Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Creating a platform of trust - Meter data transmission the secure way

2,004 views

Published on

As the legislative and regulatory drivers around smart meter data privacy continue to take shape, the transmission of energy consumption data is coming under increased scrutiny. Landis+Gyr have invested significant effort to enhance their Gridstream® smart grid solution to include secure communications. This will help its customers comply with the requirements of the European Union directive on privacy and its recommendations for the rollout of smart metering systems.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Creating a platform of trust - Meter data transmission the secure way

  1. 1. Christian Giroux EUW 2014 © Landis+Gyr | November 4, 2014 Creating a platform of trust Meter data transmission the secure way
  2. 2. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014  The information flow between smart meters and head end systems  Secure communication technology Focus of this presentation 2 Head End System Smart Meter
  3. 3. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 The EU regulatory environment for smart meter security and privacy
  4. 4. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 ​Preparations for the roll-out of smart metering systems  Directives 95/46/EC and 2002/58/EC are fully applicable to smart metering which processes personal data, in particular in the use of publicly available electronic communications services Article (7)  Data protection and information security features should be built into smart metering systems before they are rolled out Article (10)  The use of encrypted channels is recommended Paragraph 1.24 EU Recommendation 2012/148/EU 4
  5. 5. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 Achieving interoperability in smart meter communications security
  6. 6. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 COSEM Data Model DLMS Application Layer DLMS Authentication and EncryptionEuridis M-BusWired M-BusWireless EthernetIPv4–v6 PLCPRIMEOFDM PLCG3OFDM PLCPLAN+S-FSK GPRS2G3GIPv4 PSTN RFIPv4–v6 GPRS4GIPv4–v6 IDIS security supports multiple transport layers 6 COSEM Data Model DLMS Application Layer DLMS Authentication and EncryptionEuridis M-BusWired M-BusWireless EthernetIPv4–v6 PLCPRIMEOFDM PLCG3OFDM PLCPLAN+S-FSK GPRS2G3GIPv4 PSTN RFIPv4–v6 GPRS4GIPv4–v6
  7. 7. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 How using encrypted and authenticated messaging builds trust
  8. 8. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 How can we build trust? ​Ensure message confidentiality  Disclose information only to authorized entities ​Ensure message integrity  Do not allow information to be changed ​Ensure message authenticity  Show information only to entities whose right of access has been verified 8
  9. 9. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 DLMS message cryptography ​DLMS uses AES-GCM-128 ​Advanced Encryption Standard ​Galois Counter Mode ​128-bit key lengths ​With multiple symmetric keys  Authentication Key  Unicast Encryption Key  Broadcast Encryption Key  Key Encryption Key 9
  10. 10. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 The Gridstream® secure communications implementation Europe, Middle East and Africa
  11. 11. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014  DLMS applied to power line and mobile communications – Driven by IDIS 1 industry association – DLMS 2 symmetric keys – TLS 3 tunnel to data concentrator – SKM 4 /HSM 5 for crypto-management – Initial key generation Secure communications 11 1 Interoperable Device Interface Specifications 2 Device Language Message Specification 3 Transport Layer Security 4 Secure Key Manager 5 Hardware Security Module
  12. 12. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 Symmetric key cryptography  Used between DLMS server and client  Meter to data concentrator (Power line)  Meter to head end system (Mobile)  Each meter uses a unique set of keys  The meter, the data concentrator and the head end system share the same keys  Replacement keys are distributed securely  Keys are stored securely 12
  13. 13. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 Asymmetric key cryptography  Data concentrator to head end system  Access to data concentrator web management tool  Access to meter field installation tool  Distribution of initial keys from meter manufacturing facility to operative head end system 13
  14. 14. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 Key distribution  Symmetric key cryptography for meter data  The meter and the head end system need to use identical keys  A set of initial keys are written into the meter at production  A set of identical keys are sent securely from the production facility to the customer’s head end system where they are stored securely 14
  15. 15. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014 Secure deployment 15 Write initial keys into meter Send initial keys to utility Store keys in system Install meters Enable secure messages Meter Keys DLMS-COSEM HLS authentication and encryption Field Tool HSM Head End System Key File System titles DLMS keys L+G Production System L+G Production System
  16. 16. European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014  European Union regulation  Interoperable security with IDIS  DLMS authentication and encryption  The EMEA Gridstream® secure communications implementation Presentation summary 16
  17. 17. Thank you for your attention European Utility Week | Christian Giroux | © Landis+Gyr | November 4, 2014

×