See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/336251226

Design Key Management System for DLMS/COSEM Standard- based Smart

Metering

Conference Paper · January 2018

CITATIONS READS

0 847

2 authors, including:

Seunghwan Ju
Korea Testing Laboratory
34 PUBLICATIONS   75 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

2.5GW Windfarm project in Korea View project

Industrial IoT View project

All content following this page was uploaded by Seunghwan Ju on 04 October 2019.

The user has requested enhancement of the downloaded file.

 International Journal of Engineering & Technology, 7 (3.34) (2018) 554-557

International Journal of Engineering & Technology

Website: www.sciencepubco.com/index.php/IJET

Research paper

Design Key Management System for DLMS/COSEM Standard-

based Smart Metering
Seung-Hwan Ju1, Hee-Suk Seo1*
1
Dept. of Computer Engineering, Koreatech, Dongnam-gu, Cheonan-si, 31253, Republic of Korea
*
Corresponding author E-mail: [email protected]

Abstract

Background/Objectives: Security features are an essential part of recent smart metering systems. Smart meters are considered an
important facility that must be protected by applying the latest security technologies.
Methods/Statistical analysis: Security context determines the rules for applying/verifying security. DLMS/COSEM have Security suite
to set of cryptographic algorithms. This is based on symmetric key based cryptographic communication. The high level security requires
public key based cryptographic communication and digital signature.The security specification references the key scheme of DLMS-
COSEM, which is based on a single set of unique symmetric keys per meter.
Findings: we have studied a sequence for distributing security keys required by DLMS / COSEM.
Our smart metering key distribution system can provide a security key management system such as key generation / distribution between
AMI components. This is a PKI-based authentication using public key method (ECC), and a DLMS standard key distribution method
after generating a session key using a public key. This system can also provide a key management scheme between DLMS clients not
defined in the DLMS standard.
Improvements/Applications: we analyze security requirements of DLMS/COSEM for secure smart metering and design key
distribution/management method.

Keywords: Smart-Metering, Security, Key Distribution, DLMS/COSEM, IEC 62056, Security suite

DLMS/COSEM standard has the following information:

1. Introduction ① Data storage for weighing information
② Access control and management
Smart metering, which provides a key indicator of energy ③ Time and event related control
production, consumption and management, utilizes the latest ④ Payment
information and communication technology (ICT) to digitize the DLMS defines application commands for access (Read/Write) of
traditional information technology and metering information to energy objects defined by COSEM and functions using various
create energy new industries such as energy efficiency and communication media such as PLC (Line Communication) and
demand management. The electricity market in the world is RF-Mesh [3]. This is similar to the language we use, and even if
separated from the power transmission and distribution sector, and we use a variety of communication media such as the Internet,
the power supply subject is also being liberalized and opened from messenger, and telephone, the language used to exchange
the monopolistic fashion in the past [1]. Thus, it is complex and information can understand to be the same. When referring to data
competitive in that various users consume various energy sources objects using DLMS, the OBIS is used as an identifier to identify
provided by various suppliers. Metering in this diverse these objects.
environment requires selective and reliable data access, and it The smart metering system requires various functions such as
focused attention on interoperability issues. The DLMS /COSEM metering, access control, management and data exchange in
communication protocol based on IEC 62056 international various communication media. For flexibility and scalability of
standard is a current global issue as a communication protocol of such a smart metering system, DLMS/COSEM has the following
intelligent metering[2]. In future, this protocol will apply not only modeling – messaging - transport. It defines the architecture [3-5].
to electricity, but also to gas and water, and it is gradually Modeling: The COSEM object model and the OBIS object
expanding and attention focused on standard protocol of smart recognition system model the functions of the meter that can view
metering. It is an electronic meter communication protocol for within their interface. This model includes a set of procedures in
remote meter reading and is widely used throughout smart which all energy types and messages are designed and transmitted.
metering as it is established as IEC 62056 international standard The contents are described in IEC 62056-61, 62 and the DLMS-
and DLMS UA collective standard. It is necessary to become UA Blue Book.
familiar with the terminology in order to understand the standard Modeling: The COSEM object model and the OBIS object
technology. COSEM is an energy object and can represent as an recognition system model the functions of the meter that can be
independent object that contains metering information (properties) viewed within their interface. This model includes a set of
and functions (methods) of energy. The COSEM defined in the procedures in which all energy types and messages are designed
and transmitted. The contents are described in IEC 62056-61, 62
Copyright © 2018 Authors. This is an open access article distributed under the Creative Commons Attribution License, which permits
unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
555 International Journal of Engineering & Technology

and the DLMS-UA Blue Book. Table 1: DLMS/COSEM security requirements [9]
Messaging: DLMS / COSEM Application layer protocol that Category Requirements Description
specifies messages to access data modeled by COSEM objects. It Access Device mutual  LLS and HLS
is specified in IEC 62056-53, DLMS-UA Greenbook for lower Security authentication authentication
 AES128 / 256 based
layer protocols.
encryption
Transport: A communication profile that specifies how DLMS / Message encryption
 Provide dedicated key
COSEM is used in various standardized communication media. Authentication
Transport encryption based on ECC
These are specified in the Greenbook which partially complies Security KA
with IEC, CENELEC and CEN. Message  ECC-based electronic
In order to operate a smart energy system safely, user Authentication signature support, non-
authentication, device authentication, device-to-device Digital Signature repudiation support
communication protection, and infrastructure-level security that
includes all of these are essential. The DLMS/COSEM is a There are two kinds of security like Table1. Access security
symmetric key and a public key based cryptographic algorithm concerns the rights of a client to access to data stored in a given
that provides authentication for user authentication and server. Transport security concerns the 'ciphering' applied to the
confidentiality and integrity as well as security key transmission information exchanged between the server and the client [9-10].
through AES key WRAP, authentication for message integration
and cryptanalysis respectively. In addition, the protection of the 2.1. Access Security
metering information in the environments using various
communication methods depends on the data and level protected The interface class that defines the logical device applies
in the DLMS message and the COSEM data between the meter Association LN. OBIS code of attribute 1st, 2rd is COSEM object
and the third party (third party) or the meter and the HES It is for logical device, defines class ID, logical name, and access
designed to be applied. The standard defines a mutual authority for object. In addition, the SAP information of the client
authentication method for accessing a logical device by a security accessing the LDN, so that the session can be managed in the
function of a smart meter and access rights for a user or role for current communication process. It contains a reference to the
reading, writing or a method of attribute information of an energy Security Setup interface class for implementing the security
data object in a logical device [6-8]. COSEM data objects used in functions and the security mechanism that should implement when
projects that utilize smart meters standardize data from dozens to the application first connects for mutual authentication of the
hundreds of times, metering, power quality, switch control, and logical device [9-11]
communications. Access control divides energy objects logically The communication process for the logical device defined in this
into groups according to the user. We propose a model that way is a three-step process as shown in Figure 1. Application
protects and widely utilizes metering information by preventing Association is a process (COSEM-OPEN) for accessing energy
unreasonable misuse of information by defining authentication data objects. This requires mutual authentication between the
methods and access control rules for energy objects and client and the server. The basic security concept is generated by
effectively providing appropriate data for each service through generating mutual random numbers and re-exchanging the secret
logical devices [8]. message generated through the cryptographic technique using the
Security features, including object authentication for smart meters, shared secret key between the counterparts of the random number.
access rights operations and message encryption, are essential (HLS Authentication)
parts of recent smart metering systems. Smart meters consider an In the second step, the DLMS messages for information retrieval
important facility that must protected by applying the latest (Get), information writing (Set), and method execution (Action)
security technologies. In this paper, we analyze security mutually encrypt and combine in an encrypted manner for the
requirements of DLMS/COSEM for secure smart metering and energy object, Ensure confidentiality and integrity. Finally, after
design key distribution/management method. exchanging the message, AA release process is performed to end
the session.
In COSEM, access security is implemented by Association
2. DLMS/COSEM Security Request / Association Response exchanges. Clients and servers
are identified by addresses and negotiate authentication contexts.
DLMS/COSEM has the following security requirements: Members Mechanism Name of Association Request specifies
Authentication of communicating partners the level of security that clients use to access the server. Possible
Controlling access rights depending on the role of the client values are:
End-to-end security between third party and server
Protection of COSEM data and xDLMS messages

Figure 1: Authentication method of DLMS/COSEM

Lowest level security: this is in fact ''no security'' at all. High Level security: the client and the server have to identify
Low Level security: the client has to provide a valid password themselves using a 4 passes process.
556 International Journal of Engineering & Technology

2.2. Transport Security services (ReadRequest, GetRequest, ReadResponse,

WriteResponse, etc.) have a corresponding encrypted variant. The
The xDLMS APDU carrying the service primitive can be COSEM / DLMS symmetric key security system uses Gallois
password protected. The security context and access rights Counter Mode with the AES-128 algorithm. The encryption
determine the required protection. To provide end-to-end security procedure has six inputs and delivers one output [11].The
between third parties and servers, these third parties can use the encrypted message is transmitted as shown in Table 3.
client as a broker to access resources on the server. In addition, the
COSEM data carried by the xDLMS APDU can be password Table3: APDU Transport sequence
protected [11]. Sender Receiver
The following functions are required for smart metering security: 1 - Convert the plain xml to
-
APDU
Device mutual authentication
2 - Cipher the APDU -
Message encryption / authentication
3 - Create the glo_ service -
Establish a secure data communication channel 4 - Convert to APDU and 4 - Receive the response APDU
Security context determines the rules for applying/verifying transmit using HDLC or 5 - Convert to xml to have the glo_
security. DLMS/COSEM have Security suite [Table 2] to set of WRAPPER service
cryptographic algorithms. 6 - Extract the embedded ciphered
-
This is based on symmetric key-based cryptographic frame
communication, but high-level security requires public key based 7 - Decipher to a GetResponse
-
cryptographic communication and digital signature. APDU
Transport security is performed using an encrypted COSEM - 8 - Convert the plain APDU to xml
service instead of a regular COSEM service. All generic COSEM

Table2: DLMS/COSEM Security Suites

Security Suite
Authenticated Encryption Digital Signature Key agreement Hash Key-transport
ID
0 AES-GCM-128 - - - AES-128 Key wrap
1 AES-GCM-128 ECDSA with P-256 ECDH with P-256 SHA-256 AES-128 Key wrap
2 AES-GCM-256 ECDSA with P-384 ECDH with P-384 SHA-384 AES-256 Key wrap

3. Certificate Management System

Figure 2: DLMS/COSEM example for manage of security keys

To satisfy the DLMS / COSEM Security of Chapter 2, we must management system is required, and it is expected that the key be
have a public key-based authentication scheme. DLMS/COSEM transmitted securely and correctly. We designed key management
Security requires a security keys [Table4]. In this study, we design service that is not defined in DLMS / COSEM to be compatible
a method and system for distributing it. with DLMS/COSEM specification.
According to Figure 2, Master key identify as the KEK in general
Table4: DLMS/COSEM Security key and their management ciphering APDUs between client-server. Global keys (GUEK,
Key type Purpose GBEK) service-specific global ciphering APDU client-server.
Key Encrypting Key(KEK) for : They are used object protection parameters. Encryption is the
(new) Master key
Master Key, KEK process of using an algorithm to transform information so that it is
Global encryption or authentication keys
Ephemeral encryption keys not read by anyone other than the owner of the key. Secure
Global unicast encryption, Block cipher key for unicast communications are imperative for data transfer between devices
GUEK xDLMS APDUs and/or COSEM data in the measurement, switching and display system and the
Part of Association to the ciphering process components of data collection system, such as a data concentrator
(Global) Authentication
key, GAK
of or the head end system. The DLMS-COSEM protocol provides
xDLMS APDUs and/or COSEM data several security features for data authentication and transport.
Block cipher key of unicast xDLMS Data transfer security provides privacy and authentication of data
Dedicated key (unicast) APDUs, as it moves from multiple energy meter points to the next system
within and established Association
instance.
Block cipher key for
Ephemeral encryption key
xDLMS APDUs and/or COSEM data
The main steps in the smart metering security key-generation and
management process are as follows like Figure 3:
Step 1: The manufacturing facility uses a secure key manager
Many keys are used for secure smart metering communications.
software and secure key storage hardware to generate an initial
The key must be updatable and must be able to authenticate with
unique key set for each meter consisting of a master key (a key
other components using the new key. Therefore, a key
encryption key) and initial global keys (GUK, GBEK, and
 557 International Journal of Engineering & Technology

GUEK). the installation process, AIM securely distributes the key material
Step 2: The global keys are encrypted using the master key and to appropriate data concentrator (using TLS over mobile
written to the meter. communications) and initiates communication with the meter.
Step 3: The KMS (Key management system) sends a copy of the Step 6: As part of the communication initialization process, AIM
key material to the utility AIM system using signed secure based renews the meter’s global keys and distributes them to the data
on the public key infrastructure. concentrator and meter.
Step 4: The utility AIM system stores and manages the key Step 7: All communication from the head end system to the meter
material using its local secure key manager and secure key storage via the data collection system authenticated and encrypted using
hardware. the renewed meter-specific keys.
Step 5: As each meter is registered to the AIM system as part of

Figure 3: Design of Key distribute system for Smart metering

[2] Jain, S., Kumar, V., Paventhan, A., Chinnaiyan, V. K., Arnachalam,
V., & Pradish, M. (2014, March). Survey on smart grid
5. Conclusion technologies-smart metering, IoT and EMS. In Electrical,
Electronics and Computer Science (SCEECS), 2014 IEEE Students'
Smart metering technology can provide efficient energy saving Conference on (pp. 1-6). IEEE.
through more reasonable energy consumption by providing [3] Schneps-Schneppe, M., Maximenko, A., Namiot, D., & Malov, D.
(2012, October). Wired Smart Home: energy metering, security,
various kinds of data, and it is expected that demand management
and emergency issues. In Ultra-Modern Telecommunications and
and load distribution will be possible by energy resource. Smart Control Systems and Workshops (ICUMT), 2012 4th International
metering is an energy management service based on two-way data Congress on (pp. 405-410). IEEE.
communication. It supports a wide range of applications such as [4] Zaballos, A., Vallejo, A., Majoral, M., & Selga, J. M. (2009).
remote meter reading, customer relationship management and Survey and performance comparison of AMR over PLC standards.
demand-side management. Smart metering provides utilities IEEE transactions on power delivery, 24(2), 604-613.
support for load control, power failure reporting, and power [5] Feuerhahn, S., Zillgith, M., Wittwer, C., & Wietfeld, C. (2011,
quality monitoring. October). Comparison of the communication protocols
DLMS/COSEM, SML and IEC 61850 for smart metering
DLMS/COSEM specifies security functions such as encryption,
applications. In Smart Grid Communications (SmartGridComm),
authentication, and digital signature. To build this security 2011 IEEE International Conference on (pp. 410-415). IEEE.
function, the key management system is needed. We designed a [6] Štruklec, G., & Maršić, J. (2011, May). Implementing
key management system that not define in the DLMS standard DLMS/COSEM in smart meters. In Energy Market (EEM), 2011
Our smart metering key distribution system can provide a security 8th International Conference on the European (pp. 747-752). IEEE.
key management system such as key generation / distribution [7] Kmethy, G. (2009). IEC 62056 DLMS/COSEM workshop. Part 5:
between AMI components. This is a PKI-based authentication COSEM data model. Metering Europe, Vienna.
using public key method (ECC), and a DLMS standard key [8] Ju, S. H., Park, Y. I., Sim, S. G., Lim, M. C., Han, S. H., & Seo, H.
S. (2016). Meter-HES mutual authentication in the smart grid AMI
distribution method after generating a session key using a public
environment. International Journal of Security and Its Applications,
key. This system can also provide a key management scheme 10(12), 43-52.
between DLMS clients not defined in the DLMS standard. [9] Weith, L. (2014). DLMS/COSEM protocol security evaluation.
[10] Kim, S., Chng, H., & Shon, T. (2014, November). Survey on
security techniques for AMI metering system. In SoC Design
Acknowledgment Conference (ISOCC), 2014 International (pp. 192-193). IEEE.
[11] McDaniel, P., & McLaughlin, S. (2009). Security and privacy
This paper was partially supported by the Education and Research challenges in the smart grid. IEEE Security & Privacy, 7(3).
Promotion Program

References
[1] Darby, S. (2010). Smart metering: what potential for householder
engagement. Building Research & Information, 38(5), 442-
457.DLMS User Association. (2007). DLMS/COSEM.
Architecture and Protocols.

View publication stats