Connection issue using management client with AuthenticationEncryption security

8 posts / 0 new
Last post
Chandra.S
Connection issue using management client with AuthenticationEncryption security

I am using elster meter. We are able to communicate with the meter using public a client (Id 16), authentication None and security None. Since we need to establish an explicit application association, I am following below step to establish the connection.
SNRM Request -> AARQ Request -> Read association view or logical name

But the problem is we are not able to connect the same meter with the management client (Id is 1) using authentication High (tried with both Low and None) and security AuthenticationEncryption.

Below is my security setup logic and I am using proper keys which is shared by meter manufacturer.
_Client.Ciphering.Security = GXEnums.Security.AuthenticationEncryption;
_Client.Ciphering.SystemTitle = GXCommon.HexToBytes("ABCD");
_Client.ServerSystemTitle = GXCommon.HexToBytes("ABCD");
_Client.Ciphering.BlockCipherKey = GXCommon.HexToBytes("ABCD");
_Client.Ciphering.AuthenticationKey = GXCommon.HexToBytes("ABCD");

Since the management client is preestablished connection, I am not sending AARQ request. After parsing UA response directly trying to read the association view or parameter (frame counter, logical device name.....). But always I am getting Receive ready (RR) response from the meter for read request. I am following below step to establish the connection.
SNRM Request -> Read association view or logical name

Below is communication log for SNRM Request and frame counter.
Request: 7E-A0-07-03-03-93-8C-11-7E
Response: 7E-A0-20-03-03-73-F0-2E-81-80-14-05-02-01-00-06-02-01-2C-07-04-00-00-00-01-08-04-00-00-00-01-15-E3-7E

Online Frame Counter
Request: 7E-A0-2C-03-03-32-49-EA-E6-E6-00-C8-1E-30-00-00-00-01-5A-6F-E0-21-D2-68-D3-3B-7C-FE-BC-FF-92-5F-28-9B-19-21-D7-28-BD-2B-32-8E-3F-D5-B4-7E
Response: 7E-A0-07-03-03-11-96-B6-7E

Note: The client is confirmed that there is no password required for the management client.

Please suggest me If I am missing anything because I am stuck with past one week. However, I have below questions to take it forward.
1. Is it possible to communicate with the meter without taking challenge for high authentication?
2. Is it possible to take challenge without AARQ request?
3. After SNRM request when I try to read any logical name send sequence number is and receive sequence number is going with 1. But I heard send sequence number and receive sequence number should be 0 for the first request after SNRM request. If I want to reset this field how can I reset to 0?
4. Do we need to take any GloCiphering request before establish a secured connection. If yes, how can I send the command?

Kurumi
Kurumi's picture
Connection issue using management client with AuthenticationEncr

Hi,

It seems that Elster expects that first HDLC frame is 0x12, not 0x32. Pre-established connections are quite new and there are variations between the meters what is first frame id.

I'll think how we can handle this.

BR,
Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

Chandra.S
Connection issue using management client with AuthenticationEncr

Hi Kurumi, Thanks for your reply.

I tried to change the HDLC frame ID for the first request after the SNRM request, by changing the GXDLMS GetHdlcFrame method. But still there are no changes in the response. Please suggest me if I want to make the changes in some other place. Below is the communication log.
SNRM Command
TX: 7E-A0-07-03-03-93-8C-11-7E
RX: 7E-A0-20-03-03-73-F0-2E-81-80-14-05-02-01-00-06-02-01-2C-07-04-00-00-00-01-08-04-00-00-00-01-15-E3-7E
Parsed UA response
Read Online frame counter
TX: 7E-A0-35-03-03-12-89-F1-E6-E6-00-DB-08-53-41-43-53-41-43-53-41-1E-30-00-00-00-01-5A-6F-E0-21-D2-68-D3-3B-7C-FE-BC-FF-92-5F-28-9B-19-21-D7-28-BD-2B-32-8E-3F-D4-CB-7E
RX: 7E-A0-07-03-03-11-96-B6-7E

Chandra S

Kurumi
Kurumi's picture
Connection issue using management client with AuthenticationEncr

Hi,

You should ask from the meter vendor is meter supporting Pre-established connections at all.
It's also possible that it's not supported.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

Chandra.S
Connection issue using management client with AuthenticationEncr

Yes, it is confirmed that meter supports Pre-established connection and also they are able to communicate with their own ism tool.

How can I send GeneralGloCiphering request to meter using Gurux. Whenever I try to read any parameter, frame is sent with glo_GetRequest but I have to send with GeneralGloCiphering.

Please find the below communication log which we have captured with the meter vendor ISM tool which is working properly with the management client. But they are sending request with GeneralGloCiphering, so I have to follow the same.

SNRM Request: 7E A0 20 03 03 93 FE C9 81 80 14 05 02 03 E8 06 02 03 E8 07 04 00 00 00 01 08 04 00 00 00 01 6F A1 7E
First request after SNRM: 7E A0 2D 03 03 10 E2 F4 E6 E6 00 DB 00 1E 30 80 00 01 24 95 38 13 53 11 DC 6D 60 AB 42 CA 00 0D 15 7E 3F AE DE 3D 72 AD 54 34 50 26 37 0F 7E

Chandra S

Kurumi
Kurumi's picture
Connection issue using management client with AuthenticationEncr

Hi,

GeneralGloCiphering is sent if you check "General Protection" from device's "Supported Services" tab.

Elster is staring HDLC framing index different than other meters. I'll find a way to solve this.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi

Chandra.S
Connection issue using management client with AuthenticationEncr

Hi, Thanks for your reply.

We fixed the issue by changing frame id to 0x10 instead of 0x13.

Chandra S

Kurumi
Kurumi's picture
Connection issue using management client with AuthenticationEncr

Hi,

I'll design how to say to the parser should initial frame be 0x10 or 0x32 when Pre-established connection is used. I'll believe that this is causing more work later when there are new meters that are using Pre-established connections. This is not tested in DLMS Certificate tests at the moment. So value can be anything.

BR,

Mikko

________________________________________
Mikko Kurunsaari
Gurux Ltd
http://www.gurux.fi