Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December...

22
Trusted gateway: a smart grid use case Pierre Girard / D. Tournier ETSI M2M workshop, Sophia-Antipolis, December 10, 2014

Transcript of Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December...

Page 1: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Trusted gateway: a smart grid

use case

Pierre Girard / D. Tournier

ETSI M2M workshop, Sophia-Antipolis, December 10, 2014

Page 2: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Agenda

2

A reminder from last year

Bringing trust to the smart grid ecosystem

Implemented security mechanisms

Page 3: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

A reminder from last year

3

Page 4: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

How to enable trust ?

4

Security mechanisms

Security assurance

Security

life cycle mgt

Page 5: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Service

framework

A gateway template

5

Se

rvic

e

Se

rvic

e

Se

rvic

e

Gateway

OS / hardware layer

Services

management

API

Framework

common services

Ser vicesm anagem ent

API

Service

Service

Service

Secure

elementSer vice f ramework

O S / har dware layer

Fr am ewor kcom m on ser vices

WAN

LAN

Page 6: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Security mechanisms

6

Services

management

API

Se

rvic

e

Se

rvic

e

Se

rvic

e

Gateway

Service

framework

OS / hardware layer

Framework

common services

WAN

LAN

Ser vicesm anagem ent

API

Service

Service

Service

Secure

elementSer vice f ramework

O S / har dware layer

Fr am ewor kcom m on ser vices

Services

isolation

Services

communicationPolicies, permissions,

users, authentication,

crypto…

Code integrity,

secure boot

Secure com.

Secure com.

Tamper resistant

execution environment

Page 7: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Security assurance

Services

management

API

Se

rvic

e

Se

rvic

e

Se

rvic

e

Gateway

Service

framework

OS / hardware layer

Framework

common services

LAN

Ser vicesm anagem ent

API

Service

Service

Service

Ser vice f ramework

O S / har dware layer

Fr am ewor kcom m on ser vices

Gateway manager

Se

rvic

e

Page 8: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Life cycle management

8

Services

management

API

Se

rvic

e

Se

rvic

e

Se

rvic

e

Gateway

Service

framework

OS / hardware layer

Framework

common services

WAN

LAN

Ser vicesm anagem ent

API

Service

Service

Service

Secure

elementSer vice f ramework

O S / har dware layer

Fr am ewor kcom m on ser vices

Se

rvic

e

Service

Page 9: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Bringing trust to the smart grid

ecosystem

9

Page 10: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

A Smart Grid use case

10

Typical security concernsPrivacy protection

Fraud

National critical infrastructure

Features

Smart

Secured• Nodes and infrastructure

• Applications

• Communications

• Autonomous

• Dynamically reconfigurable

• Smart Grid (power routing, load management)

• Smart Metering (automatic meter reading)

• Solar panel or Grid to Vehicle

Page 11: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Security and cryptographic requirements

12

Scalable solutionSize :From 100s to Million of devices

Time : Long term security is needed (> 10 years)

Certifications : Common Criteria / FIPS / ...

Cryptographic / security mechanism agility

Minimum cryptographic requirementsSHA-2

ECC (with curve agility)

TLS 1.2 with recent cipher suite (ECDH, ECDSA, GCM, ...)

Tamper resistant hardware

Page 12: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Proof of Concept

13

http://youtu.be/LuPiS3_FBrs

http://youtu.be/LuPiS3_FBrs
Page 13: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Implemented security mechanisms

14

Page 14: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

HW architecture of a Secure Element

15

ROM

EEPROM

RAM

CPU

Crypto

UART

ISO7816

SPI…

Host

SE

6 x 5 mm

Page 15: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

SW Architecture of a Secure Element

16

Java Card VM

Operating System

Java Card API

Ap

ple

t

1

Ap

ple

t

2

Glo

bal P

latfo

rm

APDU

Secure Element

Host

CPU

Page 16: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Smart grid reference design

