Security features, what is supported by COSEM?
DLMS/COSEM brings enhanced security features by providing a controlled access to the data stored in the meter using different levels of authentication.
On monopoly markets, only the utility had to have access to the data in the meter and it was entitled to see all data. On deregulated markets, various parties need access to the information and normally they have rights to access a subset of data only. This market need is supported by controlling the access with the association objects. The association object provides different views of the information to the different clients, under the appropriate authentication mechanism.
The association may be established with lowest level security, low level security or high level security. Lowest level security is mainly used to support the retrieval of the structure of a meter unknown for the data collection system. Low level security (LLS) provide a password based authentication of the client. It is typically used when the communication channel offers adequate security to avoid eavesdropping and message (password) replay.
High level security (HLS) is a four-pass authentication, using cryptographic algorithm and secret cryptographic keys. With HLS, both the Client and the Server authenticates itself. This authentication mechanism is used in the case when the communication channel does not offer adequate security to avoid eavesdropping and message (password) replay. The DLMS/COSEM specification does not specify details of the HLS mechanism.
In addition, encryption can be used. This is provided by the xDLMS service element of the application layer.