DI security on the OpenWay Riva network

This section describes the DI security approach for deployments on the OpenWay Riva network.

Network security

OpenWay Riva provides layered security controls and management to protect the multi-service IPv6 field area network (FAN) and all the devices and applications that run on it.

Strong authentication of nodes is achieved by taking full advantage of a set of open standards including IEEE 802.1x, Extensible Authentication Protocol (EAP) and Remote Authentication Dial-In User Service (RADIUS). This “white-listing” approach requires that every device joining the IPv6 network be authenticated before being allowed access to the network and smart metering system.

Each OpenWay Riva device that is installed in the field joins the Cisco Secure Network infrastructure. This allows the device to communicate with the OpenWay Collection Manager (OWCM). To authenticate with the network, each endpoint requires a unique X.509 meter certificate (provided by Itron manufacturing).

Field area routers, along with intermediate meters, pass on a new device’s credentials to the centralized Authentication, Authorization and Accounting (AAA) server. Once authenticated, the new device is then allowed to join the network, provided with an IPv6 address and mesh key, and authorized to communicate with other nodes.

The FAN employs network-layer encryption (IPsec with AES encryption) in the Wide Area Network (WAN) and link-layer encryption (AES on IEEE 802.15.4g or IEEE 1901.2) in the Neighborhood Area Network (NAN). This design choice preserves network visibility into the traffic at the router and enables use of IP-based techniques of multicast, network segmentation, and quality of service (QoS). It also allows smart meters and other endpoints to be low-cost constrained nodes that only do link-layer encryption while the field area router does both network-layer and link-layer encryption. Additional protection at the application-layer is provided by Itron’s enhanced security architecture which provides confidentiality, message integrity and proof of origin (digitally signed firmware images or digitally signed commands as part of application protocols such as DLMS/COSEM) between the head end and the meter register itself.

For more information about OpenWay Riva network security, see the latest OpenWay Security Reference Guide on products.itron.com.

OpenWay Riva electricity meters (HW 4.0)

Only applications developed by Itron and white-label applications developed by third parties are supported. Other applications developed by third parties are not supported. Developers must be aware that Itron and white-label applications can read each other’s data and impact each other (up to and including deleting other agents).

These meters have only one container and DBUS. This means that all DI agents running on these devices can read each other’s data and impact each other, up to and including deleting other agents.

Applications developed by Itron are supported.

White-label applications developed by third parties are supported. In addition to the standard DI third-party security certification process, Itron requires strict liability clauses in master agreements and CSAs to cover Itron from potential damages resulting from third-party DI application unauthorized actions.

Other applications developed by third parties are not supported.

OpenWay Riva electricity meters (HW 4.1)

Applications developed by Itron and white-label applications developed by third parties are supported. Other applications developed by third parties are supported. Still, developers must be aware that Itron and third-party DI agents can read each other’s data (without impacting each other), and that all third-party DI agents can impact each other (up to and including deleting other agents).

These meters have two containers (one for Itron, and one for third parties), but one DBUS. This means that Itron and third-party DI agents can read each other’s data without impacting each other. All third-party DI agents in the single third-party container can impact each other, up to and including deleting other agents.

Applications developed by Itron are supported.

White-label applications developed by third parties are supported. In addition to the standard DI third-party security certification process, Itron requires strict liability clauses in master agreements and CSAs to cover Itron from potential damages resulting from third-party DI application unauthorized actions.

Other applications developed by third parties are supported, but developers must be aware of the potential interference from other third-party applications. In addition to the standard DI third-party security certification process, Itron requires strict liability clauses in master agreements and CSAs to cover Itron from potential damages resulting from third-party DI application unauthorized actions

Peer-to-peer

DI supports peer-to-peer (P2P) communications, allowing individual electric meters to communicate securely with each other. The peer-to-peer communications can be either Power Line Carrier (PLC) or RF. This local communication does not require all messages to be routed through the APs, which provides a lower latency message transfer for the DI applications. In addition to communications, meters can store details of their neighbors locally and collect statistics and information, such as link quality for troubleshooting purposes. Peer-to-peer communications are bound by bandwidth limitations that prevent the communications interfaces from being overwhelmed with messages. These bandwidth limitations are provided by per-agent policies, and enforced by the meter

All Itron meters support PKI when operating on the FAN. During manufacturing, meters are loaded with a unique X.509 meter certificate. This is used with the PKI to ensure secure communication over the FAN.

All P2P messages, regardless of medium or point of origin, are secured with application layer encryption using per-customer unique symmetric keys that are not used for anything else. These keys are generated from material on the device plus customer-specific information plus information known only to the signed and encrypted package. Itron cannot generate it. The algorithm used for encryption is AES-256-GCM.

On an OpenWay Riva network, P2P supports:

  • RF broadcasts

    • Common periodic

    • Immediate

  • RF unicasts (Global and Link-local)

  • PLC broadcasts

    • Common periodic

    • Immediate

  • AMI communication on PLC has link-layer security

  • DI P2P messaging does not have link-layer security