device 

language
message
specification

IEC 62056 DLMS/COSEM

workshop
Part 6: Protocols
CEN/CLC Meeting Centre, Brussels
25th June 2010

Gyozo Kmethy, DLMS UA, President

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 1

Contents device
language
message
specification


• xDLMS: the messaging protocol

• Communication profiles
• COSEM Application layer
• 3-layer HDLC based profile
• TCP-UDP/IP based profile
• SFSK PLC profile
• Data security

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 2

IEC 62056 DLMS/COSEM device
language
message
specification


The xDLMS messaging protocol:

accessing attributes and methods of
COSEM objects

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 3

Referencing: Logical name / Short name device
language
message
specification


GET / SET
attribute {class_id, logical_name, attribute_id}

Class_id, version
Attribute(s) Read / Write /
1. logical_name x = base_name Unconfirmed Write
2. Attribute 2 Mapping x+8 {named variable}

n. Attribute n x + n*8
Specific method(s)
1. Method 1 x+ ...

n. Method n x + offset

ACTION
method {class_id, logical_name, method_id}
• Interoperability: negotiation of contexts and conformance block (list of services)

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 4

Common services for all objects device
language
message
specification


S A • Client-server environment
G E C
E T – Request: identifies the (list of)
T data; selective access possible
T I
O – Response: supplies the data
N with data type
Object – Requests and responses must
Name Read be paired in the DCS
• Event notification
Attribute 1
Write
• Common service set for all
... objects:
Attribute n – new interface classes can be
UnconfWrite easily added
Method(s)

9 Interoperable and future proof

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 5
xDLMS service set device
language
message
specification


LN referencing SN referencing
Attribute related
GET Read
SET Write
Attribute_0 with GET UnconfirmedWrite
Attribute_0 with SET
Block transfer with GET Block transfer with Read New
Block transfer with SET Block transfer with Write
Method related
ACTION Read
Block transfer with ACTION Write
UnconfirmedWrite
Ancillary
Selective access Parametrised access
Multiple references – selective access, block transfer
Priority management Multiple references
Non client-server (services initiated by the server)
EventNotification InformationReport

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 6

xDLMS conformance block device
language
message
specification


reserved 0
reserved 1
• Contains the services supported
reserved 2
read 3
write 4 • Services for SN referencing
unconfirmed-write 5
reserved 6
reserved 7 • Services for LN referencing
attribute0-with-set 8
priority-management 9
attribute0-with-get 10 • The conformance block is proposed
block-transfer-with-get 11 by the Client. ex: All SN services: 1C0320
block-transfer-with-set 12
block-transfer-with-action 13
multiple-references 14 • Client and the Server negotiate conformance
information-report 15
reserved 16 block: logical AND between proposed and
reserved 17 supported
parametrised-access 18 ex: Read and Write: 180000
get 19
set 20
selective-access 21 • The conformance block should be
event-notification 22
action 23 meaningful!

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 7

Block transfer (here: LN referencing) device
language
message
specification


COSEM Buffer size COSEM

Client AP Server AP
GET.req(NORMAL) GET.ind(NORMAL) Data

B1 B1 B2 B3

GET.conf(ONE-BLOCK, GET.res(ONE-BLOCK,
B.No = 1, B1) B.No = 1, B1)
Protocol
GET.req(NEXT, B.No=1) GET.ind(NEXT, B.No =1)
stack
B1 B2

GET.conf(ONE-BLOCK, GET.res(ONE-BLOCK,
B.No = 2, B2) success, B.No = 2, B2)

GET.req(NEXT, B.no=2) GET.ind(NEXT, B.no =2)

B1 B2 B3

GET.conf(LAST-BLOCK, GET.res(LAST-BLOCK,
B.No = 3, B3) success, B.No = 3, B3)
Data
File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 8
xDLMS LN service types device
language
message
specification


GET.request [192] GET.response [196]

[1] normal [1] normal
[2] next [2] with-data-block
[3] with-list [3] with-list
SET.request [193] SET.response [197]
[1] normal [1] normal
[2] with-first-datablock [2] datablock
[3] with-datablock [3] last-datablock
[4] with-list [4] last-datablock-with-list
[5] with-list-and-first-datablock [5] with-list
ACTION.request [195] ACTION.response [199]
[1] normal [1] normal
[2] next-pblock [2] with-pblock
[3] with-list [3] with-list
[4] with-first-datablock [4] next-pblock
[5] with-list and-first-pblock
[6] with-pblock

