Open Smart Grid Protocol vulnerable communications across Europe

Three years after its inception, the Open Smart Grid has over four million smart meters and similar devices around the world.

The Open Smart Grid Protocol manages communication in intelligent networks. Αναπτύχθηκε από την Energy Service Network Association (ESNA), and since 2012 it has been the European Telecommunications Standards Institute (ETSI) standard, according to the study.

Two researchers, Phillip Jovanovic of the University of Passau, Germany, and Samuel Neves, of the University of Coimbra, Portugal, published a study that outlined several shortcomings encryptions in the protocol.

The study entitled "Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol”, Explains how the encryption system used in OSGP is open to numerous attacks. The study states that the "breaking" of this encryption requires minimal computational effort.

Specifically the vulnerable feature, is the local verification which usesfor the authenticity of the identity of the code and is called the OMA Digest.

"This feature is extremely weak, and can not be considered as providing any guarantee of authenticity," the researchers said.

To mention that experts like Adam Crain, (researcher security and founder of Automatak) who has published research on the DNP3 protocol used in industrial communications control systems, have stated that the use of an OMA Digest function is a "big red flag", apparently referring to the dangerousness of the feature.

"Protocol designers should stick to the well-known good algorithms or even the NIST approved shortlist," said Crain.

"In this case, the researchers who analyzed the OMA Digest found weaknesses. Weaknesses can be used to identify the private key with a very small number of tests. ”

Crain also said, "The No. 1 rule of cryptography is [Do not invent your own]."