oSIST prEN 13757-7:2023
(Main)Communication systems for meters - Part 7: Transport and security services
Communication systems for meters - Part 7: Transport and security services
This document specifies Transport and Security Services for communication systems for meters and remote reading of meters.
This document specifies secure communication capabilities by design and supports the building of a secure system architecture.
This document is applicable to the protection of consumer data to ensure privacy.
This document is intended to be used with the lower layer specifications determined in in the relevant parts of the EN 13757-series.
Kommunikationssysteme für Zähler - Teil 7: Transport- und Sicherheitsdienste
Dieses Dokument legt die Transport- und Sicherheitsdienste für Kommunikationssysteme für Zähler und Fernablesungen für Zähler fest.
Dieses Dokument legt sichere Kommunikationsfähigkeiten nach Design fest und unterstützt den Aufbau einer sicheren Systemarchitektur.
Dieses Dokument gilt für den Schutz der Verbraucherdaten zur Sicherung der Privatsphäre.
Dieses Dokument soll mit den in den relevanten Teilen der NormenreiheEN13757 festgelegten Spezifikationen der unteren Schicht verwendet werden.
Systèmes de communication pour compteurs - Partie 7 : Services de transport et de sécurité
Le présent document spécifie les services de transport et de sécurité pour les systèmes de communication pour compteurs et le télérelevé de compteurs.
Le présent document spécifie des fonctionnalités de communication sécurisées par conception et supporte la réalisation d’une architecture de systèmes sécurisés.
Le présent document s’applique à la protection des données relatives aux consommateurs afin d’assurer la confidentialité.
Le présent document est destiné à être utilisé avec les spécifications relatives aux couches inférieures déterminées dans les parties correspondantes de la série EN 13757.
Komunikacijski sistemi za merilnike - 7. del: Prevoz in varnostne službe
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
oSIST prEN 13757-7:2023
01-september-2023
Komunikacijski sistemi za merilnike - 7. del: Prevoz in varnostne službe
Communication systems for meters - Part 7: Transport and security services
Kommunikationssysteme für Zähler - Teil 7: Transport- und Sicherheitsdienste
Systèmes de communication pour compteurs - Partie 7 : Services de transport et de
sécurité
Ta slovenski standard je istoveten z: prEN 13757-7
ICS:
33.200 Daljinsko krmiljenje, daljinske Telecontrol. Telemetering
meritve (telemetrija)
35.100.10 Fizični sloj Physical layer
35.100.20 Podatkovni povezovalni sloj Data link layer
oSIST prEN 13757-7:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
oSIST prEN 13757-7:2023
---------------------- Page: 2 ----------------------
oSIST prEN 13757-7:2023
DRAFT
EUROPEAN STANDARD
prEN 13757-7
NORME EUROPÉENNE
EUROPÄISCHE NORM
July 2023
ICS Will supersede EN 13757-7:2018
English Version
Communication systems for meters - Part 7: Transport and
security services
Systèmes de communication pour compteurs - Partie 7 Kommunikationssysteme für Zähler - Teil 7:
: Services de transport et de sécurité Transport- und Sicherheitsdienste
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee
CEN/TC 294.
If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations
which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.
Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a European Standard.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2023 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN 13757-7:2023 E
worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
oSIST prEN 13757-7:2023
prEN 13757-7:2023 (E)
Contents Page
European foreword . 5
Introduction . 6
4.1 Abbreviations . 11
4.2 Symbols . 13
5.1 M-Bus Layers . 13
5.2 The CI-field principle . 14
6.1 Introduction . 19
6.2 Overview of the AFL-Structure . 20
6.3 Components of the AFL. 20
6.3.1 AFL Length Field (AFL.AFLL) . 20
6.3.2 AFL Fragmentation Control Field (AFL.FCL) . 20
6.3.3 AFL Message Control Field (AFL.MCL) . 21
6.3.4 AFL Key Information-Field (AFL.KI) . 22
6.3.5 AFL Message counter field (AFL.MCR) . 22
6.3.6 AFL MAC-field (AFL.MAC) . 23
6.3.7 AFL Message Length Field (AFL.ML) . 23
7.1 Introduction . 23
7.2 Structure of none TPL header . 24
7.3 Structure of short TPL header . 24
7.4 Structure of long TPL header . 24
7.5 CI-field dependent elements . 25
7.5.1 Identification number . 25
7.5.2 Manufacturer identification . 25
7.5.3 Version identification . 25
7.5.4 Device type identification . 25
7.5.5 Access number . 28
7.5.6 Status byte in meter messages . 30
7.5.7 Status byte in partner messages . 31
7.5.8 Configuration field . 32
7.6 Configuration field dependent structure. 33
7.6.1 General . 33
7.6.2 Configuration field extension . 34
7.6.3 Optional TPL-header fields . 34
7.6.4 Optional TPL Trailer fields . 34
7.6.5 Partial encryption . 34
7.7 Security mode specific TPL-fields . 34
7.7.1 Shared subfields of configuration field and configuration field extension . 34
7.7.2 Configuration field of Security mode 0 . 38
7.7.3 Configuration field of Security modes 2 and 3 . 39
7.7.4 Configuration field of Security mode 5 . 40
7.7.5 Configuration field of Security mode 7 . 41
7.7.6 Configuration field of Security mode 8 . 42
7.7.7 Configuration field of Security mode 9 . 45
7.7.8 Configuration field of Security mode 10 . 47
8.1 General . 49
8.2 Switching baud rate for M-Bus Link Layer according to EN 13757-2 . 49
8.3 Address structure if used together with the wireless Data Link Layer according to
EN 13757-4 . 49
2
---------------------- Page: 4 ----------------------
oSIST prEN 13757-7:2023
prEN 13757-7:2023 (E)
8.4 Selection and secondary addressing . 49
8.5 Generalized selection procedure . 50
8.6 Searching for installed slaves . 51
8.6.1 Primary addresses . 51
8.6.2 Secondary addresses . 51
8.6.3 Wildcard searching procedure . 52
9.1 General . 53
9.2 Message counter. 54
9.2.1 Overview . 54
9.2.2 Message counter C transmitted by the meter . 54
M
9.2.3 Message counter C transmitted by the communication partner . 55
CP
9.2.4 Message counter C’ received by the meter . 55
CP
9.2.5 Message counter C’ and C” received by the communication partner . 55
M M
9.3 Authentication methods in the AFL . 56
9.3.1 Overview . 56
9.3.2 Authentication method AES-CMAC-128 . 56
9.3.3 Authentication method AES-GMAC-128 . 56
9.4 Encryption and Authentication methods in the TPL . 57
9.4.1 Overview about TPL-Security mechanisms. 57
9.4.2 Manufacturer specific Security mechanism (Security mode 1) . 59
9.4.3 Security mechanism DES-CBC (Security mode 2 and 3) . 59
9.4.4 Security mechanism AES-CBC-128 (Security mode 5) . 60
9.4.5 Security mechanism AES-CBC-128 (Security mode 7) . 61
9.4.6 Security mechanism AES-CTR-128 (Security mode 8) . 62
9.4.7 Security mechanism AES-GCM-128 (Security mode 9) . 63
9.4.8 Security mechanism AES-CCM-128 (Security mode 10) . 66
9.5 Reaction to security failure . 68
9.6 Key derivation. 69
9.6.1 General . 69
9.6.2 Key derivation function A . 69
9.7 Key Exchange . 70
Annex A (normative) Security Information Transfer Protocol . 71
A.1 Introduction. 71
A.2 SITP Services . 71
A.2.1 Transfer security information . 71
A.2.2 Activate security information . 72
A.2.3 Deactivate security information . 72
A.2.4 Destroy security information . 72