• A request/response may refer to one element or to a list of elements

• The information can be delivered in one block or several blocks
File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 9
xDLMS SN service types device
language
message
specification


ReadRequest::= SEQUENCE OF Variable-Access-Specification References one or

ReadResponse::= SEQUENCE OF CHOICE { more named variables
(short names)
data [0] Data,
data-access-error [1] IMPLICIT Data-Access-Result
} Delivers data or info
WriteRequest::= SEQUENCE { about the failure
variable-access-specification SEQUENCE OF Variable-Access-
Specification,
list-of-data SEQUENCE OF Data
} References one or
WriteResponse::= SEQUENCE OF CHOICE { more named variables
success [0] IMPLICIT NULL, and sends data
data-access-error [1] IMPLICIT Data-Access-Result
} Reports succes or info
UnconfirmedWriteRequest::= SEQUENCE { about the failure
variable-access-specification SEQUENCE OF Variable-Access-
Specification,
Same as Write, but
list-of-data SEQUENCE OF Data without response
}

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 10

 Event notification device
language
message
specification


Phy Client Server Phy

Client Client Client Server Server Server
conn mgmt mgmt conn
mgr AP AL DL PL PL DL AL AP mgr

Event
PH-CONNECT.req

PH-CONNECT.ind PH-CONNECT.cnf

EventNotification.req
DL-DATA.req

Trigger_EventNotificationSending.req PDU
pending
DL-DATA.req Authorize sending

Send pending PDU

EventNotification.ind DL-DATA.ind

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 11

 Optimization of data access device
language
message
specification


Logical name • GET-WITH-LIST {list of attributes}:

Logical name delivers a list of attribute values
• GET {attribute}: delivers Logical
Attribute 2 name
the value of a single attribute Attribute 2 name
Logical
Attribute
Attribute n 22
Attribute
Attribute n
• GET {attribute_0}: delivers Attribute
Method 1 nn
all attributes of an object Attribute
Method 1
Method
Method n 1
Method
Method n 1
Method n
Method n

• Objective: comply with media specific restrictions, minimize overhead and

number of round trips
• Tools:
• Selective access: access just to relevant portion of the data
• Block transfer: allows transporting long APDUs in fragments
• also lower layer segmentation may be available (e.g. HDLC)
• APDU length can be negotiated

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 12

Efficient encoding: A-XDR device
language
message
specification


For example: 12345678

k Wh

Value Scaler Unit

ASCII 30 31 32 33 334 35 36 37 38 6B 57 68

A-XDR 06 00 BC 61 4E 02 02 0F 03 16 1E

Type codes

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 13

IEC 62056 DLMS/COSEM device
language
message
specification


Some examples

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 14

Reading LDN from 4 meters device
language
message
specification


Actaris (LN)C001C1000100002A0000FF0200
C401C1000A10534C423736314D413336303136383839
SLB761MA36016889

Enermet(LN)C001C1000100002A0000FF0200
C401C1000A10454D4F30303130303236303032383233
EMO0010026002823

Iskraemeco(LN)C001C1000100002A0000FF0200
C401C100091049534B54333732503030303030303030
ISKT372P00000000

Landis (SN) 050102FD08

0C010009104C475A38353135373739360000000000
LGZ851577960000
File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 15
Get attributes of L3 voltage object using the device 

GET service (LN)

language
message
specification

C00181//Get.request normal, invoke_id, priority

0003// class_if = 3, register
0101480700FF//logical name 1.1.72.7.0.255
0100//get attribute 1 (logical name) no selective access
C40181//Get.response normal, invoke_id, priority
000906//data, octet string(6)
0101480700FF//logical name 1.1.72.7.0.255, L3 voltage inst.
C00181 0003 0101480700FF 0200//Get attribute 2, value
C40181//
000600000905//data double long unsigned,2309D
C00181 0003 0101480700FF 0300//Get attribute 3, scaler_unit
C40181//
000202//data, structure of 2 elements
0FFF//integer, FF (-1 in 2’s complement)>>2309x0,1 = 230,9
1623//enum 23H=35D, Volts

