Research Team Confirm Major Flaw within Internet of Things' Security

12/05/2015

News image

The security research team at Edinburgh Napier University has confirmed the findings of researchers who have found flaws in the encryption used within smart grid devices.

With this they found that it was possible to recover the private key used by devices which used by the Open Smart Grid Protocol (OSGP), and which is used extensively with smart meters and smart grid devices. 

The smart grid is an extension to the interconnection of computers, but using consumer devices, such as electrical meters. In this way electrical devices in the home could connect to the public Internet, and thus be vulnerable to external threats.

So the days when someone called at your home to check your meter are rapidly going, as the meters can be remotely monitored. Normally these devices communicate using secure tunnels, where a public key is used to encrypt the data for the tunnel, and a private key on the other side is used to decrypt it. Thus, if the private key was stolen, the messages could be read, and even modified, by an intruder.

Overall OSGP was developed by ESNA (Energy Service Network Association), and is defined as a standard by ETSI (European Telecommunications Standards Institute). It was standardised in 2012, but has been under fire for the way it has went its own way in developing new cryptography methods.

More details here.

 
[Read More]

Associated people

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759
Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Resources