BEST AVAILABLE TECHNIQUES REFERENCE … · Cyber-Security .....133 ... Firewall ... Data are...

EUROPEAN COMMISSION

BEST AVAILABLE TECHNIQUES REFERENCE

DOCUMENT

for the cyber-security and privacy of the 10 minimum functional

requirements of the Smart Metering Systems

Date: 07/11/2016

Version: 5.0

Status: Final

Authors:

Smart-Grid Task Force Stakeholder

Forum

Edited by: P. Berends, M. John, N. Medeiros, S.

Petitcolas, W. Ton, W. Strabbing, D.

Johnson, F. Ennesser, A. M. Praden, H. J.

Jørgensen, I. Vakalis, I. Nai Fovino

Revised by: I. Nai Fovino (DG-JRC)

EU Classification UNCLASSIFIED

of 211

Table of Contents

1. Executive Summary ................................................................................................... 9

2. Description of the Context ....................................................................................... 10

2.1. BAT definition and process ....................................................................................... 10

2.2. The Approach ............................................................................................................. 11

2.3. Overall structure ........................................................................................................ 12

2.4. Duration ...................................................................................................................... 12

3. Reference Model ...................................................................................................... 14

4. Minimum Functional Requirements ...................................................................... 17

4.1. Complementing Scenarios ......................................................................................... 20

5. Technical Evaluation Metrics for the selection of Best Available Techniques .... 24

5.1. Evaluation Framework .............................................................................................. 24

5.2. Dimensions to be evaluated ....................................................................................... 26

5.3. Criteria for dimension evaluation ............................................................................ 26 5.3.1. Cyber-Security Dimension.................................................................................................... 26 5.3.2. Privacy and Data protection Dimension ............................................................................... 31 5.3.3. Maturity and Upgradeability of Technique ........................................................................... 34 5.3.4. Impact of Technique towards Architecture ........................................................................... 35

5.4. Economic Estimation ................................................................................................. 36

6. Information Gathering and Clustering Process description ................................. 37

7. Techniques Clustering ............................................................................................. 40

8. Techniques in the context of the 10 Common Minimum functional requirements

52

9. Analysis of the techniques gathered for COMPONENT O* ................................. 54

9.1. Access Control ............................................................................................................ 54 9.1.1. Username/password or PIN .................................................................................................. 54

Evaluation of Use case 1, Consumer access ................................................................ 54 Cyber-Security ............................................................................................................ 54 Privacy and Data Protection ........................................................................................ 55 Maturity and Upgradeability of Technique ................................................................. 55 Impact of Technique towards Architecture ................................................................. 56 Ranking Summary ....................................................................................................... 57

(a) Password sent on the interface and verified on server side .............................................. 57 (b) Password stored and verified locally in tamper resistant module .................................... 58

Evaluation of Use cases 2 and 3 - User is not in control of data collected ................. 58 Cyber-Security ............................................................................................................ 58 Privacy and Data Protection ........................................................................................ 59

Maturity and Upgradeability of Technique ................................................................. 59 Impact of Technique towards Architecture ................................................................. 59 Ranking Summary ....................................................................................................... 60 Evaluation of Use cases 2 and 3 – User is in control of data collected ....................... 60 Cyber-Security ............................................................................................................ 60 Privacy and Data Protection ........................................................................................ 61 Maturity and Upgradeability of Technique ................................................................. 61 Impact of Technique towards Architecture ................................................................. 61 Ranking Summary ....................................................................................................... 62

of 211

9.1.2. One-time password ............................................................................................................... 62 Evaluation of Use case 1 ............................................................................................. 63 Cyber-Security ............................................................................................................ 63 Privacy and Data Protection ........................................................................................ 63 Maturity and Upgradeability of Technique ................................................................. 64 Impact of Technique towards Architecture ................................................................. 64 Ranking Summary ....................................................................................................... 65 Evaluation of Use case 2, 3 ......................................................................................... 65

9.1.3. 2 factor authentication .......................................................................................................... 65 Evaluation of Use case 1 ............................................................................................. 66 Cyber-Security ............................................................................................................ 66 Privacy and Data Protection ........................................................................................ 66 Maturity and Upgradeability of Technique ................................................................. 67 Impact of Technique towards Architecture ................................................................. 67 Ranking Summary ....................................................................................................... 68

If authentication is performed locally without communication required:....................................... 68 Evaluation of Use case 2, 3 ......................................................................................... 69

9.1.4. Pre-shared secrets and TLS with client certificates .............................................................. 69 Evaluation of Use case 1 ............................................................................................. 69 Cyber-Security ............................................................................................................ 69 Privacy and Data Protection ........................................................................................ 70 Maturity and Upgradeability of Technique ................................................................. 70 Impact of Technique towards Architecture ................................................................. 71 Ranking Summary ....................................................................................................... 71 Evaluation of Use cases 2-3 ........................................................................................ 72 Ranking Summary ....................................................................................................... 73

Best case (high bandwidth network): ............................................................................................. 73

9.2. Cryptographic algorithms and modes ..................................................................... 74 Privacy and Data Protection ........................................................................................ 76 Maturity and Upgradeability of Technique ................................................................. 76

9.2.2. AES-GCM ............................................................................................................................ 77 Cyber-Security ............................................................................................................ 77 Impact of Technique towards Architecture ................................................................. 77 Ranking Summary ....................................................................................................... 78

9.2.1. AES-CBC ............................................................................................................................. 78 Cyber-Security ............................................................................................................ 78 Impact of Technique towards Architecture ................................................................. 79 Ranking Summary ....................................................................................................... 80

9.2.2. AES-CCM ............................................................................................................................. 80 Cyber-Security ............................................................................................................ 80 Impact of Technique towards Architecture ................................................................. 81 Ranking Summary ....................................................................................................... 82

9.2.3. AES-CMAC .......................................................................................................................... 82 Cyber-Security ............................................................................................................ 82 Impact of Technique towards Architecture ................................................................. 83 Ranking Summary ....................................................................................................... 83

9.2.4. AES-CTR .............................................................................................................................. 84 Cyber-Security ............................................................................................................ 84 Impact of Technique towards Architecture ................................................................. 84 Ranking Summary ....................................................................................................... 85

9.2.5. AES-ECB .............................................................................................................................. 85 Cyber-Security ............................................................................................................ 85 Impact of Technique towards Architecture ................................................................. 86 Ranking Summary ....................................................................................................... 87

9.2.6. SHA1 .................................................................................................................................... 87 Cyber-Security ............................................................................................................ 87 Maturity and Upgradeability of Technique ................................................................. 88 Impact of Technique towards Architecture ................................................................. 88 Ranking Summary ....................................................................................................... 89

of 211

9.2.7. SHA2 .................................................................................................................................... 89 Cyber-Security ............................................................................................................ 89 Maturity and Upgradeability of Technique ................................................................. 90 Impact of Technique towards Architecture ................................................................. 90 Ranking Summary ....................................................................................................... 91

9.2.8. ECDH ................................................................................................................................... 91 Cyber-Security ............................................................................................................ 91 Maturity and Upgradeability of Technique ................................................................. 92 Impact of Technique towards Architecture ................................................................. 92 Ranking Summary ....................................................................................................... 93

9.2.9. ECDSA ................................................................................................................................. 93 Cyber-Security ............................................................................................................ 93 Maturity and Upgradeability of Technique ................................................................. 94 Impact of Technique towards Architecture ................................................................. 94 Ranking Summary ....................................................................................................... 95

9.3. Monitoring and alarming .......................................................................................... 95 9.3.1. Privacy and Data Protection .................................................................................................. 95 9.3.2. Switches ................................................................................................................................ 96

Evaluation ................................................................................................................... 96 Cyber-Security ............................................................................................................ 96 Maturity and Upgradeability of Technique ................................................................. 97 Impact of Technique towards Architecture ................................................................. 97 Ranking Summary ....................................................................................................... 97

9.3.3. Seals and other tamper evident techniques ........................................................................... 99 Cyber-Security ............................................................................................................ 99 Maturity and Upgradeability of Technique ............................................................... 100 Impact of Technique towards Architecture ............................................................... 100 Ranking Summary ..................................................................................................... 100

9.3.4. Magnetic field sensors ........................................................................................................ 102 Evaluation ................................................................................................................. 102

9.3.5. Power quality sensors ......................................................................................................... 102 Evaluation ................................................................................................................. 103

9.4. Time Synchronisation .............................................................................................. 103 9.4.1. Application specific protocols ............................................................................................ 103

Evaluation ................................................................................................................. 103

9.5. Security architecture ............................................................................................... 103 9.5.1. Unique keys ........................................................................................................................ 103

Cyber-Security .......................................................................................................... 103 Privacy and Data Protection ...................................................................................... 104 Maturity and Upgradeability of Technique ............................................................... 104 Impact of Technique towards Architecture ............................................................... 104 Ranking Summary ..................................................................................................... 105

9.5.2. Private location ................................................................................................................... 105 Evaluation ................................................................................................................. 106 Cyber-Security .......................................................................................................... 106 Privacy and Data Protection ...................................................................................... 106 Maturity and Upgradeability of Technique ............................................................... 107 Impact of Technique towards Architecture ............................................................... 107 Ranking Summary ..................................................................................................... 107

9.5.3. DLMS secure transport ....................................................................................................... 108 Evaluation: ................................................................................................................ 108 Cyber-Security .......................................................................................................... 108 Privacy and Data Protection ...................................................................................... 108 Maturity and Upgradeability of Technique ............................................................... 109 Impact of Technique towards Architecture ............................................................... 109 Ranking Summary ..................................................................................................... 110

9.5.4. Independent monitoring ...................................................................................................... 110 Cyber-Security .......................................................................................................... 110

of 211

Privacy and Data Protection ...................................................................................... 111 Maturity and Upgradeability of Technique ............................................................... 111 Impact of Technique towards Architecture ............................................................... 111 Ranking Summary ..................................................................................................... 112

9.5.5. TLS secure transport ........................................................................................................... 113 Evaluation: ................................................................................................................ 113 Cyber-Security .......................................................................................................... 113 Privacy and Data Protection ...................................................................................... 113 Maturity and Upgradeability of Technique ............................................................... 114 Impact of Technique towards Architecture ............................................................... 114 Ranking Summary ..................................................................................................... 115

9.5.6. End-to-End Signing ............................................................................................................ 115 Cyber-Security .......................................................................................................... 116 Privacy and Data Protection ...................................................................................... 116 Maturity and Upgradeability of Technique ............................................................... 116 Impact of Technique towards Architecture ............................................................... 117 Ranking Summary ..................................................................................................... 117

9.5.7. Switching commands validated against the grid code (Grid Sensitive Operation) ............. 118 Cyber-Security .......................................................................................................... 119 Privacy and Data Protection ...................................................................................... 119 Maturity and Upgradeability of Technique ............................................................... 120 Impact of Technique towards Architecture ............................................................... 120 Ranking Summary ..................................................................................................... 121

9.6. Hardware Security ................................................................................................... 121 9.6.1. (Processor) hardening ......................................................................................................... 121

Evaluation ................................................................................................................. 122 Cyber-Security .......................................................................................................... 122 Maturity and Upgradeability of Technique ............................................................... 123 Ranking Summary ..................................................................................................... 124

4. Adjunction of programmable tamper resistant processor (e.g. SE: Secure Element) ..... 126 9.6.2. Physics security................................................................................................................... 126

10. Analysis of the techniques gathered for COMPONENT C* ........................... 127 10.1.1. ZigBee Smart Energy Profile ......................................................................................... 127

Cyber-Security .......................................................................................................... 127 Maturity and Upgradeability of Technique ............................................................... 127 Impact of Technique towards Architecture ............................................................... 128 Ranking Summary ..................................................................................................... 129

10.1.2. CMS ............................................................................................................................... 129 Cyber-Security .......................................................................................................... 130 Privacy and Data Protection ...................................................................................... 130 Maturity and Upgradeability of Technique ............................................................... 130 Impact of Technique towards Architecture ............................................................... 131 Ranking Summary ..................................................................................................... 132

10.1.3. M-Bus ............................................................................................................................ 133 Cyber-Security .......................................................................................................... 133 Maturity and Upgradeability of Technique ............................................................... 134 Impact of Technique towards Architecture ............................................................... 134 Ranking Summary ..................................................................................................... 135

10.1.4. DLMS ............................................................................................................................ 136 Cyber-Security .......................................................................................................... 136 Maturity and Upgradeability of Technique ............................................................... 136 Impact of Technique towards Architecture ............................................................... 137 Ranking Summary ..................................................................................................... 138

10.1.5. Dial in Whitelisting ........................................................................................................ 138 Cyber-Security .......................................................................................................... 138 Privacy and Data Protection ...................................................................................... 139 Maturity and Upgradeability of Technique ............................................................... 139 Ranking Summary ..................................................................................................... 140

10.1.6. LDAP ............................................................................................................................. 140

of 211


10.1.7. TACACS+...................................................................................................................... 143 Cyber-Security .......................................................................................................... 143 Privacy and Data Protection ...................................................................................... 143 Maturity and Upgradeability of Technique ............................................................... 143 Impact of Technique towards Architecture ............................................................... 144 Ranking Summary ..................................................................................................... 144

10.1.8. Firewall .......................................................................................................................... 145 Cyber-Security .......................................................................................................... 145 Privacy and Data Protection ...................................................................................... 145 Maturity and Upgradeability of Technique ............................................................... 146 Impact of Technique towards Architecture ............................................................... 146 Ranking Summary ..................................................................................................... 147

10.1.9. IDS/IPS .......................................................................................................................... 147 Cyber-Security .......................................................................................................... 147 Privacy and Data Protection ...................................................................................... 148 Maturity and Upgradeability of Technique ............................................................... 148 Impact of Technique towards Architecture ............................................................... 148 Ranking Summary ..................................................................................................... 149

10.1.10. Retention ........................................................................................................................ 149 Retention for data after the contract has ended ..................................................... 150

(a) Cyber-Security .................................................................................................................... 150 (b) Privacy and Data Protection ................................................................................................ 150 (c) Maturity and Upgradeability of Technique ......................................................................... 150 (d) Impact of Technique towards Architecture ......................................................................... 151 (e) Ranking Summary .............................................................................................................. 151

Retention for data stored locally in the meter ....................................................... 152 Meter readings and interval data are stored for the minimum and maximum lengths of time

required by the local legislation. Log data are also stored for the minimum and maximum times

defined by the local law. ............................................................................................................... 152 (a) Cyber-Security .................................................................................................................... 152 (b) Privacy and Data Protection ................................................................................................ 152 (c) Maturity and Upgradeability of Technique ......................................................................... 152 (d) Impact of Technique towards Architecture ......................................................................... 153 (e) Ranking Summary .............................................................................................................. 153

Reading and transmission frequency .................................................................... 154 Intervals and daily transmission to provide advance tariff. .......................................................... 154 (a) Cyber-Security .................................................................................................................... 154 (b) Privacy and Data Protection ................................................................................................ 154 (c) Maturity and Upgradeability of Technique ......................................................................... 155 (d) Impact of Technique towards the Architecture ................................................................... 155 (e) Ranking Summary .............................................................................................................. 155

Six bi-monthly values and 1 second for local interface ........................................ 155 (a) Cyber-Security .................................................................................................................... 155 (b) Privacy and Data Protection ................................................................................................ 156 (c) Maturity and Upgradeability of Technique ......................................................................... 156 (d) Impact of Technique towards Architecture ......................................................................... 156 (e) Ranking Summary .............................................................................................................. 156

10.1.11. Aggregation .................................................................................................................... 156 Data are aggregated for network planning purposes ............................................. 157


Data are aggregated and anonymized for statistic and scientific issues ................ 159

of 211


10.1.12. Read Only Interface ....................................................................................................... 160 Meter is only accessible for read because of physical protection ......................... 160


Meter is only accessible for read because of logical protection (Operating System)

162 (a) Cyber-Security .................................................................................................................... 162 (b) Privacy and Data Protection ................................................................................................ 162 (c) Maturity and Upgradeability of Technique ......................................................................... 162 (d) Impact of Technique towards Architecture ......................................................................... 163 (e) Ranking Summary .............................................................................................................. 163

11. Analysis of the techniques gathered for COMPONENT P* ............................ 164 11.1.1. Network segregation ...................................................................................................... 164


11.1.2. Firmware update ............................................................................................................ 166 Cyber-Security .......................................................................................................... 167 Privacy and Data Protection ...................................................................................... 168 Maturity and Upgradeability of Technique ............................................................... 168 Impact of Technique towards Architecture ............................................................... 168 Ranking Summary ..................................................................................................... 169

11.1.3. Aggregation .................................................................................................................... 169 Cyber-Security .......................................................................................................... 170 Privacy and Data Protection ...................................................................................... 170 Maturity and Upgradeability of Technique ............................................................... 171 Impact of Technique towards Architecture ............................................................... 171 Ranking Summary ..................................................................................................... 171

11.1.4. SIEM .............................................................................................................................. 173 Cyber-Security .......................................................................................................... 173 Privacy and Data Protection ...................................................................................... 174 Maturity and Upgradeability of Technique ............................................................... 174 Impact of Technique towards Architecture ............................................................... 174 Ranking Summary ..................................................................................................... 175

11.1.5. Multi-factor authentication ............................................................................................. 176 Cyber-Security .......................................................................................................... 176 Privacy and Data Protection ...................................................................................... 176 Maturity and Upgradeability of Technique ............................................................... 177 Impact of Technique towards Architecture ............................................................... 177 Ranking Summary ..................................................................................................... 178

11.1.6. One-time password (OTP) ............................................................................................. 178 Cyber-Security .......................................................................................................... 179 Privacy and Data Protection ...................................................................................... 179 Maturity and Upgradeability of Technique ............................................................... 180 Impact of Technique towards Architecture ............................................................... 180 Ranking Summary ..................................................................................................... 181

11.1.7. Whitelisting .................................................................................................................... 181 Cyber-Security .......................................................................................................... 181 Privacy and Data Protection ...................................................................................... 182

of 211

Maturity and Upgradeability of Technique ............................................................... 182 Impact of Technique towards Architecture ............................................................... 182 Ranking Summary ..................................................................................................... 183

11.1.8. VPN ............................................................................................................................... 184 Cyber-Security .......................................................................................................... 184 Privacy and Data Protection ...................................................................................... 184 Maturity and Upgradeability of Technique ............................................................... 185 Impact of Technique towards Architecture ............................................................... 185 Ranking Summary ..................................................................................................... 186

11.1.9. Manufacturer – customer key exchange ......................................................................... 186 Cyber-Security .......................................................................................................... 187 Privacy and Data Protection ...................................................................................... 187 Maturity and Upgradeability of Technique ............................................................... 188 Impact of Technique towards Architecture ............................................................... 188 Ranking Summary ..................................................................................................... 189

11.1.10. PKI ................................................................................................................................. 189 Cyber-Security ...................................................................................................... 189 Privacy and Data Protection ................................................................................. 190 Maturity and Upgradeability of Technique .......................................................... 190 Impact of Technique towards Architecture .......................................................... 190 Ranking Summary ................................................................................................ 191

12. BAT Ranking Summary .................................................................................... 192

12.1. Validity of techniques for Cyber Security ............................................................. 192

12.2. Validity of techniques for Privacy & Data Protection .......................................... 195

12.3. Evaluation of techniques for Maturity, Upgradability and Architectural impact

196

12.4. Summary of evaluation ratings of applicable and selected techniques per

component or Use Case ........................................................................................................ 199

12.5. Applicable techniques per component ................................................................... 202

13. Analysis of the Switch On/Switch Off functional requirement cyber-security 204

14. Conclusions and Recommendations ................................................................. 206

14.1. Structure ................................................................................................................... 206

14.2. Common minimum functionalities ......................................................................... 206

14.3. Approach .................................................................................................................. 206

14.4. Findings & conclusions ............................................................................................ 207

14.5. Quantum computing threats and recommendations ............................................ 208

14.6. Recommendations .................................................................................................... 209

14.7. Future work .............................................................................................................. 210

of 211

1. EXECUTIVE SUMMARY

The Commission Recommendation 2012/148/EU on preparations for the roll-out of smart

metering systems states that, “in order to mitigate the risks on personal data and security,

Member States, in collaboration with industry, the Commission and other stakeholders,

should support the determination of best available techniques for each common minimum

functional requirement listed in point 42 of the Recommendation”.

To answer to this need, the Smart-Grid Task Force launched in October 2014 an initiative

aiming at conducting a first Best Available Technique assessment process relying on the

contributions of an ad-hoc created Stakeholder Forum (SF).

Security and privacy are end-to-end characteristics covering systems, processes and

people. This document, through the application of the evaluation framework adopted by

the stakeholder forum in 2015, focuses specifically on the evaluation of the techniques,

gathered during the BAT data collection phase ended in spring 2016, used today to ensure

privacy and cyber-security in smart-metering systems with respect to the 10 minimum

functional requirements described in the Recommendation 2012/148/EU1 and in alignment

with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

The document is the result of the collegial work of the SF Technical Editorial Group, and

must be intended as an instrument to facilitate the SF final evaluation of the techniques.

1 Commission Recommendation of 9 March 2012 on preparations for the roll-out of smart metering

systems (2012/148/EU)

http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32012H0148&from=EN

of 211

2. DESCRIPTION OF THE CONTEXT

The Commission Recommendation of 9th March 2012 on preparations for the roll-out of

smart metering systems (number 2012/148/EU), defines a set of minimum functional

requirements that every smart metering system should fulfil, taking into consideration in

particular aspects regarding:

The customer

The metering operator

The commercial aspects of the energy supply

Security and data protection

Distributed generation

The Recommendation states that, “in order to mitigate the risks on personal data and

security, Member States, in collaboration with industry, the Commission and other

stakeholders, should support the determination of best available techniques for each

common minimum functional requirement listed in point 42 of the Recommendation”.

2.1. BAT definition and process

In analogy to what is prescribed in Directive 2010/75/EU, an exchange of information

between the Commission and the Member States, the industries concerned, and non-

governmental organisations promoting the roll-out of smart metering systems is organized

through a BAT reference document (hereafter "BREF") and the process leading to its

preparation.

The exchange of information shall, in particular, address the following:

(a) The reference conditions and impact on consumption, reading, control,

involvement of third parties in relation to privacy and cybersecurity

issues;

(b) The techniques used, associated monitoring of effectiveness, economic

and technical viability and developments therein;

(c) The best available techniques and emerging techniques identified after

considering the aspects mentioned in points (a) and (b).

As defined in Recommendation 2012/148/EU, ‘best available techniques’ refer to the most

effective and advanced stage in the development of activities and their methods of

operation, which indicates the practical suitability of particular techniques for providing

the basis for complying with the EU data protection framework. They are designed to

prevent or mitigate risks to privacy, personal data and security.

The aim of a BREF is to determine BATs and to limit imbalances in the European Union

(EU) regarding the roll-out of smart metering systems. BREFs should provide information

to the competent authorities of Member States, industrial operators, the Commission and

of 211

the public at large. The process of determining BATs and emerging techniques should be

transparent and objective based on sound technical and economic information.

To serve its main aim, the content of the BREF should be limited to the relevant

information. A BREF is not meant to be a textbook on techniques to organize smart

metering. It is essential that the BREF provides information on the main techniques that

were considered by the technical editorial group (TEG) and on the grounds for the BAT

conclusions reached by the TWG.

2.2. The Approach

A successful BAT process strongly relies on reaching a wide consensus among the

stakeholders involved in the process.

To reach such an objective this project will leverage on the already existing Smart-Grid

Task Force and in particular on one of its Expert Groups (EG), the EG2 Working Group.

More in details:

The Stakeholder Forum (SF) foreseen by the BAT process is composed of

the current EG2 WG. The SF is in charge of the validation and approval of the

selected techniques and will act as a facilitator in the activities related to the

collection of the needed technical information.

The Technical Editorial Group (TEG) is composed of 5 experts. These

experts will be in charge of elaborating the documents that will be used to

support the BAT process. The TEG experts are chosen by DG-ENER and DG-

JRC from a list of candidates proposed by the SF on the basis of the needs of

each work-package of the BAT process.

The DG-JRC Smart-meter team (JRC-SMT) will be in charge of

supervising the project and providing support to the TEG.

DG-ENER will co-chair the supervision of the project together with DG-JRC

and will act as facilitator during the creation of the Stakeholder Forum.

Figure 1 provides a high-level description of the process which will be adopted to select

the best available techniques.

of 211

Setup of the Stackeholder

Forum

First SF meeting: Terms of

reference definition

TEG creation

Selection process definition

Periodic (monthly)

Online TEG meetings

Physical TEG meetings (every two months)

Off-line Analysis

and Selection activities

SF Meeting every 4 months to endors the TEG activity

Final BAT draft

SF final endorsment

Best Available Techniques

Intermediate analysis and validation steps

Figure 1: BAT selection process

2.3. Overall structure

The overall BAT process is broken down into the following specific work packages:

WP1 – Metrics and Selection Criteria

WP2 – Techniques’ Inventory and Mapping

WP3 – Analysis of the techniques

WP4 – Selection and Validation

WP5 – Coordination

WP1 and WP2 have been already executed while WP3 is presented in this document

2.4. Duration

Figure 3 provides an overview of the project’s evolution with respect to the work-packages

presented in Section 3.

The total duration of the project will be 24 months, starting from the first Stakeholder

Forum meeting. The setup of the forum, which should be performed under the

responsibility of DG-ENER prior of the project’ kick-off, is not accounted into the

computation of the project duration.

Figure 3 provides an overview of the timeframe of the BAT process.

of 211

Figure 3: BAT selection process

of 211

3. REFERENCE MODEL

As stated in the previous section, the BAT process aims at identifying the most

suitable techniques to increase the level of cyber-security and privacy of smart-

metering systems with respect to the 10 minimum functional requirements of COM

2012/148/EU.

In this context, it is important to define exactly the boundaries within a technique

should be considered for evaluation or not. The first step is obviously that of

identifying what should be considered as part of the smart-metering system and what

will be instead considered as outside the scope of the BAT process.

To answer this first question, in this section, a general introduction to the smart

metering architecture, focussing on the consumer side of the system, is provided.

