Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA

Similar documents
Protection Profile for the Gateway of a Smart Metering System (Smart Meter Gateway PP)

Certification Report

Build a CC assurance package dedicated to your risk assessment. Francois GUERIN Security Program Manager francois.guerin@gemalto.

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

Certification Report

Certification Report

How To Evaluate Watchguard And Fireware V11.5.1

Certification Report

Certification Report

C015 Certification Report

Certification Report

Certification Report

Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. September Version 3.

Certification Report

Certification Report

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75

Lessons learnt in writing PP/ST. Wolfgang Killmann T-Systems

Certification Report

Common Criteria. Introduction Magnus Ahlbin. Emilie Barse Emilie Barse Magnus Ahlbin

Certificate Issuing and Management Components Protection Profile. Version 1.5

Certification Report

Certification Report

BSI-DSZ-CC-S for. Dream Chip Technologies GmbH Germany. Dream Chip Technologies GmbH

Certification Report

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Certification Report

Joint Interpretation Library. Guidance for smartcard evaluation

Certification Report

Security Standards BS7799 and ISO17799

Application of ALC requirements to Open Source projects

BSI-DSZ-CC-S for. GLOBALFOUNDRIES Singapore Pte. Ltd. GLOBALFOUNDRIES Singapore Pte. Ltd.

CERTIFICATION REPORT

Egyptian Best Practices Securing E-Services

-.% . /(.0/ ) 53%/( (01 (%((. * 7071 (%%2 $,( . 8 / 9!0/!1 . # (3(0 31.%::((. ;.!0.!1 %2% . ".(0.1 $) (%+"",(%$.(6

Guidelines for Developer Documentation

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

Joint Interpretation Library

Certification Report

Certification Report

Certification Report

Common Criteria Evaluations for the Biometrics Industry

Details for the structure and content of the ETR for Site Certification. Version 1.0

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Joint Interpretation Library. Security Evaluation and Certification of Digital Tachographs

Common Criteria Evaluation Challenges for SELinux. Doc Shankar IBM Linux Technology Center

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

SAMSUNG SDS FIDO Server Solution V1.1 Certification Report

Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP)

METER DATA MANAGEMENT FOR THE SMARTER GRID AND FUTURE ELECTRONIC ENERGY MARKETPLACES

C033 Certification Report

Smart Grid Information Security

Joint Interpretation Library

Xceedium GateKeeper Version Security Target

Fingerprint Spoof Detection Protection Profile

CERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.

Security and Privacy Controls for Federal Information Systems and Organizations

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

ISA Security Compliance Institute

Security concept for gateway integrity protection within German smart grids

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP Version 1.0

Security Target. Astaro Security Gateway V8 Packet Filter Version Assurance Level EAL4+ Common Criteria v3.1

SUSE Linux Enterprise 12 Security Certifications

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Certification Report

BSI-DSZ-CC for

Securing Distribution Automation

Certification Report

General Requirements for Accreditation of ASNITE. Testing Laboratories of Information Technology. (The 12th Edition) November 1, 2014

BSI-DSZ-CC for. tru/cos tacho v1.1. from. Trueb AG

Certification Report StoneGate FW/VPN 5.2.5

Oracle Identity and Access Management 10g Release running on Red Hat Enterprise Linux AS Release 4 Update 5

CERTIFICATION REPORT

Cyber Security Health Test

Computer Security. Evaluation Methodology CIS Value of Independent Analysis. Evaluating Systems Chapter 21

Secure Machine to Machine Communication on the example of Smart Grids

System Assurance C H A P T E R 12

Certification Report

U.S. Government Protection Profile for Database Management Systems

Using Common Criteria Evaluations to Improve Healthcare Cybersecurity

ETSI TS V1.1.1 ( ) Technical Specification

C038 Certification Report

Common Criteria Evaluation for a Trusted Entrust/PKI

BSI-DSZ-CC for. Oracle Database 11g Release 2 Enterprise Edition. from. Oracle Corporation

Security aspects of e-tailing. Chapter 7

Innovations in Digital Signature. Rethinking Digital Signatures

Transcription:

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Dr. Stephan Beirer s.beirer@gai-netconsult.de Sichere ebusiness Lösungen komplett aus einer Hand. Holm Diening h.diening@gai-netconsult.de Am Borsigturm 58, 13507 Berlin/Germany Tel / Fax: +49 30 417898-0/-300 E-Mail: info@gai-netconsult.de Web: www.gai-netconsult.de

