Security for Optical Ports on Energy Meters

Optical ports provide local access for service engineers during installation or maintenance of energy meters.

Households have physical access to their energy meter and might try to get access to the meter software.

CL710K22 with optical port
CL710K22 with optical port
CL710K22 with optical probe
CL710K22 with optical probe


The optical interface and communication heads for smart meters from almost every manufacturer are specified in the IEC 62056-21. (The US-American ANSI C12.18 is not covered by this article.)

Main functions that can be accessed using optical communication

  • Billing data readout
  • TOU (Time of Use) readout and modification
  • Billing period reset
  • Register and profile resets
  • Parameter readout and modification
  • Communication input settings
  • Analysis and diagnostic functions

Note: During the production process electronic meters need to be adjusted. This is done by writing correction values in a dedicated memory inside the meter. This correction values are protected against external access and can not be overwritten once the meter has left the manufacturing site. There are different protection solutions. Some manufacturers are using the optical port for adjustment and lock later this memory section. CLOU meters are using a special port on the PCB for adjustment, which has no physical connection with the infrared port in compliance with the Measuring Instruments Directive (MID).

Protection of the Optical Port

The IEC specification defines the following communication modes:

  • Mode A

supports bidirectional data exchange at 300 baud without baud rate switching. This protocol mode permits data readout and programming with optional password protection.

  • Mode B

offers the same functionality as protocol mode A, but with additional support for baud rate switching.

  • Mode C

offers the same functionality as protocol mode B with enhanced security and manufacturer-specific modes.

  • Mode D

supports unidirectional data exchange at a fixed baud rate of 2400 baud and permits data readout only.

  • Mode E

allows the use of other protocols.

For the password command, the following command type identifiers are defined:

– 0 data is operand for secure algorithm

– 1 data is operand for comparison with internally held password

– 2 data is result of secure algorithm (manufacturer-specific)

These defined command type identifiers allow static passwords (1) or a manufacturer-specific challenge-response algorithm (0 and 2). Furthermore operation mode C supports manufacturer-specific enhanced security, which is out of the scope of the IEC standard.

Besides this password protection, the IEC standard defines a set of security levels for use in combination with mode C.

  • Access level 1

only requires knowledge of the protocol to gain access.

  • Access level 2

requires a password to be correctly entered.

  • Access level 3

requires operation of a sealable button or manipulation of certain data with a secret algorithm to gain access.

  • Access level 4

requires physical entry into the case of the meter and effecting a physical change, such as making/breaking a link or operation of a switch, before further communications access is allowed.

Practical security implementation

The safest method for optical port protection is a authentication by a challenge-response algorithm. This requires that each meter has a unique key. The complex key administration is a back-draw for optical port communication because each handheld- or PC need to keep the meter specific key, while each meter needs to keep the PC specific key. For remote access (AMI systems) this procedure is recommended.

The CLOU risk analysis shows that the most suitable approach is to use a password for read-only operations, together with a manufacturer specific data encryption. For writing operations the terminal cover must be open.

Once the terminal cover is opened unauthorized the meter is recording a tamper event. Depending on the meter type the relay trips and in case of a AMI system the tamper event is forwarded to the centre.

Single Phase Meter CL710K20
Single Phase Meter CL710K20

A sealing of the optical port itself does not provide additional security (personal oppinion of the author)

Nevertheless we had some customer requests for a sealable optical port.
Take a look at our CL710K20 or our K23 series. This meters are optional available with a sealable port.

Thank you for reading.
What is your opinion about a sealable optical port? Put us a comment in the field below.

Editor's note: This article was originally published in August 2019 and has been updated for comprehensiveness.

8 Replies to “Security for Optical Ports on Energy Meters”
  1. Hi,
    We intend to communicate with the meter using third-party hardware via RS485, this should then give us the ability to monitor consumption and disconnect if need be remotely using a network of our choosing (Lora, wifi, or Cellular) depending on area and coverage.
    Is there a user manual or documentation guide to achieve such? or a command list protocol name etc.

    1. Thank you for your question. Our meters are working with the standard DLMS protocol. However, you need to consider that the communication is encrypted, so without knowing the key, you cannot access the data. The encryption is utility-specific and for security reasons not disclosed to manufacturers or end-users.

  2. Sir how can we connect a digital energy meter to Arduino uno via optical port to read only the consumed current values. what should be there between optical port and Arduino. Please tell more about it.

    1. Thank you for the question. You can find open source libraries e.g. at Gurux These libraries are working for unprotected meters with DLMS protocol. In most cases the meters have passwords and encryption even for simple read-outs. Have fun!

    2. Thanks for reply sir. After some searches I came to know that we can connect an digital energy meter having an optical port in it to the Arduino uno via cable having optical port connector and USB/RS 232/RS485 at other end. But in order to acess the meter data we need the command sets made by the manufactures. But do they provide us with the command set for their less used energy meter for our engineering project, if we contact them?

    3. If you have meters with DLMS protocol, the commands are standard. The local power supplier is setting-up access protection in terms of passwords or encryptions. So the meter manufacturers can't help you. You need to talk to your power supply company whether thy support your project.

  3. Dear sir,
    Plz can you have ( single ,3 phase )prepayment smart meter with contactless card

    Thanks

    1. thank you for your interest and now we only have the IC card prepayment meter

Leave a Reply

Your email address will not be published. Required fields are marked *

 


All comments are moderated before being published. Inappropriate or off-topic comments may not be approved.