Saturday, June 26, 2010

Smart Grids and the Importance of Smart Security Choices

I got a flyer in my mail a couple of days ago, telling me that my local utility company would be coming out soon to install a smart meter on my house. Like most customers, I didn't think too much about it, until the new meter was installed today. That's when my curiosity got the better of me - even though I arrived home after dark, I had to go take a look at the shiny new toy on the side of my house.

At first glance, it was somewhat disappointing. The rusty old box surrounding the meter (which has probably been there since the house was built in 1942) hadn't been replaced. Sure, the new meter had a nice little LED, and I even saw a kWh reading flash by...but it was still a meter, nothing too exciting. There was, however, a prominent display of the manufacturer's name - Elster - and a model number, R2SD (commonly known as REX2), off in the corner. "Hmmm," I thought. "I should go Google that. I wonder what protocol it speaks?"

My search immediately turned up a link to a Canadian regulatory document approving the use of this type of meter in the country. Reading through it, I immediately turned up some security red flags:
  • "The REX2 meter is equipped with 900MHz radio frequency communications..."
  • "...the meter has the ability to update the communications firmware remotely."
  • "When the meter is registered to the local area network (LAN) it may display a registration number of the collector."

Doomsday scenarios immediately began popping into my head. 900MHz is an open, easily accessed frequency here in the United States; what is there to prevent pranksters, criminals, or even Google Street View cars from accessing my meter while they drive down the street? Hacking programmable road signs to warn of "Zombies Ahead" was funny; somebody coming along and making my meter tell the power company to up the voltage could mean my house burns down. The remote kill ability cheerly advertised in the flyer sent by the power company as a "feature" could easily be abused to whack power to entire neighborhoods with a few keyboard strokes. Oh, and what if someone uploaded a malicious new piece of firmware to my power meter, and ended up with complete control of the electricity coming into my house - or worse yet, used my meter as an access point to break into the larger electrical grid?

Digging a little further, I got a little reassurance when I found my meter's specifications page, which, handily enough, included a "Security" tab at the bottom. It seems that these meters use 128-bit AES encryption when talking to the Energy Axis network, which is in use by my utility company for transferring data to and from these new smart meters. That proves that the manufacturers are at least thinking about security, and provides a moderate barrier to entry for anyone trying to tamper with the system.

The data transmission itself uses the ZigBee protocol - which, surprisingly enough, is an open standard, freely available to anyone who wants to wade through a 604-page brick of a specification. Since digesting that will take some time, I decided to simply read the Wikipedia article instead, which again had a handy security-related section. The initial sentence there was great:

"As one of its defining features, ZigBee provides facilities for carrying out secure communications, protecting establishment and transport of cryptographic keys, cyphering frames and controlling devices."

Wow! Security built right in - how great is that?

Well, as it turns out...not so great. Things went from bad:

"This part of the architecture relies on the correct management of symmetric keys and the correct implementation of methods and security policies."

...to worse:

"Keys are the cornerstone of the security architecture; as such their protection is of paramount importance, and keys are never supposed to be transported through an insecure channel. There is a momentary exception to this rule, which occurs during the initial phase of the addition to the network of a previously unconfigured device."

Yes, that's right, folks: this protocol sends its encryption keys over the network in plaintext when it starts up for the first time. I know, I know, the window of opportunity is maybe 30 seconds...but really, you couldn't think of some way to avoid sending the keys to the kingdom over an insecure channel, even if it is only once?

Still, I'll take an open standard whose creators at least had security in mind when they wrote it over one of the myriad closed, poorly documented SCADA protocols in use throughout the utility industry, where devices will happily reply to any query without a hint of authentication and the entire network is assumed to be safe. Some security is better than no security at all.

Given the inevitability of the smart grid - not only is it being hyped by politicians of every stripe, my power company's FAQs tell me that I could not have opted out even if I had wanted to - we clearly can no longer rely on the typical SCADA security model of "don't plug it into the Internet and we'll be cool." Networked toasters may not be here yet, but networked power is, and the people who run these systems need to be thinking long and hard about security, and making sure that they implement it as intelligently as possible. Let's make sure that we, as both the general public and the security industry, keep our eyes on these folks as more and more networked utilities roll out - because after all, what good are your firewall, IDS, and AV systems if you lose power to all of your machines?

1 comment:

  1. What you stated isn't necessarily true. Although ZigBee can operate in a mode where keys are exchanged in the clear, that is not the case for the "ZigBee Smart Energy" profile which is used with your meter.

    In the profile, joining keys are shared out of band (e.g. over the AMI network) and these keys are used to distribute a secret network key across the wireless network. Nothing is ever sent in the clear. In fact, ZigBee Smart Energy goes to great lengths in order to certify the authenticity of each joining device through a method called ceritificate-based key exchange.

    Certainly there are security concerns but its not quite as nighmarish as the picture you portrayed.

    ReplyDelete

Post a Comment