Open Smart Grid Protocol under scrutiny after ‘easy to break’ report

Open Smart Grid Protocol architecture criticised
European standards body Open Smart Grid Protocol cryptography is deployed in millions of smart meters globally

European standards body the Open Smart Grid Protocol (OSGP) is preparing to release an update to its specifications despite recent criticism from a pair of academics on the security of its architecture.

The study by Philipp Jovanovic of Germany’s University of Passau and Samuel Neves of Portugal’s University of Coimbra found weaknesses in the group’s cryptographic architecture.

In a research paper titled ‘Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol’ released in April 2015, the pair claim “failures in the design and implementation of authenticated encryption schemes are a common sight and there are numerous examples”.

The researchers said the authenticated encryption scheme deployed by the independent not-for-profit group to protect data transmitted through communications channels is easy to break.

No smart meter security breach

OSGP said “there have not been any reported security breaches” of any deployed smart metering or smart grid system built with the current OSGP specifications, and that systems built with these specifications include a “comprehensive multi-layer security system that has always been mandatory”.

The protocol was developed by the Energy Service Network Association and has been a standard of the European Telecommunications Standards Institute (ETSI) since 2012.