Presenters at the recent Black Hat Conference in Las Vegas have suggested that the Diffie-Hellman encryption algorithm may soon be cracked. Okay, they hedged their bets by saying that there is a small chance that it may soon be cracked. Either way, Diffie-Hellman was developed in the 1970s so let us begin by celebrating a workhorse of cyber security that has so far survived 19 iterations of Moore’s Law. Whitfield Diffie once described the impact of Diffie-Hellman on his career as, “I did one good week of work in 1975 and have lived off it ever since.”
Why does this matter? Diffie-Hellman is the basis for asymmetric cryptography, which is in turn the basis for public key infrastructures (PKI), which underpins secure Internet commerce (https web pages). Beautiful in its simplicity, asymmetric cryptography produces pairs of keys that decrypt each other, one public and one private. I keep the private key to myself, and I share my public key with, well, the public. Everybody can have my public key. Only my private key can decrypt messages encrypted with my public key, and vice versa. This can be proven with math that is way beyond my comprehension.
So why is this useful? Two reasons. First, confidentiality: If I give you my public key and you use it to encrypt a message to me, then only I can decrypt that message because only I have my private key. Second, authentication: If you successfully decrypt a message with my public key then you know that the message must have come from me, because only I could have encrypted it with my private key.
Who Goes There?
Authentication is critical for the energy and utilities industry. Reliable authentication means that a meter can guarantee that a disconnect request has come from an authorized source. It means that grid control systems can know that sensor data is coming only from authorized sources. PKI is seen by most of the world as a way to keep secrets, and it is, but for the power sector, it is also a way to keep out imposters. Compromise of PKI – cracking Diffie-Hellman – ccould dilute the ability to detect imposters.
The strength of an encryption algorithm can be mathematically proven (or disproven), but secure management of the keys is another matter altogether. Many successful attacks against encryption do not crack the algorithm but instead hit at the soft underbelly of its deployment. How are the keys distributed – can they be read while in transit to their owner? If the keys are escrowed with a third-party is there a convenient route into the escrow site instead? Does a careless implementation make both encrypted and unencrypted versions of the same message available, leading to a Known Plaintext attack? This last scenario can be a problem on smart meters that participate in multiple key infrastructures, such as a utility’s WAN and a home’s energy management network. Data must be decrypted from the WAN to be re-encrypted by a different key into the HEM. For a short time the meter has a plain-text version of the data.
The point is: Weakness in the deployment of an algorithm can make its inherent strength irrelevant. The World War II Enigma Shark machine was unbreakable until the Royal Navy salvaged its code books from the captured U-Boat U-559. (Two British sailors lost their lives trying to reclaim the Enigma machine itself). Without that code book, there is no way of knowing if Enigma would have been cracked before the end of the war.
In time all encryption methods will be cracked, except one. For a cyber security practitioner to assume otherwise would be to default upon one’s obligation to be paranoid. The only provably uncrackable encryption technique is a one-time pad, far too complex to manage for most commercial operations, including smart grids.