“Vulnerability Discovery in Power Line Communications”
Master’s thesis, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Jul. 2015
Abstract: Powerline communication (PLC) is a form of data transfer, where the electric infrastructure is used for both power supply and network connection. PLC can be employed in industrial or home environments. In home environments, powerline is used to extend the internet connectivity through the house’s electric infrastructure. Powerline adapters are connected to a house’s power sockets, and these adapters provide connectivity throughout the house. A router is linked to one of the adapters to establish the connection, and other adapters are used to decode the powerline signal. These adapters provide an easy manner to extend a home network without the use of various routers, Wi-Fi, repeaters or new cables. In industrial environments, PLC is used (for example) to provide real time data about the electric consumption in the electric grid, allowing fine control of the required/used electricity. With this control, electric suppliers produce electricity more efficiently, reducing production costs and prices for the final consumers. Device manufacturers created alliances to standardize their products, developing protocols and guidelines to this effect. We present a summary of some of these standards. These protocols include security measures in their specifications (like cryptography), but some protocols have already been proven unsafe. In this work, we study the HomePlug protocol which is commonly used to extend connectivity inside homes. We describe a design vulnerability present in the HomePlug, in one of the cryptographic key exchange mechanisms. An attacker who listens to the medium can steal the critical network keys. To prove this vulnerability, we created a malicious adaptor by updating it with malicious firmware. Although we ran a large battery of tests in the adaptor, we were unable to prove the vulnerability. Nevertheless, we provide an insight on a series of attacks that can be done using a malicious adaptor as an attack point, which can be used in the future to extend this work.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)