Navigant Research Blog

Public Key Encryption at Risk?

— September 4, 2013

Presenters at the recent Black Hat Conference in Las Vegas have suggested that the Diffie-Hellman encryption algorithm may soon be cracked.  Okay, they hedged their bets by saying that there is a small chance that it may soon be cracked.  Either way, Diffie-Hellman was developed in the 1970s so let us begin by celebrating a workhorse of cyber security that has so far survived 19 iterations of Moore’s Law.  Whitfield Diffie once described the impact of Diffie-Hellman on his career as, “I did one good week of work in 1975 and have lived off it ever since.”

Why does this matter?  Diffie-Hellman is the basis for asymmetric cryptography, which is in turn the basis for public key infrastructures (PKI), which underpins secure Internet commerce (https web pages).  Beautiful in its simplicity, asymmetric cryptography produces pairs of keys that decrypt each other, one public and one private.  I keep the private key to myself, and I share my public key with, well, the public.  Everybody can have my public key.  Only my private key can decrypt messages encrypted with my public key, and vice versa.  This can be proven with math that is way beyond my comprehension.

So why is this useful?  Two reasons.  First, confidentiality:  If I give you my public key and you use it to encrypt a message to me, then only I can decrypt that message because only I have my private key.  Second, authentication:  If you successfully decrypt a message with my public key then you know that the message must have come from me, because only I could have encrypted it with my private key.

Who Goes There?

Authentication is critical for the energy and utilities industry.  Reliable authentication means that a meter can guarantee that a disconnect request has come from an authorized source.  It means that grid control systems can know that sensor data is coming only from authorized sources.   PKI is seen by most of the world as a way to keep secrets, and it is, but for the power sector, it is also a way to keep out imposters.  Compromise of PKI – cracking Diffie-Hellman – ccould dilute the ability to detect imposters.

The strength of an encryption algorithm can be mathematically proven (or disproven), but secure management of the keys is another matter altogether.  Many successful attacks against encryption do not crack the algorithm but instead hit at the soft underbelly of its deployment.  How are the keys distributed – can they be read while in transit to their owner?  If the keys are escrowed with a third-party is there a convenient route into the escrow site instead?  Does a careless implementation make both encrypted and unencrypted versions of the same message available, leading to a Known Plaintext attack?  This last scenario can be a problem on smart meters that participate in multiple key infrastructures, such as a utility’s WAN and a home’s energy management network.  Data must be decrypted from the WAN to be re-encrypted by a different key into the HEM.  For a short time the meter has a plain-text version of the data.

The point is: Weakness in the deployment of an algorithm can make its inherent strength irrelevant.   The World War II Enigma Shark machine was unbreakable until the Royal Navy salvaged its code books from the captured U-Boat U-559.  (Two British sailors lost their lives trying to reclaim the Enigma machine itself).  Without that code book, there is no way of knowing if Enigma would have been cracked before the end of the war.

In time all encryption methods will be cracked, except one.  For a cyber security practitioner to assume otherwise would be to default upon one’s obligation to be paranoid.   The only provably uncrackable encryption technique is a one-time pad, far too complex to manage for most commercial operations, including smart grids.


Are Your Light Bulbs Hackable?

— September 4, 2013

Just as autumn follows summer, the introduction of new networked devices for smart homes and buildings – embodiments of the Internet of Things (IoT) – are followed by reports of diabolical hacks of these smart devices.  Recent plots have involved hacked toilets and light bulbs, and even columnist/humorist Joe Queenan has warned of hackers replacing your car’s music playlist with “Rod Stewart Chants the Gregorian chant Songbook, Volume 19.”  Personally, I avoided purchasing a Wi-Fi enabled bed this summer, though it had more to do with my wallet than fears of hackers turning my slumber into a chiropractic nightmare.

The public imagination is informed by movies such as 2003’s The Italian Job, where city traffic control and transit systems are hacked from an airport luggage cart, or the security system hacks shown in Ocean’s Eleven.  While these might be dismissed as sensationalized scenes (come on, a stable Wi-Fi signal in an airport baggage claim area?), there are legitimate cases of life imitating art.  So should we fear a world of smart, networked devices?

The recent hoopla over the hack of Philip’s Hue Smart LED light bulbs, which offer efficient and programmable home lighting from your smart phone, is an interesting case.  Apparently the bridge device connecting Hue’s ZigBee-based bulbs to the consumer’s Wi-Fi network was hacked via the Wi-Fi link, yielding control of the lighting system.  Of course, this is a legitimate concern: lighting is critical to safety and security in homes, in commercial buildings, and outdoors.  However, as Philips has noted, the apparent weakness originates in the customer’s Wi-Fi network, not the Hue’s control network.  It doesn’t take much wardriving to understand how many unsecured home Wi-Fi networks exist.  There are likely more high-value hacker targets in these homes (bank records, user passwords, etc.) than the lighting system, but clearly consumer education on proper Wi-Fi security and how this might ultimately impact physical security seems a prudent first line of defense.

