Open Smart Grid Protocol Alliance Plans to Fix its Weak Crypto

The Open Smart Grid Protocol Alliance said updates will be rolled out in September to networks and devices that address weak homegrown cryptography pointed out in a research paper.

The Open Smart Grid Protocol Alliance, which recently came under fire for a weak crypto implementation in its protocol, will upgrade existing devices, likely starting in September.

Harry Crijns, secretary of the OSGP Alliance in The Netherlands, said fixes have been developed and are “under [a] stress test.” It said it will then work with standards bodies such as CENELEC and ETSI in Europe to bring smart grids and devices up to speed.

The OSGP, on April 8, announced its plans to add security features to its existing architecture, and that the update would “enhance both the primitives used for encryption and authentication, as well as the key length, usage, and update rules and mechanisms,” the OSGP said.

In a paper published April 27, researchers from Germany and Portugal exposed encryption weaknesses in the protocol in a paper entitled “Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol.”

The primary issue, according to experts, is that the authenticated encryption scheme is homegrown and open to a number of attacks—the paper outlines a handful—that require minimal computational effort and investment to pull off. The paper, and experts, were especially critical of a purpose-built message authentication code (MAC) called OMA Digest.

The authors of the paper, Phillip Jovanovic and Samuel Neves, said the cryptography was “extremely weak, and cannot be assumed to provide any authenticity guarantee whatsoever.” The encryption key used in the protocol is derived from the same key used by the OMA digest, breaking its security in many different directions.

Cryptographer Bruce Schneier has long opposed the use of what he calls “amateur cryptography.” In a post on his blog, he said such efforts should be distrusted and projects should use only algorithms that have been thoroughly tested.

“All cryptographers know this, but non-cryptographers do not,” Schneier wrote. “And this is why we repeatedly see bad amateur cryptography in fielded systems.”

The OSGP Alliance, however, seems to be on one hand, standing by its crypto scheme.

“It is important to note that there have not been any reported security breaches of any deployed smart metering or smart grid system built with the current OSGP specifications, and that systems built with these specifications include a comprehensive multi-layer security system that has always been mandatory,” the organization said.

The Open Smart Grid Protocol handles communication for smart grids. It was developed by the Energy Service Network Association (ESNA), and since 2012 is the standard of the European Telecommunications Standards Institute (ETSI), according to the paper.

The weaknesses discovered by Jovanovic and Neves enabled them to recover private keys with relative ease: 13 queries to an OMA digest oracle and negligible time complexity in one attack, and another in just four queries and 2^25 time complexity, the paper said.

Noted ICS security expert Adam Crain told Threatpost that the use of homegrown crypto is a “big red flag.”

“Protocol designers should stick to known good algorithms or even the ‘NIST-approved’ short list,” Crain said. “In this instance, the researchers analyzed the OMA digest function and found weaknesses in it. The weaknesses in it can be used to determine the private key in a very small number of trials.”

Suggested articles