Protection Profile for the Gateway of a Smart Metering System Combining privacy protection with security for the grid

Similar documents
Markus Bartsch. German Smart Metering and European Privacy Needs

Privacy and Security in Smart Grids

Legal Regulations and Vulnerability Analysis

Communication Concept for Smart Metering, Smart Grid and Home Automation

The German IT Security Certification Scheme. Joachim Weber

Smart Gas Metering in Germany.

SMARTMETER. A technological overview of the German roll-out. Peter Hasse. 28. Dec 2012

BSI-CC-PP for

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

BSI-CC-PP for. FIDO Universal Second Factor (U2F) Authenticator, Version 1.0. developed by. Federal Office for Information Security

BSI-CC-PP for. Java Card Protection Profile - Open Configuration, Version December developed by. Oracle Corporation

Regulatory Issues of Smart Grids

Assurance Continuity Maintenance Report

BSI-CC-PP-0088-V for

BSI-CC-PP for

Specification of the Security Target TCOS Smart Meter Security Module Version 1.0 Release 2/P60C144PVE Version: / Final Version

Economic and Social Council

Predictive Assurance

Smart Meter Security. Martin Klimke, Principle of Technical Marketing Infineon Chip Card and Security

ISO/IEC TR TECHNICAL REPORT

Electronic Health Card Terminal (ehct)

Smart Meter Rollout Germany Schedule and Regulatory framework. Joachim Gruber EnBW AG 3. November 2015

Smart Grid vs. The NERC CIP

Update on Smart Grid Deployment in the EU. Dr.-Ing. Manuel Sánchez Jiménez Team Leader Smart Grids Directorate General for Energy European Commission

RNGs for Resource-Constrained Devices

Digitalization in the Energy Market Test Technology for the Electricity Market 2.0

Protection profiles for TSP Cryptographic modules - Part 5

Common Criteria Protection Profile. Mobile Card Terminal for the German Healthcare System (MobCT) BSI-CC-PP-0052

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

New Security Features in DLMS/COSEM

Procedure for Network and Network-related devices

Smart Metering industry approach for aligning standardization requirements and national security demands

European Commission SGTF Expert Group Findings on Interoperability

Applied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.

Regulatory challenges for the deployment of smart grids

Smart Gas Grids. Manuel Sánchez, Ph.D. Team Leader Smart Grids Directorate General for Energy European Commission

German Smart Metering System

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

EU policy and the way forward for smart meters and smart grids

Certification Report - Protection Profile Encrypted Storage Device

This document is a preview generated by EVS

Roles and Responsibilities in the context of Ontario s Smart Grid. Ontario Smart Grid Forum Monday, February 22 nd 2010

Security Risks of an Advanced Metering Infrastructure

Cryptographic Modules, Security Level Moderate. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Connected Health Principles

josef A Java-Based Open-Source Smart Meter Gateway Experimentation Framework

Roche Directive on the Use of Roche Electronic Communication Tools

Security analysis and assessment of threats in European signalling systems?

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Grid Security Policy

Holistic view on security as foundation for trust and innovation in new energy markets

Intelligent Solutions for the Highest IT Security Requirements

EU-R VIDEO SECURITY, DATA PROTECTION AND DATA SECURITY

Securing Smart Meters with MULTOS Technical Overview

OpenWay by Itron Security Overview

IT Security Evaluation and Certification Scheme Document

_isms_27001_fnd_en_sample_set01_v2, Group A

Platform Economy and Trustworthiness Standardization

INFORMATION ASSET MANAGEMENT POLICY

Verizon Software Defined Perimeter (SDP).

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

eidas compliant Trust Services with Utimaco HSMs

FeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.

