PROJECTE FINAL DE CARRERA Anàlisi Teòric De Les Debilitats De Seguretat Dels Estàndards Per a La Medició Intel·Ligent
Total Page:16
File Type:pdf, Size:1020Kb
PROJECTE FINAL DE CARRERA Anàlisi teòric de les debilitats de seguretat dels estàndards per a la Medició Intel·ligent (Theoretical analysis of security features and weaknesses of telecommunication specifications for Smart Metering) Estudis: Enginyeria de Telecomunicació Autor: Albert Prats Vidal Director/a: Ing. Zbyn ěk Kocur Any: 2011/2012 2 Theoretical analysis of security features and weaknesses of telecommunication specifications for Smart Metering CONTENTS Collaborations ………………...…………………………………………. 8 Resum del projecte ………… …………………………... ………………. 9 Resumen del proyecto ……………………… ……………………… …. 10 Abstract ………………………………………… ……………………... 11 List of figur es ………………………………….. ………...…………….. 12 1. Introduction ……………………………………………………..…... 1 5 2. G PRS ………………………………………………………………… 1 7 2.1 Introduction ……………………………………………………………………... 1 7 2.2 GPRS network …………………………………………………………………... 1 8 2.2.1 Mobile stations ( MS) ……………………………………………………….... 1 8 2.2.2 The fixed net work ……………………………………………………………. 1 9 2.3 GPRS protocol st ack …………………………………………………………….. 20 2.4 Security on GP RS ……………………………………………………… ……….. 21 2.4.1 Identities ……………………………………………………………………... 21 2.4.2 Subscriber identity confidentiality …………………………………………… 22 2.4.3 GPRS Authentica tion ………………………………………………………... 22 2.4.4 GPRS Cipheri ng ……………………………………… ……………………... 2 4 2.4.5 GPRS backbone se curity …………………………………………………….. 2 5 2.5 Attacks on GPRS se curity ………………………………………………………. 2 7 2.5.1 Mobile Station an d SIM ……………………………………………………... 2 7 2.5.1.1 Attacks on the S IM card ……………………………………………….…. 2 7 2.5.2 Access netw ork …………………………………………………………….… 2 8 2.5.2.1 Denial of Service (DoS ) attack ………………………………………….... 2 8 2.5.2.2 Man-in-the-Middle (Mi tM) attack ………………………………………... 2 9 2.5.3 Attacks on the GPRS co re network ………………………………………….. 30 2.5.3.1 Attacks on the IP te chn ology ……………………………………………... 30 2.5.3.2 Attacks on the SS7 te chnology ………………………………………….... 31 2.5.3.3 Attacks on the interface between network operators ……………………... 32 2.5.3.4 Attacks on the interface to the public Internet ……………………………. 33 2.6 GPRS Solutions for smart metering …………………………………………….. 3 5 2.6.1 AEM Three-phase electricity electr onic meter Enerlux T …………………… 3 5 2.6.2 Digital Multi-tariff meter DMTZ -XC ……………………………………..…. 36 3. ZIGBEE/8 02.15.4 ……………………………………………………. 3 7 3.1 Introduction …………………………………………………………………...… 3 7 3.2 Physical layer overview …………………………………………………….…… 38 3 Theoretical analysis of security features and weakne sses of telecommunication specifications for Smart Metering 3.3 MAC layer over view ……………………………………………………………. 3 9 3.4 Network layer overv iew ……………………………………………………..….. 41 3.5 Application layer overview …………………………........... ..........................….. 43 3.6 Security on ZigB ee …………………………………………………………...…. 45 3.6.1 802.15.4 MAC layer s ecurity ……………………………………………. .…. 45 3.6.1.1 Security objective s …………………………………………………......…. 4 6 3.6.1.2 Security modes …………………………………………………………… 4 6 3.6.1.3 Security sui tes ………………………………………………………….…. 4 7 3.6.1.4 AES-CTR suite …………………………………………………………… 4 7 3.6.1.5 AES-CBC-MA C suite ……………………………………………….