[Cryptography] Smart electricity meters can be dangerously insecure, warns expert
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Jan 1 08:58:09 EST 2017
Henry Baker <hbaker1 at pipeline.com> quotes:
>"This unique situation is so difficult to implement, venders actually choose
>what they want to implement. And when they choose what to support, they more
>often than not skip security," Rubin said.
That's often done out of necessity, because the security standards that are
expected to be applied were created in perfect isolation from reality, with
the creators throwing in every piece of crypto woo-woo they could think of and
expecting it to be used on a device like an MSP430. A typical smart-meter CPU
from this family is the 420F148, an 8MHz 16-bit CPU with 2kB of RAM and 48kB
of flash. It can add and subtract, but not multiply, the multiplier is an
external peripheral (you send data out a memory-mapped I/O port and wait for
the result to come back in on another port) and there's no divide. On this
platform you're meant to manage X.509 certificates, CRLs, PKCS #10 requests,
enrolment, provisioning, update, and so on, the whole PKI shebang. Here's an
example (from a vendor bid):
https://www.smartdcc.co.uk/media/225235/smart_meter_key_infrastructure_contract_-_schedule_4.1__contractor_solution_.pdf
A lot of this was pushed by CAs and PKI vendors, who were positively drooling
over how much money they could make selling certs and PKI services, e.g:
https://www.entrust.com/wp-content/uploads/2013/05/DS_MSO-DeviceCerts_web_July2012.pdf
but then the rest of the crypto woo-woo isn't much better than the PKI part.
So when vendors take shortcuts, it's not out of laziness (well, not always out
of laziness) but because they have no choice. When faced with impossible
requirements, the best you can do is go through just enough of the motions to
make it look like you're doing what the spec says.
The smart meter mess has been a long time in the making, people have been
warning about it for years. It's an engineered disaster, you could pretty
much see ten years ago that this was how it was going to end up. Having said
that, there are some bright points like LoRaWAN, but I'm not aware of any
smart meter standards (currently) that specify use of LoRa stuff.
Peter.
More information about the cryptography
mailing list