cosem data
TRANSCRIPT
8-9th May 2014 ICSG Istanbul 2014 1
SMART METER DATA EXCHANGE –
FUNCTIONALITY, EFFICIENCY, SECURITY, CONNECTIVITY WITH
DLMS/COSEM
Mr. Gyozo Kmethy President, DLMS User Association
Contents
• The DLMS User Association
• Smart metering standardization
• Interoperability
• Security and privacy
2 8-9th May 2014 ICSG Istanbul 2014
DLMS User Association
• Develops and supports IEC 62056 DLMS/COSEM – Also CENELEC, CEN and national standards
• Registered in Zug, Switzerland • IEC and CENELEC partner • Members: 281 companies from 60+ countries • Meters: 399 DLMS/COSEM compliant types • Key elements
– Modelling: COSEM object model – Secure messaging: DLMS/COSEM Application layer – Transporting: Communication profiles for Telephone, GSM,
GPRS, Internet, PLC, radio, twisted pair, mesh network – Conformance testing
3 ICSG Istanbul 2014 8-9th May 2014
Standardization committees and supporting organizations
CEN TC 294: Non-electricity metering – EN 13757 series M-Bus
CLC TC13: DLMS/COSEM PLC profiles: PRIME-PLC, G3-PLC, SMITP, AMC-SS PLC, OSGP
IEC TC13: DLMS/COSEM data model and application layer, (also used by TC294), Security, IEC 62056-9-1 (G2 IF), IEC 62056 COSEM / IEC 61968-9 CIM mapping
ITU-T: G.9903 G3-PLC, G.9904 PRIME OFDM PLC lower layers
M/441
TC13
TC 205
TC294 Smart M2M
CEN CENELEC ETSI
TC13
TC57
IEC
STS Assn. (Payment)
ITU-T
4 ICSG Istanbul 2014 8-9th May 2014
IEC 62056-1-0: DLMS/COSEM standardization framework
IEC 62056-6-1 OBIS identification
IEC 62056-6-2 COSEM interface classes
IEC 62056-5-3 DLMS Application layer
IEC
62
05
6-3
-1
Euri
dis
IEC
62
05
6-4
2
Ph
y. la
yer
IEC
62
05
6-4
6
HD
LC D
L la
yer
IEC
61
33
4-5
-1
S-FS
K P
LC
IEC
61
33
4-4
-7
TCP
-UD
P/IP
New
co
mm
. te
chn
olo
gie
s
IEC
62
05
6-3
-1
Euri
dis
IEC
62
05
6-7
-6
HD
LC p
rofi
le
IEC
61
33
4-8
-3
S-FS
K P
LC p
rof.
IEC
61
33
4-9
-7
TCP
-UD
P/IP
New
co
mm
. p
rofi
les
Modelling business and
support functions
Comm. services Security
Media specific protocol layers:
Reliable transport
Media specific comm. Profiles Efficient use to
transport DLMS/COSEM
New identifiers New interface
classes to support new use cases
New services
New communication
technologies
PLC
M-Bus
Mesh network
EVOLUTIONARY changes: stability and flexibility
REVOLUTIONARY changes: keep the door open
5 ICSG Istanbul 2014 8-9th May 2014
Achieving a single standard: integrating new use cases, new technologies in DLMS/COSEM
6
IEC 62056-6-1 OBIS identification New identifiers
IEC 62056-6-2 COSEM interface classes New objects
IEC 62056-5-3 DLMS Application layer New services
prT
S 5
20
56
-8-4
P
RIM
E P
LC O
FDM
ITU
_T G
.99
04
P
RIM
E P
LC
prT
S 5
20
56
-8-7
A
MC
-SS
PLC
prT
S 5
05
90
A
MC
-SS
PLC
IEC
62
05
66
-8-6
IS
O/I
EC 1
21
39
-1 P
LC
ISO
/IEC
12
13
9
Ph
y+M
AC
IEC
62
05
6-8
-20
M
esh
net
wo
rk
An
y m
esh
net
wo
rk
IEC
62
05
66
-3-1
Eu
rid
is t
wis
ted
pai
r
IEC
62
05
66
-3-1
Eu
rid
is T
w p
air
IEC
62
05
66
-3-3