…… 4 9 3.6.1.6 AES-CCM su ite …………………………………………………… ….….. 50 3.6.1.7 PIB security mat erial ……………………………………………………... 52 3.6.2 ZigBee specification secu rity …………………………………………...…… 53 3.6.2.1 Security keys ……………………………………………………………… 53 3.6.2.2 Trust center …………………………………………………………..…… 54 3.6.2.3 Network layer secu rity ………………………………………………...….. 54 3.6.2.4 Application layer security ………………… …………………………….... 55 3.6.2.4.1 Symmetric-Key Key Estab lishment Protocol …………………………. 5 7 3.6.2.4.2 Mutual Entity Authentica tion protocol …………………………..……. 5 7 3.7 Possible attacks on 802.15 .4 security …………………………………………… 5 9 3.7.1 Same-nonce at tack …………………………………………………………… 5 9 3.7.2 Replay-protection a ttack ………………………………………………...…… 5 9 3.7.3 ACK attack ………………………………………………………...………… 5 9 3.7.4 Jamming att ack ………………………………………………………………. 60 3.7.5 Exhausti on …………………………………………………………………… 60 3.7.6 Collision … ………………………………………………………………….... 61 3.7.7 Unfairnes s ………………………………………………………….………… 61 3.8 Possible attacks to ZigBe e NWK layer …………………………………………. 62 3.8.1 Route disruption in the cluster tree by a compromised device ………….…… 62 3.8. 2 Route disruption in the cluster tree by a compromised coordinator …………. 63 3.8.3 Loop in the cluster t ree ………………………………… ………………...….. 63 3.9 ZigBee solutions ……………………………………………………………….... 65 3.9.1 Freescale solu tion ……………………………………………………………. 65 3.9.1.1 Freescale electronic three -phase e lectricity meter …………………...…… 65 3.9.2 Texas Instruments so lution ………………………………………………..…. 66 3.9.2.1 CC2530 ZigBee So C solution ……………………………………….…… 6 6 4. Raconet ………………………………………………...…………….. 6 8 4.1 Introduction ……………………………………………………………………... 6 8 4.2 Raconet network global per formance ………………………………………….... 6 9 4.3 Raconet layers ……………………………………………………………...……. 70 4.4 Security on rac onet ……………………………………………………………… 70 4.5 Attacks that may be performed on raconet ……………………………………… 71 4 Theoretical analysis of security features and weaknesses of telecommunication specifications for Smart Metering 4.6 EMH-metering Racon et ……………………… ……………………………...….. 72 4.6.1 Raconet repeat er RNRE ……………………………………………………… 72 4.6.2 Data collecto r RNDC ………………………………………………………… 72 4.6.3 Raconet MAUS RNMA ……………………………………………...………. 74 4.6.4 Raconet Gatew ay RNMB ……………………………………………….…… 75 4.6.5 Digital Multi-Rate Meter – ED2000 ……………………………………...….. 7 7 4.6.6 Raconet software tools …………………………………………………..…… 7 8 4.6.6.1 Meter communication and configuration program EMH -COM ………….. 78 4.6.6.2 EMH-COM Control Center ……………………………………...……….. 7 8 4.6.6.3 Meter communication and configuration program EMH -COMBI -MASTER 2000 …………… ………………………………………………………………….….. 7 9 5. Blueto oth …………………………………………………………….. 80 5.1 Introduction …………………… …………………… …………………….…….. 80 5.2 Bluetooth RF layer o verview ……………………………………………….…… 81 5.3 Bluetooth Baseband layer ov erview …………….………………………...…….. 82 5.4 Link Manager Protocol lay er overview …………………………………………. 84 5.5 Host Controller Interface (HCI) laye r overview ………...…………………...….. 84 5.6 Logical Link Control and Adaptation Protocol (L2CAP) layer overview ...……. 85 5.7 RFCOMM protocol layer overview …………………………………………….. 85 5.8 Profiles overvie w ………………………………….……………………..……… 8 6 5.9 Security in Bluetoot h ………………………………..