new security features in dlms/cosem - a comparison to the
TRANSCRIPT
21.09.2015 1Stefan Hoffmann21.09.2015
New Security Features in DLMS/COSEM
A comparison to the Smart Meter Gateway
Workshop on Power Line Communications 2015
Stefan Hoffmann (HRW), Robin Massink (DNV GL), Gerd Bumiller (HRW)
21.09.2015
21.09.2015 2Stefan Hoffmann
Initiated a
rethinking process
concerning privacy in
smart metering systems
21.09.2015 3Stefan Hoffmann
• Green Book Version 7 (2013)
• First reaction to directive: including cryptographic methods
• Only methods of symmetric cryptography
• No proper key management possible
• Latest: Green Book Version 8 (2014)
• Security methods from Green Book 7
• Added:
• Methods of asymmetric cryptography
• Allows for establishing an authenticated and encrypted channel
• More security features
Reaction in DLMS/COSEM
21.09.2015 4Stefan Hoffmann
Based on elliptic curve cryptography (ECC)
• Digital Signature Algorithm (DSA)
• Sign with secret key, verify signature with public key
• Diffie-Hellman key agreement (DH)
Public key infrastructure (PKI)
• Entities have certificates with their identity and public key
• Certification authority (CA) signs certificates
Key establishment in DLMS/COSEM (GB V8)
This approachis not possible
with methods ofGreen Book Version 7!
21.09.2015 5Stefan Hoffmann
State-of-the-art methods for protected communication
• Symmetric authentication and encryption
• Advanced Encryption Standard (AES) with Galois/Counter Mode
Afterwards: using symmetric cryptography
21.09.2015 6Stefan Hoffmann
• Second layer of cryptographic protection
• Tunneled protection for third parties
End-to-end security for third parties
21.09.2015 7Stefan Hoffmann
The Smart Meter Gateway
-> All connections using TLS!
21.09.2015 8Stefan Hoffmann
Comparison of cryptographic core methods
Are the NIST curves trustworthy?• Parameters defined as preimages of a secure Hash function.• An adversary would need to know a certain fraction of weak
amount of curves.• Such a fraction was not yet discovered by the public
21.09.2015 9Stefan Hoffmann
SMGW consists of integrated security concept
• Certifyability
• PP has EAL 4+ according to Common Criteria
• National environment
• Specialised for German market
• Government agency as developer
• State-controlled root-CA
• More concrete instructions
• Key lifetimes for PKI usage
• Concrete class of random sources given
• Direct connections for external market participants
• Secure storage
• … and much more.
Security differences of SMGW „beyond cryptography“
21.09.2015 10Stefan Hoffmann
• „Similar“ (state-of-the-art) cryptographic security from a
high-level point-of-view
• SMGW provides a holistic security concept that includes
more aspects than just pure cryptography
• High importance of Germany‘s Federal Office of
Information Security as sovereign trust anchor
• ENISA (European Network and Information Security
Agency) initiative to harmonize smart meter techniques
Concluding remarks
21.09.2015 11Stefan Hoffmann
Thank you for your attention!
Contact:
Stefan Hoffmann
Phone: +49 208 88254-826
E-mail: [email protected]
21.09.2015 12Stefan Hoffmann
IEEE International Symposium on Power Line
Communications and its Applications
March 20th to March 23th 2016
(new date)
Visit the website:
www.ieee-isplc.org
Coming soon: ISPLC 2016
21.09.2015 13Stefan Hoffmann
Conference will take place at
Hochschule Ruhr West University of Applied Sciences
Bottrop, Germany
Venue
21.09.2015 14Stefan Hoffmann
Important dates
Submission of full papers:
November 16, 2015
Notification of Acceptance:
January 15, 2016
Camera-ready papers due:
February 22, 2016
Call for Papers
21.09.2015 15Stefan Hoffmann
Gerd Bumiller, General Chair
Hochschule Ruhr West University of Applied Sciences
Phone: +49 208 88254808
E‐mail: gerd.bumiller@hs‐ruhrwest.de
Contact informationm