A Novel Approach for Mitigation of Replay and Masquerade Attacks in Smartgrids using IEC 61850 Standard (original) (raw)
Related papers
Implementing Secure Routable GOOSE and SV Messages based on IEC 61850-90-5
IEEE Access
Next generation power systems are active networks that handle two-way power flow. They are equipped with extensive communication capabilities to perform dynamic monitoring, protection and control operations. Synchrophasors provide a pseudo real-time representation of grid's current state. Phasor Measurement Units (PMU) placed in different parts of the grid periodically collect synchrophasor data. Then, they send it to a Phasor Data Concentrator (PDCs) through Wide Area Monitoring Systems (WAMS). The entire system formed as PMU Communication Network (PMU-CN) is based on two available frameworks: IEEE C37.118.2 and IEC 61850-90-5. As New York Blackout of 2003 showed that accurate and timely delivery of phasor measurements is vital for secure grid operation. Attacks on PMU-CN may lead to several consequences in the grid and cause physical damage. IEEE C37.118.2 does not specify any security mechanism to mitigate security attacks. To address this gap, security mechanism specified in IEC 61850-90-5 have been implemented using OpenSSL library. A novel toolbox called R-GoSV has been developed to construct PMU messages with cybersecurity mechanisms. Thanks to this tool, custom messages have been transmitted in the network to investigate their effectiveness. Finally, the performance evaluation of the specified security algorithms in terms of computational time sis carried out.
S-GoSV: Framework for Generating Secure IEC 61850 GOOSE and Sample Value Messages
Energies
Standardized communication plays an important role in substation automation system (SAS). IEC 61850 is a de-facto standard in SAS. It facilitates smooth communication between different devices located in the substation by achieving interoperability. Generic Object-Oriented Substation Event (GOOSE) and Sample Value (SV) messages developed according to IEC 61850 enable efficient monitoring and operation control of SAS. IEC 61850 is very popular due to its flexible and robust modeling. As the number of critical infrastructures that employed IEC 61850 increases, it is important to study cybersecurity aspects as well. To this end, this paper develops a software framework, S-GoSV (Secure GOOSE and SV), that generates custom GOOSE and Sample Value messages. Furthermore, security features are added to protect them from different security attacks within a substation. IEC 62351-6 specifies digital signatures to achieve node authentication and messages integrity. Therefore, S-GoSV implements R...
A novel hybrid methodology to secure GOOSE messages against cyberattacks in smart grids
Scientific Reports
IEC 61850 is emerging as a popular communication standard for smart grids. Standardized communication in smart grids has an unwanted consequence of higher vulnerability to cyber-attacks. Attackers exploit the standardized semantics of the communication protocols to launch different types of attacks such as false data injection (FDI) attacks. Hence, there is a need to develop a cybersecurity testbed and novel mitigation strategies to study the impact of attacks and mitigate them. This paper presents a testbed and methodology to simulate FDI attacks on IEC 61850 standard compliant Generic Object-Oriented Substation Events (GOOSE) protocol using real time digital simulator (RTDS) together with open-source tools such as Snort and Wireshark. Furthermore, a novel hybrid cybersecurity solution by the name of sequence content resolver is proposed to counter such attacks on the GOOSE protocol in smart grids. Utilizing the developed testbed FDI attacks in the form of replay and masquerade att...
IEC 62351-4 Security Implementations for IEC 61850 MMS Messages
IEEE Access
With the deployment of advanced information and communication technologies (ICT) the legacy power grid is being transformed as smart grid. However, the extensive use of ICT makes it vulnerable to cyberattacks. Standardization of power system communication with interoperable protocols has many benefits and at the same time the standardized semantics makes it much more vulnerable to cyberattacks. IEC has published a new standard IEC 62351 which provides the security guidelines for securing power system communication against cyber-attacks. In this paper, the cybersecurity considerations for IEC 61850 Manufacturing Message Specification (MMS) messages as per the IEC 62351-4 standard are discussed in detail. Furthermore, the implementation of IEC 62351-4 security specifications for MMS messages are demonstrated through experiments in lab. INDEX TERMS Power system communication; Security and Privacy Protection; IEC 61850; IEC 62351-4. I. INTRODUCTION With the integration of instrumentation, control and information communication technologies to conventional power system has led to power system automation and transition of legacy power grid to smart grid. Substations are digitalized with incorporation of Intelligent Electronic Devices (IEDs) which enhances the control and automation capabilities [1]. IEC 61850 is by far the most popular standard for power utility automation. Due to the objectoriented modelling approach and interoperability features, IEC 61850 has become most popular standard for power utility automation not only for substation automation systems but also for other areas of smart grid communication [2]-[4]. However, with increased automation and use of standardized communication makes the power system/substations much more vulnerable to cyberattacks. Exploiting the standardized semantics make it is much easy for adversaries to launch different types of attacks [5]. Recent events such as Ukraine black out, Stux-net virus attack, etc., are some examples of such attacks [6]. Hence, cybersecurity considerations for preventing attacks on standardized communication in smart grids is essential. IEC 61850 standard doesn't discuss the cybersecurity concerns [7]. IEC 62351 standard compliments the IEC 61850 by
A Lightweight Scheme to Authenticate and Secure the Communication in Smart Grids
Applied Sciences, 2018
Self-reconfiguration in electrical power grids is a significant tool for their planning and operation during both normal and abnormal conditions. The increasing in employment of Intelligent Electronic Devices (IEDs), as well as the rapid growth of the new communication technologies have increased the application of Feeder Automation (FA) in Distribution Networks (DNs). In a Smart Grid (SG), automation equipment, such as a Smart Breaker (SB), is used. Using either a wired or a wireless network or even a combination of both, communication between the Control Center (CC) and SBs can be made. Nowadays, wireless technology is widely used in the communication of DNs. This may cause several security vulnerabilities in the power system, such as remote attacks, with the goal of cutting off the electrical power provided to significant consumers. Therefore, to preserve the cybersecurity of the system, there is a need for a secure scheme. The available literature investments proposed a heavyweight level in security schemes, while the overhead was not considered. To overcome this drawback, this paper presents an efficient lightweight authentication mechanism with the necessary steps to ensure real-time automatic reconfiguration during a fault. As a first stage, authentication will be made between CC and SB, SB then sends the information about its status. To ensure the integrity of the authentication exchange, a hash function is used, while the symmetric algorithm is used to ensure privacy. The applicability of the suggested scheme has been proved by conducting security performance and analysis. The proposed scheme will be injected on ABB medium voltage breaker with the REF 542plus controller. Therefore, the probable benefit of the suggested scheme is the contribution to provide more flexibility for electrical utilities in terms of reducing the overall computational overhead and withstanding to various types of attacks, while also opening new prospects in FA of SGs.
