New Security Features in DLMS/COSEM

Transcription

1 New Security Features in DLMS/COSEM A comparison to the Smart Meter Gateway Workshop on Power Line Communications 2015 (HRW), Robin Massink (DNV GL), Gerd Bumiller (HRW)

2 Initiated a rethinking process concerning privacy in smart metering systems

3 Reaction in DLMS/COSEM Green Book Version 7 (2013) First reaction to directive: including cryptographic methods Only methods of symmetric cryptography No proper key management possible Latest: Green Book Version 8 (2014) Security methods from Green Book 7 Added: Methods of asymmetric cryptography Allows for establishing an authenticated and encrypted channel More security features

4 Key establishment in DLMS/COSEM (GB V8) Based on elliptic curve cryptography (ECC) Digital Signature Algorithm (DSA) Sign with secret key, verify signature with public key Diffie-Hellman key agreement (DH) Public key infrastructure (PKI) This approach is not possible with methods of Green Book Version 7! Entities have certificates with their identity and public key Certification authority (CA) signs certificates

5 Afterwards: using symmetric cryptography State-of-the-art methods for protected communication Symmetric authentication and encryption Advanced Encryption Standard (AES) with Galois/Counter Mode

6 End-to-end security for third parties Second layer of cryptographic protection Tunneled protection for third parties

7 The Smart Meter Gateway -> All connections using TLS!

8 Comparison of cryptographic core methods Are the NIST curves trustworthy? Parameters defined as preimages of a secure Hash function. An adversary would need to know a certain fraction of weak amount of curves. Such a fraction was not yet discovered by the public

9 Security differences of SMGW beyond cryptography SMGW consists of integrated security concept Certifyability PP has EAL 4+ according to Common Criteria National environment Specialised for German market Government agency as developer State-controlled root-ca More concrete instructions Key lifetimes for PKI usage Concrete class of random sources given Direct connections for external market participants Secure storage and much more

10 Concluding remarks Similar (state-of-the-art) cryptographic security from a high-level point-of-view SMGW provides a holistic security concept that includes more aspects than just pure cryptography High importance of Germany s Federal Office of Information Security as sovereign trust anchor ENISA (European Network and Information Security Agency) initiative to harmonize smart meter techniques

11 Thank you for your attention! Contact: Phone:

12 Coming soon: ISPLC 2016 IEEE International Symposium on Power Line Communications and its Applications March 20th to March 23th 2016 (new date) Visit the website:

13 Venue Conference will take place at Hochschule Ruhr West University of Applied Sciences Bottrop, Germany

14 Call for Papers Important dates Submission of full papers: November 16, 2015 Notification of Acceptance: January 15, 2016 Camera-ready papers due: February 22,

15 Contact informationm Gerd Bumiller, General Chair Hochschule Ruhr West University of Applied Sciences Phone: E mail: gerd.bumiller@hs ruhrwest.de