KR20200143034A - Certificate-based security electronic watt hour meter - Google Patents

Abstract

The present invention relates to advanced metering infrastructure (AMI) security using a cryptographic module (secure element) and electronic certificates which perform various cryptographic operations (encryption/decryption, digital signature generation and verification, hash operation, key agreement, and the like) while complying with the international standard DLMS/COSEM standard. Moreover, the present invention provides a method of mounting security materials (certificates, private keys, and the like) on a smart meter, a security material update method after smart meter on-site installation, and a method for smart meter mutual authentication, secret key agreement, and packet encryption/decryption as a smart meter security operation method.

Description

Certificate-based security electronic watt hour meter

The present invention complies with the international standard DLMS/COSEM standard, while performing various cryptographic operations (encryption/decryption, electronic signature generation and verification, hash operation, key agreement, etc.) and AMI security using electronic certificates. It is about.

Recently, the concept of a smart grid has emerged that connects all facilities and devices powered by electricity through various communication networks. The smart grid is an intelligent power grid system that increases efficiency by integrating information and communication technology into the process of producing, transporting, and consuming electricity, and interacting with each other between suppliers and consumers.

AMI (Advanced Metering Infrastructure) is in the spotlight as a key technology that can use the smart grid system more efficiently. AMI is a technology that automatically analyzes power usage by measuring data measured by a smart meter through a remote meter reader. The smart meter automatically checks the amount of electricity used in the house and transmits the information through the communication network. . Based on the data obtained in this way, electric power companies charge electricity according to the consumption of electricity by consumers. In particular, it is possible to save electricity bills and prevent waste of electricity by supplying optimized power by grasping the patterns of electricity use by user through the information transmitted in this way. In addition, it is possible to solve inconveniences such as errors that occur when a person walks around and reads the meter, and efficient power production management can be achieved through accurate big data. As such efficient power management is possible, AMI distribution is gradually increasing.

As the spread of AMI gradually increases, the demand for AMI security is also increasing. In addition, security should be applied to smart meters, which are legal electronic power meters, in earnest from 2020 in accordance with the guidelines on protection measures for intelligent power grid information.

The above-described background technology is technical information possessed by the inventors for derivation of the present invention or acquired during the derivation process of the present invention, and is not necessarily known to be publicly known prior to filing the present invention.

An object of the present invention is to propose a method for interworking a smart meter with an encryption module in order to satisfy the security function required by the guidelines for the protection measures for intelligent power grid information.

In addition, the present invention is a method of loading security materials such as certificates and private keys necessary for a smart meter, and an object of the present invention is to propose a method of collectively generating and inputting security materials in a higher system.

In addition, an object of the present invention is to provide a method of updating a security material mounted on a smart meter after installation of the smart meter.

In addition, an object of the present invention is to provide a method of mutual authentication between a DLMS/COSEM client and a DLMS/COSEM server using an electronic certificate, a key agreement method, and a method of encryption and electronic signature.

As a means for solving the above problems, the present invention has an embodiment having the following characteristics.

The security material mounting method for a smart meter provided by the present invention includes the steps of: a security material injection device collecting a unique ID of the smart meter; Requesting, by the security material injection device, an AMI (Advanced Metering Infrastructure) server to generate an electronic certificate; A certificate generation step of generating an electronic certificate by the AMI server; Transmitting, by the AMI server, the electronic certificate and the encrypted private key to the security material injection device; And injecting, by the security material injection device, the private key for each ID and the electronic certificate into the smart meter. Includes.

The smart meter security material mounting method includes: requesting, by the security material injection device, from the AMI server to generate a key pair for each unique ID; And generating, by the AMI server, a key pair including a public key and a private key. Includes.

The step of generating the electronic certificate by the AMI server is characterized in that the X.509-based electronic certificate is generated using the public key information.

The step of transmitting the electronic certificate and the encrypted private key by the AMI server to the security material injection device includes the AMI server generating a Key Encryption Key (KEK) and then encrypting the private key with the KEK and transmitting it. It is characterized.

The step of transmitting the electronic certificate and the encrypted private key by the AMI server to the security material injection device further includes the KEK encrypted with MK (Master Key) and transmits the encrypted personal key to the security material injection device. .

