21.09.2015 1Stefan Hoffmann21.09.2015

New Security Features in DLMS/COSEM

A comparison to the Smart Meter Gateway

Workshop on Power Line Communications 2015

Stefan Hoffmann (HRW), Robin Massink (DNV GL), Gerd Bumiller (HRW)

21.09.2015

21.09.2015 2Stefan Hoffmann

Initiated a

rethinking process

concerning privacy in

smart metering systems

21.09.2015 3Stefan Hoffmann

• Green Book Version 7 (2013)

• First reaction to directive: including cryptographic methods

• Only methods of symmetric cryptography

• No proper key management possible

• Latest: Green Book Version 8 (2014)

• Security methods from Green Book 7

• Added:

• Methods of asymmetric cryptography

• Allows for establishing an authenticated and encrypted channel

• More security features

Reaction in DLMS/COSEM

21.09.2015 4Stefan Hoffmann

Based on elliptic curve cryptography (ECC)

• Digital Signature Algorithm (DSA)

• Sign with secret key, verify signature with public key

• Diffie-Hellman key agreement (DH)

Public key infrastructure (PKI)

• Entities have certificates with their identity and public key

• Certification authority (CA) signs certificates

Key establishment in DLMS/COSEM (GB V8)

This approachis not possible

with methods ofGreen Book Version 7!

21.09.2015 5Stefan Hoffmann

State-of-the-art methods for protected communication

• Symmetric authentication and encryption

• Advanced Encryption Standard (AES) with Galois/Counter Mode

Afterwards: using symmetric cryptography

21.09.2015 6Stefan Hoffmann

• Second layer of cryptographic protection

• Tunneled protection for third parties

End-to-end security for third parties

21.09.2015 7Stefan Hoffmann

The Smart Meter Gateway

-> All connections using TLS!

21.09.2015 8Stefan Hoffmann

Comparison of cryptographic core methods

Are the NIST curves trustworthy?• Parameters defined as preimages of a secure Hash function.• An adversary would need to know a certain fraction of weak

amount of curves.• Such a fraction was not yet discovered by the public

21.09.2015 9Stefan Hoffmann

SMGW consists of integrated security concept

• Certifyability

• PP has EAL 4+ according to Common Criteria

• National environment

• Specialised for German market

• Government agency as developer

• State-controlled root-CA

• More concrete instructions

• Key lifetimes for PKI usage

• Concrete class of random sources given

• Direct connections for external market participants

• Secure storage

• … and much more.

Security differences of SMGW „beyond cryptography“

21.09.2015 10Stefan Hoffmann

• „Similar“ (state-of-the-art) cryptographic security from a

high-level point-of-view

• SMGW provides a holistic security concept that includes

more aspects than just pure cryptography

• High importance of Germany‘s Federal Office of

Information Security as sovereign trust anchor

• ENISA (European Network and Information Security

Agency) initiative to harmonize smart meter techniques

Concluding remarks

21.09.2015 11Stefan Hoffmann

Thank you for your attention!

Contact:

Stefan Hoffmann

Phone: +49 208 88254-826

E-mail: stefan.hoffmann@hs-rw.de

21.09.2015 12Stefan Hoffmann

IEEE International Symposium on Power Line

Communications and its Applications

March 20th to March 23th 2016

(new date)

Visit the website:

www.ieee-isplc.org

Coming soon: ISPLC 2016

21.09.2015 13Stefan Hoffmann

Conference will take place at

Hochschule Ruhr West University of Applied Sciences

Bottrop, Germany

Venue

21.09.2015 14Stefan Hoffmann

Important dates

Submission of full papers:

November 16, 2015

Notification of Acceptance:

January 15, 2016

Camera-ready papers due:

February 22, 2016

Call for Papers

21.09.2015 15Stefan Hoffmann

Gerd Bumiller, General Chair

Hochschule Ruhr West University of Applied Sciences

Phone: +49 208 88254808

E‐mail: gerd.bumiller@hs‐ruhrwest.de

Contact informationm