cosem data

8-9th May 2014 ICSG Istanbul 2014 1

SMART METER DATA EXCHANGE –

FUNCTIONALITY, EFFICIENCY, SECURITY, CONNECTIVITY WITH

DLMS/COSEM

Mr. Gyozo Kmethy President, DLMS User Association

Contents

• The DLMS User Association

• Smart metering standardization

• Interoperability

• Security and privacy

2 8-9th May 2014 ICSG Istanbul 2014

DLMS User Association

• Develops and supports IEC 62056 DLMS/COSEM – Also CENELEC, CEN and national standards

• Registered in Zug, Switzerland • IEC and CENELEC partner • Members: 281 companies from 60+ countries • Meters: 399 DLMS/COSEM compliant types • Key elements

– Modelling: COSEM object model – Secure messaging: DLMS/COSEM Application layer – Transporting: Communication profiles for Telephone, GSM,

GPRS, Internet, PLC, radio, twisted pair, mesh network – Conformance testing

3 ICSG Istanbul 2014 8-9th May 2014

Standardization committees and supporting organizations

CEN TC 294: Non-electricity metering – EN 13757 series M-Bus

CLC TC13: DLMS/COSEM PLC profiles: PRIME-PLC, G3-PLC, SMITP, AMC-SS PLC, OSGP

IEC TC13: DLMS/COSEM data model and application layer, (also used by TC294), Security, IEC 62056-9-1 (G2 IF), IEC 62056 COSEM / IEC 61968-9 CIM mapping

ITU-T: G.9903 G3-PLC, G.9904 PRIME OFDM PLC lower layers

M/441

TC13

TC 205

TC294 Smart M2M

CEN CENELEC ETSI

TC13

TC57

IEC

STS Assn. (Payment)

ITU-T


IEC 62056-1-0: DLMS/COSEM standardization framework

IEC 62056-6-1 OBIS identification

IEC 62056-6-2 COSEM interface classes

IEC 62056-5-3 DLMS Application layer

IEC

62

05

6-3

-1

Euri

dis

IEC

62

05

6-4

2

Ph

y. la

yer

IEC

62

05

6-4

6

HD

LC D

L la

yer

IEC

61

33

4-5

-1

S-FS

K P

LC

IEC

61

33

4-4

-7

TCP

-UD

P/IP

New

co

mm

. te

chn

olo

gie

s

IEC

62

05

6-3

-1

Euri

dis

IEC

62

05

6-7

-6

HD

LC p

rofi

le

IEC

61

33

4-8

-3

S-FS

K P

LC p

rof.

IEC

61

33

4-9

-7

TCP

-UD

P/IP

New

co

mm

. p

rofi

les

Modelling business and

support functions

Comm. services Security

Media specific protocol layers:

Reliable transport

Media specific comm. Profiles Efficient use to

transport DLMS/COSEM

New identifiers New interface

classes to support new use cases

New services

New communication

technologies

PLC

M-Bus

Mesh network

EVOLUTIONARY changes: stability and flexibility

REVOLUTIONARY changes: keep the door open


Achieving a single standard: integrating new use cases, new technologies in DLMS/COSEM