In addition, the security material update method proposed by the present invention is a security material update method mounted on a smart meter constituting an AMI (Advanced Metering Infrastructure) based on the DLMS/COSEM protocol, and the security setup of the DLMS/COSEM protocol. Using IC (Interface Class), and requesting, by a client, "generate_key_pair(data)" from a server; Transmitting, by the server, a result of generating the key pair to the client when the key pair is normally generated or fails to be generated by using a key pair generation function provided by a KCMVP (Korea Cryptographic Module Validation Program) certified cryptographic module; Requesting, by the client, "generate_certificate_request" from the server; Responding, by the server, to the client with information necessary for generating a Certificate Singing Request (CSR) with a “generate_certificate_response” packet; The client requesting "X.509 V3 CSR(data)" from the PKI center; The PKI center responding to the client with an "X.509 V3 certificate"; And transmitting, by the client, an electronic certificate to the server. Includes.

In addition, the smart meter security operation method proposed by the present invention is a smart meter operating method that configures an AMI (Advanced Metering Infrastructure) based on DLMS/COSEM protocol, wherein the smart meter functions as a server, and the client Performing an application association (AA) based on an electronic certificate for device connection and communication; And generating a shared secret key between the client and the server. Includes.

The performing of the application association (AA) may include checking whether a certificate for mutual device authentication is installed in the server and the client; And requesting an initial issuance of the device mutual authentication certificate when the server and/or the client does not have the device mutual authentication certificate installed. Includes.

In addition, the step of performing the application association (AA) is characterized in that the process of negotiating an application context, authentication, and xDLMS context.

In addition, the step of performing the application association (AA) is based on a high level security (HLS) method using an electronic certificate, and the server and the client exchange a challenge (StoC, CtoS) and an electronic certificate, f (Stoc) /f(CtoS) signature generation and exchange, extracting the public key from each received electronic certificate, and completing mutual authentication by signature verification of each exchanged f(Stoc)/f(CtoS).

The smart meter security operation method is the application linkage (AA) only when the application linkage (AA) is performed for the first time after the smart meter is installed, or when the smart meter is re-installed or the smart meter is rebooted due to a power outage. It is characterized by performing.

The generating of the shared secret key by the client and the server is characterized in that the shared secret key is generated using an ephemeral unified model (2e, 0s, ECC CDH).

In the step of generating a shared secret key between the client and the server, Key_ID is characterized in that a global unicast or global broadcast key is used.

The server generates the shared secret value, and generates the shared secret key using the shared secret, other input, which is additional information shared in advance, and a key derivation function (KDF) algorithm shared in advance. To do.

When the server encrypts data with the global unicast key or the global broadcast key and transmits the data to the client, the server transmits using a service-specific ciphering APDU packet structure.

The shared secret key generated by the server is characterized in that a global unicast key or a global broadcast key used for encryption/decryption, and a GMAC key for mutual authentication are generated to a minimum.

In addition, the step of performing the application association (AA) is, when the client and the server communicate again after the first application association (AA) is normally performed and terminated, the GMAC-based application association (AA) It is characterized in that to perform.

In addition, the step of performing the application association (AA) is, when the client and the server communicate again after the first application association (AA) is normally performed and terminated, the GMAC-based application association (AA) In the case of performing or using the HLS (High Level Security) method using an electronic certificate, since the certificate was initially exchanged, the electronic certificate is not exchanged again with each other.

In addition, the GMAC-based application linkage (AA) performs electronic certificate-based application linkage (AA) when there is no GMAC key for device mutual authentication, or when GMAC-based mutual authentication fails more than a preset number of times. Characterized in that.

The present invention is a method of mounting and updating an electronic certificate to apply security to a smart meter, which is a legal electronic power meter, an electronic certificate/GMAC-based mutual authentication method, a key agreement method for generating a shared secret key, and a password/ The decoding method and the digital signature method for important measurement data were implemented based on the DLMS/COSEM international standard.

The method proposed by the present invention is a method based on the DLMS/COSEM international standard, and it is easy to implement AMI security and has high compatibility.

