LogoLogo
  • Introduction
  • General platform architecture
    • Platform properties
    • Architecture introduction
    • Architecture functional layers
    • Architecture Principles
    • Platform components description
    • Message flow examples
    • Logical Authorisation Model
    • Non-functional overview
      • TimeBehavior
      • Internationalization and localization
      • Security
      • Scalability
      • Redundancy
      • Performance
    • Technical Overview
      • Web Services Layer
      • Domain Layer
      • Core Layer
      • Protocol Layer
      • Technology Stack
    • Use cases
    • Throttling
  • General User's Guide
    • Installation Guide
      • Installation
        • Vagrant
        • Manual Setup
      • GitHub configuration
      • Platform Setup
      • Test the Platform
        • Using SoapUi
        • Using the Demo App
    • Configuration
      • Add a device
      • Users
      • Add a new organisation
      • Throttling
    • Web Services
    • Deployment
    • FAQ
  • Open Source Community
    • Start contributing
    • Developers 101
    • Contributing to the code
    • Contributing to documentation
    • Communication and Contact
    • Governance
    • Code of Conduct
    • Foundation
  • Domains
    • Admin
    • Smart lighting
      • Use cases
      • Light Schedules
    • Tariff switching
    • Microgrids
    • Distribution automation
    • SmartMetering
      • Web Services
        • bypass retry
        • priority
        • scheduling
        • AdHocManagement
          • GetAssociationLnObjects
          • GetGetAssociationLnObjectsResponse
          • RetrieveConfigurationObjects
          • GetRetrieveConfigurationObjectsResponse
          • SpecificConfigurationObject
          • SynchronizeTime
          • GetSynchronizeTimeResponse
        • Bundle
          • Bundle
          • GetBundleResponse
        • Configuration
          • GetAdministrativeStatus
          • GetGetAdministrativeStatusResponse
          • GetFirmwareVersion
          • GetGetFirmwareVersionResponse
          • UpdateFirmware
          • GetUpdateFirmwareResponse
          • ReplaceKeys
          • GetReplaceKeysResponse
          • GetKeys
          • SetActivityCalendar
          • GetSetActivityCalendarResponse
          • SetAdministrativeStatus
          • GetSetAdministrativeStatusResponse
          • SetAlarmNotifications
          • GetSetAlarmNotificationsResponse
          • SetConfigurationObject
          • GetSetConfigurationObjectResponse
          • SetKeyOnGMeter
          • GetSetKeyOnGMeterResponse
          • SetPushSetupAlarm
          • GetSetPushSetupAlarmResponse
          • SetPushSetupSms
          • GetSetPushSetupSmsResponse
          • SetSpecialDays
          • GetSetSpecialDaysResponse
          • GetConfigurationObject
          • GetConfigurationObjectResponse
          • ConfigureDefinableLoadProfile
          • GetConfigureDefinableLoadProfileResponse
          • SetMbusUserKeyByChannel
          • GetSetMbusUserKeyByChannelResponse
          • GetMbusEncryptionKeyStatus
          • GetGetMbusEncryptionKeyStatusResponse
          • GetMbusEncryptionKeyStatusByChannel
          • GetGetMbusEncryptionKeyStatusByChannelResponse
          • ScanMbusChannels
          • ScanMbusChannelsResponse
        • Installation
          • AddDevice
          • GetAddDeviceResponse
          • CoupleMbusDevice
          • GetCoupleMbusDeviceResponse
          • DeCoupleMbusDevice
          • GetDeCoupleMbusDeviceResponse
        • Management
          • FindEvents
          • GetFindEventsResponse
          • GetDevices
          • SetDeviceLifecycleStatusByChannel
          • SetDeviceLifecycleStatusByChannelResponse
          • EnableDebugging
          • DisableDebugging
          • FindMessageLogs
          • GetGsmDiagnostic
        • Monitoring
          • GetActualMeterReads
          • GetActualMeterReadsResponse
          • GetActualMeterReadsGas
          • GetActualMeterReadsGasResponse
          • GetPeriodicMeterReads
          • GetPeriodicMeterReadsResponse
          • GetPeriodicMeterReadsGas
          • GetPeriodicMeterReadsGasResponse
          • GetProfileGenericData
          • GetProfileGenericDataResponse
          • ReadAlarmRegister
          • GetReadAlarmRegisterResponse
          • RetrievePushNotificationAlarm
        • Notification
          • SendNotification
      • ResponseMessages
      • Use cases
    • Guidelines to add a new domain to GXF
  • Protocols
    • IEC61850
      • SWDevice-010805
        • SWDevice-010805.icd
        • RegisterDevice
        • GetConfiguration
        • SetConfiguration
        • SetEventNotifications
        • EventNotification
        • SetSchedule
        • GetFirmwareVersion
        • UpdateFirmware
        • SetReboot
        • StartSelfTest
        • StopSelfTest
        • SetLight
        • SetTransition
        • GetStatus
        • UpdateDeviceSslCertification
      • FlexOVL_540_171101_2
        • FlexOVL_540_171101_2_out.icd
        • GetStatus
        • EventNotification
    • DLMS / COSEM
      • DLMS protocol adapter configuration
      • DLMS device simulator
    • OSLP
      • OSLP v0.5.1
        • Protobuf Contract
      • OSLP v0.6.1
        • Protobuf Contract
        • RegisterDevice
        • ConfirmRegisterDevice
        • GetConfiguration
        • SetConfiguration
        • SetEventNotifications
        • EventNotification
        • SetSchedule
        • ResumeSchedule
        • GetFirmwareVersion
        • UpdateFirmware
        • SetReboot
        • StartSelfTest
        • StopSelfTest
        • SetLight
        • SetTransition
        • GetStatus
        • UpdateDeviceSslCertification
        • SetDeviceVerificationKey
        • SwitchFirmware
        • SwitchConfiguration
    • MQTT
  • Support
  • License
Powered by GitBook
On this page
  • Security
  • Cloud security
  • Operating System
  • Platform security
  • Encryption
  • Authentication of web applications
  • Algorithms
  • Private APN
  • Logging

