Cryptography in Metrology

Cryptography in Metrology Experiences, Applications and new Developments Norbert Zisky

Content Metrology needs security Secure electronic exchange of measurement data Secure bidirectional communication Applications in metrology using cryptographic algorithms Sealing of metrological software Outlook

1. Metrology needs security Global markets need integrated security solutions when transferring and storing measurement and other security-relevant data Often communication systems are used without special attention to security aspects Channel security mechanisms are not sufficient mostly Especially solutions which are liable to legal metrology are confronted with new threats and risks (e.g. energy, petrol/gas, weighing machines) Open distributed measurement systems

EU-Research 7. FP - Metrology needs security The Information and Communication Technologies (ICT) programme of the EU 7. Framework Programme 2007 challenge on Pervasive and Trusted Network and Service Infrastructures is to deliver the next generation of ubiquitous and covered network and service infrastructures for communication, computing and media. This entails overcoming the scalability, flexibility, dependability and security bottlenecks, as today's networks and service architectures are primarily static and able to support a limited number of devices, service features and limited confidence. This This statements fit fit exactly for for metrological applications

Distributed measurement systems measurement devices Requirements no no falsification no no exchange automatic verification easy trusted examination, remote control data acquisition device management customer access

Story of rabbit and hedgehog FINISH: Protection of data vs. manipulation of data rabbits: NMI W&M manufacturers hegdehogs: end users?? users of measurement devices Hackers

Short look to hackers They act just for fun for technical interest with crime background for commercial reasons on behalf of somebody and they are very clever they are very smart they have money they have connections

Fields of interest Automatic cash dispensers Money transactions High level security Very strict requirements Cash boxes Registers Tax rules Fiscal regulations Mid level security Much money??? Measuring instruments Measuring systems Mostly low level security Much money??? All fields move together, about the global network we will have similar threat conditions on each field

Security in metrology fields of application Security for legal metrology - consumer protection - secure access (control, parametrization) Security for scientific and technical investigation - quality management - comparison and long-term storing Security for industrial purposes - protection of commercial measurement data - secure control of processes - quality management

Legal requirements for the transfer of measurement data via open networks 2345 kwh 2345 kwh Data transfer from meter A safe to the owner/user B Integrity of data Every measurement data reading by B have to be testable by B on its correctness (every falsification must be detected)) Authenticity of data It can be checked by B and any other authorized authority whether the data arrived at B actually date from A

Trusted computing in metrology A concept is developed for remote access to running measuring systems for testing or remote calibration via Internet The concept represents a best practice cryptographic solution for metrology purposes

The SELMA partners

Trusted computing in metrology A Concept is developed for remote access to running measuring systems for testing or remote calibration via Internet Bidirectional security M2M (machine to machine) and M2B (machine to business) Integrity, authenticity, confidentiality and availability of transferred or stored data Non-repudiation Resistance against masquerades

Fundamental idea Efficient check of energy invoice Owner of distribution net Digital signature Verteilnetzbetreiber invoice distribution Digital Lieferant signature supplier Analyse of consumption invoice energy EDI Server Information Server Internet Internet Digital signature customer Visual checking ZFA Remote reading of measurement data 01110001 01001111 01010101 10001000 Digital signature meter

Security concept General: Use of modern cryptographic methods Use of Hash functions to make sure the integrity of data, use for SELMA: SHA-1 Use of asymmetric signature procedures for authenticity of data, use for SELMA: ECC technique, (Elliptic Curve Cryptography) - ECDSA

Secure measurement device Area protected by verification stamp measurement unit 443.65 security unit controller MIM MIM- Meter Identification Module Measurement unit and controller Security functions Communication Measurement modul calculates and verifies the Real-time Support of digital signatures clock protocol layer 1 to 3 handling Typical remote provides of secure higher reading memory protocol for layers procedures in measurement data private communication and public keys, PSN, etc. calculate generates the the hash pair value GSM, GPRS (strong of growing), keys control UMTS of management functions Communication modul

Typical SELMA - board Source Karl Wieser GmbH,, Anzingerstr. 14, 85560 Ebersberg, Tel: 08092/2097-0, 0, Fax: 08092/2097-10, http://www.karlwieser.de

Typical SELMA-meters data logger Gas meter

Development steps of the security system Security analysis Security concept Data modelling Service concept/operational concept Implementation Testing Improvement and optimisation Introduction on the market We are here now

Infrastructure of the Security concept Security systems need security management As well security mechanisms as infrastructure are needed The weights and measures bodies or other authorities have been taken into account Infrastructures - ensure the trust of consumers in electronically transmitted measurement values and are preconditions of bidirectional authenticated communication.