1 is a diagram illustrating a configuration for injecting a security material into an encryption module.
2 is a flowchart of a method of injecting a security material into an encryption module using a security material injection device.
3 is a block diagram of a GateWay-based AMI.
4 is a diagram of a security setup IC (Interface Class) used when applying a security function setting, activation, and security policy in DLMS/COSEM.
5 is a diagram for explaining a procedure for additionally issuing an electronic certificate between a DLMS/COSEM server including a KCMVP cryptographic module, a DLMS/COSEM client, and a PKI center or updating an existing electronic certificate.
6 is a diagram for a digital certificate-based AA (Application Association) method.
7 is a flowchart of a smart meter operation method in which an electronic certificate-based mutual authentication, shared secret key generation, and encryption/decryption method are applied to a smart meter according to an embodiment of the present invention.
8 is a diagram illustrating a detailed operation procedure of an Ephemeral unified model.
9 is a diagram for a structure of a service-specific ciphering APDU packet.
10 is a flowchart of a smart meter operation method in which a GMAC-based mutual authentication, shared secret key generation, and encryption/decryption method is applied to a smart meter according to an embodiment of the present invention.
11 is a diagram of a general signing APDU packet structure for generating an electronic signature on important metering information.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

How to mount security materials (certificate, private key, etc.) on smart meter

1 is a diagram for explaining a configuration for injecting a security material into an encryption module, FIG. 2 is a flowchart of a method of injecting a security material into an encryption module using a security material injection device, and FIG. 3 is a GateWay-based AMI It is a configuration diagram.

AMI (Advanced Metering Infrastructure) is a technology that automatically analyzes power usage by measuring data measured by the smart meter 300 through a remote meter reader, and the smart meter 500 automatically monitors the use of power. It is a form that reads the meter and transmits the information through the communication network.

The AMI includes an AMI server 100 and a smart meter 500.

The AMI server 100 can be applied in various ways, such as accumulating and storing power usage information of each user, which has been metered by the smart meter 500, and analyzing the user's power usage pattern through this.

The AMI server 100 includes a group of PKI servers (including at least one or more device authentication server, CA server, key management server, encryption/decryption server, certificate validation server (OSCP), certificate management server (LDAP), etc.) do.

The smart meter 500 includes a security module 530 and MCU 510 for AMI security.

The microcontroller unit (MCU) 510 performs the brain role of the smart meter, such as calculating the power meter reading amount and generating and interpreting packets conforming to the DLMS/COSEM protocol standard. Most smart meters around the world adopt and use the DLMS/COSEM protocol.

The encryption module 530 performs various cryptographic operations (encryption/decryption, electronic signature generation and verification, hash operation, key pair generation, key agreement, etc.).

The cryptographic module 530 can be largely divided into a HW module and an SW module according to a form of KCMVP (Korea Cryptographic Module Validation) verification. The HW module may be implemented in a form in which a security algorithm is implemented in the MCU 510, a security algorithm is implemented in a smart card, and a security algorithm is implemented in an ASIC chip.

The HW module can be mounted on the main board, and in the case of a smart card, if it supports ISO/IEC 7816 interface and protocol, it can be configured as detachable/removable. When mounted on the main mode, communication between the MCU 510 and the cryptographic module 530 may use I2C, SPI, and UART communication interfaces. In the case of the SW library type, it is mounted on a ROM or flash memory and operated, and in this case, an internal bus or SPI communication interface can be used.

On the other hand, the cryptographic module used for the AMI must be a cryptographic module that has obtained KCMVP (Korea Cryptographic Module Validation Program) verification from the National Intelligence Service regardless of its type.

The security material injection device 200 may be used as a method for mounting a security material (electronic certificate, private key, etc.) on the encryption module 530. The AMI server 100 issues a security material to the smart meter 500 installed at the site in an online manner, and the method of mounting the security material in the encryption module 530 needs to be avoided depending on the communication environment.

As shown in FIG. 3, the AMI server 100 and the smart meter 500 installed in the field may communicate through the GateWay 300. The communication environment between the upper operating system AMI server 100 and the smart meter 500 installed in the field may be poor. In general, the communication method between the smart meter 500 and the GateWay 300 uses best efforts communication methods such as power line communication and short-range wireless communication, but this communication method is not excellent in reliability itself. Therefore, it is necessary to avoid a method of issuing a security material to the smart meter 500 installed in the field in an online manner and mounting the security material on the encryption module 530.

When it is difficult to mount a security material on the encryption module 530 by issuing a security material to the smart meter 500 installed in the field in an online manner according to the communication environment, the security material (electronic certificate, personal The security material injection device 200 may be used as a method for mounting a key, etc.). That is, from the field operation point of view, the AMI server (100, specifically, PKI server group) collectively generates the security material required by the smart meter 500, and the security material is recalled using the security material injection device 200. The encryption module 530 may be injected into the encryption module 530 and previously loaded with a security material required for manufacturing the smart meter 500. In addition, the encryption module 530 may receive a necessary security material before or after integration into the smart meter 500. The cryptographic module 530 in which the security material is mounted in advance may be operated as a component constituting the smart meter 500.

