Abstract
Power line communication (PLC) allows home users and industries to transfer data over power cables. Protection of transmitted data is crucial because signals are not limited to “one’s own four walls”. We provide a detailed and structured security analysis of the currently most widely used in-Home PLC standard, namely the Broadband-PLC specification HomePlug AV2 (part of IEEE 1901), and present a design weakness in the pairing process as well as a new offline dictionary attack that can be used to compute the main network key efficiently. We evaluated our attacks on 13 widely used PLC devices and found all of them be vulnerable. We provide different countermeasures and discuss their advantages and disadvantages. We responsibly disclosed the vulnerabilities and are currently supporting the vendors in fixing these issues.
The research was supported by the German state of North Rhine-Westphalia sponsoring the research training group Human Centered System Security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For the certification status, see https://homegridforum.org/certification-overview/.
- 2.
Note that each STA can act as a repeater, allowing longer distances.
- 3.
According to a study conducted by GlobalData [17] the global smart meter market is expected to roll out over 588 million units by 2022.
- 4.
Atheros, Open Powerline Toolkit, https://github.com/qca/open-plc-utils.
References
Adelstein, F., Stillerman, M., Kozen, D.: Malicious code detection for open firmware. In: Proceedings of 18th Annual Computer Security Applications Conference, pp. 403–412. IEEE (2002)
Akhawe, D., Barth, A., Lam, P., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: 2010 23rd IEEE Computer Security Foundations Symposium, pp. 290–304. IEEE (2010)
Alliance, H.P.: IEEE 1901 HD-PLC Complete technical overview (2012). http://www.hd-plc.org/modules/about/hdplc.html
Alliance, H.P.: HomePlug AV Specification (2014)
Alliance, H.P.: HomePlug Powerline Networking Technology Hits Maturation as Global Broadband Standard (2016)
Alves, F.: Vulnerability discovery in power line communications. Ph.D. thesis, Universidade de Lisboa (2015)
Baker, R., Martinovic, I.: EMPower: detecting malicious power line networks from EM emissions. In: Janczewski, L.J., Kutylowski, M. (eds.) SEC 2018. IAICT, vol. 529, pp. 108–121. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99828-2_8
Barth, A., Jackson, C., Mitchell, J.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 75–88. ACM (2008)
Berger, L.T., Schwager, A., Pagani, P., Schneider, D.: MIMO Power Line Communications: Narrow and Broadband Standards, EMC, and Advanced Processing. CRC Press Inc., Boca Raton (2014)
Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552. IEEE (2012)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_12
Cano, C., Pittolo, A., Malone, D., Lampe, L., Tonello, A., Dabak, A.: State of the art in power line communications: from the applications to the medium. IEEE J. Sel. Areas Commun. 34(7), 1935–1952 (2016)
Cui, A., Costello, M., Stolfo, S.: When firmware modifications attack: a case study of embedded exploitation. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, 24–27 February 2013. The Internet Society (2013)
Dudek, S.: HomePlugAV PLC: practical attacks and backdooring (2015)
Dürmuth, M., Güneysu, T., Kasper, M., Paar, C., Yalcin, T., Zimmermann, R.: Evaluation of standardized password-based key derivation against parallel processing platforms. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 716–733. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_41
Qualcomm Atheros via Github: Qualcomm Atheros Open Powerline Toolkit (2018). https://github.com/qca/open-plc-utils
GlobalData: Smart Meters, Update 2018 - Global Market Size, Competitive Landscape, Key Country Analysis, and Forecast to 2022 (2018)
IEEE Standards Association and Others: IEEE standard for broadband over power line networks: medium access control and physical layer specifications. IEEE Std (2010), 1–1586 (2010)
IEEE Standards Association and Others: IEEE standard for broadband over power line networks: medium access control and physical layer specifications - amendment 1: enhancement for internet of things applications. IEEE Std (2010), 1–118 (2019)
Jennings, C., Narayanan, A., Burnett, D., Bergkvist, A.: WebRTC 1.0: Real-time Communication Between Browsers (2014)
Kaliski, B.: PKCS #5: password-based cryptography specification version 2.0, September 2000. http://tools.ietf.org/rfc/rfc2898.txt, rFC2898
Latinov, L.: MD5, SHA-1, SHA-256 and SHA-512 speed performance (2018)
Matchen, M.: What Is Powerline Technology? (2015). https://www.tomshardware.com/reviews/network-switch-guide,4047.html
Newman, R., Gavette, S., Yonge, L., Anderson, R.: Protecting domestic power-line communications. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 122–132. ACM (2006)
Newman, R., Yonge, L., Gavette, S., Anderson, R.: HomePlug AV security mechanisms. In: 2007 IEEE International Symposium on Power Line Communications and its Applications, pp. 366–371. IEEE (2007)
OWASP: Information exposure through query strings in URL (2017). https://www.owasp.org/index.php/Information_exposure_through_query_strings_in_url
Paruchuri, V., Durresi, A., Ramesh, M.: Securing powerline communications. In: 2008 IEEE International Symposium on Power Line Communications and its Applications, pp. 64–69. IEEE (2008)
Puppe, A., Vanderauwera, J., Bartels, D.: HomePlug Security (2010)
Salem, A., Hamdi, K., Alsusa, E.: Physical layer security over correlated log-normal cooperative power line communication channels. IEEE Access 5, 13909–13921 (2017)
Scholz, R., Wressnegger, C.: Security analysis of Devolo HomePlug devices. In: Proceedings of the 12th European Workshop on Systems Security, pp. 7:1–7:6. ACM (2019)
Shiflett, C.: Security Corner: Cross-Site Request Forgeries. Shiflett.org (2004). http://shiflett.org/articles/cross-site-request-forgeries
Sunguk, L.: Security issues of power line multi-home networks for seamless. Data Transmission (2011)
Suomalainen, J., Valkonen, J., Asokan, N.: Standards for security associations in personal networks: a comparative analysis. Int. J. Secur. Netw. 4(1–2), 87–100 (2009)
Tasker, B.: Infiltrating a Network via Powerline (HomePlug AV) Adapters (2014). https://www.bentasker.co.uk/documentation/security/282-infiltrating-a-network-via-powerline-homeplugav-adapters
Tiwari, A.: Electricity meters’ reading comparison: electromechanical, electronic and smart meters (2016)
Ur, B., Bees, J., Segreti, S., Bauer, L., Christin, N., Cranor, L.: Do users’ perceptions of password security match reality? In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pp. 3748–3760. ACM (2016)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hoffmann, S., Müller, J., Schwenk, J., Bumiller, G. (2020). Powerless Security. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds) Applied Cryptography and Network Security. ACNS 2020. Lecture Notes in Computer Science(), vol 12147. Springer, Cham. https://doi.org/10.1007/978-3-030-57878-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-57878-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57877-0
Online ISBN: 978-3-030-57878-7
eBook Packages: Computer ScienceComputer Science (R0)