6

IEC 62056-6-1 OBIS identification New identifiers

IEC 62056-6-2 COSEM interface classes New objects

IEC 62056-5-3 DLMS Application layer New services

prT

S 5

20

56

-8-4

P

RIM

E P

LC O

FDM

ITU

_T G

.99

04

P

RIM

E P

LC

prT

S 5

20

56

-8-7

A

MC

-SS

PLC

prT

S 5

05

90

A

MC

-SS

PLC

IEC

62

05

66

-8-6

IS

O/I

EC 1

21

39

-1 P

LC

ISO

/IEC

12

13

9

Ph

y+M

AC

IEC

62

05

6-8

-20

M

esh

net

wo

rk

An

y m

esh

net

wo

rk

IEC

62

05

66

-3-1

Eu

rid

is t

wis

ted

pai

r

IEC

62

05

66

-3-1

Eu

rid

is T

w p

air

IEC

62

05

66

-3-3

w

ired

/ w

-le

ss M

-Bu

s

EN 1

37

57

-2

EN 1

37

57

-4

prT

S 5

05

68

-8

SMIT

P B

-PSK

PLC

prT

S 5

05

68

-4

SMIT

P B

-PSK

PLC

prT

S 5

05

86

O

SGP

B-P

SK P

LC

ISO

/IEC

14

90

8-1

B

-PSK

PLC

prT

S 5

20

56

-8-5

G

3-P

LC O

FDM

ITU

-T G

.99

03

G

3-P

LC

New market requirements, New use cases

Semantic/syntactic interoperability

maintained

Comm.technos developed by CEN,CENELEC, IEC, ISO, ITU-T Coexistence

Comm. profiles to transport

DLMS/COSEM traffic securely and efficiently

“glue” between lower and upper

layers

ICSG Istanbul 2014 8-9th May 2014

Use cases * and supporting COSEM objects

Business process Use case COSEM objects

Contracting and

billing

Obtain meter reading on demand Register, Demand reg., Register activation

Obtain scheduled meter reading Profile, Schedule, Activity calendar, Script

Set and maintain contract

parameters

Data, Register, Parameter monitor,

Account, Credit, Charge

Execute supply control Register monitor, Limiter, Script table,

Disconnect control, Arbitrator

Execute load control Data, I/O control instances, Script table

Consumer support Provide info to consumer Data (Consumer ), Profile (standard

readout instance), Script table, Push setup

Infrastructure

maintenance

Meter commissioning / registration Data (parameters), Communication setup,

Security setup

Meter supervision Data, Profile, Event log ,

Parameter monitor, Diagnostic

Maintenance of security system Association, Security setup, Data protect.

Manage events and alarms Data, event and alarm instances, Profile,

Firmware update Image transfer, Script

Clock synchronisation Clock

Quality of supply supervision Register, Register monitor, Profile

7

* List of use cases taken form IEC 62056-1-0, 13/1574 FDIS

ICSG Istanbul 2014 8-9th May 2014

Interoperability

Semantic interoperability

Syntactic interoperability

Business function interoperability

Business process interoperability

Network interop. / coexistence

IEC 62056-6-2 COSEM model IEC 62056-6-1 OBIS identifiers

IEC 62056-5-3 DLMS/COSEM Application layer

IEC 62056, prTS 52056, prTS 50568, prTS 50586 Communication profiles

FR: Linky

ES: IBERDROLA

India: IS 15959

Italy (gas): UNI/TS 11291�11�2:2014

NL: DSMR

UK: GBSC (DECC)

Saudi Arabia

IDIS

Functional

DLMS/COSEM Conformance

Medium spec. tests

Domains Standards

Provide the toolbox

Project spec. Companion specs

Select the elements supporting the use

cases

Testing

Ensures that everything

works


Privacy and security

• Why to protect? – Privacy of consumers to be respected

– Smart metering becomes critical infrastructure

• What to protect? – Sensitive data and critical commands in transit

– Protection of data in storage is out of the Scope

• Where to protect? – Application layer level – can be used then on any media

– Lower protocol layers e.g. TLS – out of the scope of DLMS/COSEM

• How to protect? – Security algorithms


What to protect?

• Critical commands sent to the meter

– e.g. supply control, opening / closing a contract

• Sensitive data read from the meter

– e.g. consumption patterns, debt

• Meter configuration parameters

– e.g. tariff schedules, contractual parameters

• Payment tokens

• Keys

• Firmware upgrade


Security requirements

• Role based access: Provide selective info

to different roles (utility, reader, consumer)

– Peer authentication, access rights per role

• Integrity: Assurance that the messages

are not altered / damaged

– Message authentication

• Authenticity: Assurance that data are from authentic source

– Message authentication, digital signature, anti replay

• Confidentiality: Assurance that data is not made available or

disclosed to unauthorized people

– Encryption

• Key management

– Key transport or key agreement

• Security logs / alerts


How to protect: DLMS/COSEM security suites


Security Suite Id

Security suite name

Authentica tion

algorithm

Encryption algorithm

Digital signature

Key transport method

Key agreement

method

Suite 0 AES-GCM-128 AES-GCM-128 AES-GCM-128 – AES-128 key wrap

–

Suite 1 ECDH-ECDSA-

AES-GCM-128-SHA-256

AES-GCM-128 AES-GCM-128

ECDSA P-256

(with SHA-256)