17

Java Card VM

Operating System

Java Card API 3.0.1

PA

CE

IAS

4.2

Glo

bal P

latfo

rm

Secure Element

Infineon SLE78

TLS 1.2 support

Data signature / verification

Data encryption / decryption

Certificates storage

RSA 4096

AES 256

SHA 512

ECC 521

Page 17: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Our software set-up

18

Raspberry Pi

Java Card VM

Operating System

Java Card API 3.0.1

PA

CE

IAS

4.2

Glo

ba

l Pla

tform

Secure Element

Infineon SLE78

PC/SC lite

Raspbian

PKCS#11

Grid

mg

t

Me

terin

g

APDU

PKCS#11 crypto provider

Java 8 embedded API

Distributed framework

Ad

min

Page 18: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

19

End to end secured data

Signature + encryption

Secured communication

TLS 1.2

Secured framework config

Broadcast

Self discovery of trusted nodes

and services

Our security set-up

Page 19: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Life cycle management

20

Page 20: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

2 Types of TSM

22

In charge of SE content management

Issuer TSM

In charge of service deployment and

application management

Service Provider TSM

Gemalto Operation center

SP TSM 2 Issuer TSM 2

SP TSM Issuer TSM

Page 21: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

Examples of Remote administration

23

Certificate renewal

Keys renewal

Third parties access rights

Crypto agility

Blocking / unblocking / auditing device

Java code update

Large scale campaigns

Page 22: Trusted gateway: a smart grid use case - ETSI€¦ · ETSI M2M workshop, Sophia-Antipolis, December 10, 2014. Agenda 2 ... SP TSM 2 Issuer TSM 2 SP TSM Issuer TSM. Examples of Remote

24

Standards Trust+Ecosystem with shared hardware

platforms enabling new business

models for innovative services


TSM mandatorydisclousrepgdm_mba.pdf

TSM mandatorydisclousrepgdm_mba.pdf

practical TSM

practical TSM

TSM HSM Explained - Oxford University TSM Symposiatsm-symposium.oucs.ox.ac.uk/2003/papers/Christian.pdf · TSM HSM Explained Christian Bolik (bolik@de.ibm.com) ... Note: TSM server

TSM HSM Explained - Oxford University TSM Symposiatsm-symposium.oucs.ox.ac.uk/2003/papers/Christian.pdf · TSM HSM Explained Christian Bolik ([email protected]) ... Note: TSM server

TSM Toulouse School of Management - tsm-education.fr · TSM Toulouse School of Management Course Catalogue 2019-2020 Master level

TSM Toulouse School of Management - tsm-education.fr · TSM Toulouse School of Management Course Catalogue 2019-2020 Master level

NI TSM-101x User Manual - National Instruments · NI TSM-1012, NI TSM-1015, NI TSM-1017 Touch Screen Monitors This document describes the features of the National Instruments TSM-101x

NI TSM-101x User Manual - National Instruments · NI TSM-1012, NI TSM-1015, NI TSM-1017 Touch Screen Monitors This document describes the features of the National Instruments TSM-101x

TSM Studio Server and TSM Studio Operational Reportingdownloads.spiritsoftware.biz/tsmstudiodocumentation/TSM...Add the SQL for this item, if the SQL is different from TSM v5 to V6

TSM Studio Server and TSM Studio Operational Reportingdownloads.spiritsoftware.biz/tsmstudiodocumentation/TSM...Add the SQL for this item, if the SQL is different from TSM v5 to V6

Tsm organizations

Tsm organizations

Tutorial tsm

Tutorial tsm

Procedure Tsm

Procedure Tsm

THE OFF GRID MODULE page/DPS... · 2016-10-17 · 5 years workmanship warranty 25 years performance warranty THE OFF GRID MODULE TSM-PC 24 / TSM-PC26 TSM-PC20 TSM-135 PC 20 TSM-140

THE OFF GRID MODULE page/DPS... · 2016-10-17 · 5 years workmanship warranty 25 years performance warranty THE OFF GRID MODULE TSM-PC 24 / TSM-PC26 TSM-PC20 TSM-135 PC 20 TSM-140

TSM Point of View and Issues Faced EC/ETSI Workshop on …docbox.etsi.org › Workshop › 2014 › 201407_MPAYMENTWORKSHO… · 2014-07-01 · 1. Mobile Payments Landscape 2. Secure

TSM Point of View and Issues Faced EC/ETSI Workshop on …docbox.etsi.org › Workshop › 2014 › 201407_MPAYMENTWORKSHO… · 2014-07-01 · 1. Mobile Payments Landscape 2. Secure

