World Class Standards

1

SCP(11)0216

SCP Plenary #50

June 15-17, 2011

Title*: Update on TC M2M activities and related EC Standardization Mandates

Submitted by: Francois Ennesser

from Source*: GemaltoSubmitted To*: SCP 50

Document for*: Decision a decision is formally requested from the addressed (sub-)committee

Only one "" Discussion the contribution is expected to be presented and discussed, but no decision is formally requested

Information X the contribution does not require discussion

World Class Standards

2

Update on TC M2M Activities

Discussions started to transform TC M2M in International Partnership Project (2012?)

Release 1 completion expected end 2011: TR 102 691: Smart Metering Use Cases and TS 102 689: Requirements already published

Stage 2 (TS 102 690, architecture) being completed

Stage 3 (TS 102 921, Interfaces and Protocols)

• M2M Service layer communicates through APIs with Transport layer and Application Layer

• REST (Representational State Transfer) based model for resources and primitives

TR 103 167 on Threat Analysis approved for publication at M2M 15

• Intended to remain a living document

Structured in 5 Working Groups WG1 Requirements, WG2 Architecture, WG3 Protocols, WG4 Security, WG5 Management (Device / Platform)

World Class Standards

3

M2M Architecture Overview (Draft TS 102 690)

M2M devices connect to core network directly or through a Gateway

Service Layer (SL) access requires mutual authentication, independent from Access Network (AN)

SL credentials may be independent or not from AN credentials (depending on trust between Service Provider and Network Operator)

TS 102 690 offers multiple options to bootstrap service layer credentials, including UICC provisioning or derivation

A secured environment, such as UICC, is required to protect SL keys in Devices or Gateways

User interface to applicatione.g. Web portal

PC/dedicated appliance

M2M Area

(e.g. Smart Metering) M2M Application

ETSI M2M Service Capabilities

M2M Devic

e

M2M Gateway

ServiceCapabilities

Local M2M Network

M2M Device

M2M Service Capabilities

M2M Device

mIa

mId

Central Communication

System

WAN (Wide Area Network) Core

network

M2M Device Domain

World Class Standards

4

Update on EC M441 Smart Metering Mandate Comments on the “Technical Report on Communication” endorsed at SMCG Plenary on June 8 (6 months of delay to address EC comments): Document (TR) submitted for consultation to national entities and professional groups, before being sent for vote to ETSI/CEN/CENELEC on the 1st of September (around 3 months for each SDO)

Existing SCP specifications are listed as possibly relevant

Available under http://docbox.etsi.org/M2M/M441/open_space/ETSI_M441_Management/00_Working_Folder_SMCG_Report/

Reference Use Cases for the mandate (high level description) are being finalized by the Smart Metering Coordination Group

SCP member inputs are always welcome

The Work Program of the involved committees (including ETSI SCP) is maintained as a living document

ETSI SCP Part will be updated to include new relevant work items

• Embedded UICC, M2M API…

Available at http://docbox.etsi.org/M2M/M441/open_space/ETSI_M441_Management/10_Working_Folder_Work_Programme/101112_Work%20Programme%2027.09.10%20v3%20final%20-%20ETSI.doc

World Class Standards

5

EC M490: Smart Grid Mandate Mandate published March 1 2011, now accepted by ETSI/CEN/CENELEC

ETSI TC M2M appointed by OCG as ETSI Coordinating TC for this mandate, like for M441

Will be coordinated with outputs of M441 (Smart Metering) and M468 (Electric Vehicle Charging)

• Automatic Metering Infrastructure (scope of M441) is just one part of Smart Grid

Domains include “Data Protection and Integrity, Information Security and Privacy”

• Services include User Authentication, Digital Signature, Encryption…

Referring recommendations from EC Expert Groups on Stakeholders, Functionalities, and Privacy and Data Protection

The report on Privacy and Data Protection recommends to build from past experience in Banking and Telecom, and recommends Common Criteria Protection Profile definition and certification for sensitive smart grid components