A.2.5 Combined activation/deactivation of security information . 72
A.2.6 Generate security information . 72
A.2.7 Get security information . 72
A.2.8 Get list of all key information . 72
A.2.9 Get list of active key information . 72
A.2.10 Get list of active keys and key counter information. 72
A.2.11 Transfer end to end secured application data . 73
A.3 CI-Fields . 73
3
---------------------- Page: 5 ----------------------
oSIST prEN 13757-7:2023
prEN 13757-7:2023 (E)
A.4 SITP structure . 73
A.5 Block Control Field . 74
A.6 Block parameters . 74
A.7 Overview about Data Structures / Mechanisms. 75
A.8 Data structures for Security Information . 77
A.8.1 General . 77
A.8.2 Data Structure 00 . 77
h
A.8.3 Data Structure 01 . 77
h
A.8.4 Data Structure 02 . 78
h
A.8.5 Data Structure 03 . 78
h
A.8.6 Data Structure 20 . 79
h
A.8.7 Data Structure 21 . 80
h
A.8.8 Data Structure 22 . 81
h
A.8.9 Data Structure 23 . 82
h
A.9 Data structures for secured application data . 82
A.9.1 General . 82
A.9.2 Data Structure 30 — AES Key-Wrap . 84
h
A.9.3 Data Structure 31 — HMAC-SHA256 . 84
h
A.9.4 Data Structure 32 and 33 — CMAC . 84
h h
A.9.5 Data Structure 34 — AES-GCM . 85
h
A.9.6 Data Structure 35 — AES-GMAC . 86
h
A.9.7 Data Structure 36 and 37 — AES-CCM . 87
h h
Annex B (informative) Message counter example. 89
Bibliography . 92
4
---------------------- Page: 6 ----------------------
oSIST prEN 13757-7:2023
prEN 13757-7:2023 (E)
European foreword
This document (prEN 13757-7:2023) has been prepared by Technical Committee CEN/TC 294
“Communication systems for meters”, the secretariat of which is held by DIN.
This document is currently submitted to the CEN Enquiry.
This document will supersede EN 13757-7:2018.
This document has been prepared under a Standardization Request given to CEN by the European
Commission and the European Free Trade Association, and supports essential requirements of
EU Directive(s) / Regulation(s).
This document falls under the Mandate EU M/441 “Standardisation mandate to CEN, CENELEC and ETSI
in the field of measuring instruments for the development of an open architecture for utility meters
involving communication protocols enabling interoperability” by providing the relevant definitions and
methods for meter data transmission on application layer level. The M/441 Mandate is driving significant
development of standards in smart metering.
EN 13757-7:2023 includes the following significant technical changes with respect to EN 13757-7:2018:
— support of sensor devices and alarm devices
— Reduce device types for thermal energy meter
— support of MBAL acc. to new EN 13757-8
— introduce the content definition for the subfield Content index in the Configuration field
— apply a separate message counter for each Key ID used in TPL.
— Update definition of the SITP in Annex A like adding DSI 23h and withdrawing DSI 30 .
h
EN 13757 is currently composed with the following parts:
— Communication systems for meters — Part 1: Data exchange;
— Communication systems for meters — Part 2: Wired M-Bus communication;
— Communication systems for meters — Part 3: Application protocols;
— Communication systems for meters and remote reading of meters — Part 4: Wireless meter readout
(Radio meter reading for operation in SRD bands);
— Communication systems for meters — Part 5: Wireless M-Bus relaying;
— Communication systems for meters — Part 6: Local Bus;
— Communication systems for meters — Part 7: Transport and security services;
1)
— Communication systems for meters — Part 8: Adaptation Layer;
— CEN/TR 17167, Communication systems for meters — Accompanying TR to EN 13757-2, −3 and −7,
Examples and supplementary information.
This document is read in conjunction with CEN/CLC/ETSI/TR 50572 [4].
1)
Under development
5
---------------------- Page: 7 ----------------------
oSIST prEN 13757-7:2023
prEN 13757-7:2023 (E)
Introduction
This document belongs to the EN 13757 series, which covers communication systems for meters.