Metrology DisplayAdditional functions

MID requirements

Meter Communication Functions

Simple external

consumer display

H1

Local Network Access Point (LNAP)

Neighbourhood Network Access Point (NNAP)

AMI Head End System

HA Communication Functions

Home Automation Functions

WAN NN LN

G1 C M

C C

G2

H2 H3L

N

G1

I

Figure 4: M/441 Reference Architecture

This introduction is intended as explanatory material to provide to all the readers (included

non-technical readers) a common background and jargon. As agreed during the second

Stakeholder Forum meeting, the M/441 smart-metering system reference architecture has

been adopted as the basis for the reference model which will be adopted for the BAT

process (see Fig. 4). It will be used to evaluate if a given technique should be assessed as

part of the smart-metering system or if it should be ignored in this report on the grounds

that it is used for another part of the more general smart-grid eco-system and is thus out of

scope.

of 211

From a cyber-security perspective, it is important to understand the meaning of the

different interfaces presented in Figure 4. Below a brief overview is provided:

- G: The G interface can be defined with several profiles (e.g. G1 and G2), depending

on the physical network architecture being used. The G1 / G2 interfaces are used

to connect the meters LNAPs and NNAPs directly with an AMI HES.

- C: it is used to connect LNAPs and / or metering end devices to an NNAP

- M: this interface can be found between the communications function of the meter

and the LNAP or between metering end devices;

- H: the H interfaces are known also as “display and home automation end device

interfaces”. The H1 interface connects a metering end device to an external

consumer display. H2 connects an LNAP while H3 interface connects an NNAP

with external devices (e.g. advanced display functionality).

- L: it is an interface allowing to connect an LNAP to peer LNAPs.

- N: it allows to connect an NNAP to others NNAPs.

Some of the 10 minimum functionalities can have realisations that go beyond the

M/441 reference architecture, for example, an online platform provided by a 3rd party

or a supplier that provides meter readings to the consumer. For that reason, the model

is partly extended and partly simplified (as in this early stage, the details of all the

intermediate networks are less relevant).

Again, it is important to understand that it will be used as a discerning factor to

discriminate between what is in scope (i.e. what will be analysed) and what is out of

scope (i.e. techniques which should be analysed somewhere else).

The technical details about the reference model are not relevant at this stage, as they

will be elaborated later during the WP2 (information gathering) and WP3 (analysis)

phases.

of 211

Figure 5: Schematic smart metering architecture.

The diagram in Figure 5 provides an overview of the relevant elements which will be

included in the reference architecture. It includes the elements from the M/441 plus

additional elements showing the entities involved in providing the ten minimum functional

requirements.

of 211

4. MINIMUM FUNCTIONAL REQUIREMENTS

In this section, a map between the minimum functional requirements in the EU

Recommendation 2012/148/EU2 and the reference architecture presented in the previous

section is provided, elaborating on the impact surface of each requirement on the reference

architecture and on the existing dependencies among the requirements.

The list of Minimum Functional Requirements:

In the table above the term “readings” is defined as in the European Commission

Recommendation 2012/148/EU.

In the following, each of the requirements in the Commission’s overview of common

minimum functionalities is briefly described. However, specific use cases such as those

produced by SM-CG provide a more detailed and complete analysis of requirements,

which in turn affects the architecture adopted in individual deployments.

2EUROPEAN COMMISSION RECOMMENDATION of 9 March 2012 on preparations for the roll-out of smart metering systems (2012/148/EU) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2012:073:0009:0022:EN:PDF

1. Provide readings directly to the consumer and any third party

designated by the consumer

2. Update the readings referred to in point 1 frequently enough to allow

the information to be used to achieve energy savings

3. Allow remote reading of meters by the operator.

4. Provide two-way communication between the smart metering system

and external networks for maintenance and control of the metering

system

5. Allow readings to be taken frequently enough for the information to be

used for network planning

6. Support advanced tariff systems.

7. Allow remote on/off control of the supply and/or flow or power

limitation

8. Provide secure data communications

9. Fraud prevention and detection

10. Provide import/export and reactive metering

of 211

- Functional Requirement 1 – Provide readings directly to the consumer and

any third party designated by the consumer: Readings to the consumer can be

provided within his own premises via the smart meter display, via an HAN interface

with or without a Visual Display Unit, or remotely through different channels (web

portal, mobile applications, paper communications, file downloads or sending).

Beyond the proportionate contractual obligations for billing and network

management, mechanisms should also allow consumers to grant access to third

parties to their data through the entitled data management entity (Meter Operator

or another party), for example for consumption analysis and comparison of

suppliers.

- Functional Requirement 2 – Update the readings referred to in point 1

frequently enough to allow the information to be used to achieve energy

savings: Rapid and detailed feedback can help the consumer to save energy by

showing the impact of his behaviour on energy consumption and on derived values

like money and CO2 emission.

- Functional Requirement 3- Allow remote reading of the meters by the

operator: the meter operator ought to be able to remotely read the meters,

including measurements, events, and calculated values; privacy consideration may

apply restricting collection of specific data sets, or restraining the granularity of

certain data sets.

Remote reading might fall into 3 categories:

o The scheduled readings which are sent periodically to the meter operator

o ‘Ad hoc’ or on-demand readings. The latter are needed when a consumer

moves out or when he changes supplier. The readings at that moment must

be captured to generate an accurate final bill.

o Alarms, which are sent unscheduled when a preconfigured event such as a

power fail or a fraud attempt occurs.

- Functional Requirement 4 - Provide two-way communication between the

smart metering system and external networks for maintenance and control of

the metering system: The main flow of information is one-way, from consumer

to supplier. For special cases a flow in the other direction is required, for example:

o To synchronize the meter’s internal clock

o To update to the tariff tables, the switching tables and the calendar

o To update the meter’s firmware

o To support configuration changes like adding and removing

communication links to other meters

o Credit top-up for pre-payment meters

o Ad-hoc control operations and readings

of 211

o Emergency or DSR signals sent by TSO, DSO or 3rd parties

These operations can be unicast or broadcast.

It is worth noting that these operations require a high level of privacy and security

protection, preventing intrusion, hacking, or data theft.

- Functional Requirement 5 - Allow readings to be taken frequently enough for

the information to be used for network planning: Detailed meter readings

obtained from a subset of consumers based upon prior consent can be used to

generate load profiles. Load profiles are models of actual power consumption

patterns and are commonly used for tariff design and system operation planning.

- Functional Requirement 6 - Support advanced tariff systems: In addition to the

single or dual tariffs of mechanical meters, smart meters can also offer more

advanced tariff models, for example, more groups, peak and/or threshold tariffs

and pre-payment with remote top-up.

- Functional Requirement 7 - Allow remote on/off control of the supply and/or

flow or power limitation: To avoid losses for the supplier and the DSO, the supply

of energy can be limited or completely cut off if the consumer does not pay the bill.

Not all meters have this capability, as it makes the device more expensive and it

might be able to be misused e.g. to trigger widespread switch-off.

- Functional Requirement 8 - Provide secure data communications:

Consumption data is considered ‘personal information’ when this data is related to

an identified or identifiable natural person and must be protected for privacy

reasons. The integrity of the data must be protected to prevent fraud and misuse

(see the previous and the next paragraph)

- Functional Requirement 9 - Fraud prevention and detection: As energy costs

money, there is an economic motivation to attempt to defraud the supplier. The

basic protection relies on physical measures like tamper evident seals and

plausibility checks in the MDMS. In addition, smart meters can provide a real-time

alarm, for example, if the meter case is opened or if unusual operating conditions

like a very strong magnetic field are detected.

- Functional Requirement 10 - Provide import/export and reactive metering: The sensors in a smart meter allow measuring and tariffing of energy in all 4

quadrants. In some member states meters are often equipped with a subset of

quadrants according to the type of consumer:

- A+ for typical household consumers only consuming electricity

- A+/A- for household prosumers

- A- for feed-in of electricity (in some member states the RES-support

scheme requires a separate meter for feed in)

of 211

- All 4 quadrants including R+/R- for industrial consumers or for sensors

used by the DSO for monitoring the state of the network for operational

purposes

o Explanation: A+ is the common term for active energy consumed

o A- is active energy delivered to the network

o R+ and R- is the reactive energy, where + and – distinguish between a phase

shift of + or – 90 degrees.

The main use case for a consumer is a rapid and detailed feedback on his energy

consumption. For a network operator, the main use case is measurements that support

network planning. The use cases for an energy supplier are mostly related to tariffing and

billing.

It is important to underline that the functional requirements are not totally independent;

For example, several requirements rely on secure communication, as communication is

the core of the smart grid; remote control relies on the presence of 2-way

communication. Readings for the consumer may not require secure communication

when data is available locally on the consumer premises. On the other hand, remote

readings always require secure communication.

Going on with this reasoning, frequent readings may be of interest for network planning

or for consumer energy reduction. It overlaps with readings for the consumer

(requirement 2) and secure communication (requirement 5).

Advanced tariffs could require frequent reading, remote control for ‘local load

shedding’ and 2-way communication for dynamic tariffs.

An extension of the advanced tariffs is the separate billing of import, export and

reactive energy.

4.1. Complementing Scenarios

Following the European Commission Standardisation Mandate M/441 standardisation

mandate to CEN, CENELEC and ETSI in the field of measuring instruments for the

development of an open architecture for utility meters involving communication protocols

enabling interoperability, the ETSI TR 102 691 technical report presents a set of 6 main

functionalities (or use cases), which can be considered complementary to the 10 minimum

functionalities mentioned in the EU Recommendation 2012/148/EU [3]. For sake of

completeness they are reported in the following.

The M/441 functionalities regarding the smart-metering system are the following:

- Remote reading of metrological register(s) and provision to designated market

organisation(s)

- Two-way communication between the metering system and designated market

organisation(s)

of 211

- Meter supporting advanced tariffing and payment systems

- Meter allowing remote disablement and enablement of supply

- Communicating with (and where appropriate directly controlling) individual

devices within the home/building

- Meter providing information via a portal/gateway to an in-home/building display

or auxiliary equipment

In Table 1 we present a mapping between the “Commission’s 10 common minimum

functional requirements” and the “primary” use cases from the “Smart Meters Co-

ordination Group – 2 Smart Metering Use Cases”, deriving from the six additional

functionalities identified by the SMCG. This broadens the scope of the analysis and takes

advantage of the work done by each organization.

In the “Requirement” column, only the ‘primary’ requirements are shown, while

supporting techniques like for example ‘secure communication’ are omitted for clarity.

The clusters ‘Billing’ and ‘Consumer Information’ map the most closely to the 10

requirements.

of 211

Table 1 Mapping of the SMCG use cases (ANNEX III 8) to the 10 minimum functional requirements.

Cluster Primary Use Case Minimum Functional

Requirement

Billing BI.01. Allow remote reading of

meters on demand

Allow remote reading of meters

by the operator

BI.02. Allow scheduled meter

reading of meters

BI.03. Set billing parameters

Billing parameters include:

- Payment mode

- Tariff scheme

- Prices

- Thresholds and response

actions

- Data sets

Support advanced tariff systems.

Provide import/export and

reactive metering

Provide two-way communication

BI.04. Add credit3 Not covered

BI.05. Execute supply control Allow remote on/off control of

the supply and/or flow or power

limitation

Customer information

provision

CI.01. Provide information to

consumer

Update the readings frequently

enough to allow the information

to be used to achieve energy

savings

Provide readings directly to the

customer

Configure events, statuses and

actions

ESA.01. Configure meter events

and actions


ESA.02. Manage events

ESA.03. Retrieve AMI

component information

Allow remote reading of meters

by the operator

ESA.04. Check device

availability

Installation & configuration INCO.01. AMI component

discovery & communication

setup


of 211

INCO.02. Clock synchronization

INCO.03.Configure AMI device

This includes:

- Configuring, parameterizing,

adjusting the Smart

Meter/LNAP/NNAP

- Setting operating mode for

disconnect switch / valve

- Enabling / disabling

disconnection

- Loading new software /

firmware

- - Reloading or activation of

previous software / firmware

INCO.04. Manage security

material

Energy market events ME.01. Manage consumer

(customer?)↓ moving in

Allow remote readings of meters

on demand

Allow readings to be taken

frequently enough for the

information to be used for

network planning

ME.02. Manage customer

moving out

ME.03. Manage customer gained

ME.04. Manage customer lost

Collect AMI events and status

information

MSQ.01. Manage supply quality Allow remote reading of meters

by the operator. (these are the

spontaneously sent ‘alarms’)

Secondary Use case SU1. Write information Provide two-way communication

SU2: Invoke an action

SU3. Read meter Allow remote reading of meters

by the operator

SU4. Report event

3 Not covered by the 10 minimal functionalities

of 211

5. TECHNICAL EVALUATION METRICS FOR THE SELECTION OF BEST AVAILABLE

TECHNIQUES

The main objective of WP1 is to define a coherent and reliable evaluation methodology to

be used in WP3 to identify the Best Available Techniques related to the 10 minimum

functional requirements. For an objective comparison of each suggested technique, three

elements need to be defined:

1. The dimensions to be evaluated

2. The criteria to be taken into consideration for each dimension

3. A framework allowing to derive an evaluation among the techniques combining

the specific evaluation of each of the identified dimensions and criteria

The reason is that the BAT process foresees taking into consideration “available

techniques”, i.e. techniques that are already implemented in the field or ready for the

market. These techniques must be by definition compliant with data protection regulations.

5.1. Evaluation Framework

The objective of the evaluation framework is to enable the comparison of specific

techniques. To support the comparison, a metric scheme is defined to score a particular

technique. For this, the metric is categorized by different dimensions as per chapter 5.2.

Furthermore, each dimension is consists of specific criteria. The structure of the metric is

outlined in the following scheme:

Figure 6: Structure of the metric for assessing techniques

Metric

o Dimension 1

Criterion 1.1

Criterion 1.2

…

Criterion 1.n

o Dimension 2

Criterion 2.1

Criterion 2.2

…

Criterion 2.m

o Dimension …

of 211

For each criterion, the individual technique is assigned points from 0 – 2. Those points

shall be awarded to rank the efficiency or effectiveness of the technique in for this specific

criterion. Assigning “0” points shall represent the lowest score (not effective), “2” shall be

the highest score (very effective), “1” represents a moderate effectiveness (applicable, but

with drawbacks). In some cases, the metrics will only be scored “0” or “2”, since the

judgement of a criteria might be only binary.

Furthermore, it is deemed necessary to introduce a disqualification score of a criterion

(e.g., techniques that violate privacy or security principles) and therefore should not been

considered as a candidate for a BAT. In this case there should be a reasoned and well-

argued justification, given that it leads to the exclusion of techniques that have been

suggested by the Stakeholder Forum. There also should be an agreement among those

applying the framework about the disqualification of any specific technique.

Hereinafter there is a description of the mathematical composition of the metric scoring

mechanism.

The set of criteria in a dimension Di shall be noted as Ci. The cardinality of the set Ci is

noted as |Ci|. Scores given for a particular criterion j of the dimension Di shall be noted as

cij.

The sum of all criteria scores of a dimension Di shall be noted as di:

𝑑𝑖 = ∑ 𝑐𝑖𝑗

𝑗

; 𝑐𝑖𝑗 ∈ {0,1,2}

There may be cases where the evaluation of a given criterion is not appropriate for a

technique. If so considered, the decision should be clearly justified. In this case the set Ci

will not take into consideration this particular criterion.

It has been agreed upon that all dimensions are equally relevant and thus are weighted

equally. As it will be described later, different dimensions might be evaluated through a

different number of criteria. There is then a need for a normalisation process. To ensure

this, a weight for every dimension is introduced.

The weight for a dimension Di shall be noted as wi.

For each dimension Di with the criteria set Ci assigned, the weight wi of this dimension is

defined as the reciprocal of the cardinality of the criteria set.

𝑤𝑖 =1

|𝐶𝑖|

After the ranking process, the sum of all awarded points per dimension, with the exception

of the Financial Impact, represents the overall metric m1.

The metric m1 to score a technique is defined as:

of 211

𝑚1 = ∑(𝑤𝑖 ∗ 𝑑𝑖)𝑖

The m1 ranking of a technique will allow a decision that a technique provides an efficient

solution in a given dimension, but has shortcomings in other dimensions. The metric m1

is indeed a metric ranking the ability of a technique to mitigate the risk on personal data

and security.

In the following section, the dimensions and criteria to rank under a technical perspective

are presented.

It is recognised however that information on the cost/economic impact of a given technique

would be valuable to complete the picture. Section 6 provides details on this subject.

5.2. Dimensions to be evaluated

The metrics to evaluate the techniques are aggregated into the following dimensions:

- Cyber-security: This dimension ranks the level of security the technique would add.

In other words, it will be used to evaluate if the technique is considered state-of-

the art in the security domain or would have with shortcomings.

- Privacy and Data Protection: This dimension ranks the level of privacy the

technique would add. This is judging if the technique is considered state-of-the art

in the privacy domain or would have with shortcomings.

- Maturity and Upgradeability of Technique: This dimension ranks the technique in

respect of its maturity and its ability to be upgraded easily. It judge if this is a novel

technique or is it already implemented in standards and proven to work in larger

deployments.

- Impact of Technique towards Architecture: This dimension ranks the technique

towards the impact of a given architectural design and considered services. This

shall judge if the technique can be implemented in current Smart Meter

architectures or if amendments would be required. Furthermore, aspects related to

system performance and manageability shall be considered under this dimension.

5.3. Criteria for dimension evaluation

This section provides, for each of the dimensions presented in section 5.2, the criteria that

should be taken into account to assess how good a technique is with respect to a given

dimension. It provides guidance for the ranking process, where, for each dimension, a table

is presented detailing what should be taken into consideration for the evaluation (column

“measurements”) and what rank should be given accordingly (column “ranking points”).

5.3.1. Cyber-Security Dimension

For the evaluation and comparison of a number of different technologies, it is important to

ensure that the approach addresses cyber-security aspects.

of 211

The Cyber-security dimension can be analysed by taking into consideration the following

8 criteria: confidentiality, availability, integrity, access to key material, integrity of key

material, authentication, auditing/logging, non-repudiation.

This analysis needs to be conducted on a per-architecture basis. For this, different Smart

Meter architectures need to be clustered first. The evaluation for a particular metric will be

performed per architecture cluster. Next follows a description for each of the identified

cyber-security criteria:

- Confidentiality

Confidentiality is the extent in which a particular resource or item is available

exclusively to authorized and legitimate users. This criterion measures how much

the techniques will guarantee the confidentiality of data. Different mechanisms can

address this goal depending on how the data will be transported and where those

data will be stored. For example, techniques based on central processing and

storage have to implement encryption mechanisms for data transport but also for

data storage.

- Access to Key Material

This criterion measures how much the techniques will guarantee confidentiality of

key-material that is locally stored in the Smart-meter (if the assessed technique

requires the use of key-material).

Different mechanisms can address this goal depending on how the data will be

transported and where those data will be stored. If the key materials are not

correctly protected, whatever the cryptographic algorithm used, the confidentiality

will not be ensured. For this reason it is important to take care and evaluate this

aspect, which, if neglected, might impact the overall security chain.

- Availability

Availability is the extent to which a resource or application is accessible and

operable whenever a user or machine intends to access it. This criterion measures

how much the techniques under analysis will guarantee availability of the smart

metering system. This criterion will be evaluated by analysing how the techniques

implement protections against cyber-attacks (for example denial of service) aiming

at impacting on the availability of the service.

- Integrity

Integrity is the extent to which a particular resource or application maintains its

intended functions through time, free from unauthorized manipulation, intentional

or accidental. It also involves maintaining the consistency, accuracy, and

trustworthiness of data over its life cycle.

This criterion will be used to evaluate if a given technique implements some

integrity control on data collected and sent by the smart metering system and on

the smart metering system itself. The ranking points will be evaluated by analysing

data integrity control mechanism and its compliance to the state of the art.

of 211

- Integrity of Key Material

This criterion measures how much the techniques will guarantee the integrity of

key-material locally stored in the smart-meter (if the assessed technique implies the

use of key-material).

If the key materials are not protected against integrity attacks, they might be

substituted or modified and whatever the cryptographic algorithm used, the system

security will be heavily impacted

- Authentication

It is the extent in which a particular resource or application can only be accesses

and operated by an authorized legitimate user. It also consists of keeping the origin

of data accountable over its life cycle.

This criterion will be used to evaluate if the technique implements entity

authentication mechanisms between the smart meter and the smart metering

system. Authentication will evaluated regarding authentication mechanism

specification. Techniques that implement a challenge-response mutual

authentication will better rank than techniques that just implement authentication

(one way authentication).

- Auditing/logging

It is the extent in which a particular resource or application have the required

mechanisms to support audits and forensics.

This criterion will be used to evaluate if a technique implements auditing and

logging ofunauthorised access, denial of service and more generally, cyber-attacks.

The auditing and logging capability can be used, in given scenarios, as a fraud

detection capability that could have an impact on the time of intervention and then

recovery after a fraud/attack. Evaluation of this criterion must also address auditing

and logging solutions for data storage and communications.

- Non-Repudiation

It is the extent in which a user cannot deny or renounce the access and operation

of a resource or application. This criterion will be used to evaluate if a technique

implements non-repudiation mechanisms.

In the following table, for each criteria is made explicit the way in which the evaluation

is done.

Criteria Measurement Ranking Points

Confidentiality

State-of-the-art mechanisms used. Details on the state of the art in cryptography can be found in ENISA's

2

of 211

Algorithms, Key Sizes and Parameters Report4.

Legacy mechanisms used. Details on what can be considered applicable as legacy in cryptography can be found in ENISA's Algorithms, Key Sizes and Parameters Report.

1

No confidentiality provided 0

Access to Key Material

It is not possible to retrieve the key

materials even with a physical access to

the meter (Resistance e.g. DPA attacks

proven by certification labs)

2

It is not possible to retrieve the key

material remotely but it might be

possible to retrieve the key materials

with a physical access to the Smart-

Meter

1

It is possible to retrieve the key

materials remotely even without a

physical access to the device

0

Availability The technique provides measures for detection and prevention of Denial of Service attacks.

2

Not applicable The normalization will be adapted accordingly (see Sec. 5.2)

Technique does not provide any measures to ensure the availability of a system from a cyber-security perspective

0

Integrity State-of-the-art mechanisms used. Details on the state of the art in cryptography can be found in ENISA's Algorithms, Key Sizes and Parameters Report.

2

Legacy mechanisms used. Details on what can be considered

applicable as legacy in cryptography can be found in ENISA's Algorithms, Key Sizes and

Parameters Report5.

1

4 ENISA. Algorithms, Key Sizes and Parameters Report, 2013 recommendations, version 1.0, October 2013.

https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-

parameters-report (last accessed on 8 January 2015)

5 ENISA. Algorithms, Key Sizes and Parameters Report, 2013 recommendations, version 1.0, October 2013.

https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-

parameters-report (last accessed on 8 January 2015)

of 211

No integrity ensured 0

Integrity of Key Material

It is not possible to modify without

authorisation the key materials even

with a physical access to the meter

2

It is not possible to modify remotely,

without authorisation, the key materials

but it might be possible with a physical

access to the Smart-Meter

1

It is possible to modify without

authorisation the key materials remotely

even without a physical access to the

device

0

Authentication Technique provides challenge-response mutual authentication

2

Technique provides authentication 1

No authentication ensured 0

Auditing/logging

Technique provides auditing and logging mechanism that can be used for automated fraud/cyber attack detection.

2

Technique provides auditing and logging mechanism that can be used for fraud/cyber attack detection while requiring human intervention or observation

1

No auditing/logging nor fraud detection mechanism provided

0

Non-Repudiation Technique provides for non-reputation 2

Non-repudiation mechanism are not available

0

of 211

5.3.2. Privacy and Data protection Dimension

Within the European personal data protection framework, the following principles have

been considered:

- Principle of lawful and fair data collection and processing

- Principle of accuracy

- Principle of purpose specification and limitation

- Principle of proportionality

- Principle of transparency

- Principle of individual participation and in particular the guarantee of the right

of access of the person concerned

- Principle of non-discrimination

- Principle of data security

- Principle of responsibility

- Principle of independent supervision and legal sanction

- Principle of adequate level of protection in case of trans-border flows of

personal data

According to those principles , it is important to ensure that the approach addresses both

privacy and data protection aspects for the evaluation and comparison of different

technologies.

The data controller will of course have to respect the rights of data subjects and more

especially:

- Informing consumers of data being collected for regulatory purposes.

- Helping consumers to make informed decisions about the data shared or traded

with third parties.

- Including requirements for transparency of consumer data that has been shared.

The following criteria are determined to be effective in evaluating the technique with

regards to privacy and data protection and in particular to identify which technique will

allow better compliance with European privacy framework in a "privacy by design"

approach.

- Data Retention

This criterion measures whether the data collected by the technique is stored and

retained no longer than what is strictly needed to make services available according

to what is lawfully established (e.g. by a national or EU law or proportionate

contractual obligations related to the service required) and it is effectively deleted

when necessary.

of 211

- Data minimization

This criterion measures if the set of data is the minimal set of data needed

(strictly necessary) to achieve the ten minimum functionalities for smart metering

systems.

- Data Control

This criterion will be used to evaluate if the technique allows per default some

control to the data owner on data collected by smart metering system. This criterion

will be evaluated by analysing which control on data collected will be implemented

by the techniques. Having control on data collected beyond legal or proportionate

contractual obligation is not needed to have 2 points. The control could be on the

collection for some very detailed data but could also be a control on the

transmission of this data. The data control criterion will also cover the deletion and

the correction of data. Failures to provide data control could have legal

consequences for the data controller.

- Data Access

This criterion will be used to evaluate if the technique allows per default some

access to the personal data collected by smart metering system.

- Anonymity

This criterion will be used when there is no need to keep personal data for the

functional requirement, which only requires aggregated statistics/data sets. It will

measure the ability of the technique to produce effective anonymisation. Failure on

anonymity is if someone is able to identify data subject from an anonymized data

set. Analysis of this criterion will be done based on the WP29 opinion on

anonymisation6.


Data Retention Data retention is considered in a privacy by design and by default approach. No data is retained longer than what is strictly needed to make services available according to what is lawfully established (e.g. by a national or EU law or proportionate contractual obligations related to the service required) and it is effectively deleted when necessary. Data is only stored locally.

2

6 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-

recommendation/files/2014/wp216_en.pdf

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf

of 211

Data is retained longer than what strictly needed to make services available according to what is lawfully established, or not effectively deleted when necessary

0

Data minimization Data minimization is considered in a privacy by design approach. Minimal set of personal data is used to implement the technique. No other technique can realize the same minimum functionality with a lesser amount of personal data.