The security material injection device 200 may be composed of a device including a CPU, a KCMVP encryption module, and a plurality of communication interfaces. First, the security material injection device 2000 may collect the unique ID of the smart meter 500. On the other hand, if there is a need to collect a large amount of information, the unique ID of the smart meter 500 It can be searched collectively in advance and received in the form of a file such as Excel, where the unique ID is the unique ID used in DLMS/COSEM, System title (consists of 8 bytes, 3 bytes for manufacturer, 5 bytes for serial) It is preferable to use number).

The security material injection device 200 may request the AMI server 100 to generate a key pair. Meanwhile, when the security material injection device 200 includes a KCMVP module having a key pair generation function, the key pair may be generated by itself, and the present invention does not exclude this case.

The method of mounting the security material in the smart meter 500 using the security material injection device 200 includes the step of collecting the unique ID of the smart meter by the security material injection device 200 (S310), the security material injection The device 200 requesting the AMI server 100 to generate a key pair for each unique ID (S320), and the AMI server 100 generating a key pair including a public key and a private key (S330). ), the security material injection device 200 requesting the AMI server 100 to generate an electronic certificate (S340), the AMI server 100 generating an electronic certificate (S350), the AMI server Step (100) transmitting the electronic certificate and the encrypted private key (Key) to the security material injection device 200 (360), the security material injection device 200 to the smart meter 500 for each ID Injecting the private key and the electronic certificate (S370).

The AMI server 100 may generate an electronic certificate based on X.509. When a CSR (Certificate Singing Request) is requested from the AMI server 100, the AMI server 100 uses information such as public key and system title from among the generated key pairs (public key and private key), based on X.509. Generate an electronic certificate of

When transferring the private key together with the generated electronic certificate to the security material injection device 200, the private key must be encrypted, and for the encryption, a KEK (Key Encryption Key) to be applied to each private key is generated and then used as KEK. Encrypt the key. The AMI server 100 transfers information such as CA electronic certificate, generated electronic certificate and private key encrypted with KEK (Key Encryption Key), and KEK encrypted with MK (Master Key) to the security material injection device 200. send. The MK is a master key shared only by the AMI server and the cryptographic module, and the MK is embedded when the cryptographic module is produced or produced.

The security material injection device 200 transmits (injects) the received CA certificate, electronic certificate, KEK encrypted with MK, and private key encrypted with KEK to the encryption module 530. The communication interface supported by the security material injection device 200 to interwork with the encryption module 530 may include at least one or more SPI, I2C, IEC/ISO 7816, UART, and the like.

The ammo module 530 decrypts the KEK through a pre-built Master Key (MK), and decrypts the encrypted private key using the decrypted KEK. If necessary, the decrypted private key is used for digital signature and key agreement algorithms such as ECDSA and ECDH.

It is preferable that the “electronic certificate and + private key” pair injected into the encryption module 530 have a separate pair according to the purpose of use. For example, it can be divided into a pair for mutual authentication and a pair for key agreement. The initially injected "electronic certificate + private key" pair can be used for boot trap or device mutual authentication. The electronic certificate may be updated through a security material update method to be described later, or a new electronic certificate may be additionally issued online.

How to update security material after installing smart meter on-site

Referring back to FIG. 3, in the configuration of an AMI according to an embodiment of the present invention, the AMI server 100 and the smart meter 500 installed in the field may communicate through the GateWay 300.

The smart meter 500 operates as a DLMS/COSEM server, and the gateway 200 may serve as a DLMS/COSEM client depending on its role. If the gateway 200 performs only a simple communication routing role, it performs a DLMS/COSEM client function in the head-end of the AMI server 100 of the upper operating system. In addition, the field operation program used to set the meter reading or parameter from the smart meter 500 installed in the field also serves as a DLMS/COSEM client, and each DLMS/COSEM entity (collectively referred to as a client or server) has a unique system. Separated by title.

4 is a diagram of a security setup IC (Interface Class) used when applying a security function setting, activation, and security policy in DLMS/COSEM.

New issuance of an electronic certificate or update of an existing certificate can be performed using the 4th, 5th, and 6th items of the specific methods item of the security setup IC.

5 illustrates a procedure for additionally issuing an electronic certificate between the DLMS/COSEM server 450 including the KCMVP cryptographic module 453, the DLMS/COSEM client 430 and the PKI center 410, or updating the existing electronic certificate It is a drawing to do.

The additional issuance and update target of the electronic certificate is the smart meter 500 and functions as a DLMS/COSEM server 450. Specifically, an electronic certificate is additionally issued or updated using the security setup IC of the DLMS/COSEM server implemented in the MCU 510 included in the smart meter 500. Hereinafter, DLMS/COSEM server is abbreviated as server and DLMS/COSEM client is abbreviated as client.

As shown in Figure 5, the security material update method mounted on the smart meter according to an embodiment of the present invention targets an AMI based on the DLMS/COSEM protocol, and the security setup IC (Interface Class IC) of the DLMS/COSEM protocol. ).

In the security material update method according to an embodiment of the present invention, the client 430 requests “generate_key_pair(data)” from the server 450, and the server 450 has obtained KCMVP (Korea Cryptographic Module Validation Program) certification. Transmitting the result to the client 430 when the key pair is normally generated by using a key pair generation function provided by the encryption module or when the generation fails, the client 430 sends “generate_certificate_request” to the server 450 ), the server 450 responding with a “generate_certificate_response” packet to the client 430 with information necessary for generating a Certificate Singing Request (CSR) by the server 450, and the client 430 responds with a “X.509 V3 CSR” (data)” to the PKI center, the PKI center 410 responding to the client 430 with “X.509 V3 certificate”, the client 430 electronically to the server 450 And sending the certificate.

In the step of requesting “generate_key_pair(data)” from the client 430 to the server 450, the fourth method of the security setup IC shown in FIG. 4 is called to request “generate_key_pair(data)”. Key pairs can be classified according to their purpose of creation. For example, a key pair for digital signature, a key pair for key agreement, a key pair for mutual authentication, a key pair for TLS, and the like can be exemplified.

A command such as generating a key pair between the server 450 and the KCMVP encryption module 453 uses a communication interface, protocol, and API provided by the KCMVP encryption module 453. The encryption algorithm must be performed inside the KCMVP encryption module 453, and APIs that can request the use of each encryption algorithm are predefined.

In the step of requesting "generate_certificate_request" from the client 430 to the server 450, a "generate_certificate_request" may be requested by using the fifth method of the security setup IC shown in FIG. 4. In addition, the server 450 responds to the client 430 with information necessary for generating a Certificate Singing Request (CSR) with a “generate_certificate_response” packet. The necessary information here is classified into the purpose of creating an electronic certificate, i.e., for digital signature, key agreement, mutual authentication, TLS, etc., and must include a public key suitable for the purpose and system-title information of the server 450 . It is preferable to use the standard data format PKCS #10 (RFC 5280) as the format of the transmitted information.

When the server 450 receiving the information for the CSR request performs a “X.509 V3 CSR(data)” request to the PKI center 410, the PKI center 430 signs the corresponding CA's private key. It generates an electronic certificate and responds to the client 430 with "X.509 V3 certificate".

The client 450 needs to transmit the electronic certificate to the server 450 after receiving the electronic certificate from the PKI center, and uses the sixth method “import_certificate” of the security setup IC. DLMS/COSEM server updates the existing electronic certificate if the existing purpose of use (for digital signature, key agreement, mutual authentication, TLS, etc.) is the same, and if it is for a new purpose, it is judged as issuing a new electronic certificate and a new electronic certificate Is stored separately.

Smart meter security operation method: Smart meter mutual authentication, secret key agreement, and packet encryption/decryption method

Up to now, the issuance of electronic certificates required to perform AMI security has been described. Hereinafter, a method of mutual authentication between a DLMS/COSEM client and a DLMS/COSEM server using an electronic certificate, a key agreement method, encryption and electronic signature method will be described.

<Smart Meter Security Operation Method, Example 1>

6 is a diagram for a digital certificate-based AA (Application Association) method.

In order to acquire data from a smart meter operating as a DLMS/COSEM server or set parameters of a smart meter, the electronic certificate-based application association (hereinafter referred to as AA) must first be completed. AA is the process of negotiating application context, authentication and xDLMS context. 6 shows the AA process based on the HLS (High Level Security) method using an electronic certificate. HLS mutual authentication methods specified in DLMS/COSEM range from mechanism 2 to mechanism 7. The GMAC method is from mechanism 2 to mechanism 5, and the electronic certificate method is from mechanism 2 to mechanism 7.

The electronic certificate-based HLS consists of a total of 4 steps, pass1 to pass4, as shown in Figure 6, and exchanges challenge (StoC, CtoS) and electronic certificates, f(Stoc)/f(CtoS) signature generation and exchange, each received Extract the public key from the electronic certificate (to verify the validity of the electronic certificate, extract the public key from the CA's certificate and verify the signature of the electronic certificate signed with the CA private key), and each exchanged f(Stoc)/f(CtoS) By verifying the signature, mutual authentication is completed.

7 is a flowchart of a smart meter operating method in which an electronic certificate-based mutual authentication, shared secret key generation, and encryption/decryption method are applied to a smart meter according to an embodiment of the present invention.

A method for operating a smart meter configuring an AMI based on a DLMS/COSEM protocol according to an embodiment of the present invention is characterized in that the smart meter functions as a DLMS/COSEM server (hereinafter, referred to as a server). The smart meter operating method is the step of performing an application association (AA) based on an electronic certificate for logical device connection and communication by a DLMS/COSEM client (hereinafter, a client), and the client and the server receive a shared secret key. And generating.

When a smart meter (which functions as a server) equipped with an electronic certificate for mutual device authentication is installed on the site and a communication network is opened, the client performs the smart meter and AA first. After completing AA, after performing xDLMS service such as acquiring necessary measurement data from the smart meter or changing parameters, the AA is canceled.

When performing AA for the first time after the smart meter is installed on the site, or when the smart meter is relocated or when the smart meter is rebooted due to a power outage, the electronic certificate-based AA must be performed even if it is not the first AA. . This can be performed only when both the DLMS/COSEM client and the DLMS/COSEM server have electronic certificates for mutual device authentication in advance.

When the AA based on the digital certificate is successfully completed, a shared secret key is generated for use by the client and server. Among the various methods provided by DLMS/COSEM, a shared secret is used using the ephemeral unified model (2e, 0s, ECC CDH) method. Generate the key.

8 is a diagram illustrating a detailed operation procedure of an Ephemeral unified model.

Key_ID according to an embodiment of the present invention is limited to global unicast or global broadcast. In the case of using the global unicast or global broadcast key, the structure of the ciphering packet is simple, and thus there is an advantage of minimizing transmission packet overhead.

Through the ephemeral unified model, the client and server first generate a shared secret, and share the shared secret value and other input, which is additional information shared in advance, and a pre-shared key derivation function (KDF) algorithm. Generate a secret key. Here, as for the shared secret key, a global unicast key or global broadcast key used for encryption/decryption and a GMAC (mechanism 5) key for mutual authentication must be generated to a minimum.

Each shared secret key specified above can be additionally generated using the same shared secret value and other input information. When the metering data is encrypted with the generated global unicast key or global broadcast key and transmitted to the client, it is transmitted using a service-specific ciphering APDU packet structure as shown in FIG. 9.

When using the authentication encryption method in the service-specific ciphering APDU packet structure, both the encryption key and the authentication key are required. When a 32-byte global unicast is created, the upper 16 bytes are the encryption key and the lower 16 bytes are used as an authentication key.

The service-specific ciphering method is based on the general global ciphering and general ciphering methods (respectively, the shared secret key agreement (generation) method is different from the previously specified ephemeral unified model (2e, 0s, ECC CDH) method). Compared to this, the packet overhead is very small.

In addition, the global unicast key or global broadcast key is also used to encrypt/decrypt measurement data in pre-established AA. The key is pre-established AA is an AA method that is used when transmitting from a smart meter to a higher level system by push. There is no separate negotiation process at the application layer.

When there is no more service (acquisition of measurement data or parameter change) to be performed, the client cancels AA.

<Smart Meter Security Operation Method, Example 2>

10 is a flowchart of a smart meter operation method in which a GMAC-based mutual authentication, shared secret key generation, and encryption/decryption method is applied to a smart meter according to an embodiment of the present invention.

When performing AA to collect weighing data or change parameters from a smart meter after the initial AA normal termination, GMAC-based AA may be performed in a simpler method than the method of Example 1 shown in FIG. 7.

The client can check whether the DLMS/COSEM server has the GMAC key through the initial AA execution (check the initial AA execution record for each system title and various shared secret keys created afterwards), but preferentially whether the DLMS/COSEM server has a GMAC key You can inquire (S910). If there is no GMAC key for device mutual authentication and if GMAC-based mutual authentication fails more than a preset number of times, the key agreement method of the electronic certificate-based AA and the ephemeral unified model as in Example 1 of FIGS. 6 to 7 is used. The necessary shared secret key (global unicast key or global broadcast authentication encryption key, GMAC authentication key) must be generated. The number of failures can be set in consideration of the field communication environment.

The reason for performing GMAC-based mutual authentication after completion of the first electronic certificate-based AA is an electronic certificate having a size of 400 to 500 bytes between the DLMS/COSEM client (hereinafter, the client) and the DLMS/COSEM server (hereinafter, the server). This is because there is an advantage that packet overhead can be greatly reduced since there is no need to transmit and receive data.

Here, after performing the initial certificate-based AA, the certificate-based AA of Example 1 (refer to FIGS. 6 to 7) is performed as another method to reduce packets when additional AA is performed. If there is a certificate, etc., the process of transmitting it can be omitted. Since most of the packet overhead occurs when transmitting a certificate (about 300-400 bytes) packet, it is possible to reduce the packet by omitting this process.

Authentication, encryption, and authentication encryption can be performed respectively using the service-specific ciphering APDU packet structure specified in Fig. 9 with a global unicast key or global broadcast, a shared secret key generated after completion of the initial digital certificate-based AA execution. . When a 32-byte global unicast is created, the upper 16 bytes are used as the encryption key and the lower 16 bytes are used as the authentication key.

Here, when the shared secret key is periodically updated (e.g., before the monthly meter reading date or after a certain period of use, etc.), each is shared through the electronic certificate-based AA execution and the ephemeral unified model's key agreement method as specified in FIG. Just update the secret key.

Referring to Figure 3 When explaining the operation method of the smart meter 500 according to the first and second embodiments of the present invention, when the on-site operation program (operating as a client) implemented in the terminal 600 is connected while the gateway 300 is operating as a client, the The operating program has access priority. In this case, as described in FIGS. 7 and 10, each shared secret key is generated through the electronic certificate-based AA execution and the key agreement method of the ephemeral unified model, and used according to the purpose.

The smart meter 500 operating as a server can separately manage information on AA and shared secret keys for each system title (gateway and laptop clients each have different system titles), and various shared secret keys are encryption modules. It is necessary to store it in 530 and manage it safely.

In order to operate the electronic certificate to a minimum, the “electronic certificate + private key”, a pair for mutual authentication mounted on the smart meter, can be used for signing purposes for important metering information such as monthly meter reading information. Sign and send. (KEPCO has a policy decision to mount only “electronic certificate + private key” for mutual authentication, and to digitally sign mutual authentication and important information between devices.)

Referring to FIG. 3, based on the above-described contents, a further description of the role between the MCU 510 of the smart meter 500 and the encryption module 530 will be described with reference to the security setup IC and the Association LN ( Logical Name) IC defines security functions and policies, and the MCU 510 generates a shared secret key through an electronic certificate-based AA and GMAC-based AA, ephemeral unified model key agreement method, packet encryption/decryption method, and important data Perform electronic signatures, etc.

The cryptographic module 530 provides a primitive API (API) for individual functions so that the smart meter developer can use the functions provided by the cryptographic module 530. In addition, the cryptographic module 530 integrates a number of primitive APIs to easily implement electronic certificate/GMAC-based mutual authentication, key agreement and encryption/decryption/digital signature in the MCU 510 to provide convenience to smart meter developers. One application API can be provided. That is, a security function can be provided while reducing packet overhead and delay time through fewer transactions between the MCU 510 and the cryptographic module 530 by using a plurality of application APIs provided by the cryptographic module 530 manufacturers. I can.

It should be understood that the embodiments described above are illustrative in all respects and not limiting. The scope of the present invention is indicated by the claims to be described later rather than the detailed description, and all changes or modified forms derived from the meaning and scope of the claims and their equivalent concepts should be interpreted as being included in the claims of the present invention. .

100: AMI server
200: security material injection device
300: GateWay
410: PKI Center
430: DLMS/COSEM Client
450: DLMS/COSEM Server
453: KCMVP cryptographic module
500: smart meter
510: MCU
530: cryptographic module
600: terminal

Claims (18)

