Comments for Clearing the Air About Hacking Into The Smart Grid at http://freaklabs.org , comment 1 to 12 out of 12 comments http://freaklabs.org Thu, 11 Mar 2010 13:06:33 +0100 FeedCreator 1.7.2 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-266 Cripto or not, there are some real issues.Ther are two fundamental entry points. First by hacking the wireless signal (zigbee) between the various devices measuring consumption, the meter (colleting info from the various devices attached to the appliances) and wherever the utility is locating a receiver end-point (connection the backhaul). The second way is by hacking into the utility network. Let's not forget that the idea is to have a two way communication mechanism from the plant to the consumer and vice-versa so that the utilities can help "optimize" consumption and peak load demand. Larger utilities might have the means (and brains) to secure their networks, but experience has shown us that fairly large and secure networks can and have been hacked (refer to TJX, or more recently a major credit cart payment system). - hany teylouni Tue, 14 Apr 2009 11:06:49 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-246 Ed, I agree with your comments - for cheap meter nodes it's not practical to implement the physical key protections that are used in higher end systems (like ATM's). Keeping keys in volatile memory is a pain for the reasons you mention - you need batteries and if for some reason the keys get erased it's a maintenence nightmare. My point is that in every case (including ATMs) you have to assume the keys can get out. And when they do get out, what is the damage that a malicious person can cause with this information? If someone knowing the keys can take complete control over the system, you have a big, big security problem. But a well designed system will attempt to minimize the effects of this and (hopefully) allow detection of the malicious activity. - Ken Thu, 26 Mar 2009 23:08:10 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-245 Interesting comments, Ken. In particular, the answer to your question, "can you really hack the grid from a residential meter?" is assuredly "no, not even close" in my experience. Physical key security is important, of course, but solutions that work in an ATM are impractical for a meter. Consider that the typical residential meter costs less than $100 and is mounted on the side of somebody's house. How physically secure could you make a $100 ATM mounted to the side of my house? There's a physical security seal that the utility applies, but this is to allow detection of tampering, and not to prevent it. As I'm sure you'd be able to guess, JTAG port access to memory is typically disabled during manufacturing by setting a security bit which permanently disables access. Competent people within the industry encrypt stored keys within the device, but key distribution "in the small" is only a slightly less difficult problem than key distribution across the system. Storing keys in volatile memory can work in some instances, but consider the case when there has been widespread outage due to ice storm or hurricane. When power is restored, it's useful for the devices to report this. If the key had been stored in volatile memory, it would be gone by that point so one is left with either reporting restoration in the clear or reprovisioning keys in a system that is already known to have suffered major damage. As with any engineering task, there are many tradeoffs and few answers that are both obvious and correct. - Ed Beroset Thu, 26 Mar 2009 03:54:00 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-240 Great response Ken, which puts it all into context very well. Strangely enough, it's sometimes difficult to convince people that no matter how strong the cryptographic security, it can be severely weakened by poorly-specified systems with regard to non-cryptographic security. - Robert Cragie Wed, 25 Mar 2009 20:58:22 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-235 Thanks for the insight Ken. Also, if you're following the comment thread, I got some feedback from people that are involved in this investigation, but I can't mention too much without causing problems for them. They didn't reveal much anyways, but they did point out that my initial assumptions were wrong and they hinted at some complaints about SCADA. The security company has been working on this for about a year, and I suspect the company was contracted by the same government agency that put out the general call to Zigbee and other groups to organize the smart grid effort. Hence, it seems that I took this issue too lightly in my post. My personal suspicion is that they discovered multiple vulnerabilities, including the 802.15.4/AES attack that was mentioned. They also could have chained those vulnerabilities in creating the worm, hence it could be a system issue and not just with one protocol in particular. Unfortunately, I don't know much more than that, but it was hinted that there would be a follow-on press release with more details so I'm waiting for that before I clear up the air on my "clear up the air" post. - Akiba Wed, 25 Mar 2009 00:22:14 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-234 I have some background in security in banking system, namely ATM machines, where key security is taken very seriously. The attack mentioned in this article is a very basic physical attack on a device to determine the key due to a bad security architecture. Transmitting security keys in the clear (even inside an embedded device) is a huge security risk and would never pass even the most basic security assessment. The issue is more than just using an external 802.15.4 transceiver for the security portion - any device that has an embedded security key is a risk. It doesn't matter if it's symmetric or asymmetric (public/private) key - if someone can have physical access to the device it is possible to get the key out of it. Embedding the key and all the crypto functions inside the micro is a deterrent but by no means is a failsafe way to protect the key. The question is - by giving someone physical access to a device that has a security key, what are the mechanisms that prevent that person from determining what that key is? Can they use JTAG to read the key out of the micro? It is stored in non-volatile memory (EEPROM / Flash)? Even if the device is code protected, what's to stop someone from taking off the chip and getting direct access to the