SMKI Recovery Procedure

Transcription

1 - file formats Consultation opens: 23 September 2015 Consultation closes: 7 October 2015 Version: v1.0 Date: 23 September 2015 Author: Classification: Jonathan Jennings, Andy Barraclough DCC Public

2 Document Control Revision History Revision Date Summary of Changes Changes Marked Version Number 1.0 Issued for consultation No 1.0 Reviewers Name Title / Responsibility Release Date Version Number Approvals Name Signature Title / Responsibility Release Date Version Number DCC Public Page 2 of 9 Further Consultation

3 Contents 1 Executive summary Background File formats and usage Organisation Compromise Organisation Compromise Notification File Organisation Compromise Recovery Progress Files Other Compromises Other Compromise Notification File Other Compromise Recovery Progress Files Consultation questions How to respond Referenced Documents... 9 DCC Public Page 3 of 9 Further Consultation

4 1 Executive summary DCC is conducting a short further consultation on the, focusing solely on file formats required to support the. The SMKI Recovery Procedure (previously published for consultation in July 2015) has been updated to specify the formats of files that are required to ensure that information required to support recovery is transferred between affected Subscribers and DCC, and between DCC and the SMKI PMA. This consultation paper briefly summarises the proposed file formats to support the SMKI Recovery Procedure, asks questions to which we would welcome responses and informs stakeholders of how to respond, and by when. Following this consultation, and taking respondents feedback into account, DCC will update the, which includes the file formats. The SMKI Recovery Procedure will become a draft SEC Subsidiary Document and will be submitted to the Secretary of State for approval as being fit for inclusion in the SEC. On its approval, this document will become a SEC Subsidiary Document, forming part of the legal framework for enabling the roll-out of smart meters. DCC Public Page 4 of 9

5 2 Background An integral part of the security arrangements is the Smart Metering Key Infrastructure (SMKI), which provides a secure and effective means of ensuring that messages to and from Smart Metering Equipment are properly authenticated, provide integrity and, where applicable, provide non-repudiation through the use of public key cryptography and certificates. The addresses recovery from a Compromise, or suspected Compromise in respect of any Relevant Private Key listed immediately below: a) Private Keys associated with Organisation Certificates stored on Devices; b) the Contingency Symmetric Key; c) the Contingency Private Key; d) the Private Key associated with an Issuing OCA Certificate; e) the Private Key associated with a Root OCA Certificate; and f) the Private Key associated with a Recovery Certificate. A Compromise in the context of the means (extract from SEC 4.2): in relation to any Secret Key Material, that that Secret Key Material (or any part of it), or any Cryptographic Module within which it is stored, is accessed by, or has become accessible to, a person not authorised to access it. The sets out procedures in respect of: a) notification of a Compromise or the suspected Compromise of a Relevant Private Key or Contingency Symmetric Key associated with an Organisation Certificate or OCA Certificate held on a Device; b) the activities that may be required to recover (i.e. replace) affected Certificates on Devices; c) decisions required, in certain circumstances, by the SMKI PMA as to whether or not the Recovery Private Key or the Contingency Private Key should be used to recover from a Compromise; d) post-recovery actions (including reporting to the SMKI PMA); e) nomination, verification and appointment of Key Custodians for certain DCC Private Keys, along with the procedure for ceasing to be a Key Custodian; and f) periodic testing of the. DCC s consultation on the draft in July 2015 sought input on the degree to which the procedures are appropriate and will be effective. DCC has updated the drafting in response to the comments received as part of the consultation. Further background on the can be found in the previous consultation paper, which can be found at At the time of the July 2015 consultation, the specifications of the files required to support the (i.e. transfers to/from DCC) were not available. The file formats have now been added to the drafting of the, with the following file format specifications being introduced as Appendices B to E of the SMKI Recovery Procedure. General obligations in respect of file formats are provided in Appendix A of the. DCC Public Page 5 of 9

6 File Organisation Compromise Notification File (Appendix B) Organisation Compromise Recovery Progress File (Appendix C) Other Compromise Notification File (Appendix D) Other Compromise Recovery Progress File (Appendix E) Purpose Notification of affected Certificates / Devices / anchor slots for Organisation Compromise (methods 1 to 3 in the ), where the affected Subscriber is not DCC Notification of progress (success or failure) of replacement of affected Certificates on Devices for Organisation Compromise (methods 1 to 3 in the SMKI Recovery Procedure), where the affected Subscriber is not DCC Notification of affected Certificates / Devices / anchor slots for non-organisation Compromise (all but methods 1 to 3 in the ) plus methods 1 and 3 where DCC is the affected Subscriber Notification of progress (success or failure) of replacement of affected Certificates on Devices for non-organisation Compromise (all but methods 1 to 3 in the ) plus methods 1 and 3 where DCC is the affected Subscriber 3 File formats and usage When a Compromise occurs, files are required to be provided: a) from affected Subscribers to DCC; b) from DCC to affected Subscribers; c) from DCC to Responsible Suppliers (where not the affected Subscriber); and d) from DCC to the SMKI PMA. There are four file formats: a) two support methods 1-3, the Organisation Compromise Notification File and the Organisation Compromise Recovery Progress File (see section 3.1 below); and b) two support the remaining procedures, the Other Compromise Notification File and the Other Compromise Recovery Progress File (see section 3.2 below). 3.1 Organisation Compromise In conjunction with the DSP, DCC has developed an Organisation Compromise Notification File and corresponding Organisation Compromise Recovery Progress File. The Organisation Compromise Notification File will be used, where the affected Subscriber is not the DCC, to support notification of affected Devices/Certificates (for methods 1 to 3) and replacement Certificates (for method 3). The Organisation Compromise Recovery Progress File is used to report on the replacement or failure of attempts to replace affected Certificates on Devices for methods 1 to 3 (where the affected Subscriber is not the DCC). DCC Public Page 6 of 9

