11 Jul NMi opens a new communication and data security lab in Merseburg, Germany
NMi opens a new communication and data security lab in Merseburg, Germany
Nowadays a number of measuring instruments is equipped with communication features. Especially smart meters may have various possibilities to send their data to a head end system.
As a result, there is an increased need to test the communication protocols, including the applied data security methods. The robustness of individual meters and devices against cyber-attacks is also a crucial aspect, as well as the security of the data chain as a whole.
Recently NMi has opened a dedicated laboratory, intended for the testing of several communication methods as well as the examination of data security.
This new laboratory is located in Merseburg, Germany, in the area of Leipzig. A dedicated team of test engineers runs the activities in the laboratory, operating under NMi’s ISO 17025 quality system.
While being located in the same building, the NMi laboratory cooperates strongly with their partner exceeding solutions. Being specialized in cryptography and computer science, exceeding solutions has installed dedicated test systems, generating the communication signals.
One of the lab specialisms is the testing of smart meters and Smart Meter Gateways, in accordance with the requirements for the German market. In addition, the area of the Internet of Things (IoT) is a specific focus, with testing possibilities for LoRaWAN.
Furthermore, the laboratory is set up to perform penetration testing on smart meters or other devices. Individual devices can be examined or the whole communication chain including data concentrators and head end systems.
For all those activities dedicated equipment is available. If necessary, bespoke test scripts are developed in order to handle specific protocols, used by the equipment under test.
With its new laboratory NMi has made a next step to offer testing possibilities for communication functionalities and data security.
Interested? Feel free to contact us in order to discuss possible options. Or visit us in our new laboratory:
NMi Certin B.V.
phone number: +49 3461 2889790
Testing SMGW’s and smart meters for Germany
In Germany the preparation for the upcoming smart meter rollout is in full swing. Smart meters are used to measure the energy consumption, where an installed Smart Meter Gateway (SMGW) collects the measured data via a local metrological network (LMN). Older meter designs may make use of a Communication adapter (BAB) to generate the secured measurement data.
The end user may use a local client’s display, connected to the SMGW via a Home Area Network (HAN). Via a Wide Area Network (WAN), the SMGW is connected to an external timeserver, to the head end system of the Gateway Administrator (GWA) or external market parties (EMT), providing specific services.
The SMGW needs to meet 2 different sets of requirements. Firstly, the security requirements of BSI CC/PP and TR-03109 have to be fulfilled. This document describes all requirements related to data security, like interoperability, a necessary security module, cryptography and the public key infrastructure.
Secondly, the metrological requirements of the German metrology law have to be fulfilled, where the PTB-A 50.8 plays a crucial role. This document describes all requirements related to the processing and storage of measured data, time measurements and synchronisation, software architecture and correct functioning of the SMGW, without influencing the measurement results.
The specific ancillary devices in the smart meters or communication adapters, as well as the SMGW’s need a specific national German approval, before placing them on the market.
In the NMi laboratory in Merseburg, the suitability of smart meters, communication adapters and SMGW’s can be examined, based on the PTB-A 50.8. This comprises various aspects.
For the SMGW’s the lab is equipped with the es:Testsystem, developed by exceeding solutions. This equipment is able to run a number of dedicated test scripts. These scripts cover the individual requirements as laid down in the PTB-A 50.8. By simulating a smart meter, the whole communication between SMGW and meter via the LMN network is examined, including all data handling and appertaining time stamps. By simulating the GWA and external market parties, the communication via the WAN network is investigated as well. Also, the HAN network with connection to a local display is examined. Time synchronisation and tariff behaviour is tested by making use of an NTP server as part of the es:Testsystem.
For the meters and SMGW’s, the equipment is able to perform specific latency time measurements for wired and wireless LMN. This concerns the necessary time for the processing of the analogue energy measurements into a digital output, which is examined by means of a comparison with a reference meter with a specific reference clock. In addition, the total time for the processing of the meter data by the SMGW is investigated, while using this equipment.
The test data for the examinations as mentioned above is presented by means of test reports. For the tests with SMGW’s also the raw test data can be provided, in order to analyse the output data more in detail.
ISO 17025 accreditation
NMi has an independent accreditation for the examination in accordance with PTB-A 50.8, based on ISO 17025. At the moment also a request is pending at the German Budesministerium für Wirtschaft und Energie, to extend NMi’s existing scope as Notified Body (Konformitätsbewertungsstelle) also for SMGW’s. As soon as this notification will be acknowledged, NMi will be able to issue German national approvals for SMGW’s.