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 16

...and the same using the Read service (SN) device
language
message


specification

Object 1.1.72.7.0.255 is mapped to Base_name C440

7EA0119575BEE498E6E600// I frame header
0501//Read.request
02//CHOICE variable-name
C440//base name of object 1.1.72.7.0.255 (logical name)
E67C7E//I frame trailer
0C01//Read.response
00//Data
09060101480700FF//Octet string(6), 1.1.72.7.0.255
050102 C448//Read base name+8, attribute 2
0C01000600000937//Read.response,double long unsigned, 2359
050102 C450//Read base name +16, attribute 3
0C010002020FFF1623//Read.response,structure of 2, first element
is integer FF = -1, second element is enum 23H=Volts>> L3
voltage is 235,9 V

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 17

IEC 62056 DLMS/COSEM device
language
message
specification


Data transport

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 18

Client-server environment device
language
message
specification


SERVICE.request/indication
Client Server
application SERVICE.response/confirm application
SERVICE.request SERVICE.response
Profile 1 Profile 2 Profile n

Application Application Application Application

layer
ACSElayer
xDLMS layer layer

N-layer N-layer N-layer N-layer

N-1 layer N-1 layer N-1 layer N-1 layer

Physical Physical Physical Physical

layer layer ••• layer layer

PSTN, GSM,
Transport
Internet, PLC,
File: TPAK6_DLMSProtocol_CLC_GK100625.ppt media
xDxy(C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 19
Data access and transport device
language
message
specification


• services to access • and protocols to

the objects transport the
information
Object GET

Name COSEM Application

COSEM Application
COSEM Application
Attribute 1
SET ......
... Data link ...
layer
Data link layer
ACTION Data link layer
Attribute n Physical layer
Physical layer
Physical layer
Method(s)
Report COMM.
MEDIA

C4010009060101480700FF

Service Result Type Value

(success)
File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 20
Communication profiles device
language
message
specification


COSEM object model Application layer: common in any

communication profile
• connection between the metering
COSEM Application layer and data collection applications
• prepares the messages for
Connection Messsaging transport: encoding, block transfer
• cryptographic protection

Lower Lower Lower

layers layers layers Lower layers ensure that he
Media 1: Media 2: Media n messages are correctly delivered
PSTN, TCP/IP
GSM
Identification of the profile used by
the meter ensures interoperability
(available in 3-layer HDLC profile)
Profile 1 Profile 2 Profile n

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 21

Communication profiles device
language
message
specification


COSEM Application Process

• Communication media independent data
model
COSEM Application layer
Connection
manager ACSE xDLMS Security
ASE • Application layer common for all profiles
• Media dependent connection manager
Supp. layer

Supp. layer
AL

Wrapper
Appl. layer

Appl. layer

Appl. layer
TCP
• Media specific lower layers
IPv4

LLC layer LLC layer

Connectionless
(Protocol selection) (Protocol selection)
LLC layer
HDLC IEC 61334-4-32 HDLC

Supporting
layers

MAC +Phy layer New technologies pop up every day and

Phy layer
IEC 61334-5-1 S-FSK
we have to accommodate them!

3-layer,
TCP-UDP/IP IEC 61334-5-1 S-FSK PLC profiles
CO HDLC

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 22

 The HDLC based profile device
language
message
specification


Primary Client Server Application Secondary

LD 1 LD 2
Station Application Process Process Station

Application layer Application layer

DL-CONNECT/ DL-DATA DL-CONNECT/ DL-DATA.
DISCONNECT .req/.ind DISCONNECT req/.ind
.req/.cnf Data Link Layer .ind/.res Data Link Layer

LLC LLC
MA-CONNECT/ MA-DATA MA-CONNECT/ MA-DATA
DISCONNECT .req/.ind DISCONNECT .req/.ind/.cnf
.req/.cnf .ind/.res
/(.ind) MAC-HDLC MAC-HDLC

PH-DATA PH-ABORT .ind PH-DATA

.req/.ind .req/.ind PH-ABORT .ind

Physical layer Physical layer

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 23

 HDLC Frame types device
language
message
specification


• Frame types... • ...and values

MSB LSB
I R R R P/F S S S 0
I <=> Information,
RR <=> Receive Ready, RR R R R P/F 0 0 0 1
RNR <=> Receive Not Ready, RNR R R R P/F 0 1 0 1
SNRM 100 P 0011
SNRM <=> Set Normal Response Mode,
DISC <=> Disconnect, DISC 010 P 0011

UA <=> Unnumbered Acknowledge, UA 011 F 0011

DM <=> Disconnected Mode, DM 000 F 1111

FRMR 100 F 0111
FRMR <=> Frame Reject Response,
UI 0 0 0 P/F 0 0 1 1
UI <=> Unnumbered Information.