7 3.1.1 Organisation Compromise Notification File DCC has provided a set of slides along with this consultation, which describe: a) the elements comprising the name of the Organisation Compromise Notification File (slide 3); b) the fields within each Organisation Compromise Notification File (slide 4); c) when the Organisation Compromise Notification File is used to exchange information with DCC (slides 15, 17-19); and d) which fields will be populated for each relevant procedure (slides 26, 28, 29) Organisation Compromise Recovery Progress Files DCC has provided a set of slides along with this consultation, which describe: a) the elements comprising the name of the Organisation Compromise Recovery Progress File (slide 6); b) the fields within each Organisation Compromise Recovery Progress File (slide 7); c) when the Organisation Compromise Recovery Progress File is used to exchange information with DCC (slides 15, 17-19); and d) which fields will be populated for each relevant procedure (slides 26, 28, 29). Q1 Do you agree that the proposed structure of the Organisation Compromise Notification File and Organisation Compromise Recovery Progress File will support the efficient and effective recovery from an Organisation Compromise? If not, please provide a rationale for your answer. 3.2 Other Compromises In conjunction with the DSP, DCC has developed two files to support notification and progress reporting for other (i.e. not Organisation and not DCC) Compromises. The files to be used are the Other Compromise Notification File and corresponding Other Compromise Recovery Progress File. The Other Compromise Notification File will be used by DCC to support notification of affected Devices/Certificates and/or replacement Certificates, depending on the nature of the procedure. The Other Compromise Recovery Progress File is used (by a Subscriber or DCC) to report on the replacement or failure of attempts to replace affected Certificates on Devices, for procedures what do not relate to a single Organisation compromise Other Compromise Notification File DCC has provided a set of slides along with this consultation, which describe: a) the elements which make up the name of the Other Compromise Notification File (slide 9); b) the fields contained within each Other Compromise Notification File (slide 10); c) when the Other Compromise Notification File is used to exchange information with DCC (slides 16, 20-24); and d) which fields will be populated for each relevant procedure (slide 27, 30, 31). DCC Public Page 7 of 9

8 3.2.2 Other Compromise Recovery Progress Files DCC has provided a set of slides along with this consultation, which describe: a) the elements which make up the name of the Other Compromise Recovery Progress File (slide 12); b) the fields contained within each Organisation Compromise Recovery Progress File (slide 13); c) when the Other Compromise Recovery Progress File is used to exchange information with DCC (slides 16, 20-24); and d) which fields will be populated for each relevant procedure (slide 27, 30, 32). Q2 Do you agree that the proposed structure of the Other Compromise Notification File and Other Compromise Recovery Progress File will support the efficient and effective recovery from the procedures in the that do not relate to recovery from an Organisation Compromise (methods 1 to 3, where DCC is not the subject of the Compromise)? If not, please provide a rationale for your answer. Q3 Do you agree that the, amended following the July 2015 consultation and issued as part of this consultation, is fit for purpose and is suitable for inclusion in the SEC? If not, please provide a rationale for your answer. DCC Public Page 8 of 9

9 4 Consultation questions Q1. Do you agree that the proposed structure of the Organisation Compromise Notification File and Organisation Compromise Recovery Progress File will support the efficient and effective recovery from an Organisation Compromise? If not, please provide a rationale for your answer. Q2. Do you agree that the proposed structure of the Other Compromise Notification File and Other Compromise Recovery Progress File will support the efficient and effective recovery from the procedures in the SMKI Recovery procedure that do not relate to recovery from an Organisation Compromise (methods 1 to 3 where DCC is not the subject of the Compromise)? If not, please provide a rationale for your answer. Q3. Do you agree that the, amended following the July 2015 consultation and issued as part of this consultation, is fit for purpose and is suitable for inclusion in the SEC? If not, please provide a rationale for your answer. 4.1 How to respond Please provide responses by 7 October 2015 to DCC at contact@smartdcc.co.uk. If you have any questions about the consultation documents, please contact contact@smartdcc.co.uk. Consultation responses may be published on our website Please state whether all, or any part, of your consultation response is confidential. Please note that responses in their entirety (including any text marked confidential) may be made available to the Department of Energy and Climate Change (DECC) and the Gas and Electricity Markets Authority (the Authority). If you have questions about our approach to consultations, please contact our Regulation Manager at richard.sullivan@smartdcc.co.uk. 5 Referenced Documents Document Title Issue Dated Smart Energy Code SEC /07/2015 (consultation document) version 16/09/2015 (consultation document) Initial consultation version 01/07/2015 Table 1 Referenced Documents DCC Public Page 9 of 9