Collecting the unique ID of the smart meter by the security material injection device;
Requesting, by the security material injection device, to generate an electronic certificate from an AMI (Advanced Metering Infrastructure) server;
A certificate generation step of generating an electronic certificate by the AMI server;
Transmitting, by the AMI server, the electronic certificate and the encrypted private key to the security material injection device; And
Injecting, by the security material injection device, the private key for each ID and the electronic certificate into the smart meter; Smart meter security material mounting method comprising a.
The method of claim 1,
The smart meter security material mounting method,
Requesting, by the security material injection device, the AMI server to generate a key pair for each unique ID; And
Generating, by the AMI server, a key pair including a public key and a private key; Smart meter security material mounting method comprising a.
The method of claim 2,
The step of generating the electronic certificate by the AMI server,
A smart meter security material mounting method, characterized in that generating an X.509-based electronic certificate using the public key information.
The method of claim 1,
The step of transmitting the electronic certificate and the encrypted private key by the AMI server to the security material injection device includes the AMI server generating a Key Encryption Key (KEK) and then encrypting the private key with the KEK and transmitting it. Smart meter security material mounting method characterized.
The method of claim 4,
The step of transmitting the electronic certificate and the encrypted private key by the AMI server to the security material injection device further comprises transmitting the KEK encrypted with MK (Master Key) to the security material injection device. Smart meter security material mounting method.
As a security material update method installed in a smart meter constituting an AMI (Advanced Metering Infrastructure) based on DLMS/COSEM protocol,
It uses the security setup IC (Interface Class) of the DLMS/COSEM protocol,
Requesting, by the client, "generate_key_pair(data)" from the server;
Transmitting, by the server, a result of generating the key pair to the client when the key pair is normally generated or fails to be generated by using a key pair generation function provided by a KCMVP (Korea Cryptographic Module Validation Program) certified cryptographic module;
Requesting, by the client, "generate_certificate_request" from the server;
Responding, by the server, to the client with information necessary for generating a Certificate Singing Request (CSR) with a “generate_certificate_response” packet;
The client requesting "X.509 V3 CSR(data)" from the PKI center;
The PKI center responding to the client with an "X.509 V3 certificate"; And
Sending, by the client, an electronic certificate to the server; Security material update method comprising a.
As a smart meter security operation method that composes AMI (Advanced Metering Infrastructure) based on DLMS/COSEM protocol,
The smart meter functions as a server,
Performing, by a client, an application association (AA) based on an electronic certificate for logical device connection and communication; And
Generating a shared secret key by the client and the server; Smart meter security operating method comprising a.
According to claim 7
The step of performing the application association (AA),
Checking whether a certificate for mutual device authentication is installed in the server and the client; And
Requesting an initial issuance of the device mutual authentication certificate when the server and/or the client does not have the device mutual authentication certificate installed; Smart meter security operation method comprising a.
The method of claim 7,
The step of performing the application association (AA),
Smart meter security operation method, characterized in that the process of negotiating the application context, authentication and xDLMS context.
The method of claim 7,
The step of performing the application association (AA),
It is based on HLS (High Level Security) method using electronic certificate,
Challenge (StoC, CtoS) and electronic certificate exchange between the server and the client, f(Stoc)/f(CtoS) signature generation and exchange, extracting the public key from each received electronic certificate, and each exchanged f (Stoc) / f (CtoS) signature verification to complete the mutual authentication, characterized in that the smart meter security operation method.
The method of claim 7,
The smart meter security operation method,
The application linkage (AA) is performed for the first time after the smart meter is installed, or the application linkage (AA) is performed only when the smart meter is rebooted due to a relocation or power outage. How to operate security.
The method of claim 7,
The step of generating a shared secret key between the client and the server,
Smart meter security operation method, characterized in that the shared secret key is generated using the ephemeral unified model (2e, 0s, ECC CDH) method.
The method of claim 12,
In the step of generating a shared secret key between the client and the server, Key_ID uses a global unicast or global broadcast key.
The method of claim 12,
The server generates a shared secret value, and generates the shared secret key using the shared secret value, other input, which is additional information shared in advance, and a key derivation function (KDF) algorithm shared in advance. Smart meter security operation method characterized by.
The method of claim 13,
When the server encrypts data with the global unicast key or the global broadcast key and transmits the data to the client, the smart meter security operation method is characterized in that for transmitting using a service-specific ciphering APDU packet structure.
The method of claim 14,
The shared secret key generated by the server generates a global unicast key or a global broadcast key used for encryption/decryption, and a GMAC key for mutual authentication to a minimum.
The method of claim 16,
The step of performing the application association (AA),
When the first application connection (AA) is normally performed and terminated, and the client and the server communicate again, a GMAC-based application connection (AA) is performed.
The method of claim 17,
The GMAC-based application linkage (AA) is
Smart meter security operation method, characterized in that when there is no GMAC key for device mutual authentication, or when GMAC-based mutual authentication fails more than a preset number of times, electronic certificate-based application linkage (AA) is performed.

Images