2


No data minimization ensured by the technique

0

Data Control The technique allows data owners to

have a total control over the data

collected that is not strictly necessary to

provide the services

2

The technique allows data owners to

have a partial control over data collected

that is not strictly necessary to provide

the services

1

Technique does not provide any control

to owners over data

0

Data Access Technique used allows data subject to

have total access over personal data

collected

2

Technique used allows data subject to

have access to a part of personal data

collected

1

Technique used does not allow data

subject to have access to personal data

collected

0

Anonymity Technique used allows production of

anonymized data

2

Not applicable

The normalization will be adapted accordingly (see Sec. 5.2)

Data produced by the technique cannot be anonymized

0

of 211

5.3.3. Maturity and Upgradeability of Technique

The maturity of a technique should be measured in order to determine whether (parts of) a

technique has been in use long enough that most of its faults and inherent problems have

been removed or reduced by further development. This dimension should also measure the

capability of the technique at being upgraded to counter emerging threats against privacy

and cyber-security and to patch new vulnerabilities.

Interpretation: Maturity is measured by assessing to what extent the technique is standardised and largely

deployed. This is key to maintain open architectures, technologies and systems abd

facilitating their interaction with other technologies and systems. Additionally also the

implementation scale of the technique will be taken into consideration to evaluate its

maturity.

The upgradeability criteria evaluates if a remote and secure upgradability capability exists

for the technique. This criterion is particularly important for privacy such as anonymization

techniques in case of a breach and discovery of re-identification mean to enhance the

technique.

This criterion is also relevant for security techniques in case of recovery after hacking or

just for enhancement. This criteria will be taken in consideration when applicable (and the

related weights arranged as showed in Section 5.1), as in some contexts upgradeability will

be more an implementation aspect of the technique rather than a feature of the technique

per se (e.g. an encryption technique is by definition upgradeable, while its implementation

might or might not allow an upgrade).


Implementation Scale Full scale smart-metering systems implementing the technique are available

2

Small scale smart-metering systems implementations of the technique is available

1

The technique is not yet implemented in smart-metering systems

0

Standardisation The technique is fully standardized 2

Standardization is in progress but not completed yet.

1

The technique implements novel functionality not yet standardized.

0

Upgradability The technique can be upgraded remotely 2

The technique can be upgraded but with physical intervention on the device

1

To upgrade the technique the replacement of the device is needed.

0

of 211

5.3.4. Impact of Technique towards Architecture

To measure the impact of a technique upon an existing architecture it is important to know

how the implementation of the technique will affect the existing infrastructure,

communication channels and processes. A technique should be able to offer the

functionality required as effectively as possible in order to reduce the need for additional

resources in terms of assets, bandwidth and personnel.

The following criteria are determined to be effective in evaluating the technique with

regards to impact on architecture:

- Communication overhead generated

Where information is transported between components, additional information

added to messages or packets should be minimized in order to reduce delays, reduce

the impact on the performance, unintended information disclosure and impact on

resources.

On the network communication level, sending a payload of data requires more than

just sending the data itself. The extra data (control and signalling data) is considered

overhead and differs per communication protocol. Baseline for measuring should

be the absolute minimum required to establish reliable communication.

Encryption also may introduce additional overhead. Outside of the handshake,

packets should not get any larger due to an added encryption layer.

Data which is processed within embedded systems should be limited to the bare

minimum necessary for the required action to make effective use of the available

resources.

- Bandwidth required

In order to reduce latency and to make sure that operations succeed within an

acceptable timeframe and are cost-effective, it is important that a technique does

not introduce additional bandwidth requirements. This can be achieved by limiting

the communication overhead, but also by using compression or by using more

effective communication protocols.

Information retrieved from sources should be requested only once per specific

purpose.

- Latency tolerance / ‘Always-on communication required?’

When communication channels get more congested or operate over multiple paths

it is important to have a mechanism implemented to reduce the retransmission of

packets. This will reduce network bandwidth and latency, and improves network

reliability. Loss of information should be reduced when communication is not

possible for a certain amount of time.

- Impact on processes

of 211

The impact of the integration of a technique should be kept as low as possible in

order to prevent additional costs and complexity of the smart metering chain.

Metric Measurement Ranking Points

Communication overhead generated

The techniques doesn’t introduce a significant amount of overhead

2

Communication overhead introduced by the technique estimated lower than 10% of the transferred data

1

Communication overhead introduced by the technique is estimated as 10% and above of the transferred data

0

Bandwidth required

The proposed technique operates with no significant impact on bandwidth

2

The proposed technique operates with low-bandwidth or narrowband Smart Meter communications with moderate impact

1

Technique requires connection with higher bandwidth to operate

0

Latency tolerance / “Always-on communication required?”

A technique can work with messages delivered out of order and can deal with messages being sent with high latency (e.g. being buffered by intermediate nodes).

2


A pseudo real-time connection is required between communication partners to implement the technique

0

Impact to processes The technique operates with no significant impact on processes

2

The technique would impose moderate changes to current operating processes required for the Smart Meter architecture

1

Significant changes to current Smart Meter operating processes are required to implement the given technique

0

5.4. Economic Estimation

The evaluation framework defined by the Stakeholders Forum foresaw the possibility to

include also economic information in the picture.

However, during the development of the work-package 2 (definition of the questionnaire

used for gathering techniques’ information), the SF realised that economic information on

of 211

the techniques might be considered sensitive and decided to put all the related questions in

the optional section of the questionnaire, to leave to their associated members free choice

to provide or not such information.

The analysis of the questionnaires gathered confirmed the fact that economic data is

perceived by the stakeholders as sensitive: very few disclosed information on this matter.

The lack of economic information provided by the stakeholders results in the impossibility

to consider this aspect during the BAT process.

Since this report therefore only deals with the technical aspects of the techniques analysed,

readers are advised in addition to assess the financial implications of using particular

technique(s) and balancing them against their technical attributes before selecting those for

implementation.

6. INFORMATION GATHERING AND CLUSTERING PROCESS DESCRIPTION

Information gathering is essential to identify the techniques which should be considered

the best in order to enhance the level of cyber-security and privacy of the smart-metering

systems.

In September 2015 the Stakeholders Forum defined and endorsed a questionnaire,

composed by 185 questions targeting the members of the different stakeholders’

associations, in order to facilitate the techniques information collection. (See the WP 2

deliverable).

of 211

To enhance the usability of the questionnaire the European Commission developed an ad-

hoc portal for each of the association’s members of the stakeholder forum putting the

questionnaire online at the end of October 2015.

The information gathering was opened in November 2015 and lasted until the end of

February 2016. Figure 6 provides a high level overview of the geographical coverage of

the received questionnaires.

Figure 7: geographical coverage of the questionnaires received

As it is possible to see, the survey covered homogenously all of west and north Europe,

while less participation was registered in some area of east Europe. Nevertheless,

considering that the participation to the questionnaire was on voluntary basis, the result

obtained can be considered in any case positive.

Figure 8 provides the picture of the percentage of questionnaires received per category of

stakeholder. The three biggest contributors are, as expected, distribution operators,

metering system operators and suppliers, but questionnaires were received also by

consumer associations, ICT companies etc. (all summarised under the “Others” category)

of 211

Figure 8: Percentage of questionnaires per stakeholder category

Figure 9 shows the percentage of questionnaires covering a certain type of meters. The

survey was dominated by stakeholders with electricity meters installed/produced, but

some questionnaire addressed also gas, water and heat meters

Figure 9: Percentage of questionnaires per type of meter

Among the stakeholders answering to the questionnaires a good share has an installed a

base of meters. Figure 10 shows the percentage of these contributors number of meters

installed.

37.0

21.7

32.6

8.7

Percentage of questionnaires per stakeholder category

Distribution Network Operators Metering system operators Suppliers Others

Percentage of questionnaires per meter type

Electricity Gas Water, Heater

of 211

Figure 10: percentage of contributions per number of meters installed

7. TECHNIQUES CLUSTERING

The gathered questionnaires, after being anonymised by the Commission, have been

analysed by the SF Technical Editorial Group, in order to identify the techniques to be

evaluated.

Percentage of questionnaires received per installed meters

0-5000 100000-50000 50000-100000 100000-500000

500000-1000000 1000000-2000000 2000000-5000000 >5000000

of 211

A draft of list of techniques was presented to the stakeholder forum in March 2016. The

list was then integrated with additional contributions from the stakeholders and hence

validated by the SF.

Since a technique could be used in different components, to ensure to be able to evaluate

all the possible field of application/use cases, the list has been clustered firstly per

component. Figure 11 provides a quick reminder for the reference architecture, while the

following table clarify the meaning of the different acronyms used.

Figure 11: high level reference architecture

Acronyms

PA – Supplier

PB - 3rd party

PC - Distribution Network Operator

PD - Metering system operator

PE – Consumer

OA – Meters

OB-Smart meter gateway (outside the

meter)

of 211

OC - Home Automation devices

OD - WAN communication

HAN communication

LAN communication

Moreover, to facilitate the stakeholders in comparing the different techniques, they have

also been clustered per type/domain of application. The following table presents these

clustering domains together with a short definition.

Technique - Type/Domain Definition

Access Control Techniques to ensure that access to assets

is authorized and restricted based on

business and security requirements

*asset is defined as “anything that has

value to the organization” (ISO27000)

Communication/Transport Techniques to ensure information

security while it is exchanged within or

outside organizations (ISO27000)

Reading/Tariffing Techniques used in utility meters for

collecting the data that's needed for

billing purposes or advanced Smart Grid

functionalities

Techniques that facilitate advance tariff

structures, time-of-use registers and

remote tariff control.

Cryptography Techniques and cryptographic

mechanisms in order to protect the

confidentiality, integrity, and authenticity

of the information (ISO27000)

Monitoring Techniques to ensure the detection and

collection of evidence regarding

information security risks (ISO27000)

Security Architecture Techniques related to structural security

elements that allow a scalable and secure

infrastructure.

of 211

Time Synchronization Techniques to ensure that all devices and

applications are synchronized to a

reliable and accurate time source

(ISO27000)

Privacy Techniques to ensure the protection of

natural persons with regard to the

processing of personal data and on the

free

movement of such data (EU 2016/679)

Hardware Security Techniques to ensure hardened and

tamper-resistant environment for securing

cryptographic material and confidential

data (firmware, collected data, registry,

etc.).

The following table presents all the collected techniques, endorsed and validated by the

stakeholder forum, clustered, as just described, per type/domain of application and per

component7.

7 In the following table, many techniques occur in more than one application, as a standard

often encompasses several layers. Other techniques are typical building blocks (such as

algorithms) or generic services (such as PKI).

of 211

Domain Application Mechanism Used in Components Remarks

Cryptography Symmetric

Ciphers

AES All All

DES Legacy OA

Asymmetric

Ciphers

ECC-Brainpool

or NIST curves

OB, OD The use of asymmetric

mechanisms often

requires a PKI

RSA Legacy

TLS

P*

Symmetric

Cipher Modes

and MACs

CTR DLMS,

ZigBee,

TLS

OA Part of GCM, and

CCM

CBC M-bus,

TLS

C*

ECB M&M OA

GCM DLMS,

CMS,TLS

OA, OB, OD

CMAC CMS,TLS,

3G

OA, OB

CCM ZigBee OA, OB

HMAC Legacy

firmware,

legacy

GSM

OA, OD

Key

Management

Algorithms or

Protocols

ECDH CMS,DLM

S, TLS

OB, OD, PD Key agreement /

Elliptic Curve Diffie-

Hellman

PSK DLMS,M-

bus, 3G-

PLC,

GSM,3G

O* Pre-Shared Keys

IKE IPSEC P*?

MQV ZigBee OA, OB Key agreement

RFC3904 DLMS OA, OB Key transport / AES

Key-Wrap

Digital

Signature

Algorithms

ECDSA CMS,DLM

S,TLS

Firmware

signing

O*

of 211


Cryptographic

Hashes

SHA-1 DLMS

auth.

Legacy

O* Legacy

SHA-2 DLMS

auth.

Signature,

key

derivation

All

Security

architecture

Software

maintenance

Firmware

update

OA, OB OC Global Platform

Key

Management

Mechanisms

PKI P*, O* Only the part related to

the management of the

key between devices

CMP PKI OB, D

Remote key

renewal

OA, OB, OC Global Platform

PSK O*

Key

Provisioning

Mechanisms

Initial Key

loading

O* Manufacturing

/personalisation

Manufacturer /

customer key

exchange

O*,P*

Random

Number

Generator

Random

Number

Generator

HSM or

approved

RNG

P*

Misc. Storage LDAP P*

Private cloud PC, PD Using a well-selected

private cloud

environment may allow

an improved level of

replication and

availability of the

systems leveraging

embedded, state-of-the-

art HA capabilities

Defence in

Depth

Plausibility

check on critical

commands

PA,PD

Switching

commands are

validated

against the grid

code

OA

of 211


Network

segregation

Firewall

Data-diode

P*, CD, CF,

CG, CH

Switching

commands are

validated

against the grid

code

OA,PD

Local

processing

OA,OB,OD

Network

architecture

Application

gateway

Germany,

Data

Concentrat

or

OB,OD A.k.a. hop by hop.

Router UK,

Austria

OB,OD A.k.a. end to end

Firewall/IPS CA, CB, CC,

CD, CF, CG,

CI

Hardware

security

Secure storage HSM OA, OB, OC,

PA, PB, PC,

PD

HSM as a generic term:

from 3€ chip to 20k€

server.

Encrypted

storage

OA, OB, OC,

PA, PB, PC,

PD

µP Hardening OA, OB

Tamper detect Magnetic field

sensor

OA To prevent meter fraud

Tamper Switch OA,OB,OD

Geometric Low-

Relieves

OA,OD The external surface of

the device has to be

marked with a

continuous texture that

will be damaged in

case of physical

tampering, revealing

tampering attempts at

visual inspection.

Hot Blade

welding. A.k.a.

“sealed for life”

OA,OD Base and cover of the

device are fixed

together without

screws so that opening

of the device requires

partial destruction of

of 211


the case that is easily

revealed at visual

Embedded

RFID tag

OA,OD A passive hidden read-

only RFID tag carrying

basic device

identification info

should be embedded in

the device to enhance

traceability.

Seal OA,OB,OD

Secure

Operation

Detection of

abnormal chip

operating

conditions (e.g. out

of Temperature or

voltage range,

unexpected

radiations e.g. light,

etc.)

Used to detect

tampering attempts and

prevent chip operation:

Efficient against side

channel attacks for

chips securing sensitive

information

SPA/DPA protected

executable

Combination of CPU

operations to prevent

leakage of information

on processed data (as

chip behaviour changes

whether “0” or “1” are

processed

Access control Physical

Protection

Radio ZigBee,

M-Bus,

Broadcast(

LW and

RC)

CH,OA,OB,O

C,PB

Local interface OA, OB,

OC,OD

Read Only

Interface

OA, OB,

OC,PE

Local storage OA, OB,

OC,OD

Local display OA, OC

Network

defence in depth

VPN OD, P*, OC

Firewall/IPS CA, CB, CC,

CD, CF, CG,

CI

Malware

Protection

Application

whitelisting

OD, P*, OC

of 211


Authentication

Mechanisms

PKI All Related to the

management of the key

between devices

Client

Certificate

OB

One Time

Password

P*

Multi factor P* e.g. Smartphone

Profile Based OA, OD, PC,

PD

Role Based Access

Shared secrets

(TACACS+,

Kerberos,

LDAP,

password, PIN,

OpenId)

All

Monitoring Device

Tampering

Tamper Detect

Sensor

OA To prevent meter fraud

Tamper Switch OA, OB, OC

Event log OA, OB, OC

Net frequency OA, OC

Head End

System

Audit Trail PD, OA, OD,

PC

All successful and

attempted user

logins/logouts

performed either on

systems or on devices

are traced in a

dedicated access log,

with username, role,

timestamp.

Analysis and

Detection

SIEM P*

Alarm P*

Lock-out All Prevent brute force

attacks

Transport Transport

Format

XML CH

CMS CH

M-Bus CH TLV format

of 211


IEC-13737

DLMS CD, CF, CD

SEP ZigBee CH Smart Energy Protocol

FTP CI, CC? PA

EDIFACT CI, CC?

SMS CG, CF Wake-up, last gasp

Secure transport ZigBee CH

DLMS CD, CF, CH

CMS CD, CF

TLS All except CK

IPSEC CC, CD, CI?

OA, OB

SFTP CC, CD, CI?

PB

Broadcast CK, OC LW and ripple

Transport

medium

Ethernet CI? LAN

M-Bus OA, CH, CB Wired & UHF radio

OMS4 OA, CH, CB Aka M-Bus

Radio Mesh CF ,CG

LTE Generic

Wireless

WAN

CD

GSM Generic

Wireless

WAN

Generic

Wireless

AN

CD

CH

GPRS

CDMA

ZigBee Subset of radio mesh

PLC CF Narrow band

Time

Synchronizati

on

Time

Synchronization

Assurance

Synchronization

period

CD, CF, OB,

OD

Subject to local

regulations

Network time

resilience

PD

of 211


Privacy Frequency Transmission

CD, CF, OB,

OD

OA

Transmission Interval

Reading CD, CF, OB,

OD

OA

Measurement interval

Privacy

Preservation

Transparency:

Local

processing

OB

Aggregation O*, P* Generic terms

Privacy by

design

All Generic terms

Privacy

Enhanced

Techniques

OB

Pseudonimizatio

n

OA, OB, OC,

PA,PB,PC,PD

Purpose

Limitation

Level of detail

OA,OB, OC,

PE

Transmission

Frequency

CD, CF, OB,

OD

OA

Reading

Frequency

CD, CF, OB,

OD

OA

Compliance to

requirements

Retention PA, PB, PC,

PD

Subject to local

regulations

Legitimacy of

processing

personal data

Consumer

choice: Opt-in

/Opt-out

PA, PB, PC,

PD

of 211

Abbreviation Explanation

B2B Business to Business

CMP Certificate Management Protocol

CMS Cryptographic Message Syntax (a.k.a. PKCS7)

FW Firewall

HSM Hardware Security Module (includes 20k€ data centre devices and 3€

chips)

IDS Intrusion Detection System

M&M Meters and More (Meter manufacturer)

PLC Power Line Communications

PSK Pre Shared Key

QoS Quality of Service

ToU Time of Use (Tariff)

of 211

8. TECHNIQUES IN THE CONTEXT OF THE 10 COMMON MINIMUM FUNCTIONAL

REQUIREMENTS

When considering the 10 minimum functional requirements as described in Section 4 with

respect to cyber security and privacy, the interrelation between the different functional

requirements need to be taken into account.

Requirement 8 is asking for secure data communication, which would be the main

requirement to take into account when analysing the security of the communication

interfaces. This requirement is necessary to ensure the security of communications of the

other minimum functional requirements:

Requirement 3: Allow remote readings of meters by the operator. If security for all

interfaces is given, also the security of the remote readings by the operator is

assured. It shall be noted that the secure data communication shall include

confidentiality, integrity but also authentication of the meter to be sure that the

remote readings corresponds to the suitable meter. Additionally, the security of

remote readings shall include also a secure storage of the data in the meter

Requirement 4: Providing a two-way communication link between the Smart Meter

components at the consumer premises to external networks for maintenance and

control. If security of all interfaces is given, also the security for the communication

link for maintenance and control is assured.

Furthermore, several requirements ask for a technical functionality to be implemented in

the metering system, or the meter itself. The secure control of this functionality requires a

secure communication link as provided by requirement 4:

Requirement 2, readings to be frequent enough so they can be used to achieve

energy savings. The frequent readings are communicated to the operator using the

two-way communication of requirement 4, as well as the any required update of

the reading frequency. The possibility to update reading frequency is achieved

using the two-way communication of requirement 4. It shall be noted that security

of the control requires also a tamper resistance in the meter to ensure that this

control is not forged in the meter.

Requirement 5, readings to be frequent enough so they can be used for network

planning. The frequent readings are communicated to the operator using the two-

way communication of requirement 4

Requirement 6, the support of advanced tariffs. The readings of those tariffs are

communicated to the operator using two-way communication of requirement 4.

Requirement 10, provide import/export and reactive metering. The readings of

import/export and reactive power are communicated to the operator using two-way

communication of requirement 4.

Requirement 1, to provide readings directly to the customer and any third party designated

by the consumer is realized in two different manners based on the questionnaire answers.

of 211

a) Using a local interfaces / display to provide the readings to the consumer and also

provide the consumer the possibility to provide the data to a 3rd party. The data is

securely transferred from the meter or in-home gateway to the consumer. However,

how the data from any of the consumer owned devices is transported to a 3rd party

is not considered in scope for this assignment.

b) Using a web service, that provides the readings only to the consumer after the

readings have been gathered by the network operator using the communication link

as mandated in requirement 3.

The readings provided to the consumer can furthermore include information about

advanced tariffs and import/export and reactive metering data.

Ensuring the security of Requirement 7 can in parts also be addressed when establishing a

secure communication link. However, due to the critical impact an abuse of this

requirement could result in, additional mitigation options need to be considered. Based on

the questionnaire results, this can be by several means to ensure additional security for this

requirement.

Requirement 9 is concerned with detecting and preventing fraud. To communicate the

events about possible frauds that are detected by sensors of the devices, also the secure

infrastructure provided by requirement 4 is used. It shall be noted that securing the

communication link is necessary to ensure security of this functionality but not sufficient

and the mean to detect fraud shall be secure in the smart meter as well and requires tamper

resistance.

But all of those requirements must be achieved by ensuring a good level of privacy. If

those functionalities must be provided by a smart metering system in EU, it must be

provided in compliance with the data protection framework. Some requirements are

directly related to privacy issues and techniques used to realize functionality must address

those issues.

Requirement 6 indicates that smart metering system must support advanced tariffs.

Requirement 1 indicates that the meter must provide readings directly to the consumer

s. This requirement could be achieved with different techniques. The technical choice

to provide those readings could have a lot of impact on the privacy for example

comparing a local display and a remote reading.

of 211

9. ANALYSIS OF THE TECHNIQUES GATHERED FOR COMPONENT O*

The distribution of the techniques depends on the architecture, with as extremes: OA is a

dumb sensor and all processing and communication is done by OB (DE) or: OA does the

measuring and processing and OB only performs communication (GB). OA and OB can

also be integrated in one device (saves costs, space and power) as in FR and in some NL

meters.

Logging is only evaluated if it is mandated by the technique. Otherwise it is

implementation dependent.

9.1. Access Control

3 Use cases are considered here:

Consumer access

Operator access

3rd Party access

9.1.1. Username/password or PIN

This is the classical technique. The Username is often linked to the role of the party seeking

access. PINs are used on devices with a limited user interface, such as a numerical only

keypad.

The criteria that are not provided by this technique are omitted from the ranking tables.

Evaluation of Use case 1, Consumer access

The assumptions are:

- That all access is local. (Non-local access uses the PE

component)

- that the credentials are unique

- that the credentials are revoked when necessary

Cyber-Security

Criterion Rank Comment

Confidentiality NA Not applicable to this technique.

Availability NA Not applicable to this technique.

Integrity NA Not applicable to this technique.

Authentication 1 No mutual authentication. A leak of the used credentials

can allow attackers to connect to impersonate the user.

of 211

Access to key material 0-2

The ranking depends on implementation.

0: if the password is sent in clear on the interface

2: if the password is stored in a tamper resistant module and

verified in this module

Integrity of key material 0-2 The ranking depends on implementation.

0: if the password is sent in clear on the interface

2: if the password is stored in a tamper resistant module and

verified in this module

Auditing/logging NA Not a functionality of this technique

Non-repudiation NA Not applicable to this technique.

Privacy and Data Protection


Data Control NA The authentication mechanism does not influence which

data is collected.

Data minimisation NA The authentication mechanism does not influence which

data is collected.

Data Access NA The authentication mechanism does not influence the

access rights.

Anonymity NA Not applicable to this technique.

Data Retention 0 - 2 Depends on the implementation

2 : if the password is stored locally

0: if the password is sent for remote verification on server

side.

Maturity and Upgradeability of Technique


Implementation scale 2 Use of PIN or username/password is very widespread

of 211

Standardisation 0 No standardisation of the given mechanisms.

Upgradability 1 The upgradability of PIN based mechanisms is dependent

on the hardware functionality. For that reason, it can be not

upgradable (rank 0) or fully upgradable (rank 2). For the

purpose of this evaluation, the value proposed in the rank

resume is the average between these two extremes (1).

However the reader should take this into consideration

when evaluating his specific PIN based mechanism

Impact of Technique towards Architecture

Everything that is done locally does not have to be communicated.


Communication

overhead generated

2 Even if sent on the communication link and not locally

stored and verified, passwords are commonly less than 16

bytes

bandwidth required 2 Even if sent on the communication link and not locally

stored and verified, passwords are commonly less than 16

bytes

Latency tolerance /

"Always on

communication

required"

2 or 0 0 if credentials are not verified locally.

Impact to processes 1 Processes to assign and reset credentials are required,

including processes to authenticate the recipients of the

changed credentials

of 211

Ranking Summary

(a) Password sent on the interface and verified on server side

Domain Rank

Cyber-security 0.3

Privacy and Data Protection 0

Maturity and Upgradeability of Technique 1

Impact of Technique towards Architecture 1.25

00.20.40.60.8

11.21.4

Cyber-security

Privacy and Data

Protection

Maturity and

Upgradeability of

Impact of

Technique towardsArchitecture

Rank

of 211

(b) Password stored and verified locally in tamper resistant module

Domain Rank

Cyber-security 1.7




0

0.5

1

1.5

2Cyber-security

Privacy and DataProtection

Maturity andUpgradeability of

Technique

Impact ofTechnique towards

Architecture

Rank

Passwords are an easy and well-established primitive authentication method. The used

protocol does not provide mutual authentication however, allowing the users to validate

the other party.

Evaluation of Use cases 2 and 3 - User is not in control of data collected

Operator and 3rd party access is most likely over a network connection. If these use cases

use local access, the ranking from use case 1 applies.

Cyber-Security





of 211

Access to key material NA Not a functionality of this technique

Integrity of key material NA Not a functionality of this technique


Authentication 1 No mutual authentication. A loss or leak of the used

credentials can allow attackers to connect to impersonate

the user.