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 24

 HDLC Addressing device
language
message
specification


Physical Device 1 Physical Device 2

Log Dev A Log Dev B Log Dev A Log Dev B

Upper

Lower

• Client: always 1 byte address

LSB Extension • Server: 1, 2 (1+1) or 4 (2+2) byte address
Upper 1
• Lower HDLC address - Physical device
• Upper HDLC address - Logical device
Upper 0 Lower 1
• Reserved addresses: NO_STATION, Mgmt. Logical
Device, CALLING Phy device, ALL_STATION
Upper Hi 0 Upper Lo 0 Lower Hi 0 Lower Lo 1 Example:
Upper: 1234H
0 1 0 0 1 0 0 0 0 1 1 0 1 0 0 0 1 1 1 1 1 1 1 0 1 1 1 1 1 1 1 1 Lower: 3FFFH(ALL-STATION)
File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 25
Reserved Client addresses device
language
message
specification


R e s e r v e d H D L C a d d re s s e s (c lie n t a d d re s s e s )
O n e b y te
a d d re s s
0x00 N O _ S T A T IO N A d d re s s
0x01 C lie n t M a n a g e m e n t P r o c e s s
0x10 P u b lic c lie n t ( lo w e s t s e c u r it y le v e l)
0x7F A L L _ S T A T IO N ( B ro a d c a s t ) A d d re s s

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 26

Reserved Server addresses device
language
message
specification


Reserved upper HDLC addresses (server addresses)

One byte Two byte
address address
0x00 0x0000 NO_STATION Address
0x01 0x0001 Management Logical Device Address
0x02..0x0F 0x0002..0x0 Reserved for future use
00F
0x7F 0x3FFF ALL_STATION ( Broadcast ) Address
Reserved lower HDLC addresses (server addresses)
0x00 0x0000 NO_STATION Address
0x01…0x0F 0x0000…00 Reserved for future use
0F
0x7E 0x2FFF CALLING Physical Device Address
0x7F 0x3FFF ALL_STATION ( Broadcast ) Address

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 27

 HDLC layer connect: SNRM/UA exchange device
language
message
specification


Max info field length transmit

Max info field length receive

Format&group id, group length
Header and frame length

Header check sequence

Frame check sequence

Window size, transmit

Window size, receive

Destination address
Source address

Control field

Flag, 7E
Flag, 7E

7E H, L S.A. D.A. 93 HCS FCS 7E

Min. 9, max. 39 bytes

7E H, L S.A. D.A. 73 HCS FCS 7E

Header Optional information field, optional elements

for parameter negotiation
File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 28
HDLC segmentation device
language
message
specification


Client Client Client Server Client Server

Application Application
Process AL DL DL AL Process

GET.req DL-DATA.req I (I 0,0, P =1, S= 0) DL-DATA.ind GET.ind

GET.res
I frames (S =1) DL-DATA.req (FIRST_ FRAGMENT)
F1 (FIRST_FRAGMENT) F1 D
RR frame DL-DATA.ind
(FiRST_FRAG OK)

I frames (S =1) DL-DATA.req

F2 (FRAGMENT) F2
RR frame DL-DATA.ind
(FRAGMENT OK)

I frames DL-DATA.req
D F3 (LAST-FRAGMENT) F3
Last I frame S = 0

DL-DATA.cnf
GET.cnf

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 29

The TCP/IP based profile device
language
message
specification


New interface classes to set

COSEM Object model up communication channels

Minor changes to better adapt

xDLMS_ASE ACSE to TCP/IP environment

Provides logical device

Wrapper layer addressing and APDU length

TCP/UDP
Internet standards
IP

Media dependent lower layers: Ethernet, PPP...

