TY - GEN
T1 - Analysis of Message Authentication Solutions for IEC 61850 in Substation Automation Systems
AU - Tefek, Utku
AU - Esiner, Ertem
AU - Mashima, Daisuke
AU - Hu, Yih Chun
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - An inevitable consequence of automated control and communication in electric substations is the vulnerability against cyberattacks that compromise the integrity and authenticity of messages. IEC 62351 standard stipulates the use of message authentication solutions, although there is no firm guidance on the exact method to be adopted. The earlier IEC 62351-6:2007 standard recommended the use of digital signatures. However, digital signatures do not meet the timing requirements of IEC 61850 GOOSE and SV. Thus, the recent revisions to IEC 62351-6 backtracked from digital signatures in favor of message authentication code (MAC) algorithms, thereby sacrificing key properties, i.e., scaling well for multiple destinations, easy key distribution and management, public verifiability, and non-repudiation. Following these revisions, tailoring MAC-based algorithms for IEC 61850 message structure has gained traction. Additionally, new message authentication solutions that exploit the small or low entropy messages, such as those in GOOSE and SV, have been proposed to secure time-critical communication. These solutions retain certain key properties of digital signatures within the delay requirements of GOOSE and SV. This paper addresses the key trade-offs and discusses the feasibility of the promising message authentication solutions for IEC 61850 GOOSE and SV. Through their implementation on a low-cost hardware BeagleBoard-X15 we report on the real-world comparison of performance metrics.
AB - An inevitable consequence of automated control and communication in electric substations is the vulnerability against cyberattacks that compromise the integrity and authenticity of messages. IEC 62351 standard stipulates the use of message authentication solutions, although there is no firm guidance on the exact method to be adopted. The earlier IEC 62351-6:2007 standard recommended the use of digital signatures. However, digital signatures do not meet the timing requirements of IEC 61850 GOOSE and SV. Thus, the recent revisions to IEC 62351-6 backtracked from digital signatures in favor of message authentication code (MAC) algorithms, thereby sacrificing key properties, i.e., scaling well for multiple destinations, easy key distribution and management, public verifiability, and non-repudiation. Following these revisions, tailoring MAC-based algorithms for IEC 61850 message structure has gained traction. Additionally, new message authentication solutions that exploit the small or low entropy messages, such as those in GOOSE and SV, have been proposed to secure time-critical communication. These solutions retain certain key properties of digital signatures within the delay requirements of GOOSE and SV. This paper addresses the key trade-offs and discusses the feasibility of the promising message authentication solutions for IEC 61850 GOOSE and SV. Through their implementation on a low-cost hardware BeagleBoard-X15 we report on the real-world comparison of performance metrics.
UR - http://www.scopus.com/inward/record.url?scp=85144209835&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85144209835&partnerID=8YFLogxK
U2 - 10.1109/SmartGridComm52983.2022.9961052
DO - 10.1109/SmartGridComm52983.2022.9961052
M3 - Conference contribution
AN - SCOPUS:85144209835
T3 - 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2022
SP - 224
EP - 230
BT - 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2022
Y2 - 25 October 2022 through 28 October 2022
ER -