Optical ports provide local access for service engineers during installation or maintenance of energy meters.
Households have physical access to their energy meter and might try to get access to the meter software.
The optical interface for smart meters from almost every manufacturer is specified in the IEC 62056-21. (The US-American ANSI C12.18 is not covered by this article.)
Main functions that can be accessed using optical communication
- Billing data readout
- TOU (Time of Use) readout and modification
- Billing period reset
- Register and profile resets
- Parameter readout and modification
- Communication input settings
- Analysis and diagnostic functions
Note: During the production process electronic meters need to be adjusted. This is done by writing correction values in a dedicated memory inside the meter. This correction values are protected against external access and can not be overwritten once the meter has left the manufacturing site. There are different protection solutions. Some manufacturers are using the optical port for adjustment and lock later this memory section. CLOU meters are using a special port on the PCB for adjustment, which has no physical connection with the infrared port in compliance with the Measuring Instruments Directive (MID).
Protection of the Optical Port
The IEC specification defines the following communication modes:
- Mode A
supports bidirectional data exchange at 300 baud without baud rate switching. This protocol mode permits data readout and programming with optional password protection.
- Mode B
offers the same functionality as protocol mode A, but with additional support for baud rate switching.
- Mode C
offers the same functionality as protocol mode B with enhanced security and manufacturer-specific modes.
- Mode D
supports unidirectional data exchange at a fixed baud rate of 2400 baud and permits data readout only.
- Mode E
allows the use of other protocols.
For the password command, the following command type identifiers are defined:
– 0 data is operand for secure algorithm
– 1 data is operand for comparison with internally held password
– 2 data is result of secure algorithm (manufacturer-specific)
These defined command type identifiers allow static passwords (1) or a manufacturer-specific challenge-response algorithm (0 and 2). Furthermore operation mode C supports manufacturer-specific enhanced security, which is out of the scope of the IEC standard.
Besides this password protection, the IEC standard defines a set of security levels for use in combination with mode C.
- Access level 1
only requires knowledge of the protocol to gain access.
- Access level 2
requires a password to be correctly entered.
- Access level 3
requires operation of a sealable button or manipulation of certain data with a secret algorithm to gain access.
- Access level 4
requires physical entry into the case of the meter and effecting a physical change, such as making/breaking a link or operation of a switch, before further communications access is allowed.
Practical security implementation
The safest method for optical port protection is a authentication by a challenge-response algorithm. This requires that each meter has a unique key. The complex key administration is a back-draw for optical port communication because each handheld- or PC need to keep the meter specific key, while each meter needs to keep the PC specific key. For remote access (AMI systems) this procedure is recommended.
The CLOU risk analysis shows that the most suitable approach is to use a password for read-only operations, together with a manufacturer specific data encryption. For writing operations the terminal cover must be open.
Once the terminal cover is opened unauthorized the meter is recording a tamper event. Depending on the meter type the relay trips and in case of a AMI system the tamper event is forwarded to the centre.
A sealing of the optical port itself does not provide additional security.