EN 13757-1 contains generic descriptions and a communication protocol. EN 13757-2 contains a
physical and a Link Layer for twisted pair based Meter-Bus (M-Bus). EN 13757-3 contains detailed
description of the application protocols especially the M-Bus Protocol. EN 13757-4 describes wireless
communication (often called wireless M-Bus or wM-Bus). EN 13757-5 describes the wireless network
used for repeating, relaying and routing for the different modes of EN 13757-4. EN 13757-6 describes a
twisted pair local bus for short distance (Lo-Bus). EN 13757-7 describes transport mechanism and
security methods for data. The Technical Report CEN/TR 17167 contains informative annexes from
EN 13757-2, EN 13757-3 and EN 13757-7.
These upper M-Bus protocol layers can be used with various Physical Layers and with Data Link Layers
and Network Layers, which support the transmission of variable length binary transparent messages.
Frequently, the Physical and Link Layers of EN 13757-2 (twisted pair) and EN 13757-4 (wireless) as well
as EN 13757-5 (wireless with routing function) or the alternatives described in EN 13757-1 are used.
These upper M-Bus protocol layers have been optimized for minimum battery consumption of meters,
especially for the case of wireless communication, to ensure long battery lifetimes of the meters.
Secondly, it is optimized for minimum message length to minimize the wireless channel occupancy and
hence the collision rate. Thirdly, it is optimized for minimum requirements towards the meter processor
regarding requirements of RAM size, code length and computational power.
An overview of communication systems for meters is given in EN 13757-1, which also contains further
definitions.
This document concentrates on the meter communication. The meter communicates with one (or
occasionally several) fixed or mobile communication partners which again might be part of a private or
public network. These further communication systems might use the same or other application layer
protocols, security, privacy, authentication, and management methods.
To facilitate common communication systems for CEN-meters (e.g. gas, water, thermal energy and heat
cost allocators) and for electricity meters, in this document occasionally electricity meters are mentioned.
All these references are for information only and are not standard requirements. The definition of
communication standards for electricity meters (possibly by a reference to CEN standards) remains
solely in the responsibility of CENELEC.
1)
NOTE 1 CEN/TR 17167:2023 , Annex C specifies how parts of this standard and of EN 13757-2 and
EN 13757-4 can be used to implement smart meter functionalities. Similar functionalities could also be
implemented using other Physical and Link Layers.
NOTE 2 For information on installation procedures and their integration in meter management systems, see
1)
CEN/TR 17167:2023 , Annex D.
The operator of a smart metering network needs to secure the network to ensure the data protection and
data privacy of the consumer (see EC-Recommendation C1342 (2012)). Securing a system requires a
security policy, which should address in general all constraints on functions, information flow between
functions, access by external systems and threats, including software and access to data by third persons
from an organizational viewpoint.
The security policy is under the responsibility of organizations according to their business processes. The
major elements of a security policy, in combination with rules, will determine the overall security that is
achieved. The security policy defines goals and elements of the system to be supported by organizational
policy and technical implementations of security services. Establishing and executing security policies
1)
Under development
6
---------------------- Page: 8 ----------------------
oSIST prEN 13757-7:2023
prEN 13757-7:2023 (E)
are outside the scope of this document; however, this document provides security services supporting
those policies when implemented.
A security concept refers mainly to an architectural model, which represents data flows between role-
based data processing functions. Requirements for the security concept result from the overall security
objectives in combination with the derived security services and best practice. This standard provides a
set of security services allowing the design of a secure system, which is likely to resist attacks within the
lifetime of the meter.
The limitation to symmetrical cipher methods for data transmission allow energy and memory efficient
solutions. This is advantageous for long-term battery operated meters. It enables as well integration of
unidirectional meter communication. Services like key derivation and key distribution solves the conflict
between short key lifetime and long lifetime of a meter.
7
---------------------- Page: 9 ----------------------
oSIST prEN 13757-7:2023
prEN 13757-7:2023 (E)
1 Scope
This document specifies Transport and Security Services for communication systems for meters and
remote reading of meters.
This document specifies secure communication capabilities by design and supports the building of a
secure system architecture.
This document is applicable to the protection of consumer data to ensure privacy.
This document is intended to be used with the lower layer specifications determined in in the relevant
parts of the EN 13757-series.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edi
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.