DLMS/COSEM level security improvement


Protection of communication channels and encryption of data transmitted at all stages: smart meter – data concentrator – head-end software, is an integral part of smart metering for which the stack-oriented DLMS/COSEM protocol is responsible.

ADD Grup faced the task of introducing a more encrypted communication channel for DSO from Romania Distributie Energie Oltenia SA (DEO) for the project of 620 000 smart meters based on latest specifications and needed functionality from DLMS Security Suite 1.

A special feature of the SS1 security layer is 32-bit encryption and the generation of special certificates along with access tokens for successful authorization of the meter / data concentrator on the network and further communication using the key management system  security service.

Have you read?
Hybrid G3-PLC for an effortless KPI
COVID-19 a trigger for smart metering rollouts

The main benefit of switching to Security Suite 1 is the concept of application level, end-to-end security that provides confidentiality, authenticity, and proof of origin between the endpoints to meet a diverse range of use cases. DEO selected the HLS ECDSA based on X509 certificates, which give the possibility to separate the communication and authentication security materials and increase the security level of the entire system.

Power transmission lines must have the appropriate bandwidth and it is necessary to limit the sources of noise as much as possible to prevent communication problems. In addition, the selected communication technology must have a sufficiently high and stable speed. This is due to the fact that with an increase in the level of communication security, the volume of encrypted data transmission also increases. PRIME 1.3.6 meets required needs. Moreover, support for the possibility of a future upgrade to PRIME 1.4 including the FCC range will allow for even more advanced levels of encryption, which will undoubtedly arise in the near future.

This experience will allow ADD Grup to further implement a high level of security for the communication channel for any DSOs optionally.