memory (it's not as hard or expensive as it might sound). With an ATM machine, the keys have to be stored in volatile memory. The device also has to have multiple physical security mechanisms that prevent someone from getting physical access to the crypto section - ie if someone opens up the case the keys are erased. The device has to pass multiple independent evaluations and security checks before being approved for use. In the wireless metering case, If these keys are so important what's to keep the technician who originally loaded the keys in the system from selling them to some terrorist organization for a few bucks? Whether through bad design, malicious human activity, or just basic human error - you have to assume the keys will get out. The big question is - who cares if someone gets the keys to this? If someone does figure out the security key inside a sensor node in their home meter, what can they do with it? Can they really "hack" the grid? That's the important part of the security design of these sensor networks - if someone does gain access (and they will), what is done to minimize the effects? Inserting malicious packets such as the worm described into the network should not propagate through the entire system, it should be localized (by the good network design) and detected. - Ken Tue, 24 Mar 2009 23:53:21 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-229 Robert, I admit that I'm not following closely the evolution of various Zigbee specifications, and I will have a look at the smart energy profile, thanks for the hint. Still, the availability of public key cryptography is a question of tradeoffs, cost/energy vs security. I didn't mean that it's impossible to have public key crypto in smart meters, and that would actually make a lot of sense. Aurélien - Aurélien Francillon Tue, 24 Mar 2009 08:57:53 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-227 Even among the security conscious folks, I find that few of them also have deep understanding of embedded systems, and particularly meters, so many of the security stories and recommendations are skewed to IT-centric solutions which aren't practical for embedded systems. There are, however, many things that do translate: e.g. use of static code checking with tools like splint [url]http://www.splint.org[/url] and holding code reviews, etc. Also, there's a lot of good research being done on wireless sensor network security, which, as Aurélien Francillon pointed out, has a lot in common with this problem. - Ed Beroset Tue, 24 Mar 2009 03:18:57 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-226 Aurélien states that smart meters don't have public key cryptography - not necessarily true. ZigBee Smart Energy profile meters use certificate-based public key cryptography based on ECC. ZigBee Smart Energy security has also been audited by a major organisation, which is available to ZigBee members. Whilst cybersecurity and crypto is of course important, it is just as important to focus on the non-crypto aspects as well. Let's face it, if a few select pylons were blown up, it could cause major havoc. And no amount of crypto is going to protect against that. Similarly, meters have to be tamper-proof and the underlying circuitry difficult to hack. The UCA IUG through AMI-SEC (amongst others) has put a lot of effort into specifying a comprehensive set of requirements and use cases covering the whole gamut of security considerations for the Smart Grid. There is a very large industry out there who makes lots of money spreading FUD about cybersecurity so the Smart Grid will inevitably be on their hit list. - Robert Cragie Mon, 23 Mar 2009 21:31:45 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-224 Thanks for the clarification. I was also informed by someone close to the security work that the alert regarding the smart meters was not the side-channel attack but in fact a more serious vulnerability that allows a worm to propagate. I still don't have a lot of details, but if that's the case, then this post was written too hastily. I can't even say for sure that it involves Zigbee or 802.15.4 anymore because propagation would mean that the backhaul was compromised. There are some serious consequences regarding national security if something like this was let out of the gate too early and I should have taken that into account. I believe that more details will be coming up soon and I'll try to keep everyone informed as this unfolds. - Akiba Mon, 23 Mar 2009 20:54:43 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-223 Thanks for the nice review, Actually those smart meters can be seen as a kind of wireless sensors networks. This is a challenging research area on which I'm currently working, my objective is to both analyzes their security and find protocols and techniques to secure them. I just want to make clear that this work (Code injection on Harvard architecture devices, I can't really comment on Travis work on smart meters) was mostly motivated by actually showing that the threat is real, in order to motivate security to be really considered at design time. Like in the wireless sensor network model the smart meters have an inherently difficult to secure. Due to cost reasons they are not tamper resistant and do not have the capability to perform public key cryptography. This makes key distribution difficult, one one hand you can have one key for each device but this does not scales well this makes key management very difficult on the other hand having the same key for all the devices is dangerous. If ever one device is compromised all the devices or communications can be compromised. There are trade-offs possible, yet it remains a difficult problem in practice. Back to the smart grid I think this kind of attacks are actually very useful in order to bring security in the front line to products designers. IMHO this kind of attacks will not derail the move toward a smart grid but could actually make designers start right and consider security seriously. It's still time, if large scale atacks with malicious intent would be performed when such technology were largely deployed that could really derail the smart grid. Aurélien - Aurélien Francillon Mon, 23 Mar 2009 05:30:47 +0100 http://freaklabs.org/index.php/Blog/Misc/Clearing-the-Air-About-Hacking-Into-The-Smart-Grid.html#comment-222 Great response, good and full of information as usual. Enjoyed reading through the details, thanks for writing it down. - Juha Mon, 23 Mar 2009 01:14:56 +0100