Data Control 0 This process is not under control of the consumer.


data is collected.

Data Access NA The authentication mechanism does not influence the access

rights.

Anonymity NA The authentication mechanism does not influence the

linking of data to individuals

Data Retention NA The authentication mechanism does not influence data

retention


As in use case 1.


As in use case 1 (a)

of 211

Ranking Summary

Domain Rank

Cyber-security 1




00.20.40.60.8

11.21.4

Cyber-security



Technique


Architecture

Rank

Username and password is an easy and well-established authentication method. The

mechanism does not provide a mutual authentication however as it does not allow the user

to validate the other party.

Evaluation of Use cases 2 and 3 – User is in control of data collected

Operator and 3rd party access is most likely over a network connection. If these use cases

use local access, the ranking from use case 1 applies.

Cyber-Security





of 211




Authentication 1 No mutual authentication. A loss or leak of the used

credentials can allow attackers to connect to impersonate

the user.




Data Control 2 This process is under control of the consumer.


data is collected.

Data Access NA The authentication mechanism does not influence the access

rights.



Data Retention NA The authentication mechanism does not influence data

retention


As in use case 1.


As in use case 1.

of 211

Ranking Summary

Domain Rank

Cyber-security 1




0

0.5

1

1.5

2Cyber-security



Technique


Architecture

Rank

Username and password is an easy and well-established authentication method. The

mechanism does not provide a mutual authentication however as it does not allow both

parties (e.g., customer, operator, third party) to be validated.

9.1.2. One-time password

The user gets a password that is unique and valid for short time. This technique prevents

an attacker from intercepting the password or retrieve/reconstruct the password from the

verifying system. The one-time password can be generated locally, based on the time or

on a challenge, or it can be sent on request by the verifying system.

Local generation can be implemented as “2 factor”, if the generation or verification takes

place on a separate device.

of 211

Evaluation of Use case 1

Cyber-Security


Confidentiality NA The use of password is generally accepted as a means to

ensure a certain level of confidentiality.

Availability NA This is not a functionality of this technique.

Integrity NA This is not a functionality of this technique.

Authentication 2 Strong protection mechanism. .The token is generated by a

specific device or transmitted using a separate

communication mean.

Non-repudiation NA This is not a functionality of this technique.



Logging NA Not a functionality of this technique



Data Minimisation NA The authentication mechanism does not influence which

data is collected

Data Control NA The authentication mechanism does not provide control

on which data is collected


access rights.



Data retention 2 Per default, data retention for one-time password is very

short. Password is retained no longer than what is strictly

needed to make services available and proportionate to

the purposes of authentication

of 211




Standardisation 2 Standards exist for OTP: e.g. Oauth, OpenID connect.

Upgradability 2 The upgradability of this technique depends on the way the

technique is implemented. The token used for OTP are

generated token using a specific software.



Communication

overhead generated

2 When credentials are processes locally there is no

communication required for this technique, when the

authentication is performed against a remote system the

communication overhead is negligible.

Bandwidth required 2 When credentials are processes locally there is no



bandwidth required is negligible.

Latency tolerance /

"Always on

communication

required"

2 or 1 When authentication is performed local on the system there

is no communication involved (2), and when performed

remotely the authentication needs to be performed in a

reasonable timeframe, taking latencies of the underlying

network protocol into account (usually IP).

Impact to processes 1 Moderate impact to processes is expected due to the

management of credentials and tokens. While the

management of credentials can be regarded as usual IT

practice, the management of tokens usually requires more

effort.

of 211

Ranking Summary

Domain Rank

Cyber-security 2




1.61.65

1.71.75

1.81.85

1.91.95

2Cyber-security




Architecture

Rank

“Two factor authentication” greatly improves security. In case of a physical factor, a loss

can be detected. In case of a second communication channel increases the effort for an

attacker.

Evaluation of Use case 2, 3

See 9.1.1.2

9.1.3. 2 factor authentication

The user is authenticated after successfully presenting several separate pieces of evidence

to an authentication mechanism - typically at least two of the following categories:

knowledge (something they know); possession (something they have), and inherence

(something they are).

of 211


Cyber-Security


Confidentiality NA The use of password is generally accepted as a means to

ensure a certain level of confidentiality.


Integrity NA This is not a functionality of this technique.

Authentication 2 Strong protection mechanism. Two pieces of information are

used to verify the user. The use of two factor authentication

mechanisms is usually implemented within protocols

providing mutual authentication.

Non-repudiation NA This is not a functionality of this technique.







data is collected




access rights.



Data retention 2 Because the user information are checked and stored

locally

of 211




Standardisation 2 Standards exist for 2 factor authentication: e.g. FIDO.

Upgradability 2



Communication

overhead generated

2 When credentials are processes locally there is no



communication overhead is negligible.

Bandwidth required 2 When credentials are processes locally there is no



bandwidth required is negligible.

Latency tolerance /

"Always on

communication

required"

2 or 1 When authentication is performed local on the system there

is no communication involved (2), and when performed

remotely the authentication needs to be performed in a

reasonable timeframe, taking latencies of the underlying

network protocol into account (usually IP).

Impact to processes 1 Moderate impact to processes is expected due to the

management of credentials and tokens. While the

management of credentials can be regarded as usual IT

practice, the management of tokens usually requires more

effort.

of 211

Ranking Summary

If authentication is performed locally without communication required:

Domain Rank

Cyber-security 2




1.61.65

1.71.75

1.81.85

1.91.95

2Cyber-security




Architecture

Rank

If authentication is performed remotely (i.e the authentication needs to be performed in a

reasonable timeframe, taking latencies of the underlying network protocol into account

(usually IP):

of 211

Domain Rank

Cyber-security 2




0

0.5

1

1.5

2Cyber-security




Architecture

Rank

“Two factor authentication” greatly improves security. In case of a physical factor, a loss

can be detected. In case of a second communication channel increases the effort for an

attacker.

Evaluation of Use case 2, 3

See 9.1.1.2

9.1.4. Pre-shared secrets and TLS with client certificates

Both parties share the same symmetric key or in the case of TLS, each party presents a

certificate that is trusted by the other party.


Cyber-Security


Confidentiality 2 The TLS protocol can use strong cryptographic algorithms

for ensuring data confidentiality.


of 211

Integrity 2 The TLS protocol can use strong cryptographic algorithms

for ensuring data integrity.

Authentication 2 The TLS protocol can use strong cryptographic algorithms

that are providing a mutual authentication of both

communication parties.




Non-Repudiation NA Not a functionality of this technique



Data Retention NA The authentication mechanism does not influence which data

is collected

Data Minimisation NA The authentication mechanism does not influence which data

is collected

Data Control NA The authentication mechanism does not provide control on

which data is collected

Data Access NA The authentication mechanism does not influence which data

are accessible

Anonymity NA The authentication mechanism does not influence the linking

of data to individuals



Implementation scale 0 There is very limited use of this technique in the Smart

Metering domain, no larger scale roll-outs have been

completed using TLS yet.

Standardisation 2 RFC5246 and RFC5487

Upgradability 2 Technique can be updated in firmware/software.

of 211



Communication

overhead generated

1-2 In normal network environments the overhead generated by

this technique is negligible (2), but in low bandwidth, high

latency connections the additional round-trips (TLS) might

have impact (1)

Bandwidth required 1-2 The bandwidth required for the exchange of keys does not

require a lot of bandwidth (2), but there might be circumstances

where bandwidth is very limited (1).

Latency tolerance /

"Always on

communication

required"

1-2 In normal network environments the latency tolerance required

is negligible (2), but in low bandwidth, high latency

connections the additional round-trips (TLS) might have

impact (1)

Impact to processes 1 Processes to assign and reset credentials required

Ranking Summary

Best case (high bandwidth network):

Domain Rank

Cyber-security 2

Maturity and Upgradeability of Technique 1.33


0

0.5

1

1.5

2Cyber-security


Technique

Impact of Techniquetowards

Architecture

Rank

of 211

Worst case (low bandwidth network):

Domain Rank

Cyber-security 2


Impact of Technique towards Architecture 1

0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Client certificates allow establishing a mutual trust between client and server.

Evaluation of Use cases 2-3

Same as 9.1.4.1



Implementation scale 2 Widespread use

Standardisation 2 Several well established standards (TLS, DLMS)

Upgradability 2 Technique can be updated in firmware/software.

of 211

Ranking Summary

Best case (high bandwidth network):

Domain Rank

Cyber-security 2



1.8

1.85

1.9

1.95

2Cyber-security


Technique


Architecture

Rank

of 211

Worst case (low bandwidth network):

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Client certificates with TLS allow to establish a mutual trust between client and server.

9.2. Cryptographic algorithms and modes

It is important to recognize that the evaluated algorithms are not used directly in techniques

to ensure security for a smart metering system. In almost all cases, techniques use those

cryptographic algorithms as building blocks for ensuring respective security functionality.

The evaluation of the below algorithms and modes was performed to provide a general

view on the effectiveness and capabilities. They should however only be used as part of a

more complex protocol, such as TLS, DLMS or M-Bus.

First the symmetric and then the asymmetric, each sorted in descending use. All algorithms

and modes are standardized and mature (albeit not all in smart metering).

The algorithms, modes and key lengths are the ones returned from the survey.

See the advices of ENISA, NIST and NSA for detailed guidance, also in view of the

expected developments in quantum cryptanalysis.

The suggestion is to use the longer key-lengths of the current algorithms; 256 bit AES and

384 (or more) bits ECC.

of 211

Several common algorithms not in the BAT, notably single DES, RC4, MD4 and MD5 are

insecure.

The ratings only apply when the following conditions are met:

Keys are generated securely.

Symmetric and private keys are kept secret throughout their lifecycle (generation,

provisioning, storage and usage)

IVs are never reused for the same key

The environment does not provide oracles, for example by reporting which part of

a decrypted message is incorrect.

The key for CMAC is different from the key used for the confidentiality mode

When numbers are used in the rating, these are based on 1288 bit symmetric

and 256 bit asymmetric keys in case of elliptic curves, and 1024 in case of

RSA..

Cryptographic algorithms do not offer “availability”. “Access to key material”

and “integrity of key material” is depending on the implementation and not a

property of the algorithm.

All symmetric algorithms offer some “Authentication”, as a valid decrypted

message implies that the writer possessed the same key as the reader.

“Authentication” is not a property of hash algorithms.

Note that the above assumes availability of reliable Random Number Generation

capabilities.

The recommendation for cryptographic algorithms for a better protection against quantum

computing vulnerability are the following as described in NIST report9 and ETSI white-

paper10

to increase the key lengths of symmetric key algorithms

to maintain crypto agility to be prepared to transition away from vulnerable

algorithms (asymmetric key algorithms) to quantum-safe ones when available and

their security assessed.

8 For new systems, 256 bits is preferred to withstand quantum cryptanalysis.

9 NIST: NISTIR 8105 DRAFT (February 2016) : Report on Post-Quantum Cryptography.

http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf

10 : ETSI: ETSI White Paper No. 8: Quantum Safe Cryptography and Security: An introduction, benefits,

enablers and challenges; June 2015

http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf

of 211


The dimension “Privacy and Data Protection” is under the header, as this will be the same

for all techniques.


Data Retention NA Privacy is considered “Not Applicable”, as cryptography is a

method to protect all data. Which data it is, whether it is

personal or not is out of scope.

Data Minimisation NA Privacy is considered “Not Applicable”, as cryptography is a



Data Control NA Privacy is considered “Not Applicable”, as cryptography is a



Data Access NA Privacy is considered “Not Applicable”, as cryptography is a



Anonymity NA Privacy is considered “Not Applicable”, as cryptography is a






Standardisation 2 Fully standardized

Upgradability 2 Cryptographic protocols can usually be updated in software.

All cryptography impacts processes as keys must be managed (generation, loading,

replacement and revocation). Just as important as the algorithm chosen is the management

of key material.

of 211

9.2.2. AES-GCM

GCM, Galois Counter Mode, is a mode for authenticated encryption. It provides

confidentiality for the data using the CTR mode of AES and detection of unauthorized

changes to the data and to the “additional authenticated data” by adding an authentication

tag using a GMAC algorithm. GCM is used in DLMS and as a recommended TLS

algorithm in DE.

Cyber-Security


Confidentiality 2 AES-GCM is recommended by ENISA, ensuring data

confidentiality.

Integrity 2 AES-GCM provides a MAC ensuring data integrity.

Availability NA Not a functionality of this technique




Non-repudiation NA Not a functionality of this technique

Authentication NA Not a functionality of this technique


The IV is less than the block size, as a part of the existing header is used for the IV.

Authentication tags can be truncated (not recommended)


bandwidth required 2 Little data transported

Latency tolerance /

"Always on

communication

required"

NA Not applicable to this technique.

Communication

overhead generated

1 IV and tag, 16-32 byte per message

Impact to processes 1 Key management required

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

AES-GCM requires a single key and a single pass through the AES algorithm for

confidentiality and authenticity. As GCM is a stream mode, it does not require padding.

9.2.1. AES-CBC

CBC, Cypher Block Chaining, is a mode for encryption. As the blocks are linked, a change

in one block will affect the decryption of all subsequent blocks. It also hides which blocks

contain the same plaintext. AES-CBC is used in M-Bus and as a recommended TLS

algorithm in Germany.

Cyber-Security


Confidentiality 2 AES-CBC is recommended by ENISA, providing data

confidentiality.

Integrity 1 The algorithm does not provide good data integrity. Whole

blocks can be manipulated without affection the remainder of

the message.



of 211







Bandwidth required 2 Little data transported

Latency tolerance /

"Always on

communication

required"

NA Not applicable to this technique


Communication

overhead generated

1 IV and padding, 16-32 byte per message

of 211

Ranking Summary

Domain Rank

Cyber-security 1.5



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

CBC provides good confidentiality when implemented correctly (random IVs and no

padding oracle). Not resistant against chosen ciphertext attacks11.

9.2.2. AES-CCM

AES-CCM, CMAC Counter Mode, is a mode for authenticated encryption. It provides

confidentiality for the data using the CTR mode of AES and detection of unauthorized

changes to data Evaluation using a CMAC. CCM is used in ZigBee

Cyber-Security


Confidentiality 2 AES-CCM is recommended by ENISA, providing data

confidentiality.

Integrity 2 AES-CCM provides a MAC, providing data integrity.



11 See „Evaluation of Some Blockcipher Modes of Operation“, Phillip Rogaway, 2011

of 211








Latency tolerance /

"Always on

communication

required"



Communication

overhead generated

1 IV and tag, 32 bytes per message

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

CCM provides good security when implemented correctly (random IVs and different keys

for confidentiality and authenticity).

9.2.3. AES-CMAC

CMAC, Cryptographic Message Authentication Code, is a mode for authentication. It uses

the CBC mode, of which the last block is used as an authentication tag.

Cyber-Security


Confidentiality NA Not a property of AES-CMAC, this functionality cannot

ensure data confidentiality.

Integrity 2 AES-CMAC provides a MAC, providing data integrity.





of 211


Authentication NA Not a functionality of this technique. See also introduction.




Latency tolerance /

"Always on

communication

required"



Communication

overhead generated

1 IV and tag, 32 byte per message

Ranking Summary

Domain Rank

Cyber-security 2


Impact of Technique towards Architecture 1,33

0

0,5

1

1,5

2Cyber-security


Technique


Architecture

Rank

of 211

9.2.4. AES-CTR

CTR, Counter Mode, is a mode for encryption. Each block is byte wise XORed with an

encrypted counter. CTR does not increase the message size as no padding is required. CTR

is used as a building block for GCM and CCM.

Cyber-Security

An attacker can change each bit in the message at will.


Confidentiality 2 The technique can provide good data confidentiality.

Integrity 0 Any change in the message does not affect the rest of the

message, no data integrity can be provided with this

technique.










Latency tolerance /

"Always on

communication

required"



Communication

overhead generated

1 IV, 4-16-byte per message

of 211

Ranking Summary

Domain Rank

Cyber-security 1



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

9.2.5. AES-ECB

ECB, Electronic Code Book, is a mode for encryption. Each block is individually

encrypted.

Cyber-Security

Attacker can see which blocks contain the same plaintext. An attacker can freely swap

blocks around.


Confidentiality 0 The technique cannot provide data confidentiality and

should only be used as a building block for other AES

Modes. The encrypted data can still reveal patterns in the

plain text.

Integrity 0 The technique cannot provide data integrity and should only

be used as a building block for other AES Modes. Blocks

can easily be moved and copied.

of 211










Latency tolerance /

"Always on

communication

required"



Communication

overhead generated

1 1-16-byte padding per message

of 211

Ranking Summary

Domain Rank

Cyber-security 0



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

ECB has weak security properties and is mainly of value as a building block for other

modes.

9.2.6. SHA1

The Secure Hash Algorithm 1 calculates a 20 bytes’ message digest or “hash” from an

input message of any length.

Cyber-Security

The collision resistance (the effort needed to create 2 inputs with the same hash) is less

than expected. SHA1 is not recommended for new designs.

The pre-image resistance (the effort to create an input with a given hash) is said to be still

good.


Confidentiality NA Confidentiality does not apply to hash algorithms

Integrity 1 The algorithm has only a reduced collision resistance

of 211






Authentication NA Authentication does not apply to hash algorithms




Standardisation 2 Fully standardized in FIPS 186

Upgradability 2 Algorithm can usually be updated in software


Impact on architecture in considered “Non Applicable”, as the hash algorithms are only an

indispensable part of other techniques. The impact is evaluated in the technique using the

algorithm, for example electronic signatures.

of 211

Ranking Summary

Domain Rank

Cyber-security 1


0

0.5

1

1.5

2Cyber-security


Technique

Rank

The collision resistance of SHA1 is less than expected. It is not recommended for new

designs. No reduction of the pre-image resistance discovered yet.

9.2.7. SHA2

The “Secure Hash Algorithm 2” calculates a 32 – 64 bytes’ message digest from an input

message of any length. The versions are commonly named after the output length:

SHA256, SHA384 and SHA512. SHA2 is a building block for other algorithms such as

ECDSA and ECDH.

Cyber-Security

SHA2 is recommended for new designs.


Confidentiality NA Confidentiality does not apply to hash algorithms

Integrity 2 The algorithm provides strong data integrity capabilities.



of 211




Authentication NA Authentication does not apply to hash algorithms



Implementation scale 2 Widely adapted

Standardisation 2 Fully standardized in FIPS 186



Impact on architecture in considered “Non Applicable”, as the hash algorithms are only an

indispensable part of other techniques. The impact is evaluated in the technique using the

algorithm, for example electronic signatures.

of 211

Ranking Summary

Domain Rank

Cyber-security 2


0

0.5

1

1.5

2Cyber-security


Technique

Rank

SHA2 is currently the recommended algorithm for hashing.

9.2.8. ECDH

Elliptic Curve Diffie Hellman calculates a shared secret from an own private key and the

public key from the partner. The shared secret is used to derive a key for the symmetric

algorithm (using the SHA2 algorithm) that secures the subsequent communication.

Cyber-Security

A modulus length of 256 bit or more is recommended for new designs. The security is

strongly dependent on the secure transport, for example as a certificate, of the public keys

to avoid a “man in the middle” attack. This algorithm is used for key exchange and is used

in general with other algorithms to provide authentication and avoid man-in-the-middle

attacks.


Confidentiality 0 Diffie-Hellman is subject to man-in-the-middle attacks


Integrity NA Integrity is not of function of key agreement

of 211








Implementation scale 1 Limited use, mainly GB and DE

Standardisation 2 Fully standardized




Communication

overhead generated

2 This type of encryption is used for key-exchange, after

which symmetric encryption is used for the rest of the

communication. Diffie-Helman only exchange some

random numbers.

bandwidth required 2 This is depending on the type of network, on low latency –

small bandwidth networks the key exchange technique can

have impact (1) due to the extra communication involved.

On high bandwidth networks the impact is negligible (2).

Latency tolerance /

"Always on

communication

required"

2 Depending on the protocol; communication is not

required for the static-static variant, but a prerequisite for

the ephemeral variants.

Impact to processes 1 . The ECDH is the process to assign symmetric credentials

to reduce the overhead compared to asymmetric

encryption. PKI may be used to protect DH from Man-in-

the-middle attacks but is an independent technique from

ECDH.

of 211

Ranking Summary

Domain Rank

Cyber-security 0



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

ECDH is the recommended mechanism for key establishment using asymmetric

cryptography. The modulus size must be 256 bits or more.

9.2.9. ECDSA

The Elliptic Curve Digital Signature Algorithm calculates a signature using an own private

key and verifies the signature using the public key of the receiver. ECDSA uses the SHA2

algorithm to prepare the input.

The “unique value” used in generating the signature MUST NOT repeat. Failing to do so

reveals the private key to an attacker.

Cyber-Security

A modulus length of 256 bit or more is recommended for new designs.


Confidentiality NA Confidentiality is not of function of digital signatures

Integrity 2 A signed message cannot be changed undetected, this

providing string data integrity.


of 211





Non-repudiation 2 The technique can be used to provide non-repudiation of

exchanged information.



Implementation scale 1 Limited use, mainly UK and DE

Standardisation 2 Fully standardized, FIPS PUB 186-4, ANSI X9.62-2005




Communication

overhead generated

1 Data for asymmetric crypto is often bigger. A MAC is 16

bytes while an ECDSA signature is at least 64 bytes.

bandwidth required 2 or 1 This is depending on the type of network, on low latency –


have impact (1) due to the extra communication involved. On

high bandwidth networks the impact is negligible (2).

Latency tolerance /

"Always on

communication

required"

2 or 1 This is depending on the type of network, on low latency –




Impact to processes 1 Processes to create and assign credentials required, for

example a PKI. More processing power needed compared to

symmetric algorithms.

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

ECDSA is the recommended mechanism digital signatures on embedded systems. The

modulus size must be 256 bits or more.

9.3. Monitoring and alarming

Many events are logged, but only the security relevant events are covered here. It is

possible to configure an immediate alarm message when certain events occur.

Use case 1: Events are sent to the operator without any visibility or control by the

consumer.

Use case 2: The consumer has visibility over the events that are sent.

9.3.1. Privacy and Data Protection

This is common to all events, therefore placed in an overarching chapter.


of 211

Data Control 0 No consumer control on alarming and monitoring

Data minimisation NA Alarming and monitoring mechanism does not influence

which data is collected by the meter.

Data Access 0 or 2 2 in architectures where the consumer can see everything

that is sent. 0 elsewhere.

Anonymity NA Not applicable to this technique.

Data Retention NA Alarming and monitoring mechanism does not influence

how long data are stored

9.3.2. Switches

A switch is used as a mechanism to detect physical access to a device. When a protected

area is accessed (for example when a cover is removed), a switch is operated and the event

is written to a log.

Devices can have several layers of protection; an outer level, for example covering the

connections and an inner level covering the calibrated components.

Evaluation

The assumptions are:

- That the action is logged.

- that the log is read

- that actions are taken when necessary

Cyber-Security

This technique only concerns the integrity.


Confidentiality NA Not a functionality of the technique.

Availability NA Not a functionality of the technique.

Integrity 1 Switches can be bypassed by a serious attacker

Authentication NA Not a functionality of the technique.

Access to key material 1 A switch can detect the first step to attempt to access the

key material physically.

of 211

Integrity of key material 1 A switch can detect the first step to attempt to access the

key material physically.


Logging 2 See assumptions




Standardisation NA Not a functionality of the technique.

Upgradability 0 None, as it uses mechanical components



Communication

overhead generated

2 A tamper alert that is sent over the network is normally only

a fraction of the other traffic.

bandwidth required 2 A tamper alert that is sent over the network is normally only

a fraction of the other traffic.

Latency tolerance /

"Always on

communication

required"

2 Although it is advisable to have tamper alerts sent to the

monitoring system as soon as possible, latency can be

tolerated.

Impact to processes 1 Although processes are required to process the alarms and

act upon them, the benefits of being able to detect such

events far outweigh the risks involved when such events

are not noticed.

Ranking Summary

Switches are a common requirement from meter users and provide a simple remote tamper

detection.

of 211

Use case 1:

Domain Rank

Cyber-security 1.25




0

0.5

1

1.5

2Cyber-security



Technique


Architecture

Rank

of 211

Use case 2:

Domain Rank

Cyber-security 1.25




0

0.5

1

1.5

2Cyber-security



Technique


Architecture

Rank

Note: for what concerns privacy, the summary presents the worst case, i.e. when Data

Access is ranked 0. When the architecture or reference provides means for the consumer

to be aware of the data exchanged, privacy should be ranked 2.

9.3.3. Seals and other tamper evident techniques

Seals are a legal requirement from the various calibration regulations. Similar functionality

can also be provided by welding the case closed. Additional measures such as micro reliefs

and RFID could add an extra hurdle to introduce forged devices.

Cyber-Security

This technique mainly concerns the integrity.


Integrity NA Not a functionality of this technique


of 211

Access to key material 1 The technique can provide an indication if the device has

been tampered with, therefore also an indication if key

material could have been obtained by an attacker.

Integrity of key material 1 The technique can provide an indication if the device has

been tampered with, therefore also an indication if key

material could have been obtained by an attacker.


Confidentiality NA Not a functionality of this technique






Standardisation NA not applicable

Upgradability 0 Requires a manual process and visiting every consumer



Communication

overhead generated

NA This technique does not use communication

Bandwidth required NA This technique does not use communication

Latency tolerance /

‘Always-on

communication

required?

NA This technique does not use communication

Impact to processes 1 Process to handle broken seals and re-sealing needed

Ranking Summary

Seals on the metrological parts are a legal requirement.

of 211

Other seals are a common requirement from device owners and a cheap way to detect

simple tampering.

Use case 1: the seal doesn’t have privacy protection uses

Domain Rank

Cyber-security 1



0

0.2

0.4

0.6

0.8

1Cyber-security


Technique


Architecture

Rank

of 211

Use case 2: the seal is used also to provide a limited privacy protection

Domain Rank

Cyber-security 1

Privacy 1



0

0.2

0.4

0.6

0.8

1Cyber-security

Privacy


Technique


Architecture

Rank

9.3.4. Magnetic field sensors

Use case 1: protecting the measuring system when this is using magnetic field sensors

Use case 2: protecting the power supply against maliciously saturating the transformer

core.

