STS, Key Management and Revenue Protection Don Taylor STS Association www.sts.org.za What’s it all about ? • • • • • • • • • • • Standard Transfer Specification (STS) Meter Keys Vending Keys and Supply Group Codes (SGC) Encryption / Decryption Key Change Tokens Key Load Files Secure Modules (SM) Key Management Center (KMC) Meter Manufacturers Utilities Token Vendors A host of entities that work together. What is encryption ? “JOE” Key Secure Module shuffle rule shuffle letters 3 000 0 JOE 001 1 JEO 010 2 EJO 011 3 EOJ 100 4 OEJ 101 5 OJE 3 Key message shuffle rule ENCRYPTION shuffled combinations reverse the shuffle process “JOE” Token DECRYPTION Meter message The Key is a shared secret between sender and receiver. What is a key ? A secret random number 3-bit Key = 8 combinations 101 56-bit DES Key = 72 x 1015 combinations 1001 1100 1011 1110 1101 11011011 1110 1001 1110 0001 1000 1011 1010 64-bit STS Key = 18 x 1018 combinations 1001 1100 1011 1110 1101 11011011 1110 1001 1110 0001 1000 1011 1010 1011 1111 DES keys are still widely used in the banking industry STS key is 256 times “stronger” than a DES key. Meter key ? KMC generates Key and allocates applies for SGC Utility Supply Group Code to Utility Key Management Centre Key SGC SGC = 000439 Key Load File places order installs Secure Module Key SGC Meter Manufacturer Supply Group Key Change Token SGC= 000439 Meter manufactures Key1 installed in Each meter Key1 is uniquely derived from Key. Vending key ? authorizes Utility Key Management Centre Key Already allocated Key and SGC SGC contracts $ with Key Load File installs Vendor Secure Module Key SGC Encrypt (credit) using Key1 (credit) $ Credit Token installed Customer Meter Key1 Decrypt (credit) using Key1 The Key gives vending authorization. The implication ? • Key authorizes credit transfer to customer • Anyone in possession of the Key can transfer credit • A loaded Secure Module is a credit transfer machine • A “lost” or “unused” SM is a money printer Manage your Secure Modules. Who owns the key ? • The Utility owns the Key • The Key protects the Utility’s revenue • It is the Utility’s responsibility to keep the Key safe once it leaves the KMC Responsibility accompanies ownership. What does KMC do ? • Generate Supply Group Codes and Keys • Allocate to Utilities • ESCROW in safe storage • Distribute to equipment manufacturers and token vendors authorized by Utility • Authenticate Secure Modules • Initialize Secure Modules KMC is responsible for keys in its own domain. What does STSA do ? • Facilitates access to STS services • Product certification • Key management • Assures availability of services • Assures conformance to standards • STS protocols • Codes of practice STSA supports the STS infrastructure. Where are your keys now ? • Every meter manufacturer that supplied meters to the Utility • Every SM that vended tokens for the Utility • Loaded SMs in cupboards and boxes • Stolen or missing SMs Keys are all over the show. Present status ? • Many Utilities are ignorant of responsibility • Few can give 100% accountability of SMs • Many SMs becoming redundant due to online vending systems • Program initiated by NRS User Group and KMC to bring keys and SMs under control • STS Association initiated a project for enhanced key management infrastructure We need to get our act together. What should Utility do ? • Take ownership and responsibility • Understand all relevant aspects of key management • Put own management plan in place • Actively participate in the STS User Group • Take “ownership” of the infrastructure Wake up before it is too late. Conclusion ? The Key protects your Revenue Manage it Thank you for your attention!