Infrastructure scheme National Certification Authority (CA) for external CAs SA yptography 24/2048 external CA elliptic curve cryptography- ECC 192 W&M CA existing structure Local testing authority access key device management signature and access key measurement device

Public key infrastructure Local authority generates the EC key pair (d, Q) (W&M) Private key d is stored in secure memory Local authority generates a certificate with the public key Q and signs it with his own personalised electronic signature of external CA Certificate is stored in the measurement device Estimated time: currently 1 min. Private key d Computer of local authority Public key Q Measurement device

Signing and authenticated access The security concept provides: - Signed measurement data - Authenticated access Methods of authentication: Password offers low level of protection only Symmetric algorithms not useful for many devices Asymmetric algorithms are much better, but there is a need for a public key infrastructure

Signature of measurement data Measurement device signs the data which are defined in data model with the private key d data set The signature belongs to the set of data ECC signature r: r: 0x74210B19E59C80E70FA7E9AB72243049FEB8DEECC146B9B4 s: s: 0x388AA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1015 Device-Id 1234 Obis 1-1:1 25.02.2007 00:00 23,456 00:15 24,274 00:30 24,995..

Signed measurement data data provision signed data signed data user data data verification verification with with verification verification software software by by user user -as -as simple simple as as possible- possible- signed data data data verification verification by by system system Signed data signed data data acquisition transfer protocol certificates of measurement devices measurement device

SELMA-in operation: Access to data by customer Daten/ Signatur Customer server Daten/ Signatur Customer system 1. Read data (e.g. Browser) 2. Verify data ( DLMS/ DSFG Messgerät

Data evaluation by the end user Requirements on the verification system - Easy to use - Trust one party - Fitting for the application -Flexible PTB developed prototypes of special verification software (EVM) - user gets the validation information very easy - presentation of measurement values - export function to MS-Excel.

User friendly verification Energy data Verification Module Verification of data successful Verification successful

Authenticated access - preconditions Every unit has one unique identifier (ID) Every unit has a synchronised real time clock Every unit has the public keys of the other units Measurement Device (MD) IT-System (IT) ID MD ID IT Public key IT Public key MD

Authenticated access Measurement Device (MD) IT-System (IT) <Request, time stamp IT, ID IT, ID MD, data1, Sig IT > <time stamp IT, time stamp MD, ID IT, ID MD, data2, Sig MD > <Hash(time stamp IT, time stamp MD, ID IT, ID MD, data2, Sig IT > Applications: Secure remote control switch off of energy Parametrisation Download of firmware

Testing systems PTB developed prototypes of test systems (PST) Supported services: Generation of keys Generation of certificates Device management (security relevant) Device tests - security (local and remote) Conformity with the concept

9 month-selma fieldtrial 90 electricity meters EMH; L+G; Görlitz 60 gas meters Wieser; Elster 3 data acquisition systems Görlitz; ITF-EDV-Fröschl 4 testing authorities AGME; EAM; EnBW; RWE 7 device management systems all testing authorities 1 SELMA-Directory-Service (SDS) University of Siegen customer systems (EVM) all project members Aims of the field trail Verification of SELMA technique under real conditions Proof of accepance of all SELMA functions

Advantages of the security concept The concept offers a secure and traceable data exchange concept provides a security architecture supporting the authentication of measuring data and the secure data access represents a comprehensive security concept adapted to the needs metrology applications considers the complete metering process chain from calibration and installation to measurement

Expenditure of security systems Security causes costs Two kinds of costs: non-recurring costs, fixed expenses Non-recurring costs depends on technology Fixed expenses depends on infrastructure Annual fixed expediture per device in Euro 1000 devices 10000 devices min max min max Sum for signed data 3,00 30,58-1,69 15,77 Sum for authenticated access 6,10 15,64 4,02 8,21 Sum for software download -24,07-3,36-24,82-4,86 Total sum -14,97 42,86-22,49 19,12 source: Jürgen Boda (EnBW): SELMA - Gut und teuer?

Applications in metrology Product announcements VNG solution Tlz Sealed software in metrology

Top News received on 2007-06-04 RMG REGEL + MESSTECHNIK GMBH Osterholzstr. 45 D-34123 Kassel, Germany Telefon +49.561.5007-0 rmg@rmg.com Impressum

Secured data data according to to W&M via via remote reading digital signed DSFGdatdata Pattern approval at at PTB PTB in in progress! Details shortly RMG REGEL + MESSTECHNIK GMBH Osterholzstr. 45 D-34123 Kassel, Germany Telefon +49.561.5007-0 rmg@rmg.com Impressum

tlz or Sym 2 Definition of a new concept of electrical meter No real time clock Only a counter which counts every second But it uses the SELMA-ideas for different parts of ensuring, e.g. download and data protection Defines standard interfaces

VNG-Elster solution Signature gateway for gas reconstruction-systems Transfer of measured values of gas quality to different users Signed data structures based on ECC SELMA developments

Software signing facility in PTB Set-up of an facility for signing software using strong cryptography (SHA-256, ECC 256) Problems: long-term storing of the secret key Well-defined internal PTB rules with reduced residue risk Current state: Only one secret PTB key exists

Outlook User association (ADM e.v.) is founded in 2006 Improvements of the concept procedures (performance, operational concept, standardisation) Testing of hard and software for measurement systems Standardized security concept for metrological applications - It may help to avoid interoperability problems Looking for other fields of application