A Fixed-Latency Architecture to Secure GOOSE and Sampled Value Messages in Substation Systems

International Electrotechnical Commission (IEC) 62351-6 standard specifies the security mechanisms to protect real-time communications based on IEC 61850. Generic Object Oriented Substation Events (GOOSE) and Sampled Value (SV) messages must be generated, transmitted and processed in less than 3 ms, which challenges the introduction of IEC 62351-6. After evaluating the security threats to IEC 61850 communications and the state of the art in GOOSE and SV security, this work presents a novel architecture based on wire-speed processing able to provide message authentication and confidentiality. This architecture has been implemented and tested to evaluate its performance, resource usage, and the latency introduced. Other proposals in the scientific literature do not support real-time traffic, so they are not suitable for GOOSE and SV messages. Whereas the others exceed the target latency of 3 ms or do not comply with the standards, our design authenticates and encrypts real-time IEC 61850 data in less than 7 mu s-predictable latency-, and complies with IEC 62351:2020.This work was supported in part by the Ministerio de Economia y Competitividad of Spain under Project TEC2017-84011-R, in part by Fondo Europeo de Desarrollo Regional (FEDER) Funds through the Doctorados Industriales program under Grant DI-15-07857, and in part by the Department of Education, Linguistic Policy and Culture of the Basque Government through the Fund for Research Groups of the Basque University System under Grant IT978-16

Saving Nine Without Stitching in Time: Integrity Check After-the-fact

Electrical substations transform voltage from high to low, or low to high for distribution and transmission, respectively, and are a critical part of our electricity infrastructure. The state of a substation is continuously measured for monitoring, controlling and protection purposes, using synchrophasor measurements. The IEC 61850 standard defines communication protocols for electrical substations, including transmission of synchrophasor measurements. However, IEC 61850 does not properly address cyber security, leaving this critical infrastructure highly vulnerable to cyber attacks. This paper describes the development and testing of a novel mechanism for delayed integrity check for synchrophasor measurements. The results show that the solution manages to detect when integrity of the synchrophasor transmission is compromised, without adding any delay to the time-critical synchrophasor transmission itself.acceptedVersio

Saving Nine Without Stitching in Time: Integrity Check After-the-fact

Electrical substations transform voltage from high to low, or low to high for distribution and transmission, respectively, and are a critical part of our electricity infrastructure. The state of a substation is continuously measured for monitoring, controlling and protection purposes, using synchrophasor measurements. The IEC 61850 standard defines communication protocols for electrical substations, including transmission of synchrophasor measurements. However, IEC 61850 does not properly address cyber security, leaving this critical infrastructure highly vulnerable to cyber attacks. This paper describes the development and testing of a novel mechanism for delayed integrity check for synchrophasor measurements. The results show that the solution manages to detect when integrity of the synchrophasor transmission is compromised, without adding any delay to the time-critical synchrophasor transmission itself.acceptedVersio

A novel hybrid methodology to secure GOOSE messages against cyberattacks in smart grids

: IEC 61850 is emerging as a popular communication standard for smart grids. Standardized communication in smart grids has an unwanted consequence of higher vulnerability to cyber-attacks. Attackers exploit the standardized semantics of the communication protocols to launch different types of attacks such as false data injection (FDI) attacks. Hence, there is a need to develop a cybersecurity testbed and novel mitigation strategies to study the impact of attacks and mitigate them. This paper presents a testbed and methodology to simulate FDI attacks on IEC 61850 standard compliant Generic Object-Oriented Substation Events (GOOSE) protocol using real time digital simulator (RTDS) together with open-source tools such as Snort and Wireshark. Furthermore, a novel hybrid cybersecurity solution by the name of sequence content resolver is proposed to counter such attacks on the GOOSE protocol in smart grids. Utilizing the developed testbed FDI attacks in the form of replay and masquerade attacks on are launched and the impact of attacks on electrical side is studied. Finally, the proposed hybrid cybersecurity solution is implemented with the developed testbed and its effectiveness is demonstrated

Secure Control and Operation of Energy Cyber-Physical Systems Through Intelligent Agents