An Effective Security Scheme for Attacks on Sample Value Messages in IEC 61850 Automated Substations
IEEE Open Access Journal of Power and Energy
The trend of transforming substations into smart automated facilities has led to their swift digitalization and automation. To facilitate data exchange among equipment within these substations, the IEC 61850 standard has become the predominant standard. However, this standardization has inadvertently made these substations more susceptible to cyberattacks, which is a significant concern given the confidential information that is transmitted. As a result, cybersecurity in substations is becoming an increasingly critical topic. IEC 62351 standard provides guidelines and considerations for securing the IEC 61850 messages to mitigate their vulnerabilities. While securing Generic Object-Oriented Substation Event (GOOSE) messages has received considerable attention in literature, the same level of scrutiny has not been applied to Sampled Value (SV) messages despite their susceptibility to cyberattacks and similar frame format. This paper presents the impact of replay and masquerade attacks on SV messages. It also develops a scheme for securing SV messages against these attacks. Due to high sampling rate and time critical nature of SV messages, the time complexity of security scheme is critical for its applicability to SV messages. Hence, in this work, SV emulators have been developed in order to send these modified secure SV messages and investigate their timing performance. The results show that the proposed scheme can mitigate replay and masquerade attacks on SV messages while providing the necessary high sampling rate and stringent timing requirements.
Useful Authentication Mechanism for Iec 61850-BASED Substations
2014
By increasing the use of Ethernet and Internet in electricity industry and particularly in IEC 61850- based substation automation systems, the possibility of c yberattacks and authenticity of exchanged messages has increased. Such invasions would make catastrophic consequences in power grids; so, serious considerat ion in security of automation systems can result in mor e stable operational conditions. Despite the fact tha t security issues in IEC 61850 based substations loca ted in high priorities, but most of the methods have no t responded to complicated problems like complex computations, long keys and signature, and no consideration to multicast communications and so on . The purpose of this paper is to present a method ba sed on the IEC 61850 substation security issues and limitations. In the proposed schema which is based on OTS schemas, the signature length is reduced and th e system is resistant against replay attack.
Simulation of Man in the Middle Attack On Smart Grid Testbed
2019 SoutheastCon
Over the past decade, the frequency of cyber attacks against power grids has steadily increased, requiring researchers to find and patch vulnerabilities before they can be exploited. Our research introduces the prototype of a man-in-the-middle attack to be implemented on a microgrid emulator of a smart grid. We present a method of violating the integrity and authentication of packets that are using the IEEE Synchrophasor Protocol in a controlled environment, but this same approach could be used on any other protocol that lacks the proper overhead to ensure the integrity and authenticity of packets. In future research, we plan to implement and test the attack on the previously mentioned smart grid testbed in order to assess the attacks feasibility and tangible effects on Wide Area Monitoring and Control applications, as well as propose possible countermeasures. For this paper, we developed a working simulation of our intended attack using the software ModelSim 10.4. The attack will modify network packet data coming from a Schweitzer Engineering Labs (SEL) Phasor Measurement Unit (PMU) hardware sensor, which provides a stream of precise timing values associated with current and voltage values, as these measured values are en route to the Open Phasor Data Concentrator (OpenPDC) application running on a Windows server. Our simulation provides and validates all of the necessary code in order to program a Field Programmable Gate Array and execute our attack on the testbed in future research.
IEEE Access
Cyber security is a growing concern in power systems. To achieve security requirements such as authentication and integrity for Generic Object-Oriented Substation Event (GOOSE) messages, IEC 62351-6 standard recommends using digital signatures. Furthermore, it explicitly specifies to use RSASSA-PSS (Probabilistic Signature Scheme) digital signature algorithm based on RFC 3447. Power systems run in real-time and implemented cybersecurity measures have to strictly meet timing requirements. Therefore, it is very important to study performances of such methods and contrast them with the timing requirements stipulated by grid operations, e.g. power system protection enforces a maximum delay of 3 msec. In this fashion, it can be analyzed whether a recommended cyber security mechanism is fit for use in power systems. In previous works, only RSA digital signatures were studied and its performance evaluation in terms of computational times for securing GOOSE messages have been studied. This paper analyses the timing performance of RSASSA-PSS digital signature algorithm for securing the GOOSE messages. This is important to assess its feasibility for IEC 61850-based networks as specified by the IEC 62351-6 standard. RSASSA-PSS digital signature algorithm is implemented in Python and verification times are calculated. The results show that RSASSA-PKCS1-v1_5 1024 key digital signatures provide improved performance compared to other RSA digital signature schemes. That being said, none of the algorithms is fast enough to be implemented for time-critical operations such as protection coordination.