[Cryptography] Gaslighting ~= power droop == side channel attack

[Ben Tasker]

On Thu, Dec 1, 2016 at 7:55 PM, Jerry Leichter <leichter at lrw.com> wrote:

> > Of course, some electrical utilities (at least outside the U.S.) are
> already in the ISP business.  But they have to bypass the last transformer
> just prior to your home to be able to pass the high frequencies that
> "broadband" requires.  Of course, anyone who can access these same external
> wires can tap into these home powerline networks.
> The physical layer is encrypted.  I couldn't find much in the way of
> detail other than two facts:  The e

ncryption uses 128-bit AES, and there's a "push the button to set it up"
> mode for adding new devices.  I'm guessing they are simply re-using WiFi
> technologies, including WPS (which, yes, has recently been shown to have
> vulnerabilities).
>


A number of manufacturers have, historically, made a pigs ear of the
authentication implementation though -
https://www.bentasker.co.uk/documentation/security/282-infiltrating-a-network-via-powerline-homeplugav-adapters
- so although the crypto looks fairly sound, it's trivially circumvented.

Though things do seem to be improving, I was recently told that TP-Link are
finally deriving the DAK from something else.

FWIW, the Homeplug spec itself isn't too bad, the crypto's been quite well
thought about. It just unfortunate that the main chip suppliers reference
toolkit used the devices MAC addresses to generate a key that should be
secret.

-- 
Ben Tasker
https://www.bentasker.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161202/2a6f8c92/attachment.html>