• State
  • Locked Locked
  • Replies 4 replies
  • Subscribers 80 subscribers
  • Views 1727 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TI DLMS COSEM "ScopeOfAccessViolated" at HLS association

Ivan Debelec1
Prodigy 100 points

Hello,

I have stucked with problem when reading dlms data in HLS association... I'm working with kalkitech client, and I'm able to establish HLS association, but then when I'm reading some objects I'm getting "ScopeOfAccessViolated"...

In NS and LS I'm able to read that objects without problem, but when i'm, trying on HLS there is problem... 

I think that there is maybe problem that TI Library need information that HLS connection is established, but I don't know how to get that information to library... Can someone help me with this???

I have tried all possible combinations of ACCESS_PCxy_MRxy_USxy, and different association visibility (ASSOC_PC_MR_US) but that is not solving my problems...

Can someone give me some support on that??

Thanks....

  • 0
    TI__Mastermind 25045 points
    Hi Ivan,

    We are looking into the matter and trying to get your request to the right team. We will get back to you in time.

    Best regards,

    David
  • 0
    TI__Intellectual 2595 points
    What DLMS client software are you using to connect to the meter? The HLS mode for DLMS authentication is not properly standardised. Newer revisions of the DLMS spec have properly standardised authentication modes using MD5, SHA1, AES GCM, SHA2 and elliptic curve methods. For HLS authentication the actual cryptology processing is not defined. The current TI library uses a technique, based on AES128, which is standardised for India. The Kalkitech Explorer software should work with this. Most other DLMS client software probably won't.

    The code in the TI library, which processes the HLS exchange, looks something like this:

    /* Encrypt the challenge that was sent to the client */
    for (i = 0; i < challenge_s2c_len/16; i++)
    {
    aes128_encrypt(&challenge_s2c[i*16], secret_key);
    }
    /* Encrypt the challenge that was sent by the client */
    for (i = 0; i < link->challenge_c2s_len/16; i++)
    {
    aes128_encrypt(&challenge_c2s[i*16], secret_key);
    }

    The encrypted challenge_s2c must match the one received from the client.
    The encrypted challenge_c2s is sent back to the client.
  • 0 in reply to Steve Underwood
    Prodigy 100 points

    Hi Steve,

    thanks for answer...

    I'm using kalkitech client...

    I have implemented "reply_to_hls_auth" method where I have used aes128_encrypt and aes128_decrypt functions...

    With encrypted challenge_c2s I'm replying to client, and then kalkitech client says that there is established connection...

    But when I'm reading some objects, AA is established, but then when client sends get_request, in get_response there is "ScopeOfAccessViolated" result...

    I think that I have succeded in authenting association at client side with properly encrypted challenge_c2s in method_response, but i don't know how to say to TI library on MSP430 that HLS connection is established... When I'm decrypting data from method_request which i get from client, decrypted data is identical to challenge_s2c, so with this comparation server side should be authenticated (but I don't see where library get that information that HLS association is established)...

    Also I don't know if challenge_s2c should be static, or needs to be random changed in every AARQ??

    Thanks for response...

  • 0 in reply to Ivan Debelec1
    Prodigy 100 points

    Hello,

    Can you give me support on previous questions??

    Does TI have some plans to support other authentication methods like GMAC in new version of library, and when is expected release date??

**Attention** This is a public forum