introduction to idis g3 plc workshop - elster african …...3/& 7hfkqrorj\ 2yhuylhz)xqfwlrqdolw\...

$: Introduction to IDIS G3 Plc Workshop - Elster African …...3/& 7HFKQRORJ\ 2YHUYLHZ)XQFWLRQDOLW\ 6)6. PXOWL IUHTXHQF\ (FKHORQ 26*36)6. 2)'0 3ULPH 2)'0 * %3/ 3K\VLFDO /D\HU PRGXODWLRQ$
TOPIC• Simon Dart & Nigel Baker• M.D. & Sales Manager - Coastal• Elster Solutions (Pty) Limited• South Africa

An Introduction to IDIS G3 PLC TechnologyAgenda• Introduction to general PLC Technologies.

– What is G3 Power Line Carrier (PLC) ?• What is IDIS?• What IDIS G3 PLC Solutions are available today ?• Security in PLC Technologies• Case Studies for IDIS G3 PLC Technology Performance• Conclusions

Introduction to PLC Technologies

Smart Metering in Europe

ItalyGas – ZigBee, M-BusWAN – PLC (Echelon)

FranceERDF: PLC (SFSK, G3)GRDF: RF

GermanyWAN – GPRS, …HAN – M-Bus (RF & Wired)

UKWAN - GPRSHAN – ZigBee

SpainPLC – OFDM (Prime)

AustriaWAN – PLC (G3) / GPRSHAN – M-Bus (RF & Wired)

NetherlandsWAN – PLC (G3) , CDMAHAN – M-Bus (RF & Wired)

HungaryWAN – PLC (IDIS) / GPRSHAN – M-Bus (RF & Wired)

SwitzerlandWAN – GPRS, PLC / G1 / G3

Introduction to the different PLC Technologies

baud rate

Interoperability

variousBPLvarious

SFSKBPSK

SFSK, BPSK OFDM BPL • SFSK –Spread Frequency Shift Keying

• BPSK –Binary Phase Shift Keying

• OFDM –Orthogonal Frequency-Division Multiplex

• BPL – Broad Band Power Line using frequency hopping spread spectrum technology

SFSK

PLC Technology Overview

FunctionalitySFSK multi-frequency

Echelon / OSGP SFSK

OFDM / Prime

OFDM / G3 BPL

Physical Layer, modulation SFSK BPSK SFSK DBPSK, DQPSK DBPSK, DQPSK BPLfrequency range 25-95kHz 25-95kHz 25-95kHz 45-95kHz 45-95kHz 2-32MHzinteroperability yes no yes yes yes (IDIS/DSMR) nostandardization proprietary proprietary IDIS Prime G3 alliance propiretarycarriers 6 1 1(2) 97 36 >100Communication speed 2400 Baud 3600 Baud 2400 Baud 128k Baud >36k Baud 1-2M BaudPLC protocol DLMS proprietary DLMS DLMS DLMS proprietaryData model COSEM proprietary COSEM / IDIS COSEM / Type 5 COSEM / IDIS proprietarypower consumption low low low high high highstandardization proprietary proprietary IDIS Prime G3 alliance propiretarysecurity (authenticat. encryption, ..) yes yes yes tbd yes yesfield proven yes yes yes partly new partlyHAN support (optional) yes yes yes no yes partlyCustomer interface (optional) yes ? yes no yes partly

SFSK versus G3 PLC technology

Time (s) to get a Load Profile Reading of 3300 Bytes*

S-FSK 1200 56S-FSK 2400 28OFDM 4

Head-End

Typical G3-PLC Archetecture

Data Concentrator Gateway Point to Point

RTU3G3-PLC

AS3000AM540

G3-PLC OFDM

G3-PLC Data concentrator concept

IP NET,GSM/GPRS/3G

G3-PLC Gateway concept

Point-to-point GPRS / IP

Hybrid Mode

G3 PLC Protocol Stack

G3 PLC Routing

Overview

• Robust Mode• Typical Noise on Power Lines • Frequency Selective Channels • Narrow-Band Disturber

Functions PRIMESFSK G3

• IPV6 Support• enhanced Frequency range (>95kHz)• Security

• Communication Baudrate• Interoperable Chip Sets• Interoperables Data Model • Multi-Utility support (M-Bus)• Customer Interface

BPL

What is IDIS ?

