### Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol

Philipp Jovanovic and Samuel Neves

##### Abstract

This paper analyses the cryptography used in the Open Smart Grid Protocol (OSGP). The authenticated encryption (AE) scheme deployed by OSGP is a non-standard composition of RC4 and a home-brewed MAC, the OMA digest''. We present several practical key-recovery attacks against the OMA digest. The first and basic variant can achieve this with a mere $13$ queries to an OMA digest oracle and negligible time complexity. A more sophisticated version breaks the OMA digest with only $4$ queries and a time complexity of about $2^{25}$ simple operations. A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of $144$ \emph{message verification} queries, or one ciphertext-tag pair and $168$ \emph{ciphertext verification} queries. Since the encryption key is derived from the key used by the OMA digest, our attacks break both confidentiality and authenticity of OSGP.

Available format(s)
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2015
Keywords
cryptanalysissmart gridauthenticated encryption
Contact author(s)
jovanovic @ fim uni-passau de
History
2015-06-18: revised
See all versions
Short URL
https://ia.cr/2015/428

CC BY

BibTeX

@misc{cryptoeprint:2015/428,
author = {Philipp Jovanovic and Samuel Neves},
title = {Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol},
howpublished = {Cryptology ePrint Archive, Paper 2015/428},
year = {2015},
note = {\url{https://eprint.iacr.org/2015/428}},
url = {https://eprint.iacr.org/2015/428}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.