NOTE: due to the fact that these techniques cannot be considered “cyber-security

techniques”, the information gathered wasn’t sufficiently detailed, however, a high level

evaluation is proposed as follows

Evaluation

See 9.3.2, except 2 for integrity (difficult to defeat)

9.3.5. Power quality sensors

Use case 1: one or more phases missing

Use case 2: power fail. A.k.a. “last gasp alarm”

of 211

Use case 3: general measurements such as voltage, frequency and harmonics

Evaluation

See 9.3.2, except 2 for integrity (difficult to defeat)

9.4. Time Synchronisation

An accurate time is required when a time based tariff is used, to assign the correct time to

events in the logs and possibly to assess the validity of certificates. The maximum

deviation from the legal time and the frequency of synchronisation are determined by the

local regulations.

9.4.1. Application specific protocols

Use case 1: DLMS broadcast

Use case 2: DLMS unicast

Use case 3: NTP

Use case 4: IEC (locally)

Use case 5: Vendor specific

Evaluation

The only aspect to be considered is integrity of the data for fraud prevention, which

depends on security of the underlying communication protocol and plausibility checks

which are often subject to local regulations. For that reason, the list just provided (which

comes from the information gathering phase of the BAT process) will not be ranked or

evaluated as these protocols, per se don’t provide additional cyber-security/privacy

features.

9.5. Security architecture

Miscellaneous aspects of security that cannot directly be mapped to a functionality.

9.5.1. Unique keys

Smart metering devices do not have reactive tamper measures, except for generating

alarms, and are possibly under complete control of an attacker.

Cyber-Security



of 211


Access to key material 2 Compromising a single key does not affect other devices





Authentication 2 Unique keys enable the receiver to verify the sender.




is collected


is collected




are accessible





Implementation scale 2 Widespread use in modern deployments

Standardisation NA Process and configuration dependent

Upgradability NA Not a functionality of the technique.



Communication

overhead generated

NA The technique as such does not require communication

of 211

Bandwidth required NA The technique as such does not require communication

Latency tolerance /

‘Always-on

communication

required?


Impact to processes 0 Complex key management.

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Unique keys per meter help to ensure that one successful attack on a meter does not

necessarily lead to a compromise of all meters, and revocation per meter based on the

communication keys becomes possible.

9.5.2. Private location

Smart metering devices are mounted on the private property of the consumer and are not

(legally) physically accessible by others.

While this practice (or technique) deals with the physical security, it should be recognised

that it contributes to make some cyber-attacks threats harder by limiting the possibilities

to interact with the device. For that reason, it is considered here and an evaluation is

provided.

of 211

Evaluation

The fact that a consumer might be a potential attacker of the system has been left out of

this evaluation since such attacks might also occur in situations where meters are installed

in publicly accessible places (e.g. the basement of an apartment). Therefore the physical

location has not much impact on those scenarios.

This technique is mainly beneficial in protecting the consumers privacy by not disclosing

personal information to unauthorised individuals, and in situations where the meter might

be attacked for other reasons.

Cyber-Security


Confidentiality NA Not a functionality of this technique



Access to key material 1 Physical barrier before even accessing the device



Non Repudiation NA Not a functionality of this technique




Data Retention NA Private location does not influence which data is collected

Data Minimisation NA Private location does not influence which data is collected

Data Control NA Private location does not provide control on which data is

collected

Data Access 1 Private location limits access to personal data due to private

location.

Anonymity NA Private location does not influence the linking of data to

individuals

of 211



Standardisation NA Determined by local regulations

Upgradability NA Not a functionality of the technique.



Impact of this technique towards architecture has not been rated since this technique does

not require any changes to the architecture. Only the location is of relevance.

Ranking Summary

Domain Rank

Cyber-security 1

Privacy 1


0

0.5

1

1.5

2Cyber-security

PrivacyMaturity and

Upgradeability ofTechnique

Rank

The physical location provides a first line of defence. The implementation depends on local

regulations.

of 211

9.5.3. DLMS secure transport

DLMS is one of the most commonly used Smart Metering protocols. It provides a large

range of security functions that are specified in the protocol. The payload of the DLMS

APDUs can be encrypted and authenticated using AES-GCM. Additionally, selected data

can also be signed and/or encrypted end to end.

Evaluation:

See also the caveats in 9.2.

Privacy is not evaluated here as it is a generic technique, see also 9.2.1.1

Cyber-Security


Confidentiality 2 DLMS is using an up to date cryptographic algorithm to

ensure confidentiality


Integrity 2 Exchanged data can be secured by applying a

cryptographic MAC or a digital signature.



Logging NA Not a functionality of this technique, this is described and

ranked in the rating of the DLMS protocol itself.

Non Repudiation NA Not a functionality of this technique this is described and

ranked in the rating of the DLMS protocol itself.

Authentication 2 DLMS can perform mutual authentication based on pre-

shared keys or in the latest revision of the standard with

the use of certificates.




is collected


is collected



of 211


are accessible





Implementation scale 2 Highly used protocol in Smart Metering domain.

Standardisation 2 Fully standardised: IEC62056, commonly known as the

“Blue Book” and the “Green Book”

Upgradability 1 Within a specific DLMS version security can be upgraded by

choosing a different security mode. However, when going

from one version of DLMS to another it will have significant

impact on processes and infrastructure. Also since DLMS is

an international standard version upgrades are not very

frequent. Therefore a rating of '1' is applicable here



Impact to processes 1 DLMS will require a key management system to be deployed

to manage the Smart Meters, this has an impact to the

processes.

Bandwidth required NA Depends on the use case

Latency tolerance /

‘Always-on

communication

required?

2 DLMS is able to use high latency and unreliable networks

such as PLC

Communication

overhead generated

2 The ASN.1 coding ensures a minimal overhead

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

DLMS security is a wide spread technique to protect information on a variety of network

types.

9.5.4. Independent monitoring

This is mostly applicable to “critical commands”, which are commands that can affect the

power supply to a consumer. The risk model considers that a supplier is attacked and then

starts sending properly signed disconnect commands. The (independent) communication

provider only transfers these commands if they look reasonable. Currently only used in

GB.

Cyber-Security




Integrity 2 The described monitoring technique can ensure integrity

during the all data process, this is assuming that an

additional cryptographic integrity checksum is applied to

the data to be send.

of 211

Access to key material NA Not a functionality of the technique.

Integrity of key material NA Not a functionality of the technique.

Logging 2 The technique allows to audit and log the exchanged data

to a great extent.

Non Repudiation NA Not a functionality of the technique.

Authentication 2 The described monitoring technique can ensure

authentication of the data when checked, this is assuming

that an additional cryptographic integrity checksum is

applied to the data to be send.




is collected


is collected




are accessible





Implementation scale 0 This is a new technique to smart metering.

Standardisation 2 Standardised: IEC62056 detailed in the “Great Britain

Companion Specification” GBCS

Upgradability 2 The technique can easily be adjusted or extended.



of 211

Communication

overhead generated


Bandwidth required NA The technique as such does not require communication

Latency tolerance /

‘Always-on

communication

required?


Impact to processes 2 Arrangements between supplier and communication

provider required and kept up to date, and processes need

to be implemented in order to be able to verify the

commands.

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Independent monitoring adds a second line of defence against unauthorized

disconnections.

of 211

9.5.5. TLS secure transport

TLS (Transport Layer Security) is a protocol running on top of a reliable connection

protocol (usually TCP/IP). A TLS session starts with a “Handshake” phase where client

and server agree on common security mechanisms and key material.

All payload can be encrypted and authenticated using mechanisms agreed during

connection establishment.

Evaluation:

Caveats in 11.1.10

Cyber-Security


Confidentiality 2 TLS can provide a very good level of confidentiality

Availability NA Availability is not a function of TLS

Integrity 2 TLS can ensure integrity of data exchanged by applying

message authentication codes to the messages.

Authentication 2 Based on a certificate or pre-shared keys, TLS provide

functionalities to ensure authentication

Access to key material 2 When the option “Ephemeral DH” is chosen for key

agreement, the key material cannot be used to decrypt

previous session.

Integrity of key material 2 Public keys are sent as certificates

Non-repudiation NA Not a function of TLS. This would need to be provided by

the application layer protocol.

Logging NA Not a function of TLS. This would need to be provided by

the application layer protocol.



Data Retention NA TLS mechanism does not influence which data is collected

Data Minimisation NA TLS mechanism does not influence which data is collected

Data Control NA TLS mechanism does not provide control on which data is

collected

Data Access NA TLS mechanism does not influence which data are accessible

of 211

Anonymity NA TLS mechanism does not influence the linking of data to

individuals



Implementation scale 2 On OA and OB only in DE, elsewhere widespread use

Standardisation 2 Fully standardised (RFC 5246, 5289 , 6066, 7251 etc.), many

options to choose from

Upgradability 2 Common practice



Communication

overhead generated

2 Minimum 100 bytes for the handshake and 25 bytes per

packet of maximum 214 bytes

Bandwidth required 2 or 1 This is depending on the type of network, on low latency –




Latency tolerance /

‘Always-on

communication

required?

2 or 1 This is depending on the type of network, on low latency –





of 211

Ranking Summary

Domain Rank

Cyber-security 2



1.61.65

1.71.75

1.81.85

1.91.95

2Cyber-security


Technique


Architecture

Rank

TLS is a widespread technique for transport security. It can be configured to provide a high

level of confidentiality and integrity.

9.5.6. End-to-End Signing

End 2 end signing ensures the authenticity of selected data between the sender and the final

recipient. Intermediate parties, such as communication providers, cannot (and must not)

change the signed data.

It is used in the UK for billing data sent from the meter and for commands that can affect

the supply of power, the so called “Critical commands”.

CMS signing, as used in DE, is also an implementation of this technique.

of 211

Cyber-Security


Confidentiality NA Confidentiality is not of function of digital signatures

Integrity 2 A signed message cannot be changed undetected.





Authentication 2 The receiver can verify that the data was sent by the party

that possesses the private key matching the verification

key.

Non-repudiation 2 Non repudiation of origin when using an on-board

generated private key. A HSM can provide additional

assurance here.



Data Retention NA End to end signing mechanism does not influence which data

is collected

Data Minimisation NA End to end signing mechanism does not influence which data

is collected

Data Control NA End to end signing mechanism does not provide control on


Data Access NA End to end signing mechanism does not influence which data

are accessible

Anonymity NA End to end signing mechanism does not influence the linking




of 211

Implementation scale 1 Limited use, mainly UK and DE

Standardisation 2 Fully standardized, GBCS and the RFCs governing CMS

Upgradability 2 Technique can be updated in software



Communication

overhead generated

2 An ECDSA signature is 64 bytes.

bandwidth required NA Depending on the use case, cannot be ranked.

Latency tolerance /

"Always on

communication

required"

2 Signing is an asynchronous process and does not depend on

communication.

Impact to processes 1 Processes to create and assign credentials are required, for

example a PKI

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

of 211

The advantage of this technique is that the intermediate components do not have to be

secure.

9.5.7. Switching commands validated against the grid code (Grid Sensitive Operation)

Grid operators have traditionally used the power grids inherent properties (voltage and

frequency) for coordinating the operation of power generators. Today those rules are

known as ‘grid codes’ and, in most cases, grid codes are standardised at the national, or

European level (ENTSO-E).

Grid code sensitive operation (GSO) is already required for almost all generators. In

addition, for certain types of large loads GSO is also defined and used, while smart power

relays exist that follow GSO rules (over voltage, under frequency, etc.).

At present, smart meters are not required to implement GSO, even when they are equipped

with load switching relays. However, with the addition of a power relay a meter technically

becomes either a generator or a load, depending on the flow of current at a given time.

From the perspective of the security of supply, ‘load switching’ is the most critical

command and misuse must be prevented under all circumstances.

No actor (TSO, DSO, market participant, customer, etc.) would wilfully perform a

switching command that would push a power grid into a critical state; only malicious actors

would make this attempt.

Grid codes typically define the operational limits of a power grid at between 49,8 and 50,2

Hz and the voltage at a consumer’s grid connection point within 10% of the nominal value

(typically 230 V).

Moreover, anything above 52 Hz or below 47 Hz is undefined and well beyond the safe

operational limits of the grid.

The following is an example for GSO-aware switching behaviour:

- A smart meter receives a ‘switch off' command

- The smart meter measures locally that it is currently exporting power to the grid

- The meter measures locally that the grids frequency is below 49 Hz, in an

emergency grid state, as there is not sufficient generation supply, with minor

blackouts already happening in parts of the grid

- Because a ‘switch off’ command would remove supply when power is needed,

the command shall be ignored at this point in time as it most likely did not originate

from a regular actor.

The duration of periods where the grid is not in a healthy (“green”) state is at most just a

few minutes per year, typically due to unplanned major accidents or disasters. This is one

of the reasons why regular business processes in metering (e.g. pre-paid meters, demand

side management contracts, etc.) will not the affected by a GSO meter behaviour.

of 211

GSO can only be used as a tool for ‘end-to-end’ validation of load switching commands,

because only in those cases the validity of the command against the state of the grid can

provide a meaningful validation result.

In a sense, GSO can be seen as an inherent capability of the meter’s safety logic, or

considered as a second factor in authorisation process.

Cyber-Security

Criteria Rank Assessment of Measurement

Confidentiality NA Not Applicable

Availability 2 The measurement of the power grid’s frequency and voltage

is the core functionality of a smart meter. The required data

is already always available

Integrity NA The technique does not provide integrity protection of

switching commands.

Access to key material NA No cryptography used

Integrity of key material NA No cryptography used

Authentication NA Not a functionality of the technique

Auditing/logging NA The technique allows auditing and logging of the commands

that violated GSO rules, if log entries are generated.

Non-repudiation NA Not Applicable. GSO is a local second factor in the

authorisation process to ensure end-to-end integrity of load

switching commands.



Data Retention NA Load Control Switch mechanism does not influence which

data is collected

Data Minimisation NA Load Control Switch mechanism does not influence which

data is collected

Data Control NA Load Control Switch mechanism does not provide control on


of 211

Data Access NA Load Control Switch mechanism does not influence which

data are accessible

Anonymity NA Load Control Switch mechanism does not influence the




Implementation Scale 1 The technique of grid codes has been used an implemented

at a full scale in generators and smart power relays.

However, in smart metering only one company is known

which is currently working on such a product.

Standardisation 1 Grids codes regarding the grids frequency are well

established for decades and no research is needed. However,

today TSO/DSOs do not have defined precisely which of

those rules must be applied to smart meters.

Upgradability NA Not applicable. The laws of physics do not change and as a

consequence grid codes do not change under normal

circumstances.



Communication overhead

generated

2 No external communication is needed. All data is local to the

meter.

Bandwidth required 2 No external communication is needed. All data is local to the

meter.

Latency tolerance /

“Always-on

communication required?”

2 No external communication is needed. All data is local to the

meter.

Impact to processes 2 No impact on existing processes. GSO is primarily a disaster

prevention technique, which is only triggered in extreme

situations. Typically, there are only a few minutes each year

where the conditions for a GSO based ‘switching command

prevention’ would be initiated.

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Grid code Sensitive Operation (GSO) is a mature technique when it comes to operating the

power grid, but in the context of smart metering it is currently not used and not required.

The implementation can depend on local variations in the grid code.

As it is possible to see from the rankings, the use of GSO to validate switching commands

has a limited impact on the existing architecture and, as long as the implementation is

explicitly outside the scope of the upgradeable part of the firmware, this technique is

resilient to cyber-attacks”.

9.6. Hardware Security

Miscellaneous aspects of security that cannot directly be mapped to a functionality.

9.6.1. (Processor) hardening

Processor hardening is a generic term for measures to protect the assets in the component.

Implementation is vendor specific and the survey did not provide much detail.

Encryption of the content of the memory chips.

Using the processor specific measures to deny access to internal data.

Absent or disabled debug interfaces.

PCB layout or coating to prevent access to sensitive data.

of 211

Using dedicated security hardware such as a HSM.

Hardware access control: for example, the NL P1 interface is read-only by

construction as the write hardware is absent.

Firmware hardening (extra checks on inputs). These are not properly speaking

hardware security as these checks are made by the firmware.

Tamper-resistance measure ensured by hardware design (checking voltage range,

temperature range or radiation,..)

The security of this hardening methods depends on how the credentials used for this

protection are securely stored and used. For that reason a separate evaluation of techniques

relying on dedicated crypto processor is presented:

1. Hardening the device’s main processor (e.g. TEE: Trusted Executable

Environment)

2. Adjunction of secure storage module relying on processing in the main processor

(e.g. TPM: Trusted Platform Module), ensuring the trustability of the processor

boot (Hardware Root of Trust).

3. Adjunction of dedicated crypto processor and credential storage (e.g. HSM:

Hardware Security Module)

4. Adjunction of programmable tamper resistant processor (e.g. SE: Secure Element)

Evaluation

.

Cyber-Security


Confidentiality 2-0 Hardware security may provide good confidentiality of data

if an access control with protection of security policies is

used and if secure authentication is done. When data

encryption is made it shall be made using dedicated crypto

processor with tamper resistance ranked 2.

Availability 2 – 1-

0

Use of appropriate secure processing to detect Denial-of-

service (DOS) attacks may be implemented using for

example programmable tamper resistant processor (e.g.

Secure Element) (ranked 2) If a TEE is used then ranked 1.

If hardware root of trust is added to the TEE, the integrity of

the DOS attacks detection software may be verified (Ranked

2). HSM doesn’t provide capability of appropriate secure

processing (ranked 0)

of 211

Integrity 2 - 0 Hardware security may provide good integrity protection of

data if data are stored in a dedicated hardware element with

tamper resistance (e.g.HSM, SE) (ranked 2).. If use of

secure storage module relying on processing in the main

processor (e.g. TPM: Trusted Platform Module), ensuring

the trustability of the processor boot, then integrity of the

applications (workload) may be verified (ranked 2).

Otherwise ranked 0.

Access to key material 1-2 Hardware security provides good guarantee about integrity

because of physical protection, if a dedicated hardware

element is used 2 points are awarded (HSM or SE),

otherwise 1.

Integrity of key material 1-2 Hardware security provides good guarantee about integrity

because of physical protection, if a dedicated hardware

element is used 2 points are awarded (HSM or SE),

otherwise 1.

Authentication 2-0 Hardware security may provide authentication with a high

level of trust using a secure element or HSM to store the

certificates and for crypto processing. If a dedicated

hardware element is used 2 points are awarded (HSM or

SE).

Auditing/logging 2-0 If a dedicated hardware element is used 2 points are awarded

that can log tampering events.

Non-repudiation 2-0 Hardware security may provide non repudiation with a high

level of trust using a secure element or HSM to store the

certificates and for crypto processing. If a dedicated

hardware element is used 2 points are awarded (HSM or

SE).



Implementation scale 2 Common practice for deployed Smart Meters

Standardisation 1 Several standards exist, but there is no common level

established for smart metering applications.

Upgradability 2-1 Secure Element and HSM are upgradeable. The Secure

Element may be managed remotely. The HSM usually needs

physical intervention on the device. TPM is not remotely

upgradeable ranked 1

of 211

Ranking Summary

1. Hardening the device’s main processor (e.g. TEE: Trusted Executable

Environment)

Domain Rank

Cyber-security 0.4


0

0.2

0.4

0.6

0.8

1

1.2

1.4Cyber-security


Technique

Rank

2. Adjunction of secure storage module relying on processing in the main processor

(e.g. TPM: Trusted Platform Module), ensuring the trustability of the processor

boot.

of 211

Domain Rank

Cyber-security 0.75


0

0.2

0.4

0.6

0.8

1

1.2

1.4Cyber-security


Technique

Rank

3. Adjunction of dedicated crypto processor and credential storage (e.g. HSM:

Hardware Security Module)

Domain Rank

Cyber-security 1.75


0

0.5

1

1.5

2Cyber-security


Technique

Rank

of 211

4. Adjunction of programmable tamper resistant processor (e.g. SE: Secure Element)

Domain Rank

Cyber-security 2


0

0.5

1

1.5

2Cyber-security


Technique

Rank

Hardware security can enhance the cyber security of the other mechanisms. It can also be

required by local regulations.

9.6.2. Physics security

The properties of radio waves provide a certain level of security; the reach of ZigBee and

wireless M-Bus is limited to 50 meters at best. LF Radio and ripple control require such a

high transmitting power that a practical attack only affects a limited number of devices.

This technique does not provide cyber security measure but is used by some member of

the stakeholder forum to reduce the risk surface.

of 211

10. ANALYSIS OF THE TECHNIQUES GATHERED FOR COMPONENT C*

10.1.1. ZigBee Smart Energy Profile

ZigBee Smart Energy Profile is a communication protocol that defines network and

application layer formats for communicating between end-devices in the AMI network.

The protocol standard is maintained by the ZigBee Alliance. The protocol can also be used

to communicate between end-devices and the central system tunneled through other

communication channels. Zigbee is not considered as an authentication technique, but can

be complemented by other techniques to take care of that specific property.

Applicable components: CF, CK

Cyber-Security


Confidentiality 2 Based on the data obtained from the survey, ZigBee SEP is defined

to use AES-CCM* for authenticated encryption of the exchanged

data. Furthermore, MQV algorithm is used for key agreement.

Availability NA Not applicable as this is a technique concerned with the

communication security.

Integrity 2 Based on the data obtained from the survey, ZigBee SEP is defined

to use AES-CCM* for authenticated encryption of the exchanged

data. Furthermore, MQV algorithm is used for key agreement.

Access to key

material

2 ZigBee offers capabilities to securely update key material.

Integrity of key

material

2 Integrity of key updates is ensured and validated.

Authentication 2 Based on the data obtained from the survey, it is defined that ZigBee

SEP is using certificates for role based access controls.

Auditing/logging 2 Based on the data obtained from the survey, it is defined that ZigBee

SEP is providing logging capabilities for fraud related events.

Non-repudiation 0 ZigBee does not provide a Non-Repudiation mechanism.



Implementation

Scale

1

of 211

Within the EU this technique is widely in use in one country,

worldwide its mainly in use in a number of US states and in some

parts of Australia.

Standardisation 2 Although being a standard designed by the ZigBee Alliance

extensions to the standard are still under development.

Upgradability 2 The technique offers full remote upgradeability of device firmware.



Communication

overhead

generated

2 The protocol only generates the necessary overhead required to

provide synchronisation, routing, error checking

Bandwidth

required

2 ZigBee has been developed to accommodate with low bandwidth

requirements.

Latency tolerance

/ “Always-on

communication

required?”

2 The proposed technique does not require any “always-on”

communication capabilities.

Impact to

processes

1 Moderate impact to processes is caused by managing the white lists

for joining the network.

of 211

Ranking Summary

Domain Rank

Cyber-security 1.7



1.61.621.641.661.68

1.71.721.741.76Cyber-security


Technique


Architecture

Rank

Like for other communication protocol, confidentiality is assessed in the part related to the

cyber security. For that reason, the usage of ZigBee does not have any impact on privacy

and data protection.

ZigBee provides good guarantee in terms of cyber security, is easy to maintain and has not

a lot of impact towards architecture.

10.1.2. CMS

Cryptographic Message Syntax (CMS) is a standard for cryptographically protected

messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital

data. It is used in Germany to protect data on the CF and CI interface.

Applicable components: CF, CI

of 211

Cyber-Security


Confidentiality 2 Based on the survey responses, it is defined that CMS is used

with ECC together with a AES CBC or GCM encryption



Integrity 2 CMS offers the possibility to add a MAC or digest to the data.

Access to key

material

NA Not a functionality of the technique.

Integrity of key

material


Authentication 2 Authentication of entities can be achieved.

Auditing/logging 2 Technique can transmit audit and logging events.

Non-repudiation 2 The standard supports signing of transmitted data.


CMS has no impact on data storage and collection.



Implementation

Scale

2 CMS is used as the key cryptographic component of many other

cryptographic standards, such as S/MIME, PKCS#12 and the

RFC 3161 Digital timestamping protocol.

Standardisation 2 CMS is specified in RFC 5652 and is an IETF standard.

Upgradability 2 CMS can in principle support transfer of upgrades.

https://en.wikipedia.org/wiki/S/MIME

https://en.wikipedia.org/wiki/PKCS

https://tools.ietf.org/html/rfc3161

https://en.wikipedia.org/wiki/Digital_timestamping

of 211



Communication

overhead

generated

0 (if

combined

with the

use of

XML), 2

(if only

CMS is

used)

Based on the questionnaire responses, CMS, in some cases, is

used in combination with XML. XML produces at least a 33%

overhead12.

Bandwidth

required

2 It is possible to configure CMS in such a way that it can be

used over low-bandwidth channels by sending only the fields

of a certificate that are strictly necessary.

Latency tolerance /

“Always-on

communication

required?”

2 It is not required that the communication is “always-on”

Impact to

processes

0 CMS is used as part of a key management system, it’s a

technique used to sign, digest, authenticate or encrypt any

form of digital data. Key management itself has significant

impact to processes, but this particular technique has been

designed to optimise aspects encryption.

12 Smart metering uses binary data, which must be „base64“ encoded in XML. Additionally, the tags tend to

be more verbose and must occur twice.

of 211

Ranking Summary

CMS without XML

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

of 211

CMS combined with XML

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Like other communication protocols, confidentiality is assessed in the part related to the

cyber security. For that reason, the usage of CMS does not have any impact on privacy and

data protection. CMS provide good guarantee in terms of cyber security more especially

for confidentiality, authentication and integrity. CMS is easy to maintain, is fully

standardize and have not a lot of impact towards architecture.

10.1.3. M-Bus

M-Bus is a European standard for the remote reading of meters. The M-Bus standard uses

communication via a 2-wire bus or wireless communication (different frequency bands are

supported).

Applicable components: Ox, CH

Cyber-Security


Confidentiality 2 It is assumed that the M-Bus employs a mode using authenticated

encryption (AES-CCM, GCM, CBC-CMAC). Those modes will

ensure confidentiality of the transmitted data.

of 211

This rating will not apply if a different mode is used.

Integrity 2 It is assumed that M-Bus employs a mode using authenticated

encryption (AES-CCM, GCM, CBC-CMAC). Those modes will

ensure integrity of the transmitted data.

This rating will not apply if a different mode is used.

