19.5k unique visitors in the last 3 days

Academics Slam Insecure Smart Meter Comms

University researchers have criticized the cryptography in ETSI's Open Smart Grid Protocol (OSGP). They explain how hackers would break its privacy and authenticity.

The Open Smart Grid Protocol is a communications specification published by the European Telecommunications Standards Institute (ETSI) for use with smart meters and other smart grid devices. There are over 4 million smart meters that use OSGP, making it one of the most common network standards for smart grids. However, Philipp Jovanovic of the University of Passau, Germany, and Samuel Neves of the University of Coimbra, Portugal, have published a paper which sharply criticizes the cryptography used in OSGP. Their paper is entitled: “Dumb Crypto in Smart Grids”.

As the researchers point out, the aim is to ensure the privacy of the data transmitted whilst also guaranteeing integrity and authenticity. They conclude that they designed practical attacks that would break both the confidentiality and authenticity of OSGP.

We have presented a thorough analysis of the OMA digest specified in OSGP. This function has been shown to be extremely weak, and cannot be assumed to provide any authenticity guarantee whatsoever. We described multiple attacks having different levels of applicability in the context of OSGP…

In summary, the work at hand is another entry in the long list of examples of flawed authenticated encryption schemes, and shows once more how easily a determined attacker can break the security of protocols based on weak cryptography.

Meanwhile, the OSGP Alliance, promoters of the OSGP standard, have recently announced an upgrade to OSGP that will add additional security features.

We should thank Jovanovic and Neves for their hard work. Researchers like them help to keep businessmen honest, by highlighting the dangers of taking shortcuts with security. You can download Jovanovic and Neves’ paper on OSGP security from here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email