TryTRY
BuyBUY
Utimaco
de
TRYour free HSM simulator
BUYget a quote

Next event

18/09 - 19/09 | Networking Event

PrimeKey Tech Days 2018

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

Home / solutions / compliance / compliance & standardization / Certificate Policy of the Smart Metering PKI

Certificate Policy of the Smart Metering PKI

This German Certificate Policy and Technical Guideline BSI TR-03109 define specifications related to the “Smart Metering PKI”. A PKI ensures the integrity, confidentiality and authenticity of data circulating around the smart metering gateway (SMGW). Utimaco HSMs are particularly suited in this context. The Utimaco CryptoServer CSe has been successfully evaluated and found to fulfill the requirements of the Certificate Policy.

Utimaco compliance

Certificate Policy of the Smart Metering PKI

BSI TR-03109 from the German Federal Office for Information Security

With the progressive adoption of smart meters, a large amount of consumption data will be stored and transmitted online. It is crucial to ensure that no unauthorized individual can access this data – or worse, manipulate entire power grids. In this context, the German Federal Office for Information Security (BSI) issued the Technical Guideline BSI TR-03109 and related Certificate Policy of the Smart Metering PKI (German only). They specify the requirements that IT components in smart metering environments must fulfill regarding functionality, interoperability and security.

Parts 3 and 4 of this Technical Guideline define “cryptographic specifications for the infrastructure of smart metering systems“ and specifications related to the “Smart Metering PKI”. A PKI ensures the integrity, confidentiality and authenticity of data circulating around the smart metering gateway (SMGW), the central communication unit of the smart grid architecture.

Utimaco HSMs are particularly suited in this context. The Utimaco CryptoServer CSe has been successfully evaluated and found to fulfill the requirements of the Certificate Policy.

Requirements for Hardware Security Modules used in smart metering environments

BSI TR-03109 and the Certificate Policy of the Smart Metering PKI require that specialized Hardware Security Modules (HSMs) are used to securely generate, store and use cryptographic keys. Chapter 6.2 of the Certificate Policy states that HSMs for smart metering must be certified according to referenced Common Criteria protection profiles. The security of the HSM may alternatively be assessed by an accredited evaluation laboratory, proving

  • the high quality of a true random number generator, as well as
  • physical security through tamper protection and
  • side-channel resistance.

A yearly update of BSI TR-03116, Part 3 (German only) on cryptographic requirements for smart metering projects of the German Federal Government complements the Technical Guideline BSI TR-03109. It defines mandatory cryptographic procedures and key lengths to use.

TR-03109 overview

Successful evaluation of Utimaco HSMs

Utimaco CryptoServer CSe has been evaluated and found to fulfill the requirements of the Certificate Policy:

  • Secure random number generator DRG.4 according to AIS31
  • Tamper protection against attack potential “high” (exceeds required level “moderate”)
  • Side-channel resistance against attack potential “high” (exceeds required level “moderate”) for algorithms AES-256, Diffie-Hellman key exchange, ECDSA signature generation and verification and ECDH key exchange

The evaluation certificate for Utimaco CryptoServer CSe is available here.

This evaluation has been performed by a Common Criteria (CC) evaluation facility based on the German BSI Technical Guideline BSI TR-03109 and Certificate Policy. It gives utility companies and their customers the certainty that deployed IT components and devices – such as Utimaco HSMs – fulfill the requested security requirements.

The German Federal Office for Information Security (BSI) aims at establishing appropriate IT-security standards with the publication of technical guidelines, among others. They basically address every company developing, setting up or securing IT systems. They “provide criteria and practices for conformity evaluations ensuring the interoperability of IT-security components as well as the implementation of defined IT-security requirements”. Technical guidelines, which could be considered simple recommendations or best practices, reference or complement existing standards such as the CC Protection Profiles. Once laws or regulations refer to them, however, they can become mandatory. The same applies to public tenders which require the bidder to conform to such technical guidelines.

Manufacturers and distributors can ask the BSI to confirm and certify the conformity of their IT-products or -systems with specific technical guidelines.

Contact us

Data protection notice: Utimaco IS GmbH collects, processes and uses your personal data exclusively to process your request. You can obtain information about the data stored by Utimaco IS GmbH and request that your data be corrected, deleted or blocked. The deletion or blocking of your data prior to completion of processing your request may prevent this. You can assert these rights against Utimaco IS GmbH free of charge by sending an e-mail to dataprotection@utimaco.com or by notifying Utimaco IS GmbH of the contact details given in the imprint. Further information on data protection at Utimaco IS GmbH can be found in our data protection notice.

* The fields marked with (*) are mandatory.

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Find a partner

Share this page