worldwide to date, making it one of the most widely used network protocols for smart grid applications.

Authenticated encryption (AE) not only ensures privacy of the data but also guarantees integrity and authenticity. They pointed out that failures in the design and implementation of authenticated encryption schemes are a common but left uncheck poses great security risk.

The researched noted that their analysis was performed solely against the OSGP specification and not against any deployed devices. The paper titled, “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol" explains how to they went about arriving at their findings.

With security and privacy still high on the list of concerns among consumers with regards to smart grid solution; from these finding I think the ESNA and ETSI need to investigate if they are not already doing so.

The weaknesses discovered by Jovanovic and Neves enabled them to recover private keys with relative ease: 13 queries to an OMA digest oracle and negligible time complexity.  A more sophisticated version breaks the OMA digest with only 4 queries and a time complexity of about 2^25 simple operations, the paper said.

“A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of 144 message verification queries, or one ciphertext-tag pair and 168 ciphertext verification queries,” the researchers wrote.

The researchers conclude that “We have presented a thorough analysis of the OMA digest specified in OSGP. This function has been found to be extremely weak, and cannot be assumed to provide any authenticity guarantee whatsoever”.