Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
Security analysis of Dutch smart metering systems - Multiple Choices
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
4.4 Port P3 4 PRACTICAL ANALYSIS<br />
risks were described in 2003 and the latest LON specification is from 2002. Although we did found<br />
information stating that the 709.1 standard is being updated, it is unknown how these updates<br />
effect the security <strong>of</strong> the protocol [8].<br />
Because DLMS/COSEM is used by most manufacturers <strong>of</strong> <strong>smart</strong> meters and it is not specific to<br />
PLC, and also is used over GPRS and IP, it will be discussed in a separate section.<br />
Table 11 shows a summary <strong>of</strong> the protocols used together with PLC.<br />
Layer Protocol Supported by<br />
Physical • IEC 61334-5-1 All <strong>Dutch</strong> PLC meter developers<br />
• IEC 61334-4-32 L+G and Actaris<br />
Data link<br />
• IEC 62056-46 Iskraemeco and Sagem<br />
• EIA/CEA 709.1-B-2002 Echelon<br />
Transport and Network Used with Ethernet at link layer Not used in NL<br />
Application<br />
• DLMS/COSEM<br />
• EIA/CEA 709.1-B-2002<br />
L+G, Actaris, Iskraemeco, Sagem<br />
Echelon<br />
Table 11: PLC protocols<br />
Using the right equipment one might be able to sniff the PLC network and communicate with<br />
the <strong>smart</strong> meters. Various PLC modems that are compliant to the physical layer protocols are<br />
available [50, 28]. One <strong>of</strong> these modems is the Mulogic PLM-501, which can be seen in figure 19.<br />
This modem <strong>of</strong>fers RS-232 and RS-485/RS-422 serial data interfaces to connect to a PC and<br />
has support for the IEC 62056 standard, which is used by Iskraemeco and Sagem. In order to<br />
effectively sniff data and possibly communicate with the <strong>smart</strong> meters application level protocol like<br />
DLMS/COSEM or LON have to be implemented. United in the Enbin grid operator organisation<br />
several <strong>Dutch</strong> grid operators are working on a DLMS/COSEM standard for the <strong>Dutch</strong> electricity<br />
market [39]. These specifications are available for public and define data types for <strong>smart</strong> <strong>metering</strong><br />
applications. No publicly available s<strong>of</strong>tware or libraries could be found for the DLMS/COSEM<br />
standards, which will make PLC sniffing difficult, but not impossible.<br />
Data concentrator to CAS<br />
Figure 19: Mulogic PLM-501 PLC modem<br />
The DC collects the data from all the <strong>smart</strong> meters that are connected to the low voltage network<br />
it services. Although the DC uses the same technologies as discussed before (IP and GPRS)<br />
to communicate with the back-<strong>of</strong>fice, the impact on confidentiality and integrity would be much<br />
larger in case <strong>of</strong> security breaches, because data <strong>of</strong> many meters is aggregated at the DC. The<br />
36