Penetration testing and data security
With the installation of huge quantities of smart meters enabling various types of communication, the need for protection of all the data involved becomes crucial. Here not only the protection of data from the user to a head end system is important, but also the vulnerability of the smart meters themselves needs to be minimised. The question is: are modern smart meters protected sufficiently against possible attacks to alter data or to affect the measurement process? How can you be sure that those devices, installed in their millions, are fully safe, now and in the future?
In several countries local requirements on data protection and security are being developed. Some of the documents focus on particular aspects of the utility meters, others cover also the communication chain between meter and head end system. In order to standardise the different requirements the SM-CG (Smart Meters Coordination Group) Task Force on Privacy and Security together with ESMIG wrote a document “Minimum security requirements for AMI (Advanced Metering Infrastructure) components”. This document, being published by CEN/CENELEC/ETSI, contains a set of generic minimum requirements that are valid for most of the European Member States.
MINIMUM SECURITY REQUIREMENTS
The document focuses on the technical aspects concerning the components and communication links of the AMI. The minimum requirements also serve as a basis to specify the security certification scheme for the AMI components. The SM-CG has investigated various approaches applied in Member States for security certification and concluded that it would be beneficial to have a common approach in order to support the European internal market. The specification of the security certification scheme is typically based on a set of security objectives which can easily be derived from the minimum requirements.
The document contains the following main requirements:
- All AMI components SHALL provide a log of security events;
- All data exchanges SHALL take place in a (end-to-end) secure manner;
- Availability of the system (AMI components and communication network) SHALL be sufficient to perform the Use Cases the system has been designed for;
- Crypto mechanism and key management SHALL be documented and be compliant with recognized/proven and approved open standards;
- Every AMI component SHALL check the authorisation of any entity requesting access to it and grant or deny access based on the result of that check;
- Data at rest SHALL be protected in all system components;
- AMI components SHALL be upgradable to incorporate new (security) functionalities;
- Functionalities in AMI components SHOULD be limited to the intended operational Use Cases and SHALL not be able to compromise security functions;
- AMI components and the communications network SHALL be adequately protected against external disturbances and/or attacks and SHALL demonstrate resilience against attacks.
TESTING DATA SECURITY AT NMi
In NMi’s new laboratory in Merseburg, smart meters and other AMI components can be examined in accordance with the CEN/CENELEC/ETSI document on the minimum requirements. During the tests, the level of data protection of the meters under test is examined, by checking the meters with all the required tests. This includes penetration testing on all possible communication ports, a check of the event loggers as well as the applied crypto mechanism and so on. The results of the examination are presented in a report listing the outcome for each individual test.
If you are interested in the examination of smart meters and other AMI components, we are happy to answer all your questions. Please feel free to contact us at email@example.com. On our website, you can find more information about our services.
Testing of LoRaWAN and wM-BUS
The Internet of Things (IoT) becomes more and more important. By connecting a huge amount of smart devices, the door is opened to a number of challenging applications. For instance, all new smart city concepts are based on IoT. While WiFi or Bluetooth technologies are fairly mature, and do provide wide areas of coverage, they have a cost in terms of battery life and data usage. LoRaWAN is a new ground up technology based on the following criteria; best in class battery life, end-to-end security of packet data, low cost of deploying sensors, and provide long range of signal for sensors-to-gateway.
LoRaWAN is a protocol from the LoRa AllianceTM, a non-profit association that sets the communication protocol and system architecture for the network. The specifications are freely available for review, the software for building a network can be open source and the hardware for building a network is proprietary.
The LoRaWAN system
The LoRaWAN system is based on a star-of-stars structure made up of multiple sensors around a single gateway. The gateway then sends the sensor data to the cloud/database. The true benefit of LoRaWAN is that its power consumption and data transfer requirements are dramatically lower than WiFi or Bluetooth and it has a reasonable longer range.
Examples of the sensors may be temperature sensors, relative humidity sensors, measurements of the air quality, location determination or level measurements.
Testing of the implementation of LoRaWAN in specific products may be performed at NMi’s new laboratory in Merseburg. The correct implementation of the protocol can be checked as well as the correct functioning of the system as a whole. This includes the IoT sensors and gateways.
Output of the investigation will be a test report, showing the results of the tests. In addition, raw data will be provided in order to make a detailed analysis of the data.
Feel free to visit our laboratory in Merseburg to have a chat on the possibilities or contact us at firstname.lastname@example.org.