TSM Series UL - FINE SINTERhydraulic.fine-sinter.com/pumps/pdf/pump_2.pdf · TSM Series Pump unit with Reservoir TSM-CBU TSM-CBU Model Identification TSM-CBU-IOL P H-MI-CN-IL UL-recognized

TSM Series UL - FINE SINTERhydraulic.fine-sinter.com/pumps/pdf/pump_2.pdf · TSM Series Pump unit with Reservoir TSM-CBU TSM-CBU Model Identification TSM-CBU-IOL P H-MI-CN-IL UL-recognized

KMBT 754-20150923111822...TSM-xxxPC14.50(11) (xxx=300-360, in steps of 5, 72 cells) TSM-xxxPD05, TSM-xxxPD05.08, TSM-xxxPD05.10 TSM-xxxPD05.18, TSM-xxxPD05.50 (xxx=265-275, in steps

KMBT 754-20150923111822...TSM-xxxPC14.50(11) (xxx=300-360, in steps of 5, 72 cells) TSM-xxxPD05, TSM-xxxPD05.08, TSM-xxxPD05.10 TSM-xxxPD05.18, TSM-xxxPD05.50 (xxx=265-275, in steps

TSM-PA05 - The Solar Store Home Page the module dimensions of pv module tsm-pa05.18 i-v curves of pv module tsm-245 pa05.18 electrical data @ noct tsm-240 pa05.18 tsm-245 pa05.18 tsm-250

TSM-PA05 - The Solar Store Home Page the module dimensions of pv module tsm-pa05.18 i-v curves of pv module tsm-245 pa05.18 electrical data @ noct tsm-240 pa05.18 tsm-245 pa05.18 tsm-250

TSM-PC22 TSM-PC24 - ENF Solar · 2012. 12. 20. · TSM-o ffgrid_Nov_2012 TSM-PC20 / TSM-PC22 / TSM-PC24 / TSM-PC26 The OFF GrID MODULe TeraUMPe T re raTINGS Nominal operating Cell

TSM-PC22 TSM-PC24 - ENF Solar · 2012. 12. 20. · TSM-o ffgrid_Nov_2012 TSM-PC20 / TSM-PC22 / TSM-PC24 / TSM-PC26 The OFF GrID MODULe TeraUMPe T re raTINGS Nominal operating Cell

Andy NEW TSM Client Diagnostics - Oxford University TSM ...tsm-symposium.oucs.ox.ac.uk/2005/papers/TSM Client Diagnostics... · Oxford University TSM Symposium 2005 ... TSM Client

Andy NEW TSM Client Diagnostics - Oxford University TSM ...tsm-symposium.oucs.ox.ac.uk/2005/papers/TSM Client Diagnostics... · Oxford University TSM Symposium 2005 ... TSM Client

TSM SENSORS - Company Brochuretsmsensors.com/images/corporate-brochure/TSM... · Title: TSM SENSORS - Company Brochure Author: TSM SENSORS S.R.L. Created Date: 10/2/2017 10:24:29

TSM SENSORS - Company Brochuretsmsensors.com/images/corporate-brochure/TSM... · Title: TSM SENSORS - Company Brochure Author: TSM SENSORS S.R.L. Created Date: 10/2/2017 10:24:29

TSM Point of View and Issues Faced EC/ETSI Workshop on ...

TSM Point of View and Issues Faced EC/ETSI Workshop on ...

TSM Studio Libraries - Spirit Software Solutionsdownloads.spiritsoftware.biz/.../TSMStudioLibraries.pdfTSM Studio Libraries TSM Studio Libraries are a repository for TSM SQL statements,

TSM Studio Libraries - Spirit Software Solutionsdownloads.spiritsoftware.biz/.../TSMStudioLibraries.pdfTSM Studio Libraries TSM Studio Libraries are a repository for TSM SQL statements,

ANNUAL TSM RESIDENTIAL WORKSHOP - tsm … · ANNUAL TSM RESIDENTIAL WORKSHOP ... or apply online: ... The Secretary, iCT Training Centre,

ANNUAL TSM RESIDENTIAL WORKSHOP - tsm … · ANNUAL TSM RESIDENTIAL WORKSHOP ... or apply online: ... The Secretary, iCT Training Centre,