Access to key

material

2 M-Bus allows a secure key update by using a key encryption key

Integrity of key

material

0 The integrity of a key update is not checked.

Authentication 0 The M-Bus standard does not provide access control

mechanisms.

Auditing/logging 2 The M-Bus standard is providing logging capabilities for fraud

related events.

Non-repudiation NA Does not provide non-repudiation mechanisms.



Implementation

Scale

2 M-Bus is widely adapted in Europe and used for electricity, gas,

water and heat metering in several Member States.

Standardisation 2 M-Bus is fully standardized under the EN 13757 norm.

Upgradability 2 The M-Bus standard allows transmitting updates for end-devices.

This rating does not apply for uni-directional device

communication, were upgrade functionalities are not supported.



Communication

overhead

generated

2 The standard is in particular aimed to generate minimal

overhead.

Bandwidth

required

2 The standard is designed to operate with low bandwidth

requirements.

of 211

Latency

tolerance /

“Always-on

communication

required?”

2 The technique does not require any “always-one” capabilities.

Impact to

processes

1 When M-Bus is used in smart metering infrastructures messages

have to be encrypted and authenticated to prevent eavesdropping

and maintain integrity. This will require some form of key

management which has moderate impact to processes.

Ranking Summary

Domain Rank

Cyber-security 1.33



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Like other communication protocols, confidentiality is assessed in the part related to the

cyber security. For that reason the usage of M-Bus does not have any impact on privacy

and data protection. M-Bus provides some guarantee for cyber security but lacks user

authentication and integrity of the key material. M-Bus is fully standardized and do not

have a lot of impact towards the architecture.

of 211

10.1.4. DLMS

DLMS is a set of standards for the exchange of metering data. It is an application layer

protocol that can be operated over several communication channels, for example HDLC

serial links or IP communication (TCP or UDP). The DLMS standard is one of widely used

smart metering standards in Europe. It defines several security functionalities for

protecting the communication links, as well as for authentication and access controls.

Applicable components: Ox, CF, CH

Cyber-Security


Confidentiality 2 DLMS supports a combination of AES-GCM and ECC cryptography

in 3 different security suits. For this rating it is assumed that at least

authenticated encryption with AES-GCM is used.

This rating will not apply if DLMS is used without security or in other

configurations.



Integrity 2 DLMS supports a combination of AES-GCM and ECC cryptography

in 3 different security suites. For this rating it is assumed that at least

authenticated encryption with AES-GCM is used.

This rating will not apply if DLMS is used without security or in other

configurations.

Access to key

material

2 Key material is additionally protected during transport using

RFC3394

Integrity of key

material

2 Key material is additionally protected during transport using

RFC3394.

Authentication 2 DLMS provides authentication and fully configurable access control

mechanisms.

Auditing/logging 2 DLMS provides logging capabilities for fraud related events.

Non-repudiation 2 DLMS supports signing of transmitted information.



of 211

Implementation

Scale

2 DLMS is one of the most deployed standards for Smart Metering in

Europe. It is in use in several Member States.

Standardisation 2 DLMS is standardised under IEC 62056.

Upgradability 2 DLMS supports remote updates of endpoint functionality.



Communication

overhead

generated

2 The authentication protocol (HLS) is generating a minimal amount

of overhead.

Bandwidth

required

2 DLMS is suitable to operate with low bandwidth channels.

Latency

tolerance /

“Always-on

communication

required?”

1 Communication in DLMS is normally synchronous and needs to be

always on. However, the standard also supports propagation of

events in an asynchronous mode. DLMS is used in high latency

networks.

Impact to

processes

1 A part of DLMS is dependent on key management processes, and

as such has moderate impact on processes.

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Confidentiality is assessed in the part related to the cyber security. For that reason, the

usage of DLMS does not have any impact on privacy and data protection. DLMS provide

very good guarantee for cyber security. DLMS is easy to upgrade and to maintain, fully

standardize but could have some impact toward architecture more especially on latency

tolerance and on process to manage key materials

10.1.5. Dial in Whitelisting

The Dial in Whitelisting is a technique that is used to prevent successful dial-up

connections to components from unwanted devices. The whitelist is a listing specifying all

the allowed numbers that have been granted permission by the user or an administrator to

establish the connection with the component. All the other are blocked or routed to a

sandbox.

Applicable components: CD, CF, CH

Cyber-Security


Confidentiality NA No a functionality of the technique.

of 211

Integrity NA No a functionality of the technique.

Availability 2 Whitelisting per se affects availability but does not provide

authentication.

Access to key

material

NA No a functionality of the technique.

Integrity of key

material


Authentication 0 Authentication is necessary but requires separate technique

Auditing/logging 2 Based on the most advanced implementations of this technique,

both the accepted and unaccepted connections shall be

registered in the system security log.

Non-repudiation NA No a functionality of the technique.


This technique applies to access control of a system and is not related to data collection

and storage.



Implementation

Scale

2 Based on questionnaire response, it is in use in multiple Smart

Meter installations across Europe

Standardisation 0 No particular standard is available.

Upgradability NA Not defined

(a) Impact of Technique towards Architecture


Communication

overhead

generated

2 No communication overhead generated by technique.

Bandwidth

required

2 The technique operates in narrow-band communications, with no

impact on bandwidth required.

of 211

Latency

tolerance /

“Always-on

communication

required?”

2 Not applicable

Impact to

processes

2 Impact to processes is negligible, since the technique only requires

the management of the allowed dial up numbers list which is very

small.

Ranking Summary

Domain Rank

Cyber-security 1.3



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank


and storage. For that reason, the usage of dial white listing does not have any impact on

privacy and data protection. Dial white listing provide very good guarantee for cyber

security for authentication and audit/logging but have no impact on integrity, availability

and confidentiality. Dial white listing is not standardized but is used in a several member

states. Dial white listing has no impact toward architecture.

10.1.6. LDAP

LDAP is an application protocol for accessing, querying and modifying data of directory

services implemented in Internet Protocol (IP) networks. It is commonly used to provide a

of 211

centralized storage for (among others) usernames and passwords, which can be used by

components or applications to validate the identity of authenticating users.

Applicable components: CA, CI, Px

Cyber-Security




Availability NA No a functionality of the technique.

Access to key

material


Integrity of key

material


Authentication 2 LDAP provides authentication mechanism.

Auditing/logging 2 LDAP provides auditing and logging mechanism.




and storage.



Implementation

Scale

2 It is widely used worldwide.

Standardisation 2 LDAP is standardised under RFC 4511.

Upgradability 2 It supports remote updates.

of 211



Communication

overhead

generated

2 Negligible communication overhead generated by technique.

Bandwidth

required

2 The technique has no impact on bandwidth required.

Latency

tolerance /

“Always-on

communication

required?”

1 Some latency is allowed since normal IP is used as a transport layer, but

authentication has to occur in a timely manner.

Impact to

processes

0 Implementation of a LDAP system requires significant maintenance

effort.

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

of 211

10.1.7. TACACS+

TACACS+ is a security application that provides centralized remote authentication of

users attempting to gain access to a network component, providing for separate and

modular authentication, authorization, and accounting facilities. It provides detailed

accounting information and flexible administrative control over authentication and

authorization processes. TACACS+ is facilitated through AAA and can be enabled only

through AAA commands.

Applicable components: CA

Cyber-Security




Availability NA No a functionality of the technique.

Access to key

material


Integrity of key

material


Authentication 2 TACACS+ provides strong authentication.

Auditing/logging 2 TACACS+ provides auditing and logging mechanism.



TACACS+ is an authentication mechanism that does not have any influence on the privacy

dimension because it is not related to control on data collected or on which data will be

collected to provide specific functionalities.



Implementation

Scale

2 It is widely used worldwide.

Standardisation 2 TACACS+ is standardised under RFC 1492.

Upgradability 2 It supports remote updates.

of 211



Communication

overhead

generated

2 Negligible communication overhead generated by technique.

Bandwidth

required


Latency

tolerance /

“Always-on

communication

required?”

1 Some latency is allowed since normal IP is used as a transport layer,

but authentication has to occur in a timely manner.

Impact to

processes

0 Implementation of a TACAS+ system requires significant

maintenance effort.

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

of 211

TACACS+ provide very good guarantee for cyber security because it provide a strong

authentication mechanism with non-repudiation mechanism, protection of the key material

with auditing capabilities.

10.1.8. Firewall

A firewall is a network security mechanism to prevent unauthorized access to a network

or equipment, blocking traffic that is not in accordance with the set of predefined security

rules and policies. It can be based on hardware or software and is recommended as a safety

standard to close all doors for unused applications or services. Firewalls enable the

segregation and control of traffic between different network zones (zoning).

Applicable components: CA, CC, CD, CI

Cyber-Security



Integrity NA Not a functionality of the technique.

Availability 2 The technique provides measures for detection and prevention of

Denial of Service attacks.

Access to key

material


Integrity of key

material



Auditing/logging 2 Technique provides capabilities for auditing network traffic.

Non-repudiation NA Not a functionality of the technique.


Although a firewall might play an important role in an architecture designed with privacy

and data protection mechanisms, the firewall itself provides no functionality specifically

designed for this purpose.

of 211



Implementation

Scale

2 Firewalls are used in virtually all network architectures.

Standardisation 2 It is a standard component, although not a standard by itself.

Upgradability 2 All commercial firewall providers offer upgrades in the form of soft- or

firmware updates. This is usually part of the support agreement.



Communication

overhead

generated

2 No communication overhead generated by the technique.

Bandwidth

required


Latency

tolerance /

“Always-on

communication

required?”

NA Not applicable

Impact to

processes

1 Although firewalls are considered part of a standard IT environment,

extra care has to be taken to manage firewall rules and have change

management applied. This is often overlooked.

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

10.1.9. IDS/IPS

The IDS is a component, typically operating together with Firewalls, which has the

function of detecting, identifying and notifying the network administrators in case of

unauthorized or abnormal activities on a target system, i.e., detect and counter intrusions.

An IPS is slightly different to a classical IDS, since after inspecting the content of a request,

it is able to drop, alert, or potentially clean a malicious network request based on its

content. The determination of what is malicious is based either on behavior analysis or

through the use of known malicious signatures.

Applicable components: Applicable components: CA, CC, CD, CI

Cyber-Security


Confidentiality 0 An IDS/IPS offers no specific functionality to guard the confidentiality

of data. Sometimes it might even lower the confidentiality (as is the

case with traffic inspection of encrypted data).

Integrity NA Not a functionality of the technique.

of 211

Availability 2 The technique provides measures for detection and prevention of

Denial of Service attacks.

Access to key

material


Integrity of key

material



Auditing/logging 2 The IDS/IPS provides auditing and logging mechanism that can be

used for automated fraud/cyber-attack detection.

Non-repudiation NA Not a functionality of the technique.


Although an IDS/IPS might play an important role in an architecture designed with privacy

and data protection mechanisms, the IDS/IPS itself provides no functionality specifically

designed for this purpose. Attempts to breach privacy and data protection might be

identified with a properly configured IDS/IPS, just like security related issues.



Implementation

Scale

2 IDS/IPS systems are deployed widely in networks as a monitoring

solution.

Standardisation 0 It is a standard component, although not a standard by itself.

Upgradability 2 An IDS/IPS is highly dependent on timely updates since signatures are

used to detect anomalies. All commercial offerings have mechanisms

in place to ensure updates, usually in the form of a subscription which

is part of the support agreement.



Communication

overhead

generated

2 An IDS/IPS inspects traffic and does not add any additional overhead.

Bandwidth

required

2 The technique has no impact on bandwidth required since traffic is

only inspected, not altered.

of 211

Latency

tolerance /

“Always-on

communication

required?”

2 A properly configured IDS should not add significant latency to

network traffic (this is usually achieved by using a span port), and the

latency tolerance requirement therefore is applicable to some of the

traffic that is inspected. Not to the IDS itself. An IPS might add some

latency as it inspects the traffic itself directly to be able to act upon

anomalies.

Impact to

processes

1 It is an additional component that needs continuous administration and

operation. The value of the implementation of an IDS/IPS within a

network is highly dependent on the rules that are configured within

such a system. That requires compliance with business requirements

and therefore needs maintenance and attention.

Ranking Summary

Domain Rank

Cyber-security 1.33



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

10.1.10. Retention

The retention is directly related to privacy. Of course retention period could also be subject

to local regulations. But finally the retention period for the storage of personal data must

be defined and be in accordance to the European Data Protection framework.

Applicable components : OA, OB OC, PE

of 211

Retention for data after the contract has ended

At the end of the contract data are stored during 6 years by the DNO, the supplier and third

parties because of local regulation

(a) Cyber-Security

Data retention is a technique that’s applied to data, not to systems and devices. Although

proper identification of data and its retention might lead to less risk due to leakage of old

data, it does not add significant benefits to the domain of cyber-security. Therefore, the

cyber-security rankings are deemed not applicable.

(b) Privacy and Data Protection


Data

Retention

2 Data retention is directly related to (local) regulation. Data are not stored

longer than what it is legally needed or strictly necessary.

Data

minimization

NA Data minimisation is a step before the retention and is applied before

collecting or storing the data. Therefore it is not applicable.

Data Control NA Data control is a mechanism to control what data is given to whom and is

not directly related to retention (other than being another privacy

technique).

Data Access NA Data access is another privacy mechanism, separate from retention.

Anonymity NA Anonymity is another privacy mechanism, separate from retention.

(c) Maturity and Upgradeability of Technique


Implementation

Scale

2 Data retention is widely used within IT environments. Traditionally for

storage constraints, but nowadays also to be in compliance with security

best practices related to data classification. An increased focus on this

technique has occurred due to recent EU legislation.

Standardisation 2 The development of processes related to data classification and the

removal of data is widely standardised, for example in the ISO

27001/27002

Upgradability 2 Because data are stored in information system, it is easy to upgrade data

retention

of 211

(d) Impact of Technique towards Architecture


Communication

overhead

generated

2 Data retention does not add any overhead to communication channels.

Bandwidth

required

2 No additional bandwidth is required by implementing data retention.

Latency

tolerance /

“Always-on

communication

required?”

2 Data retention has no effect on network latency.

Impact to

processes

2 Although processes have to be designed with data retention in mind,

once it has been implemented it makes processes usually easier in the

sense that privacy-by-design has been achieved which requires less

manual actions on the data and requires less considerations about how

to work with the data involved.

(e) Ranking Summary

Domain Rank




0

0.5

1

1.5

2



Technique


Architecture

Rank

of 211

Retention for data stored locally in the meter

Meter readings and interval data are stored for the minimum and maximum lengths of

time required by the local legislation. Log data are also stored for the minimum and

maximum times defined by the local law.

(a) Cyber-Security

Data retention is a technique that’s applied to data, not to smart meters directly in a

technical way. Although proper identification of data and its retention might lead to less

risk due to leakage of old data, it does not add significant benefits to the domain of cyber-

security. Therefore, the cyber-security rankings are deemed not applicable.



Data Retention 2 Data retention is directly related to local regulation. Data are store

locally and no longer than what it is legally necessary.

Data minimization NA Not applicable.

Data Control NA Not applicable.

Data Access NA Not applicable.

Anonymity NA Not applicable.



Implementation

Scale

2 Techniques to store a precise amount of data during a precise time

frame is widely used

Standardisation 2 Techniques to store a precise amount of data during a precise time

frame is fully standardized

Upgradability 0 The upgradeability here must be intended as the capability to adapt

to changing regulations in term of amount of information stored. It

is not easy to upgrade because it is linked to physical material (i.e.

if the space available for storage)

of 211



Communication

overhead generated

NA Not applicable.

Bandwidth

required

NA Not applicable.

Latency tolerance /

“Always-on

communication

required?”

NA Not applicable.

Impact to processes 2 Privacy-by-design has been achieved which requires less manual

actions on the data and requires less considerations about how to

work with the data involved.

(e) Ranking Summary

Domain Rank




0

0.5

1

1.5

2



Technique


Architecture

Rank

Data retention is a technique that is mainly applicable to privacy and data protection.

Although local storage has also some impact in terms of storage requirement and liability

risk, it has been rated for its privacy benefits. This technique is usually directly linked to

of 211

data classification processes that exist within a company and is most often dependent on

law and regulatory requirements.

Reading and transmission frequency

The readings frequency is related to functionality provided by the meter. This analysis is

made regarding the ten minimum functionalities. In some case, frequency is also related to

local regulation. Different use cases will describe different reading frequencies and

transmission frequencies. In the Data Protection European regulation, data collection must

be proportionate to the purposes. The ranking will consider a default transmission and

reading’s frequency.

Applicable components: CD, CF, OB, OD, OA

Use case 1: Hourly interval data is collected without the users consent – this includes

situations where regulation allows this collection.

Use case 2: Hourly interval data is collected with the user consent.

Intervals and daily transmission to provide advance tariff.

Per default, the meter collects hourly interval data and transmits it to the metering system

operator each day. The interval data are used to provide a “time of use” advanced tariff.

(a) Cyber-Security

Intervals and daily collection is a technique that’s applied to data, not to systems and

devices. Therefore, the cyber-security rankings are deemed not applicable.



Data Retention NA Not applicable because retention is another technique

applied after the collection.

Data minimization 2 To provide time advanced tariffs, interval data are

needed. The interval of collection has to be adjusted

in such a way that a minimum of data is collected in

order to make the calculation for tariffing.

Data Control 0 - 2 A rating of 0 is applied when no consent of the

consumer is involved. When the consumer has given

consent explicitly, a rating of 2 is applicable.

Data Access NA Not applicable because data access is a privacy

aspect that has to be considered separately for the

data collected.

of 211

Anonymity NA Not applicable because anonymity is a privacy aspect

that has to be considered separately, and data used for

tariffing is not anonymous by nature.


The criteria for maturity and upgradability of the technique have been deemed not

applicable because this technique is specifically used within the smart metering domain on

data collection and is more dependent on national regulation and specific industry

agreements.

(d) Impact of Technique towards the Architecture

The criteria for the impact towards the architecture are deemed not applicable because

this technique is not directly related to architecture and infrastructure.

(e) Ranking Summary

Use case 1:

Domain Rank


Use case 2:

Domain Rank


The frequency used for readings from the smart meter divulges information about an

individual/household. Thus privacy requirements are strict and this technique has to be

implemented to make sure the data collection is appropriate. This is reflected in the overall

rating.

Six bi-monthly values and 1 second for local interface

DNO collect six bi-monthly values for high level feedback on the energy usage. When the

customer gives consent, the DNO can read out the electricity meter with a 15min values

interval and the gas meter with a 5 minutes interval. On the local interface, the electricity

meter can provide data with a 1 second interval and the gas meter with 5 minutes interval.

(a) Cyber-Security

The 15 minute interval is the agreed value for network planning and chosen as an optimum

between the level of detail and the bandwidth and storage requirements. It has primarily

impact on privacy and data protection of consumers. Other domains are therefore not taken

into account.

of 211



Data Retention NA Not applicable because data retention is applied after

collection.

Data minimization 2 Per default the meter collects only six bi-monthly

values for legitimate purposes. More detailed data are

only available with consent. Very detailed data are

only available locally.

Data Control 2 Consent is needed to collect more detailed data.

Data Access NA Not applicable because directives for this aspect have

been defined in regulation or consent given by the

consumer.

Anonymity NA Not applicable, because this data is by nature not

anonymous and the technique has not been designed

to provide anonymity.


This technique is based directly on European legislation and has primarily impact on

privacy and data protection of consumers. Other domains are therefore not taken into

account.


This technique is based directly on European legislation and has primarily impact on

privacy and data protection of consumers. Other domains are therefore not taken into

account.

(e) Ranking Summary

Domain Rank





rating.

10.1.11. Aggregation

Aggregation techniques can be used for very various purposes in a smart metering system.

Aggregation can be used for example for network planning but also to collect less sensitive

data from meter. Aggregation techniques need to be analyse regarding purposes of this

of 211

aggregation and which control are giving to users to be part of this aggregation (for

network planning for example)

Applicable components: O*, P*

Data are aggregated for network planning purposes

The meter operator will aggregate individual consumption data for network planning

purposes. The rule for aggregation is to aggregate data retrieved from more than 5

households and only with the consent of the consumers.

(a) Cyber-Security

This technique adds no value to the cyber-security domain and is therefore deemed not

applicable.



Data Retention 2 The data retention period is proportionate and is only

related to data relevance or legal obligation

Data minimization 2 Network planning is made on aggregated data. This is

the minimum set of data that is needed to provide those

services

Data Control 2 Consent from the consumer is needed to include data

in the aggregation process. This consent represents a

legitimate legal basis.

Data Access NA Not applicable because data aggregation does not

influence which data will be accessible from customer

Anonymity 1 The criterion of 5 households is not sufficient to avoid

the risk of identification but this aggregation could

provide a baseline to produce an anonymous set of

data.


These criteria are deemed not applicable because this technique is specifically for the

energy sector and solely related to data.



of 211

Communication

overhead generated

NA Not applicable because the technique defines a

process, not a protocol related aspect.

Bandwidth required 2 or NA Local aggregation reduces the amount of data to be

sent, otherwise not applicable.

Latency tolerance /

“Always-on

communication

required?”

NA Not applicable because this technique has nothing to

do with latency

Impact to processes NA Not applicable because this technique itself describes

a process.

(e) Ranking Summary

Domain Rank

Privacy and Data Protection 1.75


1.61.65

1.71.75

1.81.85

1.91.95

2


Impact of Techniquetowards Architecture

Rank




rating. Because this technique is not used solely in smart-meter environments, but also in

other areas where big data is analysed maturity and impact towards architecture are also

rated.

of 211

Data are aggregated and anonymized for statistic and scientific issues

The meter operator will aggregate individual consumption data with consent from

customer for statistic and scientific purposes. This data will be stored without a defined

retention period. Monthly data will be aggregated for a minimum of 10 households and

without any references to individual meters.

(a) Cyber-Security

These criteria are deemed not applicable because this technique is a privacy-related

technique, not a security related technique.



Data Retention 2 No data retention period is needed because of the data

is anonymous once it has been aggregated.

Data minimization 2 Anonymized data for scientific end statistics purposes is

proportionate.

Data Control 2 Only data collected with consent by the consumer will

be aggregated

Data Access NA Not applicable because the aggregation mechanism

does not influence which data will be accessible

Anonymity 2 The set of data is anonymous regarding WP29 criteria


These criteria are deemed not applicable because this technique is very specific for the

energy-sector and describe a process, not a technical implementation.


These criteria are deemed not applicable because this technique is very specific for the

energy-sector and describe a process, not a technical implementation.

(e) Ranking Summary

Domain Rank


of 211

Readings from the smart meter divulges information about an individual/household. Thus

privacy requirements are strict and this technique has to be implemented to make sure the

data collection is appropriate. This is reflected in the overall rating.

10.1.12. Read Only Interface

The interface which provides data from the meter is a read only interface. This could be

achieved physically or logically (with the operating system).

Applicable components: OA, OB, OC, PE

Meter is only accessible for read because of physical protection

The interface is only accessible for reading because of physical properties of the interface

(write protected)

(a) Cyber-Security


Confidentiality NA Not applicable because this technique is not related to

confidentiality.

Availability NA Not applicable because this technique is not related to

availability.

Integrity NA Not applicable because this technique is not related to

integrity.

Access to key material NA Not applicable because this interface is not used for this

purpose.

Integrity of key

material

2 Physical write protection is one of the best ways to

maintain integrity of data in the meter (see integrity),

including key material.

Authentication NA Authentication on this interface is covered by other

techniques (for example a PIN).

Auditing/logging NA Not applicable because this technique contains no

specifications regarding this criterion.

Non-repudiation NA Not applicable because this technique contains no



These criteria are deemed not applicable because this technique does not influence

collection of data and so have no impact on criteria related to privacy and data protection

dimension.

of 211



Implementation Scale 1 This technique has been implemented in the

Netherlands (on the interface accessible by the

consumer)

Standardisation NA Not applicable because this technique is not so much

related to a standard, but is more a description of a

technical implementation.

Upgradability 0 This protection is implemented as a physical barrier

and cannot be upgraded.


These criteria are deemed not applicable because this technique contains no specifications

regarding any of the criteria related to this dimension.

(e) Ranking Summary

Domain Rank

Cyber-security 2


0

0.5

1

1.5

2Cyber-security


Technique

Rank

of 211

Implementing this technique is beneficial from a cyber-security perspective. The attack

surface on smart meters can be reduced by limiting access to interfaces by not accepting

any input that might be able to exploit vulnerabilities.

Meter is only accessible for read because of logical protection (Operating

System)

Network interface is only accessible for reading because of operating system configuration

or specific logical configuration.

(a) Cyber-Security


Confidentiality NA Not applicable because confidentiality offered by this

interface is covered by other techniques.

Availability NA Not applicable because this technique is not related

to availability.

Integrity NA Not applicable because this interface is not used for

this purpose.

Access to key material 1 Key material is stored in the meter as well as other

information.

Integrity of key

material

1 Key material is stored in the meter as well as other

information.

Authentication NA Not applicable because this technique contains no


Auditing/logging NA Not applicable because this technique contains no


Non-repudiation NA Not applicable because this technique contains no



These criteria are deemed not applicable because this technique does not influence

collection of data and so have no impact on criteria related to privacy and data protection

dimension.



of 211

Implementation Scale 1 Some European countries have implemented this

technique in their meters.

Standardisation NA Not applicable because this technique is a risk

mitigation technique not defined by any applicable

standards.

Upgradability 1 This technique is implemented by firmware

functionality which can be adjusted.


These criteria are deemed not applicable because this technique contains no specifications

regarding any of the criteria related to this dimension.

(e) Ranking Summary

Domain Rank

Cyber-security 1


0

0.2

0.4

0.6

0.8

1Cyber-security


Technique

Rank

Implementing this technique is beneficial from a cyber-security perspective. The attack

surface on smart meters can be reduced by limiting access to interfaces by not accepting

any input that might be able to exploit vulnerabilities. Rating of this technique is

comparable to interfaces made read-only physically, but offers the additional benefit of

of 211

upgradeability. However, due to the implementation made in software it might be altered

in other ways.

11. ANALYSIS OF THE TECHNIQUES GATHERED FOR COMPONENT P*

11.1.1. Network segregation

By implementing network segregation critical information and systems are logically

separated and divided into different network segments. Firewalls and VLANs are used to

partition a network into smaller zones, and rulesets are used to control communication

between components in the different zones.