Agenda Background of the Protection Profile development A (very) short introduction to Protection Profiles / Common Criteria The German Smart Meter Protection Profile: an overview Future development and roadmap Seite 1

Smart Metering in the Smart Grid SRC: smartgrids.eu Smart Metering devices are the link between the future Smart Grid and the consumer and local small-scale generation Seite 2

Security Goals for Smart Metering Which expectations do stakeholders associate with the term Secure Smart Metering? clear and correct billing consideration of privacy timely, correct and fraud resistant billing Customer Supplier protection against adverse effects to the grid Grid Operator Metering Service Provider stable and fault tolerant operation Seite 3

Background the EDeMA Project First version of the Smart Meter Protection Profile is one deliverable of the e-energy / EDeMa research project (2009) Funded by the German Federal Government Participants: Utilities, vendors and academia Main goals of the EDeMa project (very simplified) deal with dynamics of distributed generation by stimulating flexible demand on the client side develop a marketplace for automatic energy trade that includes the prosumer (producer & consumer) as an active trader develop a Smart Metering gateway for home installations that is capable of the required functions and secure Seite 4

The Smart Metering Gateway TOE is the gateway between: WAN, i.e. external parties the local meters for electricity, gas, heat.. Automation devices, e.g. home automation and local generation (solar power system, CHP etc.) Gateway Function: Securely relay metering data Provide secure access to automation gear, e.g. for load shedding SRC: BSI Seite 5

Background - Motivation Current legislation requires to deploy remote accessible Smart Meter devices in every new installation Discussion about mandatory replacement of existing meters As German consumers may be forced by law to accept Smart Meter devices it is necessary that a federal agency defines the security standards high level security and privacy standards are required to gain commitment from - Federal Commissioner for Data Protection and Freedom of Information - Federal Ministry of Consumer Protection - several consumer protection NGOs and - the general public German BSI issued a revised version of the EDeMa PP: Protection Profile for the Gateway of a Smart Metering System Seite 6

Background of the Protection Profile development A (very) short introduction to Protection Profiles / Common Criteria The German Smart Meter Protection Profile: an overview Future development and roadmap Seite 7

Common Criteria Common Criteria (CC): Common Criteria for Information Technology Security Evaluation Current Version: 3.1 (ISO/IEC 15408 is still V2.3!) Joint project of AU, NZ, DE, FR, UK, JP, CA, ES, US Goal: development of a formal language for the definition of security requirements for technical products definition common methodology for the evaluation mutual recognition of evaluation results among contributing countries non-goal: aspects of information security in large IT environments or secure IT operations in general (contrary to ISO 27001, IEC 62443, ISA 99 etc.) Seite 8

Protection Profile Protection Profile = specification of security requirements for a group of products Definition of the security problem (threats, assumptions,..) and the requirements to address that problem Requirements for the assurance measures that the TOE meets the security specifications A PP does not dictate detailed specifications - but it may give hints on preferred implementations for the author of the final security target Seite 9

Structure of a Protection Profile Which threats do we consider? Which assumptions must be considered as being provided? Which security objectives shall we focus on? Required security features of the TOE Seite 10

Background of the Protection Profile development A (very) short introduction to Protection Profiles / Common Criteria The German Smart Meter Protection Profile: an overview Future development and roadmap Seite 11

Contents of the Smart Meter Protection Profile Threats Essential threats considered: an attacker (local or remote) tries to gain access to the metering data or the Smart Meter configuration / firmware an attacker may try to intercept meter readings or configuration / firmware data during transmission an external attacker may try to gain control over the gateway, the meter(s) or controllable local systems (e.g. controllable loads, generation units or lockdown devices) an external party may try to obtain more detailed information from the gateway than actually required to fulfill the tasks defined by its role or the contract with the consumer. Seite 12

Contents of the Smart Meter Protection Profile Security Objectives and Requirements Essential security objectives and requirements: Encrypted and authenticated communication with all parties (also with meters if not physically the same device!) Protection of integrity / authenticity of meter data and SW updates Control transmission of meter readings and access to configuration data according to a predefined (updatable) Access Control Profile Pseudonymization of transmissions if applicable (e.g. current load information for the grid operator) Seite 13

