BS EN 13757-7:2018
$215.11
Communication systems for meters – Transport and security services
| Published By | Publication Date | Number of Pages |
| BSI | 2018 | 94 |
This draft European Standard specifies Transport and Security Services for communication systems for meters and remote reading of meters. This draft European Standard specifies secure communication capabilities by design and supports the building of a secure system architecture. This draft European standard is applicable to the protection of consumer data to ensure privacy. This draft European Standard is intended to be used with the lower layer specifications determined in EN 13757-2, EN 13757-3, EN 13757-4, EN 13757-5 and EN 13757-6.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | undefined |
| 11 | 1 Scope 2 Normative references |
| 12 | 3 Terms and definitions |
| 14 | 4 Abbreviations and symbols 4.1 Abbreviations |
| 16 | 4.2 Symbols 5 Layer model 5.1 M-Bus Layers |
| 17 | 5.2 The CI-field principle |
| 21 | 6 Authentication and Fragmentation Sublayer (AFL) 6.1 Introduction |
| 22 | 6.2 Overview of the AFL-Structure |
| 23 | 6.3 Components of the AFL 6.3.1 AFL Length Field (AFL.AFLL) 6.3.2 AFL Fragmentation Control Field (AFL.FCL) |
| 24 | 6.3.3 AFL Message Control Field (AFL.MCL) |
| 25 | 6.3.4 AFL Key Information-Field (AFL.KI) 6.3.5 AFL Message counter field (AFL.MCR) |
| 26 | 6.3.6 AFL MAC-field (AFL.MAC) 6.3.7 AFL Message Length Field (AFL.ML) 7 Transport Layer (TPL) 7.1 Introduction |
| 27 | 7.2 Structure of none TPL header 7.3 Structure of short TPL header 7.4 Structure of long TPL header 7.5 CI-field dependent elements 7.5.1 Identification number |
| 28 | 7.5.2 Manufacturer identification 7.5.3 Version identification 7.5.4 Device type identification |
| 30 | 7.5.5 Access number 7.5.5.1 Overview |
| 31 | 7.5.5.2 Generation of access number for meter initiated datagrams 7.5.5.3 Generation of access number for partner generated datagrams |
| 32 | 7.5.6 Status byte in meter messages |
| 33 | 7.5.7 Status byte in partner messages |
| 34 | 7.5.8 Configuration field |
| 35 | 7.6 Configuration field dependent structure 7.6.1 General |
| 36 | 7.6.2 Configuration field extension 7.6.3 Optional TPL-header fields 7.6.4 Optional TPL Trailer fields 7.6.5 Partial encryption 7.7 Security mode specific TPL-fields 7.7.1 Shared subfields of configuration field and configuration field extension |
| 39 | 7.7.2 Configuration field of Security mode 0 |
| 40 | 7.7.3 Configuration field of Security modes 2 and 3 |
| 41 | 7.7.4 Configuration field of Security mode 5 |
| 42 | 7.7.5 Configuration field of Security mode 7 |
| 43 | 7.7.6 Configuration field of Security mode 8 |
| 46 | 7.7.7 Configuration field of Security mode 9 |
| 48 | 7.7.8 Configuration field of Security mode 10 |
| 50 | 8 Management of lower layers 8.1 General 8.2 Switching baud rate for M-Bus Link Layer according to EN 137572 8.3 Address structure if used together with the wireless Data Link Layer according to EN 137574 8.4 Selection and secondary addressing |
| 51 | 8.5 Generalized selection procedure |
| 52 | 8.6 Searching for installed slaves 8.6.1 Primary addresses 8.6.2 Secondary addresses 8.6.3 Wildcard searching procedure |
| 53 | 9 Security Services 9.1 General |
| 54 | 9.2 Message counter 9.2.1 Overview 9.2.2 Message counter CM transmitted by the meter |
| 55 | 9.2.3 Message counter CCP transmitted by the communication partner 9.2.4 Message counter C’CP received by the meter 9.2.5 Message counter C’M and C”M received by the communication partner |
| 56 | 9.3 Authentication methods in the AFL 9.3.1 Overview 9.3.2 Authentication method AES-CMAC-128 9.3.3 Authentication method AES-GMAC-128 |
| 57 | 9.4 Encryption and Authentication methods in the TPL 9.4.1 Overview about TPL-Security mechanisms |
| 59 | 9.4.2 Manufacturer specific Security mechanism (Security mode 1) 9.4.3 Security mechanism DES-CBC (Security mode 2 and 3) 9.4.3.1 Encryption 9.4.3.2 Decryption |
| 60 | 9.4.4 Security mechanism AES-CBC-128 (Security mode 5) 9.4.4.1 Encryption 9.4.4.2 Decryption verification |
| 61 | 9.4.5 Security mechanism AES-CBC-128 (Security mode 7) 9.4.5.1 Encryption 9.4.5.2 Decryption verification 9.4.5.3 Authentication 9.4.5.4 TPL-padding 9.4.6 Security mechanism AES-CTR-128 (Security mode 8) 9.4.6.1 General |
| 62 | 9.4.6.2 Encryption 9.4.6.3 Authentication 9.4.6.4 Defining CTR Initialization Vector |
| 63 | 9.4.7 Security mechanism AES-GCM-128 (Security mode 9) 9.4.7.1 Overview |
| 65 | 9.4.7.2 Encrypted data 9.4.7.3 Unencrypted data 9.4.7.4 Authentication tag 9.4.7.5 Defining GCM key 9.4.7.6 Defining GCM Initialization Vector |
| 66 | 9.4.7.7 Reaction to algorithm fail 9.4.8 Security mechanism AES-CCM-128 (Security mode 10) 9.4.8.1 General |
| 67 | 9.4.8.2 CCM-Counter 9.4.8.3 Authentication tag 9.4.8.4 Encrypted data 9.4.8.5 Unencrypted data 9.4.8.6 Defining CCM key 9.4.8.7 Defining CCM payload data 9.4.8.8 Defining CCM associated data |
| 68 | 9.4.8.9 Defining CCM nonce 9.4.8.10 CCM formatting and counter generation function 9.4.8.11 Reaction to authentication fail 9.5 Reaction to security failure |
| 69 | 9.6 Key derivation 9.6.1 General 9.6.2 Key derivation function A 9.6.2.1 General 9.6.2.2 Message Key (MK) 9.6.2.3 Derivation Constant (DC) 9.6.2.4 Message counter (C) |
| 70 | 9.6.2.5 Meter-ID (ID) 9.6.2.6 Padding 9.6.2.7 Key calculation 9.7 Key Exchange |
| 71 | Annex A (normative)Security Information Transfer Protocol A.1 Introduction A.2 SITP Services A.2.1 Transfer security information |
| 72 | A.2.2 Activate security information A.2.3 Deactivate security information A.2.4 Destroy security information A.2.5 Combined activation/deactivation of security information A.2.6 Generate security information A.2.7 Get security information A.2.8 Get list of all key information A.2.9 Get list of active key information A.2.10 Transfer end to end secured application data |
| 73 | A.3 CI-Fields A.4 SITP structure A.5 Block Control Field |
| 74 | A.6 Block parameters |
| 75 | A.7 Overview about Data Structures / Mechanisms |
| 76 | A.8 Data structures for Security Information A.8.1 General |
| 77 | A.8.2 Data Structure 00h A.8.3 Data Structure 01h A.8.4 Data Structure 02h |
| 78 | A.8.5 Data Structure 03h |
| 79 | A.8.6 Data Structure 20h A.8.7 Data Structure 21h |
| 80 | A.8.8 Data Structure 22h |
| 81 | A.9 Data structures for secured application data A.9.1 General |
| 82 | A.9.2 Data Structure 30h — AES Key-Wrap |
| 83 | A.9.3 Data Structure 31h — HMAC-SHA256 |
| 84 | A.9.4 Data Structure 32h and 33h — CMAC A.9.5 Data Structure 34h — AES-GCM |
| 86 | A.9.6 Data Structure 35h — AES-GMAC |
| 87 | A.9.7 Data Structure 36h and 37h — AES-CCM |
| 89 | Annex B (informative)Message counter example |