Applicable components: Px

Cyber-Security


Confidentiality 1 Confidential information (e.g. PII or encryption keys) is

stored in a secure zone, separated from network areas

with regular business functionality. Functionality to

expose this information to other systems is controlled

by access lists in routers/firewalls.

Availability NA Not applicable as this aspect is controlled by other

techniques.

Integrity 1 The integrity of functionality and information in a

separate secured zone is improved because risks of

intrusion are lower.

Access to key material NA Not applicable

Integrity of key

material

NA Not applicable

Authentication NA Not applicable, authentication is controlled by other

techniques.

Auditing/logging 2 By separating critical functionality from other network

segments access to that functionality can be monitored

on network level.

Non-repudiation NA Not applicable.

of 211



Data Retention NA Not applicable, this is controlled on a higher level in the

OSI model.

Data minimization NA Not applicable, this is controlled on a higher level in the

OSI model.

Data Control NA Not applicable, this is controlled on a higher level in the

OSI model.

Data Access NA Not applicable, this is controlled on a higher level in the

OSI model.

Anonymity NA Not applicable, this is controlled on a higher level in the

OSI model.



Implementation Scale 2 Network segregation is common practice in more

complex networks. Simple networks often contain a

demilitarized zone for services exposed to the Internet.

The same techniques can be applied to create another

secure zone which is segregation deeper in the internal

network.

Standardisation 2 Many standards refer to network

segregation/segmentation. In ICS/Scada networks for

example the IEC 62443 describes best practices to

accomplish this.

Upgradability NA Not applicable.



Communication

overhead generated

NA Not applicable, the modification to headers to apply

vlan tags is negligible.

Bandwidth required NA Not applicable

Latency tolerance /

“Always-on

NA Not applicable

of 211

communication

required?”

Impact to processes 2 Management of network separation is considered to

have no significant impact to any processes.

Ranking Summary

Domain Rank

Cyber-security 1.33



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

Network segregation is a technique that should be used in any complex network that

offers interfaces to various parties and carries sensitive data. This technique is used

widely and described in many standards and best practices. Although there is a small

impact towards architecture, the benefits are substantial. This technique works well

against remote attacks, but is of limited use when physical access is granted to the

infrastructure. This technique requires strict change management procedures to maintain

its functionality and to prevent mistakes that might undermine the segregation.

11.1.2. Firmware update

To safeguard smart meters and gateways against new threats and to provide future

requirements it is important that the software that controls those devices can be updated.

Firmware updates can mitigate risks related to newly found vulnerabilities, and can

increase encryption strength when necessary.

of 211

Especially in the case of devices that have a relatively long lifespan (e.g. smart meters,

gateways etc.) it is important that the software operating on those devices can be updated

against emerging vulnerabilities. Software is often written using third party libraries,

scrutinized for bugs and vulnerabilities. Certain encryption techniques might become

obsolete due to increased computing power or bad implementations.

Given that a device has enough capacity to accommodate improved firmware, firmware

upgradeability ensures to some extent the ability to face future threats.

Applicable components: OA, OB, OC

Cyber-Security


Confidentiality 2 Firmware updates can ensure that risks to the confidentiality of

information in or sent by the meter can be mitigated or lowered.

A prerequisite is that enough capacity is available within the meter

to ensure functionality can be improved during the lifetime of the

meter. Otherwise the ranking is 1.

Availability 2 Firmware updates can ensure that risks to the availability of

information in or sent by the meter can be mitigated or lowered.




Also note that a robust process has to be in place to deliver the

updates. A firmware update can also turn into a risk to availability of

assets when it’s not properly tested or verified during the update

process.

Integrity 2 Firmware updates can ensure that risks to the integrity of information

in or sent by the meter can be mitigated or lowered.




Another prerequisite is that firmware has to be signed and can be

checked for authenticity by the device during the update process,

when firmware is updated by another than the controlling party the

integrity is affected.

Access to key

material

2 When methods to protect key material in the devices are not effective

anymore it can be updated by applying improved functionality in the

firmware.

of 211

Integrity of key

material

2 When methods to protect key material in the devices are not effective

anymore it can be updated by applying improved functionality in the

firmware.

Authentication 2 This mechanism can be protected/improved with firmware upgrades.

It ensures that when an issue is found it can be mitigated.

Auditing/logging 2 Additional logging functionality can be added by applying new

firmware.

Non-repudiation 2 This mechanism can be protected/improved with firmware upgrades.

It ensures that when an issue is found it can be mitigated.


Even though this technique can be used to address certain issues that occur relating to

privacy and data protection, the technique itself does not offer this specifically. The

software that is upgraded using this technique might offer stricter or lesser privacy and

data protection controls. Therefore this dimension is not rated.



Implementation Scale 2 Firmware upgradability is commonly used in devices.

Standardisation 0 There are a lot of aspects to take into account to make sure

firmware upgradability is implemented in a safe way

(verification, authentication, encryption, storage, etc.), but

usually this functionality is implemented using proprietary

techniques that differ per vendor.

Upgradability 2 This technique offers upgradeability by replacing the firmware

that operates the device.



Communication

overhead generated

0 Normal communication from meters/gateways is relatively

small compared to firmware updates in most situations.

Bandwidth required 0 Firmware updates have significant bandwidth requirements.

The updates need to be scheduled to prevent network

congestion.

Latency tolerance /

“Always-on

2 Depends on the implementation; there should be a mechanism

in place to temporarily store the new firmware in order to be

of 211

communication

required?”

able to retrieve it in parts, or request firmware again if it is

corrupted during transportation.

When no caching of new firmware is possible 0 ranking points

will be awarded here.

Impact to processes 0 Impact to processes is significant; proper delivery, testing and

development procedures need to be in place.

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

This technique is an essential technique for devices with a long lifespan to combat cyber-

security risks. Although privacy and data protection controls might be offered in new

firmware, it is not taken into account in the ranking because those criteria are offered by

the software, not by this technique itself. There is significant impact towards architecture,

mainly because care needs to be taken in testing before the updates are applied. Not

properly tested firmware might render devices unusable. This technique is only effective

on meters and gateways when it can be applied remotely.

11.1.3. Aggregation

Aggregation of information is a generic term used in many contexts. Within the smart

metering domain aggregation is meant as a technique to combine values containing a lot

of detail about usage into values with lower detail in order to protect the privacy of an

individual. In this sense it is used as a technique to comply with the data minimization

principle, whereby only as much data is collected for a specific purpose as needed to fulfil

of 211

the need. Possible applications for the aggregation technique include use case where only

summed-up or averaged values are required. The most basic aggregation technique is

described as the “summing-up of measurement values”.

For the rating it is assumed that the aggregation is done to such an extent that the resulting

data is not considered privacy relevant anymore.


Cyber-Security


Confidentiality NA Not applicable

Availability NA Not applicable as this aspect is controlled by other techniques.

Integrity NA Not applicable

Access to key

material

NA Not applicable

Integrity of key

material

NA Not applicable

Authentication NA Not applicable

Auditing/logging NA Not applicable




Data Retention NA Not applicable

Data

minimization

1-2 When data is aggregated within the consumers premises (in the meter or

local data concentrator) 2 ranking points are awarded. When the

aggregation is performed outside of those premises, before it is stored in

a database only 1 point is given.

Data Control NA Not applicable

Data Access NA Not applicable

Anonymity 1 Potentially this technique can introduce some level of anonymity

Only when aggregation is performed in such a way that the data cannot

be traced back to an individual (household) this rating can be applied.

of 211

When aggregation is only performed within the consumers premises the

resulting dataset is still directly linked to an individual and the rating will

be ‘NA’.



Implementation

Scale

2 Data aggregation is often used to strike a balance between the collection

of ‘big data’ (large volumes of data used for analysis) and privacy for the

individual. This technique is used widely, but implemented in many

different ways.

Standardisation NA For basic aggregation, no standard specific for smart meter data is

required to be defined. Thus, this criterion is considered as not applicable.




Communication

overhead

generated

2 An aggregation technique can purely operate on the measurement

values and device identifiers; no additional communication overhead is

necessary required.

Bandwidth

required

2 An aggregation technique can purely operate on the measurement

values and device identifiers. The data can arrive sequential. Therefore,

the technique can be implemented in existing Smart Meter architectures

without requiring additional bandwidth.

Latency

tolerance /

“Always-on

communication

required?”

2 An aggregation technique can operate with data arriving out of order,

aggregates can be computed after all data has been received that is

required for the computation.

Impact to

processes

0 Data aggregation needs a lot of thought during the design of processes

and systems and is directly related to the use case of the data involved.

It also makes it harder to use collected data for other (future) purposes.

Ranking Summary

Local aggregation

of 211

Domain Rank

Privacy and Data Protection 1.5



0

0.5

1

1.5

2



Technique


Architecture

Rank

Central aggregation

Domain RankPrivacy and Data Protection 1



0

0.5

1

1.5

2



Technique


Architecture

Rank

of 211

Use of aggregation techniques can significantly improve privacy aspects for smart

metering systems. Aggregation is a generic term. The contribution to enhancing the

privacy will depend on the specific way aggregation is applied to the smart meter system.

Aggregating data inside the consumer’s premises ensures that privacy is enhanced early in

the collection process. Aggregation outside the consumer’s premises, for example during

the intake in the central system, involves more risk due to the fact that detailed data has

already been transferred outside the consumer’s premises and can be intercepted along the

way. When multiple parties are involved in the data collection process aggregation within

the consumer’s premises ensures that fewer mistakes can be made because the process is

enforced within the meter or gateway.

Aggregation will always require additional security mechanisms to ensure properties like

confidentiality and data integrity. Therefore, aggregation should always be applied

together with a technique providing security.

11.1.4. SIEM

SIEM is an abbreviation for security incident and event management. Usually provided as

software or a service that helps identify security events in real-time, and is able to correlate

events to help identify the cause of the events, and perform classification of the events.


Cyber-Security


Confidentiality NA SIEM techniques do not provide a particular measure to ensure data

confidentiality. As SIEM systems are used to monitor the status of the

overall infrastructure but are directly ensuring the confidentiality of

exchanged information, this criterion is not ranked.

Availability 1 SIEM systems can monitor the availability of assets in the smart

metering chain. Therefore, making a contribution to the system

availability.

Integrity NA SIEM techniques do not provide a particular measure to ensure data

integrity. As SIEM systems are used to monitor the status of the overall

infrastructure but are directly ensuring the integrity of exchanged

information, this criterion is not ranked.

Access to key

material

NA Not applicable

Integrity of key

material

NA Not applicable

of 211

Authentication NA SIEM techniques do not provide a particular measure to provide

authentication of components. As SIEM systems are used to monitor

the status of the overall infrastructure but are directly ensuring the

authentication of entities or exchanged information, this criterion is not

ranked.

Auditing/loggin

g

2 A SIEM functions as a central audit and log component, integrates

various security functions in this domain.



Although privacy and data protection aspects can be monitored by implementing a SIEM

(for example a breach leading to disclosure of personal identifiable information might be

detected), the technique itself is not specifically designed to safeguard this dimension.

Therefore, this dimension is not rated.



Implementation

Scale

2 SIEMs are widely adapted in IT infrastructures for many years. The

implementation in Smart Metering infrastructures is also progressing.

Standardisation 1 A SIEM is usually able to process information coming from systems in

a predefined format (e.g. syslog data, netflow information, vendor

specific log formats etc.), and often requires customization to process

more exotic formats that might be encountered in a smart metering

environment. Reliance on standards differs per product; therefore only

one point is given for this criterion.

Upgradability 2 SIEMs generally rely on rules that are able to parse information provided

by other systems. These rules usually can be adjusted and extended in

order to adapt to the new systems.



Communication

overhead

generated

1 Events are transported over a network to the SIEM, this creates

additional overhead in the sense that more information is sent than

strictly necessary to perform only the business function.

of 211

Bandwidth

required

1 Moderate bandwidth impact can be expected due to the communication

overhead generated.

Latency

tolerance /

“Always-on

communication

required?”

1 Events can be received out of order and do not require the

communication line to be “online” all the time. Event processing can be

performed once the data is available. It has to be noted that a significant

delay in event propagation cause by an unavailable communication

channel can however delay reaction time to events.

Impact to

processes

0 Impact to processes is significant; every asset acts as a data source and

has to be setup accordingly, and processes have to be in place for

following up on the reporting of events.

Ranking Summary

Domain Rank

Cyber-security 1.5



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

The use of SIEM systems in the smart metering domain can provide significant support to

the overall security. This can be achieved through monitoring the system´s availability,

gathering and correlating security relevant events and notifications. For SIEM systems to

be effective it is required that the system can process and parse the relevant events from

the individual smart metering devices and systems. This is creating an impact to the system

architecture.

of 211

11.1.5. Multi-factor authentication

Multi-factor authentication is a mechanism whereby a user is only successfully

authenticated after presenting several pieces of evidence, often in the form of something

the user knows (i.e. a password) and something the user has (i.e. a security token). Also

biometrics can be used for multi-factor authentication.


Cyber-Security



Availability NA Not applicable


Access to key

material

NA Not applicable

Integrity of key

material

NA Not applicable

Authentication 2 “Two factor” authentication is a mechanism providing a higher level

of assurance against the misuse of credentials.


Non-repudiation NA Not applicable



Data Control 0 This process is not under control of the consumer.

Data

minimisation

NA The authentication mechanism does not influence which data is

collected.

Data Access NA The authentication mechanism does not influence the access rights.

Anonymity NA The authentication mechanism does not influence the linking of data

to individuals

Data Retention NA The authentication mechanism does not influence data retention

of 211



Implementation

Scale

2 Two factor authentication is commonly used in the IT and OT domain.

Standardisation 2 There are several forms of multi-factor authentication mechanisms

available. NIST Special Publication 800-63-2 discusses various forms of

two-factor authentication and provides guidance on using them in

business processes requiring different levels of assurance.

Upgradability 2 If multi-factor techniques rely on hardware tokens as one factor,

upgrading can have a significant impact. This is especially the case if it

is a larger deployment of tokens. In this case the technique should only

be ranked as “1”.



Communication

overhead

generated

NA Since this is an authentication mechanism it does not operate constantly

on a network transport level and cannot be rated appropriately for this

criterion.

Bandwidth

required

NA Since this is an authentication mechanism it does not operate constantly

on a network transport level and cannot be rated appropriately for this

criterion.

Latency

tolerance /

“Always-on

communication

required?”

1 Tokens generate their authentication codes based on an internal clock.

These have to be in sync with the clock operating on the server that

verifies the codes.

Impact to

processes

1 Implementation of this technique within existing systems (for example

administration back-ends, or remote terminal functionality) is usually

straightforward. Most vendors offer API’s that can be integrated in

software, and many software products offer this functionality out-of-the

box when combined with common products (e.g. smart cards, hardware

tokens, Google authenticator etc.).

There is moderate impact on the administration side, tokens get lost,

employees that leave need to have their tokens revoked etc.

of 211

Ranking Summary

Domain Rank

Cyber-security 2

Privacy and data protection 0



0

0.5

1

1.5

2Cyber-security

Privacy and dataprotection


Technique


Architecture

Rank

Multi-factor authentication provides a strong mechanism for the authentication of users

in the smart metering system. In particular, it can be used for managing access right to

central applications.

11.1.6. One-time password (OTP)

A one-time password is a password that is valid for only one session. This is a generic

technique that can be applied as an authentication mechanism for various systems in the

smart metering infrastructure. It provides additional security compared to regular password

authentication in a sense that replay attacks have no effect and compromised passwords

become ineffective. This technique is also often used as part of multi-factor authentication,

whereby the one-time password is generated on a separate device the user has (like a token

or smartphone).

A specific use case is the use on smart-meters, whereby the meter generates a code on the

display that can be used to identify the consumer when assisting remotely.


of 211

Cyber-Security





Access to key

material

NA Not applicable

Integrity of key

material

NA Not applicable

Authentication 2 One-time password is a mechanism providing resilience against replay

attacks and password disclosures.






data is collected




access rights.



Data retention 2 Per default, data retention for one time password is very

short. Password is retained no longer than what is strictly

needed to make services available and proportionate to

the purposes of authentication

of 211



Implementation

Scale

2 One-time password authentication is commonly used (often as part of

two-factor authentication).

Standardisation 2 Several standards exist already – for example, RFC 1760 (S/KEY),

RFC 2289 (OTP), RFC 4226 (HOTP) and RFC 6238 (TOTP).

Upgradability 1 Depends on where this technique is implemented. In general it is

upgradeable, but reliance on physical tokens prevents it from being a

small upgrade.



Communication

overhead

generated

2 Very little

Bandwidth

required

2 NA or 2 when a just in time provisions is used

Latency

tolerance /

“Always-on

communication

required?”

1 A one-time-password needs to be used within a predefined timeframe

and will expire after a set limit. This limit has to be large enough for the

consumer to be able to use it, but small enough to prevent abuse (e.g.

brute forcing of the OTP). In general this should not pose a problem on

a network infrastructure, but since it is an important configuration

aspect it is rated.

Impact to

processes

1 Implementation of this technique usually requires an additional system

for specifically for this purpose that has to be integrated with other

systems.

of 211

Ranking Summary

Domain Rank

Cyber-security 2

Privacyand data protection 2



0

0.5

1

1.5

2Cyber-security

Privacyand dataprotection

Maturity and


Architecture

Rank

OTP provides additional security when compared with regular passwords because one-

time-passwords are usually configured to work only within a specific timeframe, and

cannot be replayed because of their changing nature.

11.1.7. Whitelisting

Whitelisting is used in the smart-metering infrastructure to specifically allow access to

systems by placing the corresponding systems on a list. Instead specifically denying access

to a resource for certain entities (blacklisting), access is denied by default. Whitelisting is

usually performed on network level, based on MAC-address, IP-address or certificate.

Often a combination is made, for example when access is required over the internet a

combination of IP-based whitelisting is performed in conjunction with a VPN-tunnel

protected with certificates.


Cyber-Security



Availability 2 Whitelisting per se affects availability

of 211


Access to key

material

NA Not applicable

Integrity of key

material

NA Not applicable

Authentication 0 Whitelisting per se affects availability but does not provide

authentication. Authentication is necessary but requires separate

technique

Auditing/logging 1 As whitelisting only provides a simple authentication mechanism,

it might not be possible to detect spoofed messages correctly.



Whitelisting is a security enhancing technique. Privacy and data protection criteria are

therefore not applicable.



Implementation

Scale

2 Whitelisting is widely used as standard network practice, it can for

example be configured in the form of a network access list for IP

based connections or a dialler list for phone based connections.

Standardisation NA As this is a basic technique no special standardisation is required.

The mechanisms is widely used as standard network practice, can be

found is many general IT standards (ISO 27002, ISF Standards of

Good Practice)

Upgradability NA Not applicable



Communication

overhead

generated

2 Use of this technique does not generate any overhead.

Bandwidth

required

2 Use of this technique does not have any bandwidth requirements.

of 211

Latency

tolerance /

“Always-on

communication

required?”

2 The use of the technique does not require any “always-on”

connection.

Impact to

processes

1 Moderate and depending on complexity. Whitelisting usually only

works well in systems with limited functions / access required.

Whitelisting can become difficult when many changes are required

often, significantly increasing the maintenance effort of the

implemented technique.

Ranking Summary

Domain Rank

Cyber-security 1



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

The use of a whitelisting technique only provides a moderate security contribution. There

are several attacks know, that can be used to bypass whitelists, for example spoofing the

sender source addresses. This is possible as whitelisting does not have the possibility for

validate the authenticity of the source.

Whitelisting can however help to prevent or limit the impact of flooding or other denial-

of-service attacks.

of 211

11.1.8. VPN

VPN is an abbreviation of Virtual Private Network, and it is used as a method to use an

existing network (often the internet) as a transport medium, while retaining the

confidentiality needed to protect the information that is transferred.


Cyber-Security


Confidentiality 2 VPN technologies allow using state-of-the-art authenticated

encryption mechanisms.


Integrity 2 VPN technologies allow to use state-of-the-art authenticated

encryption mechanisms.

Access to key

material

NA Not applicable

Integrity of key

material

NA Not applicable

Authentication 2 VPNs used in smart metering infrastructures are usually used for

network-to-network communication, they can rely on pre-shared

keys or on certificates on both ends.





Data Retention NA Not applicable

Data

minimization

NA Not applicable



Anonymity NA Not applicable

of 211



Implementation

Scale

2 VPNs are widely deployed in telecommunication networks.

Standardisation 2 VPN protocols have been standardised in different variants, such

as IPsec, SSL/TLS-VPNs, DTLS-VPNs, OpenVPN, and others.

Upgradability 2 VPN techniques can be upgraded.



Communication

overhead

generated

1 Data is encapsulated, resulting in some overhead. The overhead

differs per protocol used, but will remain a factor.

Bandwidth

required

1 Due to encapsulation more network traffic will be generated which

will required more bandwidth.

Latency

tolerance /

“Always-on

communication

required?”

2 VPNs can be configured so the underlying network link does not

require being “online” permanently. This way keeping the VPN

connection established while the link can remain inactive.

Impact to

processes

2 Depends on where the technique is used. A simple point-to-point

solution has less impact than an infrastructure that has to support

many endpoints.

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

The use of VPNs provides a strong mechanism to protect the data exchanged between the

connected networks or hosts. When the VPN connection is secured via an authenticated

encryption techniques listed earlier, it will provide strong data confidentiality and integrity.

The overhead of VPN connections correlates very much with the used encryption

techniques.

11.1.9. Manufacturer – customer key exchange

Key handling of smart meter keys is a vital process within the smart metering

infrastructure. Keys are used to install and administer meters. During the manufacturing

process of smart meters security keys are generated and these keys need to be sent to the

utility of the smart meters in a safe and responsible way.

In order to assess this process a number of assumptions are made which when implemented

together form a solid process:

The smart meter is provided by the manufacturer with unique keys. The keys are

generated randomly; in particular there is no method to derive the provisioned keys

from any combination of values or attributes.

Key handling during the manufacturing process is done in a secured environment.

For key generation an appropriate random number generator is used.

of 211

Additional requirements are in the assessment criteria for this process and form the basis

upon which the rating is calculated.


Cyber-Security


Confidentiality 2 Before the shipment of the meters, the keys related to meter identifiers

are shipped to the customer the keys are encrypted using a public key

provided by the customer to the manufacturer.

Keys must be generated by an approved random number generator of

at least class AIS20/31 DRG.2.

Availability NA Not applicable.

Integrity 2 Integrity of the exchanged material can be ensured using

cryptographic checksums.

Access to key

material

2 When the keys supplied by the manufacturer are solely used during

the installation process by the consumer customer, and are replaced

with a key only known to the customer (meter operator), 2 ranking

point are assigned.

When the manufacturer’s keys stay in use but the manufacturer has a

process in place whereby keys are removed from the manufacturers

systems and administration after shipment, 1 point is assigned.

Any other method gives no ranking points in this category.

Integrity of key

material

2 Two ranking points are assigned if the keys are protected with

cryptographic checksums or digital signatures.

Authentication 2 Ranking points are only assigned when a signature or MAC is used.


Non-repudiation 2 Ranking points are only assigned when a signature is used.



Data

Retention

NA Not applicable

of 211

Data

minimization

NA Not applicable



Anonymity NA Not applicable



Implementation

Scale

2 Widely used for exchange of symmetrical keys that are provisioned to

Smart Meter components at manufacturing sites.

Standardisation 1 A rating of '1' can be given when a shipment file format has been chosen

that has encryption enabled on keys that are transported. For the

transport of the shipment files no industry-standard is available.

Upgradability 2 Easily upgradable as few systems are involved.



Communication

overhead

generated

NA This process is not related to the smart meter architecture but to the

exchange process between utility and manufacturer.

Bandwidth

required



Latency

tolerance /

“Always-on

communication

required?”



Impact to

processes

0 There is significant impact to processes. A retention policy and controls

have to be designed for management of keys by the manufacturer, and

the process is dependent on automation and encryption processes.

of 211

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

The described technique is not directly related to the communication within the smart

meter architecture, the described process can however significantly improve the

provisioning of key material for smart meter devices. Secure provision techniques at

production site and a secure transfer of key material to the central systems should be

considered for a secure smart meter roll out.

11.1.10. PKI

Public Key Infrastructure (PKI) is a mechanism to manage and distribute certificates and

public keys in a computer network. A PKI usually is also tied to roles, policies and

procedures for key generation and revocation. This system can be used manage the keys

used in the smart metering infrastructure. PKI can be used in multiple places, usually

relying on an internal CA (certificate authority) for management of smart meter keys, and

on external CA’s for access to portals, provide secure communication between parties etc.


Cyber-Security


Confidentiality NA The PKI is only the mechanism that is providing the key material to

devices.

of 211

Availability NA This is highly dependent on the form of implementation. Since many

forms of implementation exist no ranking here is applied.

Integrity NA The PKI is only the mechanism that is providing the key material to

devices.

Access to key

material

2 A PKI can ensure very good protection of the key material; this can

be combined with hardware security to protect the used private keys.

Integrity of key

material

2 The exchanged key material is protected by digital signatures,

providing high assurance of the integrity.

Authentication 2 A certificate binds the possession of a private key to an identification.


Non-repudiation 0-2 Provided by the trust-model.


A PKI is essentially a management process that helps in managing encryption to improve

security. Privacy aspects might be secondary because they are reliant on security measures.

Therefore, these criteria are not rated.



Implementation

Scale

2 PKIs are widely in use on central system side.

Standardisation 2 A number of standards exist for different forms, for example

RFC5280 is a widely used standard.




Communication

overhead

generated

1 Regular traffic required to check certificate status

Bandwidth

required

NA Not applicable

of 211

Latency

tolerance /

“Always-on

communication

required?”

0 Certificate revocation is generally an issue for devices not

permanently connected to a network

Impact to

processes

0 Impact to processes is significant; managing a PKI required solid

process in place and changes to software and infrastructure.

Ranking Summary

Domain Rank

Cyber-security 2



0

0.5

1

1.5

2Cyber-security


Technique


Architecture

Rank

PKIs can simplify the establishment of security associations after deployment. Public key

algorithms are well integrated in IT products.

of 211

12. BAT RANKING SUMMARY

In this section the summary of the rankings for the different collected and selected

techniques is presented.