…………………...……… 8 7 5.9.1 Security servic es ………………………………………………………...…… 8 7 5.9.2 Security modes ……………………………………………….…………...…. 8 7 5.9.3 Bluetooth security chain o f events ……………………….…………………... 8 8 5.9.4 Security entities …………………… ………………………………..……….. 8 9 5.9.5 Bluetooth security types of keys ………………………………………...…… 8 9 5.9.6 Algorithms in Bluetooth s ecurity ………… ………………….…………...…. 90 5.9.7 Link Key (LK) gener ation ……………………………….…………………... 91 5.9.8 Bluetooth Authentication … ………………………………..……………….... 92 5.9.9 Bluetooth confidential ity …………………………………………....……….. 93 5.9.10 Trust Levels, Service Levels and Authorization ……………………..…… ...94 5.10 Possible attacks to Bluetooth …… ……………………….………….............…. 95 5.10.1 BlueSnarfing … ………………………………………....…………………... 95 5.10.2 BlueBuggin g …………………………………..……………………………. 95 5.10.3 Fuzzing attacks ……………………….…………………. ............................. 95 5.10.4 HeloMoto …………………………………..……………………………….. 9 6 5.10.5 BlueSmack ………………… …….………………………………………..... 9 6 5.10.6 Relay attacks … ………………………………..……………………...…….. 9 6 5.10.6.1 Two-Sided Relay a ttack ……………………….……………………….... 9 7 5.10.6.2 One-Sided Relay a ttack …………………………………..……………... 9 8 5.10.7 Attack to the pairing process ………………………. ……………..………... 9 9 5.11 Solution for Bl uetooth …………………………………..………… ...……….. 100 5 Theoretical analysis of security features and weakne sses of telecommunication specifications for Smart Metering 5.11.1 Three phase remote disconnection and re-connection meter Eis RDC3 … .... 100 6. PRI ME ……………… ……………………... ………………………. 101 6.1 Introduction …………………………………… ………… ………….… …….... 101 6.2 Arc hitecture of the system ………………… …………….. ……………….…… 102 6.3 Physical layer overview ………………………………… .. ………………... ….. 102 6.4 MAC laye r overview ……………………………………… .. …………… ……. 104 6.5 Convergence layer overview ………………………………… .. ……… …...….. 104 6.6 Security o n PRIME …………………………………………… ..…… ...………. 105 6.6.1 Securi ty Profile 0 …………………………………………… .. …………….. 105 6.6.2 Secur ity Profile 1 …………………………………………… ….. …..……… 105 6.6.3 Negotiation of the Securi ty Profile … ……………………………….……… 10 6 6.6.4 Cryptographic algorithm …………………………………………..…...…… 10 6 6.6.5 Algorithm for key deriva tion ……………………………………..……...…. 10 6 6.6.6 Key Hierarchy …………………………………………...………………….. 10 7 6.6.7 Key distribution and m anagement …………………………………….……. 10 9 6.6.8 Data encryption algorithm … …………………………………...…………... 10 9 6.6.9 Transmitter MAC Securit y Module …………………………………...……. 1 11 6.6.10 Receiver MAC Security Module ……………………………….………..... 1 12 6.7. Possible attacks to PR IME …………… ………………………………....……. 1 13 6.7.1 Exposition of the keys … ………………………………………….………... 1 13 6.7.2 Denial of Service (DoS) a ttacks ………………………………………....…. 1 13 6.7.3 Identity protecti on ………………………………………………….…….…. 1 14 6.8 PRIME solutions for smart metering …………………………………..………. 1 15 6.8.1 Landis+Gyr E450-PRIME ……… ……………………………….............…. 1 15 6.8.2 ADDM2102 Modem boar d for PRIME ………………………………..…… 11 6 7. PLC G 3 …………………………………………………….……….. 11 7 7.1 Introduction …… …………………………………………………………...….. 11 7 7.2 Physical layer overv iew ……………………………………………………...… 11 8 7.3 M AC layer overview ……………… …………………………………........ ....... 120 7.4 6LoWPAN Adaptation layer overview ……………………………………..…. 1 20 7.5 Security on PLC