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 30

COSEM as a standard internet application device
language
message
specification


Application / Data models

WEB COSEM
Files
pages interface model

Standard application protocols Port number:

COSEM AL
e.g. FTP e.g. HTTP
ACSE + xDLMS
• dlms/cosem 4059/TCP
...
• dlms/cosem 4059/UDP

Wrapper

Internet Transport Layer (UDP & TCP)

Internet Network layer (IP)

Data Link Layer

Physical Layer

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 31

TCP / UDP based transport layers device
language
message
specification


COSEM Application Process TCP Connection COSEM Application Process

Manager
COSEM application COSEM application
layer services layer services

TCP-DISCONNECT services
TCP-CONNECT services
COSEM Application Layer COSEM Application Layer

COSEM connectionless TCP- COSEM

transport services ABORT.ind connection-oriented
UDP-DATA.req/.ind/(.cnf) transport services
TCP-DATA.req/.ind/(.cnf)

COSEM UDP-based Transport Layer COSEM TCP-based Transport Layer

COSEM Wrapper COSEM Wrapper

TCP function calls
UDP function calls
active/passive OPEN,
SEND, RECEIVE
SEND, RECEIVE

Internet UDP Internet TCP

IP and lower layers IP and lower layers

a) the UDP-based profile b) the TCP-based profile

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 32

TCP based transport layer services device
language
message
specification


COSEM Client COSEM Server

TCP Connection Manager TCP Connection Manager
Application Process Application Process

.ind/.res

.ind/.res
TCP-DISCONNECT.req/.cnf

TCP-DISCONNECT.req/.cnf
TCP-CONNECT.req/.cnf

TCP-CONNECT.req/.cnf
.ind/.res

.ind/.res
COSEM Client COSEM Server
Application Layer Application Layer

TCP-ABORT.ind
TCP-ABORT.ind

TCP-DATA.req

TCP-DATA.req

TCP-DATA.ind
TCP-DATA.cnf

TCP-DATA.cnf
TCP-DATA.ind
COSEM TCP-based Transport Layer COSEM TCP-based Transport Layer
Wrapper Wrapper
N M
TCP TCP

IP IP

Lower layers: Data link and Physical Lower layers: Data link and Physical

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 33

The wrapper frame device
language
message
specification


TCP-UDP
Other, lower layer headers IP header Wrapper header APDU Trailers
header

Source wPort, 2 bytes

Destination wPort: 2 bytes

Length: 2 bytes

• only one TCP/UDP port provided

• logical device / client AP addressing by wrapper port numbers
• TCP/UDP is a streaming protocol,
• length byte helps to locate the end of the APDU

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 34

Association and service types device
language
message
specification


Application association establishment Data exchange

Type of
Protocol
COSEM-OPEN established
connection Use Service class Use
service class application
parameters
association
1/ Connect TCP
layer Confirmed TCP packet
2/ Exchange
Confirmed AARQ/AARE Confirmed
Id: TCP/IP APDU-s Unconfirmed TCP packet
TCP port transported in
numbers, TCP packets
IP addresses
- -
Local negative
Unconfirmed None
confirmation
- -

Exchange Confirmed UDP datagram

Confirmed AARQ/AARE Confirmed
APDU-s
Id: UDP/IP transported in Unconfirmed UDP datagram
UDP port UDP datagrams
numbers,
IP addresses Confirmed
-
Send AARQ in (not allowed)
Unconfirmed a UDP Unconfirmed
datagram
Unconfirmed UDP datagram

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 35

TCP-UDP/IP profile: AL protocol changes device
language
message
specification


• TCP connection can be estabilshed either by the

server or the client
• Association release: ACSE Release.request /
Release.response services
• Conformed / unconfirmed services
– LN referencing: invoke-id-and-priority parameter bit 6
– SN referencing: Read and Write are confirmed,
UnconfirmedWrite is unconfirmed

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 36

TCP/IP, Protocol stack definition device
language
message
specification


•Each layer setup objects references the setup object of the

supporting layer

Transport layer TCP setup TCP setup

Network layer IPv4 setup IPv4 setup

Data link layer Ethernet setup PPP setup

Phy layer Phy layer

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 37

S-FSK PLC profile device
language
message
specification


COSEM Application Process

System Management Application Process (SMAP) DLMS UA Blue Book /
IEC 62056-61, IEC 62056-62 with amendments

Configuration Initiation ASE

System Management COSEM Application layer
(CIASE)
Application Entity ACSE and xDLMS ASE
DLMS UA Green Book /
(SMAE) DLMS UA Green Book /
IEC 61334-4-511 with
IEC 61334-5-1 IEC 62056-53 with amendments
amendments

ACSE and xDLMS APDUs

CI-PDUs
carried by
carried by
Connectionless DL-Data and DL-Reply services or
Connectionless DL-Data services
Connection oriented DL-Data services

Data link layer

HDLC based LLC sublayer (CO / CL)

Connectionless LLC sublayer DLMS UA Green Book /
MA-Sync.ind IEC 61334-4-32 IEC 62056-46
(ISO/IEC 8802-2 Class I over HDLC)
Credit
management
MA-Data services