( Interoperable DeviceInterface Specification )

Interoperability and Exchangeability Why IDIS ?

• To ensure true interoperable systems. • Use existing protocols and defined meter functionality based on common

agreement.What’s needed ?

• Utilities prefer to have the option to select different suppliers for:-• Meters• Data Concentrator

• Achieved by having an interoperable solution /common definitions /specs.• Without having an interoperable solution the utility always have to rely on one

solution supplier.How to reach the interoperability ?

• new definitions / modifications will take several years to bring into the international standardization.

• practical solution -> creation of Alliance between several meter suppliers and /or utilities to make the necessary definitions based on accepted well known Standards - IDIS Association, G3 Association.

Interoperability and Exchangeability

ConformanceTesting

test report12-JUL-2011 10:34:45 iCTT version 1.0.3 Licensed to: KEMA-IDIS Cert. Tester: Bas Roelofsen ******************************************************************************** ****************** * Identification * ****************** Manufacturer = { Name = '\ITRON Metering Systems' ThreeLettersId = '\ACE' } DeviceUnderTest = { IDISDeviceType = 100 IDISFunctionType = [EXTENSION_D, EXTENSION_L, EXTENSION_M] SerialNr = 10091488 } *********** * Summary * *********** PASSED 1203 FAILED 0 DISABLED 0 INAPPLICABLE 295 INCONCLUSIVE 0 FATAL 0 TOTAL 1498 ********************************** Test Case 1 : Discovery, 1 item(s) ********************************** (1) Meter Discovery PASSED ******************************************** Test Case 2 : Connect and release, 4 item(s)

Test Report

Standards

IEC 62056 Communication STD

DefinesCompanion

SpecificationDefines

Test ToolsInteroperability

Testing

Tender

Utility

Manufacturer

Interoperability and Exchangeability IDIS Association ensures:

• Proven Interoperability and Exchangeability• Providing Specs as well as Test tools and Certifications • Proper usage of well known Standard• Maintenance & enhancements of IDIS SpecsElster, Landis + Gyr, Itron, Iskraemeco are active Board Member of the IDIS Association today.

See more about IDIS under http://idis-association.com

IDIS G3 PLC Solutions that are available today.

E2E G3-PLC solution

IDIS compliant End to End Solution based on G3-PLC with IDIS Object Model on top Supports Gateway or classical Data Concentrator concept Point to Point IDIS compliant connections as fall-back

RTU3G3-PLC

AS3000AM540

G3-PLC OFDM


IP NET,GSM/GPRS/3G



• Acts as classical Data Concentrator• Is handling all any security relevant information towards the MDC/MDM and towards Meters• Uses a HW Secure Element for security information• Is collecting & preparing Meter Data

E2E G3-PLC solutionG3-PLC Data concentrator concept

RTU3G3-PLC

AS3000AM540

G3-PLC OFDM

LTE / 3G / GPRS /

Ethernet / IPAS220AM540 MDC / MDM

DLMS eiWeb+

Standard communication – Low Voltage distribution line

IDIS Package 2

• Handles a multitude of Point-2-Point connections• Direct communication MDC-to-Meter based on DLMS• End to End security• Does not hold any security relevant information, no target for cyber attacks

E2E G3-PLC solutionG3-PLC Gateway concept

RTU3G3-PLC

AS3000AM540

G3-PLC OFDM

LTE / 3G / GPRS /


DLMS DLMS


IDIS Package 2

E2E G3-PLC solutionG3-PLC Hybrid Mode

RTU3G3-PLC

AS3000AM540

G3-PLC OFDM

LTE / 3G / Ethernet / LTE / 3G /

GPRS / Ethernet /

IPAS220AM540 MDC /

MDM

DLMS eiWeb+Standard communication – Low Voltage distribution line

IDIS Package 2

RTU3G3-PLC

AS3000AM540

G3-PLC OFDM

LTE / 3G / Ethernet / LTE / 3G / GPRS /

Ethernet / IPAS220

AM540 MDC / MDM

DLMS DLMSStandard communication – Low Voltage distribution line

IDIS Package 2

• Either Data Concentrator or Point to Point• Automatic reading by Concentrator or Tradition AMR Reading• Allows interrogation of individual meters

E2E G3-PLC solutionModular Meters with Communications

AM130 - GSM/GPRS (IDIS compliant)• Incl. wired or wireless M-Bus (optional)• DLMS/COSEM protocol • customer interface

AM200 – wireless M-Bus • Connection to external HUB• Wireless M-Bus (slave), 868MHz

AM300 – Ethernet • Incl. wired or wireless M-Bus (optional)• DLMS/COSEM protocol

AM500 PLC – SFSK (IDIS compliant)• Incl. wired M-Bus (optional)• DLMS/COSEM

AM540 PLC – OFDM/G3 (IDIS / DSMR compliant)• incl. wired or wireless M-Bus (optional)• DLMS/COSEM• customer interface

AM730 – RS485 interface• IRS485 interface with 2 RJ45 connectors• power supply for external modem• DLMS/COSEM protocol support AS3000 - 3Phase

AS220 - 1Phase

E2E G3-PLC solution - SummaryData Concentrator and Gateway functionality

• Standard product as part of G3 IDIS Solution. • Integrates an IPv6 Router and processing capacity to execute functions – like data concentrator and smart grid applications.• Supports G3-PLC technology.• Uses 3G modem in an externalremovable card (LTE ready).

HW platform• Unified HW platform• Same HW for various G3 solutions• Future proof hardware design• Secure Element /Chip

Hybrid functionality• Point to point communication IPv6 router or DLMS Direct Connect• Store & Forward mode supporting classical Date Concentrator mode

Standard-based WAN• For device configuration• For data collection in concentrator mode

Security• Local access/tools• Data collection in concentrator mode• Secure boot

• Based on the entire IDIS approach‒ The IDIS members provide a functional working End-to-End-Solution ‒ The IDIS members ensures Interoperability & Exchangeability based on IDIS‒ The IDIS members offer a variety of products

• modular Meters & Comms, integrated Meters (on the Roadmap)• Data Concentrators and Router• Head End & MDM Systems

‒ The IDIS members match the (existing and coming) Security requirements

E2E G3-PLC solution - Benefits

Security in PLC Technologies

• Meters are essential for billing and will create the “right” attention• With the right incentives, systems are hacked. Examples:

‒ Payment Systems

• Some key challenges for meter security:‒ Firmware Updates‒ Remote Disconnect‒ Billing process /Tariff Changes‒ Availability‒ Cyber criminality/terrorism

Why is Data Security important for Smart Metering?

Security overview

Security need to be taken care of on all affected Products and Levels• Security functionalities of the products

‒ encryption/decryption, authentication, storage of key material‒ Supporting the respective standards & recommendations

• Secure Design & Development Environment• Testing & Certifications• Production (load initial key material, certified environment, transportation) • Ensure secure Deployment & Life Cycle Management

G3-PLC RTUData Concentrator/RouterMetersHead endsystemHSM

Security on HES / SoftwareHES/Software

Requirements• Provide end-end security without compromises

‒ Interface with meter manufacturers (Multi Vendor System)‒ Protect the storage of sensitive data so users and hackers can’t steal/misuse information‒ Extend the protocol driver to split the “crypto” operations without losing control‒ Be able to import, store & manage large keys in the MDM system

• Be flexible to evolve‒ Symmetrical towards asymmetrical encryption (or combined/hybrid)‒ New security methods‒ Distributing keys (DC/Meter)

• Provide local troubleshooting capabilities


Security on HES / SoftwareHES/Software

Requirements• Shipment/manufacturing

‒ Secure handling of keys from the manufacturer towards the MDC system‒ HSM (Hardware Security Module) provides encryption/decryption of the shipment file‒ Energy Security Suite (Atos/Worldline) provides crypto support, interfaces to PKI, IF to HSM

• Key renewal/upload‒ During installation or when keys have become obsolete‒ MDC will requests a key, HSM encrypts the “package” with the key

• Operational‒ MDC manages all communication with field devices, HSM provide encryption/decryption features

• Troubleshooting‒ Devices can temporary receive a “service key” which can leave the HSM for field/local troubleshooting. ‒ MDC/HSM tracks this operation (remote)


• Next generation RTU• Data Concentrator to locally execute scheduled tasks like reading meters • Also a router to allow direct connection from HES to meter.

‒ Critical commands‒ Direct ad-hoc readouts

Data Concentrator


• Hardware Physical security‒ Screws with seals blocking access to wire terminals‒ Tamper sensor protecting both terminal cover as the electronics cover. A alarm can be sent to the HES.

• Hardware Security module‒ Secure chip storing keys of DLMS meters‒ Public/private key pair generation for WAN security‒ Encryption/decryption of sensitive data‒ EAL 6+ (HW) and EAL4+ (FW) Common Criteria certification‒ Secure boot chain

• Software security‒ Signed firmware‒ Encryption of meter data‒ https (TLS) for web portal‒ Support for comms interface security

Data Concentrator Security


• Upstream and downstream interface must be secure. A two-layered security concept is proposed.• Application layer security (e.g. DLMS security suite 0)

‒ Protect against meter data theft, false commands,...‒ Secured between HES, DC and meter only. No intermediate encryption/decryption

• Low layer security‒ To secure the communication medium‒ Keep hackers out of the network infrastructure

Communication interface concept


Security on E2E - SolutionMeter & Comms


• Security on meter level‒ physical communication based on PLC/G3

• G3-PLC standard: ITU G.9903• G3-PLC authentication method: EAP-PSK /defined in RFC 4764• G3-PLC en-/decryption : AES 128

Security concept using DLMS COSEMMeter & Comms

G3-PLC RTUData Concentrator/RouterMetersHead endsystemHSMSecurity policy

• DLMS/COSEM defines the concept of different available security policies, of which there are 4 types1. Security not imposed2. all messages are authenticated3. all messages are encrypted4. all messages are authenticated and encrypted

• The DLMS/COSEM security suite defines multiple security levels and their corresponding algorithms. The highest security level supports AES 128 GCM encryption and GMAC authentication.

Security keysMeter & Comms


Security – Role based accessMeter & Comms


IDIS security using DLMS COSEMMeter & Comms

G3-PLC RTUData Concentrator/RouterMetersHead endsystemHSMAuthentication

DLMS/COSEM defines 3 level of authentication. An implementation can use either No, LLS or HLS depending on the level of protection required. IDIS security uses HLS.

Authentication types used in DLMS/COSEM

Encryption & Integrity - SummaryMeter & Comms

Encryption technique is the process of transforming using algorithm to make it unreadable to anyone except those possessing the “key”. To ensure confidentiality in metering data transfer, the following encryption techniques are used- the advanced Encryption Standard (AES) is an encryption method that uses unique keys

at the endpoint to protect home or business information from interception that could lead to potential privacy and operational exploits

- Secure Socket Layer (SSL) protocol is designed to protect data transported over internet protocol (IP) based networks, as well as secure sockets for HTTP and web services

Data integrity is ensured while data is stored in the meter, and also as data is transmitted to the next system component. Access protection to store data against unauthorized access, modification, removal or destruction needs to be implemented. This will be done using checksums, which ensure the data is valid.The system has to be able to recognize accidental and unintentionally transmitted data change, as well as required data transmission using encryption techniques and protocols, such as defined by M-Bus and DLMS-COSEM

Case Studies for IDIS G3 PLC Technology Performance

Dubai Smart MeteringPilot UAE

IDIS Solution:IDIS G3PLC solution for the smart metering pilot based on: – IDIS EIServer, transparent DLMS gateways and IDIS modular meters ‒ Readout of M-Bus water meters‒ MV broad band powerline (PPC technology) and GPRS uplinks

IDIS Services:– Project management – Deployment of the EIServer platform – Functional workshop (leaded to a detailed functional specification)– Customer training– Support related to the smart metering pilot

Dubai smart metering pilot

End to End G3 PLC solution

• Handles a multitude of Point-2-Point connections• Direct communication MDC-to-Meter based on DLMS• End to End security• Does not hold any security relevant information, no target for cyber attacks

RTU2G3-PLC

AS3000AM540

G3-PLC OFDM

Ethernet / IPLTE / 3G / GPRS /


DLMS DLMS


IDIS Package 2


IDIS EIServer MDM/MDC platform

EIServer Operator Client

Performance figures reached with G3PLCG3 PLC field measured value in Al Warsan CDB 16

‒ 61 meters installed, 61 meters read = 100%

Note: The limiting GPRS upstream communication link has been used

Instantaneous Values11 Registers

Load Profile 2 channels(1 hour / 15min values)

6 sec 6,9sec1 Meter

8 min61 Meters 10 min

Linky solution

France

France – Linky solution

Linkymeter

Consumer

Portal

SI Distr

ibution

SI Distr

ibution

Data Concentrator

LV / MV Substations

GPRS / 3G Wimax Ethernet

Telecommunications

Telecom Network

AMM Information

System

Control & Supervision

ERDF Control Center

G3-PLC Technology

Low Voltage network

• New housing according specific ErDF requirements• OFDM G3-PLC solution• WAN communication – based on PLC

‒ Using DLMS/COSEM protocol‒ Physical layer using

• SFSK (max. 2400 Baud)• G3 OFDM (max. 46KBds)• Local interfaces

‒ TIC interface – customer interface, 1-way, 9600 Baud‒ Euridis interface – utility interface, 2-way, 9600 Baud

• Advanced functionality‒ 4-quadrant measurement‒ Specific LCD (3-line display)‒ Complex tariff management (consumer and producer)‒ Integrated disconnect relay‒ Load profile for consumer and producer‒ Daily profile for consumer and producer

France – Linky solution

Conclusions

Summary

• Robust Mode• Typical Noise on Power Lines • Frequency Selective Channels • Narrow-Band Disturber

Functions PRIMESFSK G3

• IPV6 Support• enhanced Frequency range (>95kHz)• Security

• Communication Baudrate• Interoperable Chip Sets• Interoperables Data Model • Multi-Utility support (M-Bus)• Customer Interface

BPL

Head-End

Typical G3-PLC Archetecture

Data Concentrator Gateway Point to Point

RTU3G3-PLC

AS3000AM540

G3-PLC OFDM


IP NET,GSM/GPRS/3G



Conclusions• Introduction to general PLC Technologies.

– What is G3 Power Line Carrier (PLC) ?• What is IDIS?• What IDIS G3 PLC Solutions are available today ?• Security in PLC Technologies• Case Studies for IDIS G3 PLC Technology Performance• Conclusions

Thank youSimon Dart Nigel BakerManaging Director Sales Manager

introduction to idis g3 plc workshop - elster african …...3/& 7hfkqrorj\ 2yhuylhz)xqfwlrqdolw\...

Documents