w
ired
/ w
-le
ss M
-Bu
s
EN 1
37
57
-2
EN 1
37
57
-4
prT
S 5
05
68
-8
SMIT
P B
-PSK
PLC
prT
S 5
05
68
-4
SMIT
P B
-PSK
PLC
prT
S 5
05
86
O
SGP
B-P
SK P
LC
ISO
/IEC
14
90
8-1
B
-PSK
PLC
prT
S 5
20
56
-8-5
G
3-P
LC O
FDM
ITU
-T G
.99
03
G
3-P
LC
New market requirements, New use cases
Semantic/syntactic interoperability
maintained
Comm.technos developed by CEN,CENELEC, IEC, ISO, ITU-T Coexistence
Comm. profiles to transport
DLMS/COSEM traffic securely and efficiently
“glue” between lower and upper
layers
ICSG Istanbul 2014 8-9th May 2014
Use cases * and supporting COSEM objects
Business process Use case COSEM objects
Contracting and
billing
Obtain meter reading on demand Register, Demand reg., Register activation
Obtain scheduled meter reading Profile, Schedule, Activity calendar, Script
Set and maintain contract
parameters
Data, Register, Parameter monitor,
Account, Credit, Charge
Execute supply control Register monitor, Limiter, Script table,
Disconnect control, Arbitrator
Execute load control Data, I/O control instances, Script table
Consumer support Provide info to consumer Data (Consumer ), Profile (standard
readout instance), Script table, Push setup
Infrastructure
maintenance
Meter commissioning / registration Data (parameters), Communication setup,
Security setup
Meter supervision Data, Profile, Event log ,
Parameter monitor, Diagnostic
Maintenance of security system Association, Security setup, Data protect.
Manage events and alarms Data, event and alarm instances, Profile,
Firmware update Image transfer, Script
Clock synchronisation Clock
Quality of supply supervision Register, Register monitor, Profile
7
* List of use cases taken form IEC 62056-1-0, 13/1574 FDIS
ICSG Istanbul 2014 8-9th May 2014
Interoperability
Semantic interoperability
Syntactic interoperability
Business function interoperability
Business process interoperability
Network interop. / coexistence
IEC 62056-6-2 COSEM model IEC 62056-6-1 OBIS identifiers
IEC 62056-5-3 DLMS/COSEM Application layer
IEC 62056, prTS 52056, prTS 50568, prTS 50586 Communication profiles
FR: Linky
ES: IBERDROLA
India: IS 15959
Italy (gas): UNI/TS 11291�11�2:2014
NL: DSMR
UK: GBSC (DECC)
Saudi Arabia
IDIS
Functional
DLMS/COSEM Conformance
Medium spec. tests
Domains Standards
Provide the toolbox
Project spec. Companion specs
Select the elements supporting the use
cases
Testing
Ensures that everything
works
8 ICSG Istanbul 2014 8-9th May 2014
Privacy and security
• Why to protect? – Privacy of consumers to be respected
– Smart metering becomes critical infrastructure
• What to protect? – Sensitive data and critical commands in transit
– Protection of data in storage is out of the Scope
• Where to protect? – Application layer level – can be used then on any media
– Lower protocol layers e.g. TLS – out of the scope of DLMS/COSEM
• How to protect? – Security algorithms
8-9th May 2014 ICSG Istanbul 2014 9
What to protect?
