Skip to main content
Skip table of contents

Energy systems PKI

For energy IoT applications, the potential consequences of a security breach can be absolutely devastating. A sabotaged power supply can have broad and serious consequences and endanger the lives of people. 


IoT is a cornerstone of energy management and smart grids. The different equipment and devices in the ecosystem communicate over a network in order to share the data needed to make the energy system “smart”, efficient and cost-saving. IoT also plays into several other key areas such as IT automation and big data analytics.


Smart metering infrastructure security

Smart metering is an Internet of Things (IoT) application for most electric power utilities. The term Advanced Metering Infrastructure (AMI) refers to systems that measure, collect, and analyze energy usage, and communicate with metering devices such as electricity meters, gas meters, heat meters, and water meters - a key building block of a smart grid.

Enabling smart meters and other components in the AMI to communicate with a remote backend means a more open system with a bigger attack surface and more entry points for cybersecurity attacks. For any electric power utility implementing AMI, it is of utmost importance to protect it from malicious parties. 

The AMI architecture

A Meter Data Management (MDM) system collects and stores meter data from a Head-End System (HES) and processes that meter data into information that can be used by other utility applications including billing, customer information systems, and outage management systems.

A Head-End System is hardware and software that receives the stream of meter data brought back to the utility through the AMI. Head-end systems may perform a limited amount of data validation before either making the data available for other systems to request or pushing the data out to other systems.

A Data Concentrator Unit (DCU) is an AMI aggregator component that helps in data acquisition, transfer of energy data to the central database, and automated meter reading in electronic energy meters. 


 AMI security standards

Smart devices need a globally accepted standard language that ensures interoperability, efficiency and security. This is provided by DLMS/COSEM.

Device Language Message Specification (DLMS) is the suite of standards developed and maintained by the DLMS User Association (DLMS UA) and has been adopted by the IEC TC13 WG14 into the IEC 62056 series of standards.

Companion Specification for Energy Metering (COSEM) includes a set of specifications that defines the transport and application layers of the DLMS protocol. The IEC 62056 standards are the international standard versions of the DLMS/COSEM specification.

DLSM/COSEM security suites

DLMS provides three security suites to meet various requirements.

Security Suite

Authenticated Encryption

Digital Signature

Key Agreement

Hash

Key Transport

Compression

0

AES-GCM-128

-

-

-

  • AES-128
  • Key-Wrap

-

1

AES-GCM-128

ECDSA with P-256

ECDSA with P-256

SHA-256

  • AES-128
  • Key-Wrap

V.44

2

AES-GCM-256

ECDSA with P-384

ECDSA with P-384

SHA-384

  • AES-256
  • Key-Wrap

V.44

Nexus' solution

Nexus Smart ID IoT is a Certificate Authority (CA) product enabling a Public Key Infrastructure (PKI) that constitutes the foundation for a trusted and secure smart grid. Nexus' PKI solution is based on Smart ID Certificate Manager.

The core component of Nexus Smart ID IoT, Certificate Manager, is a generic, mature, reliable, and high-performing CA platform. It offers multi-tenancy and multi-CA possibilities and provides easy CA management and vast integration possibilities supporting multiple certificate formats, crypto algorithms and HSM vendors/models.

All standard certificate management protocols are supported, including, ACME, CMP, EST, EST-coaps, SCEP, etc., and a flexible REST API is available in addition. Certificate Manager software is Common Criteria EAL4+ certified. 

For more information, see the following links: 



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.