A Fixed-Latency Architecture to Secure GOOSE and Sampled Value Messages in Substation Systems

International Electrotechnical Commission (IEC) 62351-6 standard specifies the security mechanisms to protect real-time communications based on IEC 61850. Generic Object Oriented Substation Events (GOOSE) and Sampled Value (SV) messages must be generated, transmitted and processed in less than 3 ms, which challenges the introduction of IEC 62351-6. After evaluating the security threats to IEC 61850 communications and the state of the art in GOOSE and SV security, this work presents a novel architecture based on wire-speed processing able to provide message authentication and confidentiality. This architecture has been implemented and tested to evaluate its performance, resource usage, and the latency introduced. Other proposals in the scientific literature do not support real-time traffic, so they are not suitable for GOOSE and SV messages. Whereas the others exceed the target latency of 3 ms or do not comply with the standards, our design authenticates and encrypts real-time IEC 61850 data in less than 7 mu s-predictable latency-, and complies with IEC 62351:2020.This work was supported in part by the Ministerio de Economia y Competitividad of Spain under Project TEC2017-84011-R, in part by Fondo Europeo de Desarrollo Regional (FEDER) Funds through the Doctorados Industriales program under Grant DI-15-07857, and in part by the Department of Education, Linguistic Policy and Culture of the Basque Government through the Fund for Research Groups of the Basque University System under Grant IT978-16

Experimental study of performance and vulnerabilities of IEC 61850 process bus communications on HSR networks

International audienceModern power-network communications are based on the IEC 61850 series standards. In this paper we investigate the real-time performance, the vulnerabilities and the attack scenarios on the sensor level communication networks, more precisely on the Sampled Measured Value (SMV) protocol. There are two main contributions of our work. First, we evaluate statistically the measured real-time performance of the communication network. The second contribution is the description, implementation and experimental validation of the attacks on SMV protocol targeting electrical protection functions

Real-Time Performance and Security of IEC 61850 Process Bus Communications

International audienceModern power-network communications are based on the IEC 61850 series standards. In this paper, we investigate the real-time performance and the vulnerabilities and attack scenarios at the sensor level communication networks more precisely on Sampled Measured Value protocol. The approach jointly evaluates the communication protocol, network topology and impact on electrical protection functions. We test the practical feasibility of the attacks on an experimental workbench using real devices in a hardware-in-the-loop setup. The tests are conducted on the two high-availability automation networks currently used in IEC 61850 process bus communications: Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR)