Certificate Policy of the Smart Metering PKI

BSI TR-03109 from the German Federal Office for Information Security

With the progressive adoption of smart meters, a large amount of consumption data will be stored and transmitted online. It is crucial to ensure that no unauthorized individual can access this data – or worse, manipulate entire power grids. In this context, the German Federal Office for Information Security (BSI) issued the Technical Guideline BSI TR-03109 and related Certificate Policy of the Smart Metering PKI (German only). They specify the requirements that IT components in smart metering environments must fulfill regarding functionality, interoperability and security.

Parts 3 and 4 of this Technical Guideline define “cryptographic specifications for the infrastructure of smart metering systems“ and specifications related to the “Smart Metering PKI”. A PKI ensures the integrity, confidentiality and authenticity of data circulating around the smart metering gateway (SMGW), the central communication unit of the smart grid architecture.

Utimaco HSMs are particularly suited in this context. The Utimaco CryptoServer CSe has been successfully evaluated and found to fulfill the requirements of the Certificate Policy.

Requirements for Hardware Security Modules used in smart metering environments

BSI TR-03109 and the Certificate Policy of the Smart Metering PKI require that specialized Hardware Security Modules (HSMs) are used to securely generate, store and use cryptographic keys. Chapter 6.2 of the Certificate Policy states that HSMs for smart metering must be certified according to referenced Common Criteria protection profiles. The security of the HSM may alternatively be assessed by an accredited evaluation laboratory, proving

the high quality of a true random number generator, as well as
physical security through tamper protection and
side-channel resistance.

A yearly update of BSI TR-03116, Part 3 (German only) on cryptographic requirements for smart metering projects of the German Federal Government complements the Technical Guideline BSI TR-03109. It defines mandatory cryptographic procedures and key lengths to use.

Successful evaluation of Utimaco HSMs

Utimaco CryptoServer CSe has been evaluated and found to fulfill the requirements of the Certificate Policy:

Secure random number generator DRG.4 according to AIS31
Tamper protection against attack potential “high” (exceeds required level “moderate”)
Side-channel resistance against attack potential “high” (exceeds required level “moderate”) for algorithms AES-256, Diffie-Hellman key exchange, ECDSA signature generation and verification and ECDH key exchange

The evaluation certificate for Utimaco CryptoServer CSe is available here.

This evaluation has been performed by a Common Criteria (CC) evaluation facility based on the German BSI Technical Guideline BSI TR-03109 and Certificate Policy. It gives utility companies and their customers the certainty that deployed IT components and devices – such as Utimaco HSMs – fulfill the requested security requirements.

The German Federal Office for Information Security (BSI) aims at establishing appropriate IT-security standards with the publication of technical guidelines, among others. They basically address every company developing, setting up or securing IT systems. They “provide criteria and practices for conformity evaluations ensuring the interoperability of IT-security components as well as the implementation of defined IT-security requirements”. Technical guidelines, which could be considered simple recommendations or best practices, reference or complement existing standards such as the CC Protection Profiles. Once laws or regulations refer to them, however, they can become mandatory. The same applies to public tenders which require the bidder to conform to such technical guidelines.

Manufacturers and distributors can ask the BSI to confirm and certify the conformity of their IT-products or -systems with specific technical guidelines.