• Critical commands sent to the meter
– e.g. supply control, opening / closing a contract
• Sensitive data read from the meter
– e.g. consumption patterns, debt
• Meter configuration parameters
– e.g. tariff schedules, contractual parameters
• Payment tokens
• Keys
• Firmware upgrade
8-9th May 2014 ICSG Istanbul 2014 10
Security requirements
• Role based access: Provide selective info
to different roles (utility, reader, consumer)
– Peer authentication, access rights per role
• Integrity: Assurance that the messages
are not altered / damaged
– Message authentication
• Authenticity: Assurance that data are from authentic source
– Message authentication, digital signature, anti replay
• Confidentiality: Assurance that data is not made available or
disclosed to unauthorized people
– Encryption
• Key management
– Key transport or key agreement
• Security logs / alerts
8-9th May 2014 ICSG Istanbul 2014 11
How to protect: DLMS/COSEM security suites
8-9th May 2014 ICSG Istanbul 2014 12
Security Suite Id
Security suite name
Authentica tion
algorithm
Encryption algorithm
Digital signature
Key transport method
Key agreement
method
Suite 0 AES-GCM-128 AES-GCM-128 AES-GCM-128 – AES-128 key wrap
–
Suite 1 ECDH-ECDSA-
AES-GCM-128-SHA-256
AES-GCM-128 AES-GCM-128
ECDSA P-256
(with SHA-256)
AES-128 key wrap
ECDH
P-256
Suite 2 ECDH-ECDSA-
AES-GCM-256-SHA-384
AES-GCM-256 AES-GCM-256
ECDSA P-384
(with SHA-384)
AES-256
key wrap
ECDH
P-384
• FIPS / NIST standards: NSA Suite B • New security suites can be specified and used via upgrades
How to protect: Applying security
8-9th May 2014 ICSG Istanbul 2014 13
xDLMS message
xDLMS message Auth. code Auth
Encrypted xDLMS message Encr
Plain xDLMS message Signature Sig
Encrypted xDLMS message Auth. code Auth+Encr
• Protection determined by • Security policy: applies generally • Access rights: applies locally to each COSEM object attribute /
method access request / response
Application Association
+ + +
Multistage application level protection
8-9th May 2014 ICSG Istanbul 2014 14
Identification
Authenti- cation
Security policy
Access rights
Data protection
params
• Identification and 1 way / 2 way authentication of partners • Security policy: generally message protection requirements • Access rights: read / write / action, local message protection
requirements • Data protection: protection requirements of attribute values,
method invocation parameters
What to protect: messages and data
8-9th May 2014 ICSG Istanbul 2014 15
COSEM object
Atribute #1
Methods
Atribute #n
Atribute #2
COSEM object
Atribute #1
Methods
Atribute #n
Atribute #2
COSEM object
Attribute #1
Methods
Attribute #n
Attribute #2 Access rights
Data protection obj.
Protected buffer
Get protected attrs.
Protection obj. list
Protection params
Set protected attrs.
Invoke protected method
Access rights
Data protection
params
Read / Write attribute COSEM data
Dat
a co
llect
ion
sys
tem
Security policy
Invoke method COSEM data
Read / Write attribute COSEM data
Invoke method COSEM data
DLMS/COSEM E2E security
• Authentication - Encryption - Digital signature • Protection can be applied in a layered fashion
• by market participant, client, server
16 ICSG Istanbul 2014 8-9th May 2014
IEC 62056-6-2 COSEM, IEC 62056-6-1 OBIS new functions, new media
Blue Book Ed. 10:2010
COSEM-OBIS
Blue Book Ed. 11:2013
COSEM-OBIS
Blue Book Ed. 12:2014
COSEM-OBIS
IEC 62056- 6-2/6-1
Ed. 1:2013
COSEM - OBIS
IEC 62056- 6-2/6-1
Amd 1:2014
COSEM - OBIS
IEC 62056- 6-2/6-1
Ed. 2:2015
COSEM - OBIS
• Image transfer, Sensor manager, • Disconnect, Limiter,
Security setup, • M-Bus setup, S-FSK PLC setup
Push setup, Parameter monitor, IPv6, Prime PLC , G3-PLC , ZigBee® setup (to tunnel DLMS)
Payment metering, Arbitrator, Security setup (new version) Data protection, Compact data
17 ICSG Istanbul 2014 8-9th May 2014
Pre-
release
6th May
IEC 62056-5-3 DLMS/COSEM Application layer optimized services, enhanced security
Green Book Ed. 7:2009
COSEM-OBIS
Green Book Ed. 7.3:2013
COSEM-OBIS
Green Book Ed. 8:2014
COSEM-OBIS
IEC 62056- 5-3
Ed. 1:2013
DLMS/COSEM Application
layer
IEC 62056-5-3 Amd 1:2014
DLMS/COSEM Application
layer
IEC 62056- 5-3
Ed. 2:2015
DLMS/COSEM Application
layer
• Symmetric key cryptography • S-FSK PLC profile
• DataNotification service (Push op.) • General Block transfer mechanism • General cryptographic protection APDUs
• Access service (unified GET-SET-ACTION) • Public key crypto: Third party – meter
E2E security, multi-layer, multi-party • XML
18 ICSG Istanbul 2014 8-9th May 2014
Pre-
release
5th May
Conclusion
DLMS/COSEM provides versatile and efficient standards for
smart metering
Global accepted
Semantic and syntactic interoperability
Companion specifications ensure interchangeability
Strong message and data security mechanisms
8-9th May 2014 ICSG Istanbul 2014 19
8-9th May 2014 ICSG Istanbul 2014 20
Many thanks for your attention!