An ETSI/CEN/CENELEC JWG on Smart Grids already produced a Strategic Report on Smart Grids also insisting on security and Privacy issues

The JWG has become “Smart Grid Coordination Group” (SG-CG)

Working group structure created in SG-CG includes “Smart Grid Information Security” group

World Class Standards

6

EC M490: Smart Grid Mandate (2) ETSI has missed some steps of the path between JWG and SG-CG : discuss the new SG-CG ToR , the new structure. Now TC M2M has been proposed as the coordinating entity for ETSI, an internal organization has been set up (identical as Smart Grid) (Marylin Arndt, David Boswarthick). Moreover an OCG task Force (Joachim Koss) has been decided during last OCG meeting in April, as to bring support to TCs in the management of the mandates.

Structure of the SG-CG (JWG will stop its activity the 30 th June, SG-CG in December 2012) below

Next Steps :

plenaries :

•1st July : 1st plenary of the SG-CG

• 7th October : 2nd plenary

Steering Group meetings

•(17th May), 30st June, 1sept, 10 November

Subgroups

•SG First Set of Standards Team : delay to

bring contributions extended to 21st June.

•Other SG are to be launched very soon.

•Important : Call for experts are running for

each of the Subgroups.

World Class Standards

7

BSI Protection Profile for Smart Meter Gateway Common Criteria Protection Profile developed by the German federal agency for Security in Information Technology

It addresses the communication capabilities of a smart meter with local and neighborhood networks

Meant as mandatory requirement for Smart meter gateway between LAN and WAN: Certification will be required for German deployment

Critical link between security of Smart Meter, Smart Grid, and home automation networks

“The security functionality of the TOE comprises protection of confidentiality, authenticity, integrity of data and information flow control, mainly to protect the privacy of consumers, to ensure a reliable accounting process and to protect the Smart Metering System and a corresponding large scale infrastructure of the smart grid.”

Mentions the use of 2 Security Modules

“The Gateway and the E-Meter each utilise the services of a Security Module (e.g. a smart card) as a cryptographic service provider and as a secure storage for confidential assets. The Security Module will be evaluated separately according to the requirements in the corresponding Protection Profile.”

Refers to a To be developed “Protection Profile for the Security Module of a Smart Meter”

World Class Standards

8

BSI cryptographic function sharing with Security Module

The following table provides a detailed overview on how the cryptographic functions are distributed between the TOE and its Security Module:

World Class Standards

9

Relevant Assets for BSI Protection Profile

World Class Standards

10

EC M468: Electric Vehicle Charging Launched mid 2010, now renamed “European Electro Mobility”

CEN-CENELEC joint focus group with 6 Project Teams was created PT1- Terminology, 2- Connectors- plug systems, 3- Batteries, 4- Communication, 5- Modes of Charging, 6- Standards & Regulations

ETSI TC M2M interested to participate in PT4 with TC SCP

A technical document has been produced

PT4 focuses on Technologies and Standards for Data Commuinication between Electric Vehicle and Charging Device

Further data communication, as well as advanced communication using Wireless, has been pushed out of M468, to the M490 Smart Grid mandate

CEN/CENELEC – ETSI TC ITS cooperate to converge on system architecture, Communication protocols (layers 3 to 7), security and system management.

Interests have come on use of NFC and Mobile terminals for some transactions like secure payment.

World Class Standards

11

M468 - Functional Role Model Modifications

World Class Standards

12

Foreseen M2M impact on UICC A first level UICC application owned by the Service Provider will be required to handle M2M SL access credentials

Using the GP based Confidential Content framework adopted in TS 102 226 to maintain independence from other UICC stakeholders

Should benefit from embedded UICC remote management features

Can SCP take a role in defining this application?

Vertical M2M applications may further impact the UICC

e.g. in Smart Grids, privacy sensitive Personal Data belonging to consumers (e.g. detailed consumption log) should be stored locally

This may also include utilities billing subscriptions, allowing user to activate most advantageous subscription depending on usage conditions