Deprecated almost everywhere, researchers crack open ‘smart grid’ ancient crypto suite AGAIN

The Open Smart Grid Protocol’s custom RC4 encryption has been cracked – again.
OSGP was called out last year for rolling its own crypto, based on the deprecated RC4.

At the time, the OSGP Alliance said it would implement better security, but the RC4 zombie is still shambling around, according to German researchers Linus Feiten and Matthias Sauer of the University of Freiberg.
In July, the alliance announced it had added AES 128 bit encryption to its suite, but grid operators have to wait on vendor support for strong encryption before they can protect their networks.
In this IACR paper, the German boffins demonstrate their ability to recover the secret key used in the OSGP’s RC4 stream cipher.
From their abstract: “already known weaknesses of RC4 can be exploited to successfully attack the OSGP implementation … to effectively derive the secret OSGP encryption and decryption key, given that an attacker can accumulate the cipher streams of approximately 90,000 messages.”
The Register notes that in a decent-sized grid network, that’s not an inconceivable number of messages to harvest.

The paper notes there were already 28 million smart meters installed in America in 2010, and 52 million in Europe in 2012.
The paper notes that decrypting the secret key can expose the energy consumption of an individual customer, and an attacker could create messages that report false information upstream to the grid operator.
Feiten and Sauer worked with the OSGP specification issued in 2012 (in ETSI’s language, GS OSG 001), because that’s the most recent version of the full specification.
The Register notes that while the OSGP-AES-128-PSK specification was released in July, it was described as a “new work proposal for standardisation purposes”.

The first (and apparently only so far) product to certify against the specification was from New Energy Services in November 2015. ®

Rise of the machines