Two Aspects of Exercising Cyber Incidents

Deutsche Telekom s Smart Energy Activities. Metering Billing/CRM Europe 2012 I October 2012

Technical Guideline TR eid-server. Part 2: Security Framework for eid-server operations

Roll-out of Smart Metering the key for success

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Security Requirements of FIPS PUB 140 & Reconfigurable Hardware. G. Bertoni Politecnico di Milano

Working with the EU Directive High common level of network and information security. Martin Apel, SANS ICS Summit, Munich und

This document is a preview generated by EVS

National Information Assurance Partnership

ISO/IEC INTERNATIONAL STANDARD

Verwendung der sicheren BSI Smart Metering Infrastruktur für Anwendungen aus der Wohnungswirtschaft und gewerbliche Liegenschaften

Smart Meters between Innovation Promise and Consumer Benefit. Anne Kallies, RMIT and Lee Godden, Melbourne Law School

Security and Architecture SUZANNE GRAHAM

GDPR Update and ENISA guidelines

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

NIS Standardisation ENISA view

Cyber security for digital substations. IEC Europe Conference 2017

Classification of information V1.1

Secure by design: An approach for a virtual power plant

Innovation policy for Industry 4.0

Standard. Use of Cryptography. Information Security Manager. Page 1 of 12

Electronic Commerce Working Group report

Security in grid control centers: Spectrum Power TM Cyber Security

SME License Order Working Group Update - Webinar #3 Call in number:

Who s Protecting Your Keys? August 2018

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

Sparta Systems TrackWise Digital Solution

Architecture and Development of Secure Communication Solutions for Smart Grid Applications

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP)

NIST Smart Grid Activities

Brief introduction of WG 3

Policy drivers and regulatory framework to roll out the Smart Grid deployment. Dr. Manuel Sánchez European Commission, DG ENERGY

Supporting Common Criteria Security Analysis with Problem Frames

Our Privacy Policy gives you detailed information on when and why we collect your personal information, how we use it and how we keep it secure.

BSI-CC-PP for. Portable Storage Media Protection Profile (PSMPP), Version 1.0. from. Federal Office for Information Security

Australasian Information Security Evaluation Program

Work Package 2.4. (Public) Procurement Expert Group on the security and resilience of communication networks and information systems for Smart Grids

Transcription:

Protection Profile for the Gateway of a Smart Metering System Combining privacy protection with security for the grid Dr. Helge (BSI) 12th ICC, 29.9.2011

A Possible Smart Grid 2

Introduction Smart Meter System Entities Consumer Grid Operator Supplier Producer Meter Operator... Producer... GW Operator WAN Local Assets Display TOE functionality Physical implementations Meter(s) CLS 3

Introduction Smart Meter System Entities Assets data Supplementary data Gateway time Producer... GW Operator Meter WAN Local 18.6 a:=b Meter configuration Gateway configuration CLS configuration... Display TOE functionality Physical implementations Meter(s) CLS 4

Introduction Smart Meter System Entities Assets TOE Producer GW Operator functionality Handling of meter data Protection of confidentiality, integrity, authenticity Firewalling Wake-up service Privacy protection Management Physical... WAN Local Display implementations Meter(s) CLS 5

Introduction Smart Meter System Entities Assets Producer functionality Physical implementations... GW Operator TOE WAN One box solution Distinct meter(s) Local One way communication Two way communication Display... Meter(s) CLS 6

Assumptions A.ExternalPrivacy authorised and authenticated external entities receiving any kind of privacy-relevant data or billing-relevant data and the applications that they operate are trustworthy (in the context of the data that they receive) and do not perform unauthorised analyses of this data with respect to the corresponding consumer(s). A.TrustedAdmins A.PhysicalProtection A.AccessProfile A.Update A.Network 7

Assumptions A.ExternalPrivacy It is assumed that the Gateway Administrator is trustworthy and well trained. A.TrustedAdmins A.PhysicalProtection A.AccessProfile A.Update A.Network 8

Assumptions A.ExternalPrivacy It is assumed that the TOE is installed in a non-public environment within the premises of the consumer which provides a basic level of physical protection. This protection covers the TOE, the Meter(s) that the TOE communicates with and the communication channel between the TOE and its Security Module. A.TrustedAdmins A.PhysicalProtection A.AccessProfile A.Update A.Network 9

Assumptions A.ExternalPrivacy The access control profiles that are used when handling data are assumed to be trustworthy and correct. A.TrustedAdmins A.PhysicalProtection A.AccessProfile A.Update A.Network 10

