SCP(11)0216 SCP Plenary #50 June 15-17, 2011

1. SCP(11)0216 SCP Plenary #50 June 15-17, 2011

2. Update on TC M2M Activities Discussions started to transform TC M2M in International Partnership Project (2012?) Release 1 completion expected end 2011: TR 102 691: Smart Metering Use Cases and TS 102 689: Requirements already published Stage 2 (TS 102 690, architecture) being completed Stage 3 (TS 102 921, Interfaces and Protocols) M2M Service layer communicates through APIs with Transport layer and Application Layer REST (Representational State Transfer) based model for resources and primitives TR 103 167 on Threat Analysis approved for publication at M2M 15 Intended to remain a living document Structured in 5 Working Groups WG1 Requirements, WG2 Architecture, WG3 Protocols, WG4 Security, WG5 Management (Device / Platform)

3. M2M Architecture Overview (Draft TS 102 690) M2M devices connect to core network directly or through a Gateway Service Layer (SL) access requires mutual authentication, independent from Access Network (AN) SL credentials may be independent or not from AN credentials (depending on trust between Service Provider and Network Operator) TS 102 690 offers multiple options to bootstrap service layer credentials, including UICC provisioning or derivation A secured environment, such as UICC, is required to protect SL keys in Devices or Gateways WAN (Wide Area Network) Core network Central Communication System PC/dedicated appliance (e.g. Smart Metering) M2M Application User interface to application e.g. Web portal mIa ETSI M2M Service Capabilities mId M2M Area Service Capabilities M2M Gateway Local M2M Network M2M Service Capabilities M2M Device Domain M2M Device M2M Device M2M Device

4. Update on EC M441 Smart Metering Mandate Comments on the “Technical Report on Communication” endorsed at SMCG Plenary on June 8 (6 months of delay to address EC comments): Document (TR) submitted for consultation to national entities and professional groups, before being sent for vote to ETSI/CEN/CENELEC on the 1st of September (around 3 months for each SDO) Existing SCP specifications are listed as possibly relevant Available under http://docbox.etsi.org/M2M/M441/open_space/ETSI_M441_Management/00_Working_Folder_SMCG_Report/ Reference Use Cases for the mandate (high level description) are being finalized by the Smart Metering Coordination Group SCP member inputs are always welcome The Work Program of the involved committees (including ETSI SCP) is maintained as a living document ETSI SCP Part will be updated to include new relevant work items Embedded UICC, M2M API… Available at http://docbox.etsi.org/M2M/M441/open_space/ETSI_M441_Management/10_Working_Folder_Work_Programme/101112_Work%20Programme%2027.09.10%20v3%20final%20-%20ETSI.doc

5. EC M490: Smart Grid Mandate Mandate published March 1 2011, now accepted by ETSI/CEN/CENELEC ETSI TC M2M appointed by OCG as ETSI Coordinating TC for this mandate, like for M441 Will be coordinated with outputs of M441 (Smart Metering) and M468 (Electric Vehicle Charging) Automatic Metering Infrastructure (scope of M441) is just one part of Smart Grid Domains include “Data Protection and Integrity, Information Security and Privacy” Services include User Authentication, Digital Signature, Encryption… Referring recommendations from EC Expert Groups on Stakeholders, Functionalities, and Privacy and Data Protection The report on Privacy and Data Protection recommends to build from past experience in Banking and Telecom, and recommends Common Criteria Protection Profile definition and certification for sensitive smart grid components An ETSI/CEN/CENELEC JWG on Smart Grids already produced a Strategic Report on Smart Grids also insisting on security and Privacy issues The JWG has become “Smart Grid Coordination Group” (SG-CG) Working group structure created in SG-CG includes “Smart Grid Information Security” group

6. EC M490: Smart Grid Mandate (2) ETSI has missed some steps of the path between JWG and SG-CG : discuss the new SG-CG ToR , the new structure. Now TC M2M has been proposed as the coordinating entity for ETSI, an internal organization has been set up (identical as Smart Grid) (Marylin Arndt, David Boswarthick). Moreover an OCG task Force (Joachim Koss) has been decided during last OCG meeting in April, as to bring support to TCs in the management of the mandates. Structure of the SG-CG (JWG will stop its activity the 30th June, SG-CG in December 2012) below Next Steps : plenaries : 1st July : 1st plenary of the SG-CG 7th October : 2nd plenary Steering Group meetings (17th May), 30st June, 1sept, 10 November Subgroups SG First Set of Standards Team : delay to bring contributions extended to 21st June. Other SG are to be launched very soon. Important : Call for experts are running for each of the Subgroups.

7. BSI Protection Profile for Smart Meter Gateway Common Criteria Protection Profile developed by the German federal agency for Security in Information Technology It addresses the communication capabilities of a smart meter with local and neighborhood networks Meant as mandatory requirement for Smart meter gateway between LAN and WAN: Certification will be required for German deployment Critical link between security of Smart Meter, Smart Grid, and home automation networks “The security functionality of the TOE comprises protection of confidentiality, authenticity, integrity of data and information flow control, mainly to protect the privacy of consumers, to ensure a reliable accounting process and to protect the Smart Metering System and a corresponding large scale infrastructure of the smart grid.” Mentions the use of 2 Security Modules “The Gateway and the E-Meter each utilise the services of a Security Module (e.g. a smart card) as a cryptographic service provider and as a secure storage for confidential assets. The Security Module will be evaluated separately according to the requirements in the corresponding Protection Profile.” Refers to a To be developed “Protection Profile for the Security Module of a Smart Meter”

8. BSI cryptographic function sharing with Security Module The following table provides a detailed overview on how the cryptographic functions are distributed between the TOE and its Security Module:

9. Relevant Assets for BSI Protection Profile

10. EC M468: Electric Vehicle Charging Launched mid 2010, now renamed “European Electro Mobility” CEN-CENELEC joint focus group with 6 Project Teams was created PT1- Terminology, 2- Connectors- plug systems, 3- Batteries, 4- Communication, 5- Modes of Charging, 6- Standards & Regulations ETSI TC M2M interested to participate in PT4 with TC SCP A technical document has been produced PT4 focuses on Technologies and Standards for Data Commuinication between Electric Vehicle and Charging Device Further data communication, as well as advanced communication using Wireless, has been pushed out of M468, to the M490 Smart Grid mandate CEN/CENELEC – ETSI TC ITS cooperate to converge on system architecture, Communication protocols (layers 3 to 7), security and system management. Interests have come on use of NFC and Mobile terminals for some transactions like secure payment.

11. M468 - Functional Role Model Modifications

12. Foreseen M2M impact on UICC A first level UICC application owned by the Service Provider will be required to handle M2M SL access credentials Using the GP based Confidential Content framework adopted in TS 102 226 to maintain independence from other UICC stakeholders Should benefit from embedded UICC remote management features Can SCP take a role in defining this application? Vertical M2M applications may further impact the UICC e.g. in Smart Grids, privacy sensitive Personal Data belonging to consumers (e.g. detailed consumption log) should be stored locally This may also include utilities billing subscriptions, allowing user to activate most advantageous subscription depending on usage conditions