Was this helpful?

Export as PDF
  1. General platform architecture
  2. Non-functional overview

Security

Security

The following security measures can be used in a hosted environment:

Cloud security

  • DDOS protection

  • IPSEC VPN connections

  • IP whitelisting

Most cloud environments support these features.

Operating System

  • Hardened operating systems (according to Center of Internet Security)

Platform security

  • Communication over TLS

  • Firewalls between all servers and layers

  • Certificates from a recognized Certificate Authority (CA)

  • Audit trail on all actions throughout the platform

  • Role based authorizations on specific functions of devices

  • Access control

  • Unique device identification

For every major release there will be a mandated security test initiated by Alliander.

In cooperation with the European Network of Cyber Security (ENCS) state of the art security measures were implemented.

  • Security per device

  • Security per application

  • Security Certificates per Organisation and per device

  • All communication is encrypted

Security measures: 1. Firewall in defined zone 2. Operating System Hardening 3. DDOS protection 4. Replay attack prevention 5. Private encryption key per device 6. Certificates from a Certificate Authority 7. Encryption via Elliptic Curve DSA 8. IPSEC VPN for CDMA and GPRS 9. Unique device identification 10. Unique CDMA modem number 11. Role based authorizations on functions and devices

Encryption

An analysis of safety aspects has led to the decision that the safety of the whole system will be realized by proven technology based on asymmetrical coding (also known as public-key encryption).

Authentication of web applications

Two-way SSL will be used between web applications and the Open Smart Grid Platform to verify the identities for both client and server. User organisations are responsible for the administration of the identity of and access to their web applications. The web applications feature a login page. After successful login the user is linked to an organisation. Passwords will be stored with encryption. The organisation ID will be sent in each message to the Open Smart Grid Platform and will be verified by the SSL certificate.

Algorithms

Only public encryption Algorithms will be used. Due to performance limitations (of the devices) and recommendations from The European Network for Cyber Security (ENCS) Elliptic Curve DSA with 256-bit-keys was selected. This improves the security and efficiency over the 1024 bit RSA algorithm. Messages can be smaller and less processor capacity is needed. The key length of Elliptic Curve DSA is similar to the 3072 bit key length of RSA.

Note: Even though the open smart grid platform uses ECDSA to secure the OSLP, other encryptions may be used as well. The RSA Algorithm is still supported if preferred. This is a flexible configuration option.

Private APN

A private APN is used for linking to mobile data communication infrastructures.

Logging

  • Every action to and from devices is logged in the audit trail

  • Messages from unknown devices will be denied (and logged)

PreviousInternationalization and localizationNextScalability

Last updated 1 year ago

Was this helpful?

Functional Layers Overview
Private APN