Assumptions A.ExternalPrivacy Firmware updates for the Gateway... provided by an authorised external entity have undergone a certification... according to this Protection Profile before they are issued and [are] to be correctly implemented. The external entity is authorised to provide the update is trustworthy and will not introduce any malware. A.TrustedAdmins A.PhysicalProtection A.AccessProfile A.Update A.Network 11

Assumptions A.ExternalPrivacy A.TrustedAdmins A.PhysicalProtection A.AccessProfile A.Update A.Network a WAN connection with a sufficient reliability and bandwidth trustworthy source(s) for an update of system time the Gateway is the only communication gateway for Meters in the LMN if devices in the HAN have a separate connection to parties in the WAN (beside the Gateway) [it] is appropriately protected 12

Threats Data privacy Power consumption of a fridge Power consumption several devices Pictures with kind permission Klaus Müller, Secorvo 13

Threats: Who turns off the light? Map: DeStatis/D. Liuzzo 14

Threats: Who turns off the light? 15

Threats Overview Internal attacker with physical access WAN attacker with remote access (new in metering) Main aims of attackers: Privacy violations, e.g. tracking of consumers Billing process manipulation Large scale infrastructure(s) manipulation High attack potential: EAL4 augmented by AVA_VAN.5 and ALC_FLR.2 16

Threats as stated in PP T.DataModificationLocal T.DataModificationWAN T.TimeModification T.DisclosureWAN T.DisclosureLocal T.Infrastructure T.ResidualData T.ResidentData T.Privacy 17

OSP OSP.SM The TOE shall use the services of a certified Security Module for OSP.Log verification of digital signatures, generation of digital signatures, key agreement, Random Number Generation, asymmetric de- and encryption. 18

OSP OSP.SM The TOE maintains logs: system log consumer log calibration log OSP.Log Access rules to logs Retention rules 19

Security Objectives O.Firewall Full and extended information available in PP O.SeparateIF O.Conceal O.Meter O.Crypt O.Time O.Protect O.Management O.Log O.Access 20

Security Objectives O.Firewall Data Minimisation, i.e. for each type of process data: O.SeparateIF O.Conceal Transmission O.Meter Recipients Signature keys Encryption keys Pseudonymisation (if any) O.Crypt O.Time O.Protect O.Management O.Log intervals Access Control Profiles O.Access 21

Legal integration EU directive mandating the roll out of Smart Meters Introduction into German law in summer 2011 Gateway required for large classes of consumers, e.g. New installations / Large refurbishments User with consumption > 6000 kwh Prosumers (e.g. solar plant owners), if > 7 kw Only devices certified according to PP may be installed Transition period for mounted devices Effective as of 2013 Introduction into European Standardization in progress 22

National development Development stipulated by BfDI (Federal Privacy Officer) Development under auspices of the Federal Ministry of Economics and Technology Collaboration with PTB (national metrology), BNetzA (Federal Network Agency) and BfDI and other agencies Consulting with Industry organisations: Three commenting rounds with panel discussions > 20 industry organisations participated > 1200 comments received 23

Impression of an industry meeting 24

Technical Guideline Technical Guideline for Interoperability and continuous security levels Topics: Description of the environment Processes involving the gateway Communication protocols Access profiles Public key infrastructures Cryptographic requirements Certification and approval process 25

The past, present and future Fall 2010 Initiated by The Federal Commissioner for Data Protection and Freedom of Information Jan 2011 1st draft version for commenting March 2011 2nd draft version for commenting May 2011 3rd draft version for commenting August 2011 Evaluation starts End of 2011 Estimated certification and TR publication 2012 Certifications of Smart Meter Gateways 2013 Deployment of Smart Meter Gateways starts 26

Contact data Federal Office for Information Security (BSI) Dr. Helge Section S25 Godesberger Allee 185-189 53175 Bonn Tel: +49 (0)22899-9582-5244 Fax: +49 (0)22899-10-9582-5244 smartmeter@bsi.bund.de www.bsi.bund.de/smartmeter www.bsi-fuer-buerger.de 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback