Using input-output correlations and a modified slide attack to compromise IEC 62055-41

Abstract

Developed initially for pre-paid electricity meters in South Africa, the IEC 662055-41 standard is now the world's most ubiquitous open pre-paid metering standard. The standard is used in 35 million meters operated in 400 utilities in 30 countries. It now serves more users in Asia than in Africa. The standard uses 16 cycles of a block-cipher-like substitution and permutation process to both generate 20 digit tokens (through an encryption process) and to decode 20 digit tokens and determine the number of kWhs procured (through a decryption process), in conjunction with a 64 bit decoder key generated using the Data Encryption standard (DES). Despite its popularity, there is little work on the cryptology aspects of this standard. This paper discusses two types of cryptanalysis techniques used to attack this pre-paid metering standard. The first is a statistical analysis of the encrypted and decrypted inputs and outputs to determine if any correlation between them exists. The second is the use of slide attacks, a technique traditionally used for attacking block ciphers that use the same or ‘weak’ round keys for each encryption/decryption cycle. Using this second cryptanalysis attack, it is shown that 16 of the 64 bits of the decoder key can be exposed, an aspect not intended by its designers. Further combination with other techniques may be used to compromise the entire key.