The operation of the smart grid is expected to be heavily reliant on microprocessor-based control. Thus, there is a strong need for interoperability standards to address the heterogeneous nature of the data in the smart grid. In this research, we analyzed in detail the security threats of the Generic Object Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV) protocol mappings of the IEC 61850 data modeling standard, which is the most widely industry-accepted standard for power system automation and control. We found that there is a strong need for security solutions that are capable of defending the grid against cyber-attacks, minimizing the damage in case a cyber-incident occurs, and restoring services within minimal time. To address these risks, we focused on correlating cyber security algorithms with physical characteristics of the power system by developing intelligent agents that use this knowledge as an important second line of defense in detecting malicious activity. This will complement the cyber security methods, including encryption and authentication. Firstly, we developed a physical-model-checking algorithm, which uses artificial neural networks to identify switching-related attacks on power systems based on load flow characteristics. Secondly, the feasibility of using neural network forecasters to detect spoofed sampled values was investigated. We showed that although such forecasters have high spoofed-data-detection accuracy, they are prone to the accumulation of forecasting error. In this research, we proposed an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed algorithms was experimentally verified on the Smart Grid testbed at FIU. The test results showed that the proposed techniques have a minimal detection latency, in the range of microseconds. Also, in this research we developed a network-in-the-loop co-simulation platform that seamlessly integrates the components of the smart grid together, especially since they are governed by different regulations and owned by different entities. Power system simulation software, microcontrollers, and a real communication infrastructure were combined together to provide a cohesive smart grid platform. A data-centric communication scheme was selected to provide an interoperability layer between multi-vendor devices, software packages, and to bridge different protocols together

Security of Process Bus in Digital Substation

Cyber security attacks in substations have been a issue for a very long time [1]. It is necessary to secure the communication between devices in substation automation system. Generally, Substation Automation Systems uses Intelligent Electronic devices (IED) for monitoring, control and protection of substation. In the past, single purpose and mostly hard-wire interconnected devices were safety and control devices. More and more features have been built into multi-function intelligent electronic devices (IEDs) over time. The need for contact between the devices in the scheme has increased by increasing the number of functions per unit. The lack of wide-ranging knowledge of data communication technologies, protocols, remote access and risks to cybersecurity would improve the prospects for cyber-initiated events. Enabling support for authentication and authorization, auditability and logging as well as product and system hardening are critical features for safeguarding electric power grids and power networks. The introduction of a centralized account management system in the substation automation system is a simple solution for adding and removing users who have or are deprived of access. For utilities that have to stick to laws, this is a big advantage. The security logging mechanisms are a must in the case of intrusion prevention, finding unexpected use patterns and for safety forensics. It has to be precise, readily distributed and easily gathered [2]. Adopting new solutions for substations. These systems are following standards and trends, as of which one of them is in particular Ethernet and TCP/IP based communication protocols. The substation automation multicast messages are Generic Object Driven Substation Event (GOOSE) and Sampled Measured Value (SMV), Manufacturing Message Specification (MMS). The two recent standards published to protect the systems are IEC 61850 and IEC 62351. The mainstream development for substation automation is IEC61850. It provides an integrated solution for ensuring communication in substation automation between intelligent electronic devices (IED). On the one side, these standard mandates that GOOSE and SV messages must be used by the RSA cryptosystem to provide source authenticity. This report provides a realistic consideration and review of the implementation in a substation automation system of a stable sampled measured value (SeSV) message. IEC Working Group 15 of Technical Committee 57 released IEC62351 on protection for IEC61850 profiles because of the lack of security features in the standard. However, the use of IEC62351 standards-based SV authentication methods is still not integrated and computational capabilities and performance are not validated and checked with commercial-grade devices. Therefore this report demonstrates the performance of SeSV allowed security feature packets transmitted between security and control devices by appending the extended IEC61850 packets to a message authentication code (MAC). A prototype implementation on a low-cost embedded commodity device has shown that with negligible time delay, the MAC-enabled SV message can completely protect the process bus communication in the digital substation.Master of ScienceComputer and Information Science, College of Engineering and Computer ScienceUniversity of Michigan-Dearbornhttp://deepblue.lib.umich.edu/bitstream/2027.42/166307/1/Ramya Karnati Final Thesis.pdfDescription of Ramya Karnati Final Thesis.pdf : Thesi

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo