ETSI TR 103 118-2015 Machine-to-Machine communications (M2M) Smart Energy Infrastructures security Review of existing security measures and convergence investigations (V1 1 1)《机器对机_1.pdf

1、 ETSI TR 103 118 V1.1.1 (2015-08) Machine-to-Machine communications (M2M); Smart Energy Infrastructures security; Review of existing security measures and convergence investigations TECHNICAL REPORT ETSI ETSI TR 103 118 V1.1.1 (2015-08) 2Reference DTR/SmartM2M-021 Keywords privacy, security, smart g

2、rid, smart meter ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be do

3、wnloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any exis

4、ting or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be sub

5、ject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/Com

6、miteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written

7、 authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2015. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM a

8、nd LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 103 118 V1.1.1 (2015-08) 3Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verb

9、s terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Abbreviations . 7g34 Privacy and Security Regulations . 9g34.1 EU Level Regulation 9g34.2 France . 9g34.2.1 Data Security Rules 9g34.2.2 Privacy Protection Rules . 10g34.3 Germany . 10g34.4 Neth

10、erlands. 11g34.5 United Kingdom . 12g34.5.1 Department of Energy Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR

11、Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This

12、Technical Report (TR) has been produced by ETSI Technical Committee Smart Machine-to-Machine communications (SmartM2M). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as des

13、cribed in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TR 103 118 V1.1.1 (2015-08) 51 Scope The present document reviews security methods provided by de

14、ployed standards used in the Smart Energy industry (e.g. IEC 62351 i.7, IEC 62443 i.8) or mandated by regulation (e.g. Requirements from the German BSI for Smart Meter Gateways and Secure Element) as well as gaps identified by the Smart Grid Information Security group for the M/490 mandate, in order

15、 to identify areas where ETSI may bring additional value, e.g. by extending or harmonising security solutions where possible. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific

16、 references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NO

17、TE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references References are either specif

18、ic (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included

19、in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 Department of Energy and EU Dir

20、ective 2002/58/EC i.15 on processing of personal data and the protection of privacy in the electronic communications sector. According to the commission recommendation of 9thMarch 2012 on preparation for the roll-out of smart metering systems, these two directives are “fully applicable to smart mete

21、ring which processes personal data, in particular in the use of publicly available electronic communications services for contractual and commercial relations with customers“. This recommendation provides further guidance on how the directives should apply to the smart metering systems. Other direct

22、ives that impact security and privacy are the following: Directive 2009/136/EC amending Directive 2002/22/EC on universal service and users rights relating to electronic communications networks and services i.16 Directive 2006/24/EC on the retention of data generated or processed in connection with

23、the provision of publicly available electronic communications services or of public communications networks i.17 Directive 1999/93/EC on a Community framework for electronic signatures i.18 Council directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical in

24、frastructures and the assessment of the need to improve their protection i.19 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/E

25、C i.20 4.2 France 4.2.1 Data Security Rules The Data security offered by products or information systems may be certified as provided in the Decree #2002-535 of 18thApril 2002. ANSSI (French Network and Information Security Agency) is responsible for approving assessment centers and give an opinion

26、on the certification of systems. Certification is given by the Prime Minister following their assessment by approved centers. Concerning the electricity metering, the order of 4thJanuary 2012 requires system operators to have their metering system certified under Decree #2002-535 of 18thApril 2002.

27、This certification implies compliance with a security referential specified by ANSSI. ETSI ETSI TR 103 118 V1.1.1 (2015-08) 104.2.2 Privacy Protection Rules The Commission nationale de linformatique et des liberts (CNIL) is responsible for ensuring that information technology remains at the service

28、of citizens, and does not jeopardize human identity or breach human rights, privacy or individual or public liberties. The automated processing of personal data is subject to a prior declaration to CNIL. Specifically regarding Smart Metring Systems, Decree #2001-630 of 16thJuly 2001 (Decree #2004-18

29、3 of 18thFebruary 2004 for gas) requires system operators to keep confidential commercially sensitive data (information whose disclosure could undermine the rules of free and fair competition and non-discrimination). Metering data are commercially sensitive. In its resolution #2012-404 of 15thNovemb

30、er 2012, CNIL issued recommendations primarily on data collected (consent and limiting load curve sampling period), the duration of data retention (no conservation beyond the time required) the recipients of the data (habilitation) and security measures (assessment and regular updating). 4.3 Germany

31、 In Germany, legal and regulatory requirements are already in force for energy- and telecommunication enterprises. New legal requirements are in preparation for other critical infrastructures like finance, transport, food industry and health services. The new laws explicitly define critical infrastr

32、uctures and the obligation to prove that these infrastructures are operated securely. This has to be done by certified procedures and properly documented, i.e.by an Information Security management system like the ISO/IEC 27000 series i.21. Notification of security incidents to the authorities will b

33、e mandatory. In the legal framework of energy regulations, the metering service is a market driven business like the energy supply. Actually, the metering services are still done by the DSOs (Distribution System Operators). There are about 900 DSOs for electricity and about 700 DSOs for gas. But, be

34、sides of pilot projects, the roll-out of smart meters has not started yet. According to the Energy Industry Act (EnWG) the installation of smart meters and smart meter gateways is mandatory for consumers with an annual consumption of more than 6 000 kWh. The Ministry of Economics and Energy mandated

35、 the Federal Office for Information Security (BSI) to issue specifications for a smart meter gateway in order to meet concerns about privacy raised by the Federal Commissioner for Data Protection and Freedom of Information. These smart meters and gateways have to fulfil security requirements like Co

36、mmon Criteria Protection Profile and a Technical Specification to ensure interoperability between different metering Service Providers. These specifications are: Protection Profile for the Gateway of a Smart Metering System (BSI-CC-PP-0073) i.2 Protection Profile for the Security Module of a Smart M

37、eter Gateway (BSI-CC-PP-0077) i.2 Technische Richtlinie / Technical Guideline (BSI TR-03109) i.3 where the BSI TR-03109 is a collection of documents (only in German) specifying data formats, protocol stacks for WAN and metering communication, administration requirements and Public Key Infrastructure

38、. The German DKE group AK461.0.143 has specified the protection at the interface between the Smart Meter Gateway (SMGW) and the WAN or external entity. The specification is part of BSI TR-03109-1 i.3. ETSI ETSI TR 103 118 V1.1.1 (2015-08) 11Only outgoing connections from the SMGW to the external ent

39、ity are allowed. The SMGW is the TLS client, whereas the external entity is TLS server. Initiation with ECDSA signed wakeup from Administrator is optional. http(s) and additional content protection with CMS (based on PKCS#7) are used: first encrypted and authenticated, than signed. The external enti

40、ty can replace the signature for pseudonymization reasons. Mutual X.509 PKI authentication is required, no http authentication. The certificate types are: TLS (SMGW, administrator, other external entities); SubCA (e.g. administrator); RootCA+LinkCertificate; Content signature (SMGW, Admin); Content

41、encryption (SMGW, Admin, external entities); etc. The exposed resources according to a RESTful access concept are based on certificate authentication. Current TLS parameters for WAN: TLS1.2 (IETF RFC 5246 i.22); Cyphersuites min ECDHE_AES128_CBC_SHA256 and ECDHE_AES128_GCM_SHA256 transition to AES25

42、6 and SHA384 later; Using X.509 PKI certificates. ECDSABrainpoolP256r1 Signed, SHA256; ECC Curves, BrainpoolP256, NISTP384, BrainpoolP384, BrainpoolP512. Only with NamedCurveIDs (IETF RFC 7027 i.23); No session resumption, but session resume (max. session lifetime 2 days); Preference for Encrypt-tha

43、n-MAC indicated, no Truncated HMAC (to be updated in 2015). In 2013, a metering system ordinance (Messsystemverordnung), which refers to the BSI specifications was drafted by the German government and notified according to the “Directive 98/34/EC of the EUROPEAN PARLIAMENT and of the COUNCIL“ i.24,

44、which is laying down a procedure for the provision of information in the field of technical standards and regulations. Up to now, smart meters and gateways, which are compliant with the German legal and regulatory requirements are not available for a roll-out. The stakeholders are still waiting for

45、additional ordinances. The missing ordinances for the energy sector to clarify the obligations and scale of roll-out and the allocation of the costs are expected for mid-2015. 4.4 Netherlands An initial project law to impose mandatory roll-out of smart meters in the Netherlands was turned down in th

46、e Dutch Parliament in 2009 due to consumer concerns, which triggered serious actions from the Dutch DSOs to enhance consumers trust. Their association, Netbeheer Netherlands, enforces a code of conduct for the processing of personal data by Grid Operators and made a study on the Security and Privacy

47、 of Smart Metering that served as a basis to develop the security aspects of the Dutch Smart Metering Requirements (DSMR) specification i.4, which have already been iterated several times. The most important rules in the Netherlands for recording and using personal data have been set forth in the We

48、t bescherming persoonsgegevens (Wbp; Dutch Personal Data Protection Act). This act was unanimously adopted by the Dutch Senate on 23 November 1999 and accepted by the Dutch Congress on 3 July 2000. The act came into force on 1 September 2001. The Wbp relates to every use - processing - of personal d

49、ata, from the collection of these data up to and including the destruction of personal data. Smart meters in the Netherlands are the property of Grid operator. Almost 1 million smart meters have been installed during the first phase of roll-out until 2014. In 2015, the Grid operators start with the large-scale roll-out. 12 million gas and electrical smart meters are expected to be installed by 2020. ETSI ETSI TR 103 118 V1.1.1 (2015-08) 12On the smart meter a “P-1 port“ exists which is intended