Contents of the Smart Meter Protection Profile Security Objectives and Requirements Essential security objectives and requirements (cont d.): Enforce establishment of communication from GW to external parties only (wake-up service for triggering connection establishment) Usage of a security module (e.g. Smart card ) for crypto functions Detection of physical tampering Comprehensive logging features Concealment of communication [!] Quelle: willhackforsushi.com / Joshua Wright Seite 14

Security Functional Requirements The Common Criteria use a certain nomenclature to describe Security Functional Requirements (CC V3.1 Part 2) Example: FDP_RIP.2 Class User Data Protection Level Full Residual information protection Family Residual information protection Seite 15

Security Functional Requirements Some important Security Functional Requirements of the PP: Several items from class Security Audit (FAU_*) - responsible to enable the user to monitor communication and the admin to maintain the device Enforced proof of origin (FCO_NRO.2) - functions to ensure non-repudiation of transmitted meter readings Several items from class Cryptographic Support (FCS_*) - responsible for communication encryption, signing, signature verification and key management (the utilization of an additional security module is mandatory for the majority of these functions) Communication concealing (FPR_CON.1) - extended (custom) component to describe concealment functions Seite 16

Security Functional Requirements Some important Security Functional Requirements of the PP (cont d.) Several items from class User Data Protection (FDP_*) - rules for access to meter and configuration data Several items from class Identification and Authentication (FIA_*) - e.g. for access to controllable loads and generation Passive detection of physical attack (FPT_PHP.1) - physical tampering must be detectable (e.g. broken seals) - the highest level Resistance to physical attack (FPT_PHP.3) has not been chosen in order to reduce manufacturing costs and many more Seite 17

Development and Evaluation The Smart Meter PP expects the implementation of Assurance Components according to package EAL4 ( Evaluation Assurance Level ) Augmented by two additional components (EAL 4+): ALC_FLR.2 Flaw reporting procedures AVA_VAN.5 Vulnerability Assessment (higher level than in EAL4) Aspects of Evaluation in EAL4: Development Guidance Documents Life-cycle support Tests Vulnerability assessment Seite 18

Development and Evaluation Example Life-cycle Support in EAL4 included augmented by (EAL4 +) Assurance components ALC_CMC.4 Production support, acceptance procedures and automation ALC_CMS.4 Problem tracking CM coverage ALC_DEL.1 Delivery procedures ALC_DVS.1 Identification of security measures ALC_LCD.1 Developer defined life-cycle model ALC_TAT.1 Well-defined development tools ALC_FLR.2 Flaw reporting procedures Seite 19

Development and Evaluation Example ALC_TAT.1 (Well-defined development tools) Developer action The developer shall identify each development tool being used for the TOE. The developer shall document the selected implementationdependent options of each development tool. Evaluator action The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Seite 20

Development and Evaluation Example AVA_VAN.5 Advanced methodical vulnerability analysis (highest order Assurance Component from Vulnerability Assessment ) Developer action The developer shall provide the TOE for testing. Evaluator action (The evaluator shall ) - perform a search of public domain sources to identify potential vulnerabilities in the TOE. - perform an independent, methodical vulnerability analysis of the TOE using the guidance documentation, functional specification, TOE design, security architecture description and implementation representation to identify potential vulnerabilities in the TOE. - conduct penetration testing based on the identified potential vulnerabilities to determine that the TOE is resistant to attacks performed by an attacker possessing high attack potential. Seite 21

Background of the Protection Profile development A (very) short introduction to Protection Profiles / Common Criteria The German Smart Meter Protection Profile: an overview Future development and roadmap Seite 22

Future development and roadmap Current status Version 1.1.1 Final Draft is published Evaluation started 2011/08/26 A technical guideline for the assurance of interoperability of Smart Metering gateways and the PKI is currently in development Summer 2012: Decision about mandatory replacement of existing meters based on a cost/benefit analysis which is currently being carried out by the Ministry of Economics and Technology Seite 23

Further Information Further information www.bsi.bund.de/de/themen/smartmeter/smartmeter_node.html (German only) www.bsi.bund.de/shareddocs/downloads/de/bsi/smartmeter/pp-smartmeter.html (Protection Profile, English) Seite 24

Summary Smart metering gateways are an important part of the future Smart Grid infrastructure Secure processing of metering data Secure control of loads and distributed generation A Protection Profile for the Gateway of a Smart Metering System has been developed by the German BSI The German Energiewirtschaftsgesetz (energy industry act) will require the use of CC certified gateways for future installations Seite 25

Q & A Q & A Seite 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information