Introduction - KNX
Introduction - KNX
Introduction - KNX
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Data Encryption<br />
Authentication / Device Signatures<br />
Signatures, or authentication in any way, are not included in the Dutch smart meter<br />
specifications. This is referred to in the OMS documents (OMS-Spec-<br />
Vol1_General_v100.pdf section 3.6.2) as work in progress.<br />
Encryption<br />
The Dutch smart meter specifications require two-way data encryption. The MUC to<br />
Meter data may contain control data (time synch, valve control, etc) so should be<br />
encrypted. The Meter to MUC data should be encrypted for privacy reasons (to mask<br />
zero or low consumption of temporarily uninhabited quarters).<br />
The MUC documents require only encryption for MUC to Meter data<br />
(MUC_080128_inkl_Anlagen.pdf SRR section 5.3.9).<br />
Note that the EN13757 only specifies encryption for Meter to MUC data.<br />
Encryption Algorithm<br />
The encryption algorithm is in both the Dutch smart meter specification and the OMS<br />
documents AES-128.<br />
The block chaining mode is in both specification documents CBC (Cipher Block<br />
Chaining).<br />
In the Dutch specification, the initialisation vector is binary zero, in the OMS<br />
specification the initialisation vector (IV) is built from data that is sent (in the same<br />
transaction as are the encrypted data) as unencrypted byte stream.<br />
Encryption key exchange<br />
In the Dutch smart meter specifications, a new encryption key is encrypted with a<br />
meter-specific default encryption key to prevent exchange of an unencrypted plaintext<br />
encryption key. This allows a relatively secure modification of encryption keys.<br />
In the OMS documents there is no exchange of encryption keys; hence changing<br />
encryption keys in an operational meter is not possible. The encryption keys in the<br />
OMS specification are configured in the production facility. The encryption key is<br />
then sent unencrypted from the meter to the MUC, and from there to the Head End,<br />
during installation. (MUC_080128_inkl_Anlagen.pdf SRR section 5.3.9).<br />
Comments:<br />
Review M-bus.doc 2 04/12/2008