Cryptology ePrint Archive: Report 2015/428

Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol

Philipp Jovanovic and Samuel Neves

Abstract: This paper analyses the cryptography used in the Open Smart Grid Protocol (OSGP). The authenticated encryption (AE) scheme deployed by OSGP is a non-standard composition of RC4 and a home-brewed MAC, the ``OMA digest''.

We present several practical key-recovery attacks against the OMA digest. The first and basic variant can achieve this with a mere $13$ queries to an OMA digest oracle and negligible time complexity. A more sophisticated version breaks the OMA digest with only $4$ queries and a time complexity of about $2^{25}$ simple operations. A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of $144$ \emph{message verification} queries, or one ciphertext-tag pair and $168$ \emph{ciphertext verification} queries.

Since the encryption key is derived from the key used by the OMA digest, our attacks break both confidentiality and authenticity of OSGP.

Category / Keywords: secret-key cryptography / cryptanalysis, smart grid, authenticated encryption

Original Publication (with minor differences): IACR-FSE-2015

Date: received 27 Apr 2015, last revised 18 Jun 2015

Contact author: jovanovic at fim uni-passau de

Available format(s): PDF | BibTeX Citation

Version: 20150618:123954 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]