The larger issue is that the risks posed by not understanding how security of the underlying network for ‘things’ influences physical security goes well beyond smart bulbs for the home.  Commercial building control systems and smart city systems (lighting, parking, traffic control, etc.) are increasingly based on standard networking technologies.  I recently toured a state-of-the-art smart building where the facility manager was very knowledgeable and justifiably proud of the building’s systems and energy performance.  However, when asked to show us the control network components (such as Ethernet switches, etc.), we received a blank stare.  He not only didn’t know where the network was located but didn’t really understand that it even existed, seeing it as just part of “the Honeywell system” that was installed.   On one hand, this level of transparency indicates good reliability (I wish my home Wi-Fi network was this transparent), but you can’t secure something you don’t know exists.  And this “invisible” network likely was handling all of the climate, lighting, security, access, elevators, and other systems in the building, making life easier for would-be hackers.Slowly awakening to these concerns, the building controls vendor community will need to find ways of engaging the hacker community, following the lead of IT technology suppliers.  Interestingly, there is a growing hacker community for Philip’s Hue system, driven less by malicious intent and more by wanting to do cool things.  Security concerns aside, this is a marketer’s dream come true. 

While it may be fun to joke about the consequences of hacked light bulbs, toilets, and beds, the reality is the Internet of Things, as embodied in smart buildings, cities, and homes, increasingly needs to be viewed as part of the critical infrastructure begging for greater cyber-security awareness – as my colleague, Bob Lockhart, has been writing about for years.


In Eastern Tennessee, the Future of Electricity Generation Takes Shape

— September 4, 2013

It’s been a cool, wet summer in the Southeastern United States, which has meant lower power sales for the Tennessee Valley Authority (TVA), the federally owned utility that serves 9 million customers across seven states in the region.  The TVA said last month that it sold 4% less power and took in 6% less revenue in the third quarter than the same period in 2012, mostly because of the mild weather, a weak economic recovery, and lower fuel prices.

TVA, which brought electricity and running water to much of the Southeast in the decades following the Great Depression, is facing many of the challenges that big utilities across the country face, and it has responded (or has been forced to respond) by beginning to phase out its coal-fired units in favor of gas-fired generation at modern combined cycle plants, including one at the John Sevier power station in Rogersville, Tennessee.  In 2011, the TVA signed a landmark agreement with four states, several environmental groups, and the U.S. Environmental Protection Agency that calls for the retirement of 18 units at three power plants, including the huge Johnsonville Fossil Plant in Tennessee, the Widows Creek Fossil Plant in northern Alabama, and the Sevier plant.  Two of the four units at Sevier have been idled, and the other two will either be equipped with modern emissions control equipment, converted to biomass-fired generation, or retired by the end of 2015.

The agreement, which was spurred by a lawsuit filed by the state of North Carolina over air pollution from TVA plants, also levied a $10 million civil penalty on the utility and calls for $350 million in investment in new pollution controls over the next 5 years.  The Sierra Club called it “one of the largest pollution reduction agreements in the nation’s history.”

Shifting to Gas

The transition at the Sevier plant was not a conversion, per se; TVA determined that switching the existing units to gas-fired generation would be much more costly than simply idling the coal units and building a new combined cycle plant.  The new John Sevier Combined Cycle plant went into commercial operation last year and has 880 MW of total capacity – about 490 MW in single cycle mode and another 390 MW in combined cycle – in which excess heat from the primary gas turbine system is recycled to drive a secondary steam turbine.  TVA says that, compared to the old coal units, the new gas-fired station will produce 40% less air pollution – half the carbon dioxide and 1% sulfur dioxide.

Last year the TVA said it had signed a lease-purchase agreement with an investor group known as John Sevier Combined Cycle Generation LLC, under which the utility will lease the $820 million to the company for $1 billion over 30 years.  Such complicated financing arrangements are a necessary strategy for the TVA, which lost $203 million on revenue of $7.9 billion in the first 9 months of this year.  Pressured by tightening regulations, market forces, and public demand for cleaner power, TVA, like many big utilities, is facing wrenching changes in the coming years.  Switching to advanced natural gas-fired power stations, like the new Sevier plant, offers one way forward for the TVA and for U.S. utilities in general.

For an in-depth examination on switching coal-fired generation capacity to natural gas, please join us for the Navigant Research webinar, Coal to Natural Gas Plant Conversions, on Tuesday September 10 at 2 p.m. Eastern time.


Blog Articles

Most Recent

By Date


Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Finance & Investing, Policy & Regulation, Renewable Energy, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author

{"userID":"","pageName":"2013 September","path":"\/2013\/09?page=7","date":"5\/22\/2018"}