As it is possible to see, rankings are clustered per domain/component and per dimension,

so that it is possible to see on a side in details where a given technique scores better respect

to others in the same domain/component, which aspects are not covered by it for what

concerns cyber-security, privacy/ data protection, and maturity/impact to the architecture.

The overall evaluation ranking (i.e. aggregating all the criteria scores for each dimension)

is presented in section 12.4. In the same section is also presented the summarising scoring

indicator per technique and per component.

Section 12.5 presents where a certain technique can be applied with respect to the reference

architecture.

In searching the best available technique, the reader should take into consideration all these

aspects, using section 12.5 as general indicator and entry point and then leverage on the

details of the other tables to fine-tune the identification as the result might vary according

to the component to be taken into consideration, the specific implemented architecture and

the priorities given to the different dimensions.

It is worth remind one more time that the ranking here presented doesn’t take into

consideration the cost-evaluation dimension as stated earlier in this document.

12.1.Validity of techniques for Cyber Security

DOMAIN TECHNIQUE Confidentiality Integrity Authenti

cation

Availability Non-

Repudiation

Key

material

access

Key

material

integrity

Logging

(O*) Access

Control /

Consumer

Use Case

Username/Password sent in

clear to a server

1 0 0

Username/Password stored and

verified in tamper resistant

module

1 2 2

OTP

2

2 factors

Authentication 2

PSK TLS +

Client Certificate

2 2 2

(0*) Access

Control / Op.

and 3rd Party

Use Cases

Username/Pass

word 1

OTP 2

2 factors

Authentication 2

PSK TLS +

Client Certificate

2 2 2

(O*) Crypto-

AES

AES-GCM 2 2

AES-CBC 2 1

AES-CCM 2 2

AES-CMAC 0 2

AES-CTR 2 0

AES-ECB 0 0

SHA1 1

of 211


cation

Availability Non-

Repudiation

Key

material

access

Key

material

integrity

Logging

(O*) Crypto

– Hash

SHA2 2

(O*) Crypto

– EC

ECDH 0

ECDSA 2 2

(O*)

Monitoring

Switches 1 1 1 2

Seals 1 1

Magnetic field sensor

2

Power Quality

sensor 2

(O*)

Security

Architecture

Unique keys 2 2

Private location 1

DLMS secure

transport 2 2 2

Independent Monitoring

2 2 2

TLS secure

transport 2 2 2 2 2

End-to-end

signing 2 2 2

(O*) Switch

commands

validated against grid

code

2

(O*)

Hardware

Security

Hardening the device’s main

processor (e.g.

TEE: Trusted Executable

Environment)

0 0 0 1 0 1 1 0

Adjunction of

secure storage module (e.g.

TPM) as

hardware root of trust ensuring

the trustability of the processor

boot

0 2 0 2 0 1 1 0

Adjunction of

dedicated crypto processor and

credential

storage (e.g. HSM: Hardware

Security

Module)

2 2 2 0 2 2 2 0

Adjunction of

programmable

tamper resistant processor (e.g.

SE: Secure

Element)

2 2 2 2 2 2 2 2

Component

C*

(applicable

components)

Zigbee SEP (CF, CK)

2 2 2 2 2 2

Crypto Message

Syntax (CF, CI) 2 2 2 2 2

M-Bus (Ox, CH)

2 2 0 2 0 2

DLMS (Ox, CF,

CH) 2 2 2 2 2 2 2

Dial-in

Whitelisting

(CD, CF, CH)

1 2

LDAP (CA, CI, Px)

2 2

TACACS+

(CA) 2 2

of 211


cation

Availability Non-

Repudiation

Key

material

access

Key

material

integrity

Logging

Firewall (CA,

CC, CD, CI) 2 2

IDS/IPS (CA,

CC, CD, CI) 0 2 2

Read-only

interface (OA, OB, OC, PE) /

Physical

2

Read-only interface (OA,

OB, OC, PE) /

Logical

1

1

Component

P*

(applicable

components)

Component

P*

(applicable

components)

Network

segregation (Px) 1 1 2

Firmware

update (OA, OB, OC)

2 2 2 2 2 2 2 2

SIEM 1 2

Multi-factor

authentication

(Px)

2

One-time

password (Px) 2

Whitelisting (Px)

1 1

VPN (Px) 2 2 2

Manufacturer –

customer Key Exchange (Px)

2 2 2 2 2 2

PKI (Px) 2 0-2 2 2

of 211

12.2.Validity of techniques for Privacy & Data Protection

DOMAIN TECHNIQUE Anonymity Minimization Control Access Retention

(O*) Access

Control /

Consumer Use

Case

Username/Password sent in clear to a server

0

Username/Password stored and verified in tamper

resistant module

2

OTP

2

2 factors Authentication 2

(O*) Access

Control / Op.

and 3rd Party

Use Cases

Username/Password 0

OTP 2

2 factors Authentication 2

(O*)

Monitoring and

alarming

(any technique) 0 0 or 2

(O*) Security

Architecture

Private location 1

Component C*

(applicable

components)

Retention for data stored

locally in meter or after

contract has ended

2

Daily transmission of interval data (CD, CF, OB,

OD, OA)

2 0

1 second local intervals

and bi-monthly readings

2 2

Aggregation (O*, P*) 2 2 2 2

Component P*

(applicable

components)

Aggregation (Px) 1 2

Multi-factor authentication

(Px)

0

One-time password (Px) 2

of 211

12.3.Evaluation of techniques for Maturity, Upgradability and Architectural impact

DOMAIN Technique Standards Implementation

scale

Upgradability Overhead Bandwidth Latency Process

impact

(O*)

Access

Control

Username /

Password (all

use cases)

0 2 1 2 2 2 or 0 1

OTP (all use

cases)

2 2 2 2 2 2 or 1 1

2 factors

Authenticatio

n (all use cases)

2 2 2 2 2 2 or 1 1

PSK TLS +

Client Certificate

(Consumer

use case)

2 0 2 1-2 1-2 1-2 1

PSK TLS +

Client

Certificate (Operator &

3rd Party use

cases)

2 2 2 1-2 1-2 1-2 1

(O*)

Crypto-

AES

AES-GCM

2 2 2 1 2 1

AES-CBC

AES-CCM

AES-CMAC

AES-CTR

AES-ECB

(O*)

Crypto -

Hash

SHA1 2 2 2 SHA2

2 2 2

(O*)

Crypto -

EC

ECDH 2 1 2 2 2 2 1

ECDSA 2 1 2 1 2 or 1 2 or 1 1

(O*)

Monitorin

g

Switches 2 0 2 2 2 1

Seals 2 0 1

(O*)

Security

Architectu

re

Unique keys 2 0

Private location

2

DLMS secure

transport 2 2 1 2

UC

dependent 2 1

Independent Monitoring

2 0 2 2

TLS secure

transport 2 1-2 2 2 2 or 1 2 or 1 1

End-to-end signing

2 1 2 2 UC

dependent 2 1

(O*) Switch

commands

validated against grid

code

1 1 2 2 2 2

(O*)

Hardware

Security

Hardening the device’s main

processor

(e.g. TEE: Trusted

Executable

Environment)

1 2 2

Adjunction of secure storage

module (e.g. TPM) as

hardware root

of trust ensuring the

trustability of

1 2 1

of 211


scale


impact

the processor

boot

Adjunction of dedicated

crypto

processor and credential

storage (e.g.

HSM: Hardware

Security

Module)

1 2 1

Adjunction of

programmabl

e tamper resistant

processor

(e.g. SE: Secure

Element)

1 2 2

Componen

t C*

(applicable

component

s)

Zigbee SEP

(CF, CK) 1 1 2 2 2 2 1

Crypto

Message

Syntax with XML (CF,

CI)

2 2 2 0 2 2 0

Crypto

Message Syntax

without XML

(CF, CI)

2 2 2 2 2 2 0

M-Bus (Ox,

CH) 2 2 2 2 2 2 1

DLMS (Ox,

CF, CH) 2 2 2 2 2 1 1

Dial-in

Whitelisting

(CD, CF, CH)

0 2 2 2 2 2

LDAP (CA,

CI, Px) 2 2 2 2 2 1 0

TACACS+

(CA) 2 2 2 2 2 1 0

Firewall (CA,

CC, CD, CI) 2 2 2 2 2 1

IDS/IPS (CA,

CC, CD, CI) 0 2 2 2 2 2 1

Retention

after contract

has ended (OA, OB,

OC, PE)

2 2 2 2 2 2 2

Retention of

data stored locally in the

meter (OA,

OB, OC, PE)

2 2 0 2

Aggregation

(O*, P*) 2 if local

Read-only

interface (OA,

OB, OC, PE)

/ Physical

1 0


OB, OC, PE)

/ Logical

1 1

Componen

t P*

(applicable

Network

segregation

(Px)

2 2 2

of 211


scale


impact

component

s)

Firmware

update (OA,

OB, OC)

0 2 2 0 0 2 0

Aggregation

(Px) 2 2 2 2 0

SIEM

(Px)

1 2 2 1 1 1 0

Multi-factor

authentication (Px)

2 2 2 1 1

One-time

password (Px) 2 2 1 2 2 1 1

Whitelisting (Px)

2 2 2 2 1

VPN (Px) 2 2 2 1 1 2 2

Manufacturer

– customer Key

Exchange

(Px)

1 2 2 0

PKI (Px) 2 2 0

of 211

12.4.Summary of evaluation ratings of applicable and selected techniques per

component or Use Case

Applicability area Applicable

technique

Cybersecurity

rating

Privacy

rating

Maturity

rating

Impact

rating

Sum

Ox components

(any of them according to

architecture distribution)

Ox components

(any of them according to

architecture distribution)

Access

Control / Consumer

Username

Password

1 2 1 1.75 5.75

OTP 2 2 2 1.75 7.75

2 factor Auth.

(local auth.)

2 2 2 1.75 7.75

2 factor Auth.

(remote auth.)

2 2 2 1.5 7.5

PSK TLS +

Client

2 1.33 1.75 5.08

Access

Control /

Operator & 3rd Party

Username

Password

1 0 1 1.75 3.75

OTP & 2

factor Auth.

2 2 1 1.75 6.75

PSK TLS +

Client

1 2 1.75 1.75 6.5

Crypto AES GCM 2 2 1.33 5.33

CBC 1.5 2 1.33 4.83

CCM 2 2 1.33 5.33

CMAC 1 2 1.33 4.33

CTR 1 2 1.33 4.33

ECB 0 2 1.33 3.33

Crypto Hash SHA1 1 2 3

SHA2 2 2 4

Crypto EC ECDH 0 1.66 1.75 3.41

ECDSA 2 1.66 1.5 5.16

Monitoring Switches 1.25 0 1 1.75 4

Seals 1 0 1 1 3

Security

Architecture

Unique Keys 2 2 0 4

Private

location

1 1 2 4

DLMS Secure

Transport

2 1.66 1.66 5.32

Independent

monitoring

2 1.33 2 5.33

TLS Secure

Transport

2 2 1.75 5.75

of 211


technique

Cybersecurity

rating

Privacy

rating

Maturity

rating

Impact

rating

Sum

End-to-end

signing

2 1.66 1.66 5.32

Switch

commands validated

against grid

code (with logging)

1.33 0.66 2 3.99

Switch

commands validated

against grid

code (without logging)

2 1 2 5

Hardware (processor)

hardening

2 1 3

Px components Network segregation

(Px)

1.33 2 2 5.33

Firmware update (OA,

OB, OC)

2 1.33 0.5 3.83

Aggregation

(Px)

1.5 2 1.5 5

SIEM (Px) 1.5 1.66 0.75 3.91

Multi-factor authentication

(Px)

2 0 2 1 5

One-time

password (Px)

2 2 1.66 1.5 7.16

Whitelisting

(Px)

1 2 1.75 4.75

VPN (Px) 2 2 1.5 5.5

Manufacturer –

customer Key

Exchange (Px)

2 1.66 0 3.66

PKI (Px) 2 2 0.33 4.33

Cx components

Zigbee SEP

(CF, CK)

2 1.33 1.75 5.08

Crypto

Message Syntax with

XML (CF, CI)

2 2 1 5

Crypto

Message

Syntax

without XML

(CF, CI)

2 2 1.5 5.5

M-Bus (Ox, CH)

1.33 2 1.75 5.08

DLMS (Ox, CF, CH)

2 2 1.5 5.5

Dial-in Whitelisting

(CD, CF, CH)

1.5 1 2 4.5

of 211


technique

Cybersecurity

rating

Privacy

rating

Maturity

rating

Impact

rating

Sum

Cx components

LDAP (CA,

CI, Px)

2 2 1.25 5.25

TACACS+

(CA)

2 2 1.25 5.25

Firewall (CA,

CC, CD, CI)

2 2 1.66 5.66

IDS/IPS (CA,

CC, CD, CI)

1.33 1.33 1.75 4.41

Retention after contract has

ended (OA,

OB, OC, PE)

2 2 2 6

Retention of

data stored locally in the

meter (OA,

OB, OC, PE)

2 1.33 2 5.33

Daily

transmission of interval data

(CD, CF, OA,

OB, OD)

1 1

1s local

readings and 6

bi-monthly values (CD,

CF, OA, OB,

OD)

2 2

Aggregation

for Network

Planning (O*, P*)

2 2 4

Aggregation & Anonymization

for statistics

(O*, P*)

2 2


OB, OC, PE) /

Physical

2 0.5 2.5


OB, OC, PE) /

Logical

1 1 2

of 211

12.5.Applicable techniques per component

Applicable technique PE Other

Px

0A OB OC OD CA CC CD CF CH CI CK

Username / Password X X X X

PSK TLS + Client X X X X

AES (all) X X X X

SHA1/2 X X X X

Elliptic Curves (all) X X X X

Switches X X X X

Seals X X X X

Unique Keys X X X X

Private location X X X X

DLMS Secure Transport X X X X

Independent monitoring X X X X

TLS Secure Transport X X X X

End-to-end signing X X X X

Switch commands

validated against grid code X X X X

(processor) hardening X X X X

Network segregation X X

Firmware update X X X

Aggregation X X X X X X

SIEM X X

Multi-factor authentication X X X X X X

One-time password X X X X X X

Whitelisting X X

VPN X X

Manufacturer – customer

Key Exchange X X

PKI X X

Zigbee SEP X X

Crypto Message Syntax X X

M-Bus X X X X X

of 211

Applicable technique PE Other

Px

0A OB OC OD CA CC CD CF CH CI CK

DLMS X X X X X X

Dial-in Whitelisting X X X

LDAP X X X X

TACACS+ X

Firewall X X X X

IDS/IPS X X X X

Retention X X X X

Reading and transmission

frequency tuning X X X X X

Read-only interface

(Physical / Logical) X X X X

of 211

13. ANALYSIS OF THE SWITCH ON/SWITCH OFF FUNCTIONAL REQUIREMENT CYBER-

SECURITY

The off-switch, also referenced as the breaker, of a Smart Meter is a functionality that

allows to disconnect electricity supply to the consumer. For this the central system can

issue commands to the Smart Meter triggering the disconnect.

In addition, the functionality is also used for load-limiting purposed or to implement pre-

payment. In those cases, it is possible that the Smart Meter is takes an independent decision

to disconnect electricity supply. This operation might be performed without any interaction

with the central system.

Further developments can also use “standalone” switching devices which are controlling

the power supply of appliances installed at the consumer premises. Application examples

are the control of water boilers or storage heating.

Based on the survey results, the main element for securing the remote disconnect

functionality implemented in smart meters is a secure communication channel between the

smart meter and the central system. To ensure this this several techniques have been

suggested that provide authenticated encryption between meters and central systems. For

this, see techniques such as DLMS, TLS or CMS.

The implementation is mainly dependent on the underlying Smart Meter architecture.

Some architectures allow end-to-end communication from the central system side to the

smart meters. In this those cases the suggested protocols can be directly applied.

Other architectures use intermediate nodes to relay traffic (data concentrators), here

additional hardware security was suggested to further strengthen the security of those

intermediate nodes. Other suggestions are the use of end-to-end singed messages to

establish a trusted connection between the meter and the central system, in case no direct

communication link is available. See techniques listed under 0 for Hardware Security and

the technique described under 9.5.6 for End-to-End Signing. Furthermore, a technique for

grid code sensitive operation was suggested that the stability of the grid is sensed by the

Smart Meter before triggering the disconnect command. The techniques is described under

9.5.8.

To mitigate against a malicious mass switch off messages initiated from the central system

side, a throttle mechanism in the intermediate communication components was

furthermore suggested as a technique. See technique described under 9.5.4 for Independent

Monitoring of exchanged data.

Furthermore, technique for “frequency monitoring” was suggested to especially address

security risks implied through the disconnect functionality. This technique suggests that

the stability of the grid is sensed by the Smart Meter before triggering the disconnect

command. For this see technique described under 9.5.7.

When analysing the properties of all techniques provided, it became evident that no single

technique can ensure the security of the switch on/switch off functionality. The security of

this functionality will need to rely on a combination of strong techniques matching the

underlying architecture.

of 211

Furthermore, it has to be noted that several of the suggested techniques have a relatively

low maturity level. The effectiveness of the techniques needs yet to be evaluated.

It is therefore suggested that further pilots are conducted to assess the security contribution

of the suggested techniques for ensuring a secured switch on/switch off functionality. This

will allow to obtain additional data and enhance the ranking of the techniques. It would

also lay the basis for research into additional, more advanced techniques for securing

switch on/switch off functionality.

of 211

14. CONCLUSIONS AND RECOMMENDATIONS

This report assembles and presents a large number of techniques which may be considered

in the context of cybersecurity and privacy in smart metering systems and in the

communications involved in the provision of the European Commission’s recommended

ten common minimum functional requirements (2012/148/EU). It evaluates these

techniques, summarising in a common format the strengths and weaknesses of each.

14.1.Structure

AMI communications have been analysed according to the M/441 reference architecture

(Section 3), and the ten functionalities have been associated with use cases previously

identified by the Smart Meter Co-ordination Group (Section 4).

Best Available Techniques have been assessed using the evaluation framework set out in

Section 5, having been collected from a wide range of stakeholders across Europe (Section

6).

In order to facilitate consideration of the large number of individual techniques gathered,

they have been clustered by type/domain of application (section 7). Many techniques occur

in more than one application, as a standard often encompasses several communication

layers. Other techniques are typically ‘building blocks’ of generic services (e.g. PKI).

Section 8 considers the techniques in the context of the ten common minimum

functionalities, and the results of the evaluation of each technique are grouped by

component (Sections 9-11).

14.2.Common minimum functionalities

The stated objective of the study is the identification and selection of Best Available

Techniques for the recommended ten common minimum functional requirements related

to the smart metering system roll-out under a cyber-security and privacy perspective. This

could lead the end user to expect the report to specify a set of BATs for each of the common

minimum functional requirements.

However, analysis of the questionnaire results made it clear that there was no general

consensus among stakeholders on smart metering architectures and processes, due to the

different technological approaches and diverse regulatory environments across Member

States. Evidently, if there are differences in architectures and processes, how the processes

are implemented per functionality/use-case and the applicable BATs will also diverge.

14.3.Approach

For this reason, the techniques gathered were clustered in two different dimensions (as

described in section 7); firstly, by component or information flow and secondly, by the

cybersecurity domain that the technique falls into. By presenting the results in this way,

the authors aim to provide a more flexible model to readers, who can select their preferred

BATs according to their particular smart metering architectures and use cases. See Figure

12 below:

of 211

Figure 12: BAT use approach

Additionally, since the selection and implementation of cyber security techniques will

depend on a security risk assessment, the selection of the BATs will vary according to the

risks identified, relevance to the different cybersecurity domains, and the risk appetite of

the organisation.

14.4.Findings & conclusions

This report has assembled a good range of techniques which may be considered for smart

metering components and communications. Techniques are continually evolving so this

should be seen as a ‘snapshot in time’.

Responses by stakeholders to the survey questionnaire also varied in approach and depth,

which complicated the task of the TEG in creating a common basis for evaluating these

techniques. Nevertheless the report provides a useful summary of techniques relevant to

the deployment of smart metering systems and provision of the minimum functionalities.

In practice it is likely that specific techniques will be used in combination, and the security

of the overall system should be seen in this light.

It is evident that stakeholders have differing perspectives on and approaches to security,

probably reflecting different perceptions of likely threats, but also corresponding to the

various architectures involved in Member State deployments. There are also differences in

the perception of privacy, which most probably will change with the full implementation

of the new General Data Protection Regulation (and data protection impact assessment

framework).

In considering Best Available Techniques, the workgroup originally envisaged including

an economic assessment in the evaluation framework. However very few responses

contained information on this matter, probably for reasons of commercial sensitivity. It

was thus not possible to draw conclusions on this aspect and the report deals only with the

technical aspects of the techniques analysed.

It should be stressed that not using a Best Available Technique does not automatically

make the total system insecure. The report is intended as a guide to BATs or checklist

of 211

when considering security aspects and the features of individual techniques; it does not

avoid the need for expert assessment of the security of the overall system.

A large number of smart meters are already in operation and the report may be used to

check the solutions used in the installed system. Where this indicates the techniques used

are not among the BATs, this may be natural for a system which has been in operation for

some years - techniques for enhancing privacy and security are constantly being improved.

The important issue is whether the security level in use results in serious threats to the

system, and if so, how these threats may be mitigated.

14.5. Quantum computing threats and recommendations

In recent years, research on quantum computers shows that these machines will be able to

solve mathematical problems that are difficult or intractable for conventional computers such

as Integer Factorization or the Discrete Log Problem over various groups. The security of

asymmetric cryptosystems such as Diffie-Hellman key exchange, the RSA cryptosystem,

and elliptic curve cryptosystems depends on the difficulty of these theoretic problems. Many of our most crucial communication protocols rely principally on three core

cryptographic functionalities: public key encryption, digital signatures, and key exchange,

implemented with these cryptosystems.

The quantum computing presents then a serious challenge to these widely used current

cryptographic techniques. The table below extracted from the Report on Post-Quantum

Cryptography published by the NIST13 (NISTIR 8105), shows the Impact of Quantum Computing

on Common Cryptographic Algorithms

Cryptographic

Algorithm

Type Purpose Impact from large-

scale quantum

computer

AES-256 Symmetric key Encryption Larger key sizes

needed

SHA-256, SHA-3 Hash functions Larger output

needed

RSA Public key Signatures, key

establishment

No longer secure

ECDSA, ECDH

(Elliptic Curve

Cryptography)

Public key Signatures, key

exchange

No longer secure

DSA

(Finite Field

Cryptography)

Public key Signatures, key

exchange

No longer secure

Some of the algorithms used nowadays are not quantum safe algorithms (e.g. RSA, DSA,

DH, ECDH, ECDSA) but are largely deployed and needs to be supported during this

transition period for legacy reasons and before new quantum-safe algorithms take over. It

is important to take into account this quantum computing vulnerability, increasing the key

13 NIST: NISTIR 8105 DRAFT (February 2016) : Report on Post-Quantum Cryptography.

http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf

of 211

lengths for example for symmetric key algorithms like AES, unfortunately RSA and ECC

are not able to adapt by increasing their key sizes to outpace the rate of development of

quantum computing. As these algorithms could be deprecated, systems currently

implementing these algorithms shall be prepared to transition away from these algorithms

as early as 10 years from now, and a crypto agility is necessary as said in the NIST report.

The recommendation of ETSI14 and NIST for cryptographic algorithms for a better

protection against quantum computing vulnerability is then

To increase the key lengths of symmetric key algorithms

To maintain crypto agility to be prepared to transition away from vulnerable

algorithms to quantum-safe ones when available and their security assessed.

14.6.Recommendations

It is recommended that the responsible for smart metering deployments takes account of

the detailed analyses and evaluations of the technical attributes of the best available

techniques presented in this report, and uses these when assessing the security of their

overall system.

Care shall be taken by the readers, when selecting techniques for a component, considering

the entire set of requirements for this component and selecting the technique covering all

the functionalities and not only the technique that appears as best ranked for one

functionality. For example, a technique may be ranked very well for cybersecurity (2)

because it provides for example a good protection for confidentiality (2) but with other

criteria non applicable. Applying this technique ranked at maximum on a communication

link that needs integrity and authenticity would provide less security for this link than a

technique providing confidentiality, authentication, and integrity even less ranked on

confidentiality (with a value of 1).

In the evaluation and adoption of security techniques, consideration should be given to the

importance of assurance / certification for any BAT selected

It is recommended that readers, when selecting techniques, assess the financial

implications of using particular technique(s) in their particular situations and balance these

against the BAT evaluations in this report. A cost benefit analysis should always be

performed when selecting the BATs in order to assess whether the selection will be really

effective in achieving the expected objectives of protection. In particular, the cost implied

for recovering from an attack should be considered carefully when selecting a technique.

14 : ETSI: ETSI White Paper No. 8: Quantum Safe Cryptography and Security: An introduction, benefits,

enablers and challenges; June 2015

http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf

of 211

14.7.Future work

As with developments in IT generally, the security of IT based solutions has a very

dynamic and progressive nature. As threats continuously change, new security solutions

are developed. This implies that an evaluation of Best Available Techniques has only a

short validity. The work performed by EG2 to gather, analyse and evaluate BATs forms a

basis for such evaluations that should be executed on regular basis.

Furthermore it is important to link the outcome of this work to similar activities undertaken

on European level, such as the work on “Minimum Security Requirements” for smart

metering by the Smart Meters Co-ordination Group. The BATs could be coupled with the

requirements for implementation guidance of security controls. As with BATs, these

requirements also need to be maintained, depending on new threats and security incidents.

The SM-CG has a reference architecture and Use Cases available to serve as a basis for

analysing threats, defining requirements and selecting risk mitigating techniques.

In this line of thought, another valuable activity would be to rank the BATs according to

the smart metering Use Cases to identify the techniques that are available for securing

specific Use Cases, depending on the risks associated with such Use Cases.

Some of the work mentioned above, that implies an extra step in the process by using the

current output of EG2’s deliverables, can be taken on board by EG2 and, if appropriate, in

co-operation with other organisations. Routine work, such as maintaining or redefining a

list of BATs should be left to the market or an existing standing organisation.

of 211

*

* *

BEST AVAILABLE TECHNIQUES REFERENCE … · Cyber-Security .....133 ... Firewall ... Data are...

Documents

Transcript of BEST AVAILABLE TECHNIQUES REFERENCE … · Cyber-Security .....133 ... Firewall ... Data are...