Phy-AskForRepeaterCall S-FSK MAC sub-layer

IEC 61334-5-1 clause 4

P-Data services P-Sync services

S-FSK Physical layer

IEC 61334-5-1 clause 3

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 38

Extensions to IEC 61334-4-511 CIASE device
language
message
specification


• Intelligent search initiator process

– ensures that the meter finds the best initiator
• ClearAlarm service
– allows to clear alarms in the meters
• RepeaterCall service
– allows to dynamically configure repeater status
• Ping service
– allows to check if the meter is there

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 39

 Negotiable contexts and capabilities device
language
message
specification


Object model Application context

• referencing method
• ciphering yes / no

Application layer Authentication context

ACSE xDLMS • peer authentication,

LLS / HLS
Protocol
stack Intermediate layers • xDLMS context
• conformance block
(list of services)
Physical layer
• APDU length

• Layer parameters e.g.:

• PDU length
• window size

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 40

IEC 62056 DLMS/COSEM device
language
message
specification


Data security

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 41

Data security – key requirements device
language
message
specification


Access control

Encryption for confidentiality

Authentication to verify the origin and integrity of messages

Key management

Selective application of these tools

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 42

DLMS/COSEM security toolbox device
language
message
specification


• Access control:
– role-based access: list of objects, access rights
• Access security - peer authentication:
• client only (LLS) or
• client / server (HLS)
• Security event logs
• Data transfer security

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 43

Access security device
language
message
specification


CtoS
Client LLS Server Client Server
StoC
secret
LLS HLS f(StoC) HLS
Secret secret (S) secret (S)
f(CtoS)

• Authentication: identification of the peers before data exchange

• Partners are identified by their addresses (Service Access Point)
– no security: „public” access, no identification takes place
– LLS, Low Level Security: Client supplies passport, Server verifies
– HLS, High Level Security: mutual identification
• exchange challenges
• exchange result of secret processing
• Different Associations may use different Authentication contexts
• All Association events may be logged in Event logs

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 44

Application Associations device
language
message
specification


• Control the access to data

• Modelled by Association LN / Association SN objects

Association
Association
Name
Association
Device IdAssociation
Name
Name
Partner Id Id
Device Name
• Identify partners
Device Id
Object listDevice
Partner Id Id
Partner Id
ObjectPartner
Contexts list Id • Provides the list of visible
Object list
objects, with access rights
Secret Object list
Contexts
Contexts
Secret
AuthenticateContexts • Describes the rules and
Secret
Authenticate
Secret resources for the data exchange
Authenticate
Authenticate
• Controls peer authentication

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 45

Access control device
language
message
specification


“Utility A” device Meter

Activity
Associations Registers Profiles “Utility B” device
Clock Calendar

Associations Profiles W Clock “meter operator”

R
device
Associations Registers

Door Keeper

Utility A
Meter Telephone
Operator GSM
PLC
Internet
xDxy Utility B

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 46

Security event logs device
language
message
specification


• Log each application association establishment

(successful and failed)
• date_time
• event code
• event data
• Log changes of security management information

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 47

Data transport security device
language
message
specification


• Provide cryptographic protection for messages

during transport
• authentication to ensure integrity and
authenticity (legitimate source)
• encryption to ensure confidentiality
• authenticated encryption

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 48

Data transport security tools device
language
message
specification


Non-cryptographic: • Cryptographic:
Protection against Protection against
unintentional changes attacks
• Hash functions (digest)
• Parity bits • integrity
• Cyclic Redundancy • Symmetric key cryptography
Check (CRC) • confidentiality
• authentication
– suitable for larger
• authenticated encryption
streams of data
• Asymmetric (public) key
cryptography
• (encryption)
• digital signature
• non-repudiation (with TTP)

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 49

Symmetric / asymmetric key cryptography device
language
message
specification


• Symmetric keys • Asymmetric keys

• same key to apply and • private / public key pair
check/remove protection • to encrypt data
• keys must be kept secret • to sign data
• must be unique key for each • to distribute keys
relationship and for each
purpose • no unique key needed for
• encryption each relationship
• authentication • computation intensive
• key wrapping • best suited for open multi-
• not computation intensive user environment
• suitable for single-authority
single-user environments