AES-128 key wrap

ECDH

P-256

Suite 2 ECDH-ECDSA-

AES-GCM-256-SHA-384

AES-GCM-256 AES-GCM-256

ECDSA P-384

(with SHA-384)

AES-256

key wrap

ECDH

P-384

• FIPS / NIST standards: NSA Suite B • New security suites can be specified and used via upgrades

How to protect: Applying security


xDLMS message

xDLMS message Auth. code Auth

Encrypted xDLMS message Encr

Plain xDLMS message Signature Sig

Encrypted xDLMS message Auth. code Auth+Encr

• Protection determined by • Security policy: applies generally • Access rights: applies locally to each COSEM object attribute /

method access request / response

Application Association

+ + +

Multistage application level protection


Identification

Authenti- cation

Security policy

Access rights

Data protection

params

• Identification and 1 way / 2 way authentication of partners • Security policy: generally message protection requirements • Access rights: read / write / action, local message protection

requirements • Data protection: protection requirements of attribute values,

method invocation parameters

What to protect: messages and data


COSEM object

Atribute #1

Methods

Atribute #n

Atribute #2

COSEM object

Atribute #1

Methods

Atribute #n

Atribute #2

COSEM object

Attribute #1

Methods

Attribute #n

Attribute #2 Access rights

Data protection obj.

Protected buffer

Get protected attrs.

Protection obj. list

Protection params

Set protected attrs.

Invoke protected method

Access rights

Data protection

params

Read / Write attribute COSEM data

Dat

a co

llect

ion

sys

tem

Security policy

Invoke method COSEM data

Read / Write attribute COSEM data

Invoke method COSEM data

DLMS/COSEM E2E security

• Authentication - Encryption - Digital signature • Protection can be applied in a layered fashion

• by market participant, client, server


IEC 62056-6-2 COSEM, IEC 62056-6-1 OBIS new functions, new media

Blue Book Ed. 10:2010

COSEM-OBIS


COSEM-OBIS


COSEM-OBIS

IEC 62056- 6-2/6-1

Ed. 1:2013

COSEM - OBIS

IEC 62056- 6-2/6-1

Amd 1:2014

COSEM - OBIS

IEC 62056- 6-2/6-1

Ed. 2:2015

COSEM - OBIS

• Image transfer, Sensor manager, • Disconnect, Limiter,

Security setup, • M-Bus setup, S-FSK PLC setup

Push setup, Parameter monitor, IPv6, Prime PLC , G3-PLC , ZigBee® setup (to tunnel DLMS)

Payment metering, Arbitrator, Security setup (new version) Data protection, Compact data


Pre-

release

6th May

IEC 62056-5-3 DLMS/COSEM Application layer optimized services, enhanced security

Green Book Ed. 7:2009

COSEM-OBIS

Green Book Ed. 7.3:2013

COSEM-OBIS

Green Book Ed. 8:2014

COSEM-OBIS

IEC 62056- 5-3

Ed. 1:2013

DLMS/COSEM Application

layer

IEC 62056-5-3 Amd 1:2014


layer

IEC 62056- 5-3

Ed. 2:2015


layer

• Symmetric key cryptography • S-FSK PLC profile

• DataNotification service (Push op.) • General Block transfer mechanism • General cryptographic protection APDUs

• Access service (unified GET-SET-ACTION) • Public key crypto: Third party – meter

E2E security, multi-layer, multi-party • XML


Pre-

release

5th May

Conclusion

DLMS/COSEM provides versatile and efficient standards for

smart metering

Global accepted

Semantic and syntactic interoperability

Companion specifications ensure interchangeability

Strong message and data security mechanisms



Many thanks for your attention!

[email protected]

mailto:[email protected]

mailto:[email protected]

cosem data

Documents