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 50

Confidentiality: Encryption and decryption device
language
message
specification


File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 51

Authenticity: origin and integrity device
language
message
specification


File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 52

Ciphered APDUs device
language
message
specification


Security context

xDLMS APDU Ciphering Ciphered xDLMS APDU

Authenticated APDU Tag Len SH xDLMS APDU T

Encrypted
Encrypted APDU Tag Len SH
xDLMS APDU

Encrypted
Authenticated and encrypted APDU Tag Len SH T
xDLMS APDU

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 53

Security implementation (1) device
language
message


specification

COSEM object model • Association objects control acces

Association
Association data represented by the objects
Security setup Application
Association
object
object Application
Application
objects object
object object
object • Security setup objects control
security policy and manage keys

Unprotected xDLMS APDUs +

security status
• Association Control Service Element
COSEM application layer (ACSE) controls contexts

Security • Application context

ACSE xDLMS
context • LN or SN referencing
• ciphered / unciphered APDUs
Data(ACSE APDU) +
Data(Protected xDLMS APDU)
• Authentication context
• One way / two way peer
authentication (LLS / HLS)
Supporting layers • Security context: controls
ciphering, as defined by the security
setup object

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 54

 COSEM Application Process
Security implementation (2) device
language
message


specification

COSEM service .req/.resp

COSEM service .ind/.cnf

+ security options
+ security status

COSEM Application Layer

• xDLMS ASE builds the messages
ACSE xDLMS ASE

Message
• Symmetric key algorithm: Advanced
Encryption Standard (AES), 128 bit key,
Security
Ciphering / deciphering
context Galois/Counter Mode (NIST 800-38D)
Plaintext • Plain message
Unsecured message

Header A Plaintext Auth. tag • Authenticated message for integrity and/or

Authenticated message

Header E Ciphertext • Encrypted message for confidentiality

Encrypted message

Header A-E Ciphertext Auth. tag • AES Key wrapping

Authenticated and Encrpyted message

Lower protocol layers

Network

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 55

Security key management device
language
message
specification


DCS

1290
Concentrator 1290
1290

• Encryption keys:
• Global key: used in several sessions (AAs); unicast - broadcast
• global unicast key encrypts dedicated key
• Dedicated key: used in a single session (AA), then destroyed
• Authentication key (optional with GCM)
• Global, unicast and broadcast
• Master key: pre-established, used only to wrap global keys

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 56

Galois-Counter mode device
language
message
specification


• NIST 800-38D
• Authenticated
encryption with
Associated data
• Provides assurance of
confidentiality of data
• Provides assurance of
authenticity of
confidential data
• Provides assurance of
authenticity of additional
data

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 57

Cryptographic protection using AES-128-GCM device
language
message


specification

Security xDLMS APDU xDLMS APDU

Control to be protected restored

Authentication
SC-A AAD = SC-A II AK II APDU
only

Encryption only SC-E xDLMS APDU AAD = null

Authenticated
SC-AE xDLMS APDU AAD = SC-AE II AK Fail
encryption

P A P
EK Galois / Counter EK Galois / Counter
mode mode
IV authenticated IV authenticated
Sys-T FC encryption Sys-T FC decryption

C T C T A
Ciphered APDU: Authentication only
Tag Len SC-A FC Unciph. APDU T AAD = SC-A II AK II APDU

Ciphered APDU: Encryption only

Tag Len SC-E FC Ciphertext AAD = null

Ciphered APDU: Encryption + Authentication

Tag Len SC-AE FC Ciphertext T AAD = SC-AE II AK

A = AAD IV = Initialization vector

Additional Authenticated Data (Associated data) AK =Authentication key P = Plaintext
contain: C = Ciphertext SC = Security control byte:
- Authentication only: SC-A II AK II xDLMS APDU; SC-A: Authentication only
- Encryption only: Null SC-E: Encryption only
- Authenticated encryption: SC-AE II AK SC-AE: Authenticated
encryption
EK = Encryption key Sys-T = System title
FC = Frame counter T = Authentication tag

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 58

Summary device
language
message
specification


9 xDLMS messaging services to work with

COSEM objects
9 Client-server approach
9 Event Notification
9 Communication profiles, to transport xDLMS
APDUs over various media
9 3-layer HDLC: local port, PSTN /GSM
9 TCPUDP/IP: Internet, GPRS
9 S-FSK PLC

File: TPAK6_DLMSProtocol_CLC_GK100625.ppt (C) DLMS-UA, made by GNARUS/G. Kmethy Slide No.: 59