Abstract
Tampering, forgery and theft of the measurement and control messages in a smart grid could cause one breakdown in the power system. However, no security measures are employed for communications in intelligent substations. Communication services in an intelligent substation have high demands for real-time performance, which must be considered when deploying security measures. This paper studies the security requirements of communication services in intelligent substations, analyzes the security capabilities and shortages of IEC 62351, and proposes a novel security scheme for intelligent substation communications. This security scheme covers internal and telecontrol communications, in which the real-time performance of each security measure is considered. In this scheme, certificateless public key cryptography (CLPKC) is used to avoid the latency of certificate exchange in certificate-based cryptosystem and the problem of key escrow in identity-based cryptosystem; the security measures of generic object-oriented substation event, sampled measure value and manufacturing message specification in IEC 62351 are improved to meet the real-time requirements of the messages as well as to provide new security features to resist repudiation and replay attacks; and the security at transport layer is modified to fit CLPKC, which implements mutual authentication by exchanging signatures. Furthermore, a deployment of CLPKC in an intelligent substation is presented. We also evaluate the security properties of the scheme and analyze the end-to-end delays of secured services by combining theoretical calculation and simulation in this paper. The results indicate that the proposed scheme meets the requirements of security and real-time performance of communications in intelligent substations.
Highlights
With the development of intelligent substations, the communication of substations gradually developed from point-to-point connections to networked connections
In order to ensure the secure transmission of communication messages, reference [7, 8] proposed SM2-based security mechanisms, reference [9] designed a security mechanism that was mixed with encryption by DES and RSA, but both of them require high computing performance to satisfy the real-time requirements of substation communications, so they are not suitable for substation systems
Considering the real-time requirement of generic object oriented substation event (GOOSE)/sampled measure value (SMV) messages, a hashbased message authentication code (HMAC) algorithm is employed to calculate the signature value instead of the asymmetric RSA algorithm specified in International Electrotechnical Commission (IEC) 62351, and the SHA256 algorithm is employed for the hash calculation
Summary
With the development of intelligent substations, the communication of substations gradually developed from point-to-point connections to networked connections. Intelligent substations are facing increasing cyber security threats Both internal and telecontrol communications of built intelligent substations have not employed any security measures so far [1]. In order to ensure the secure transmission of communication messages, reference [7, 8] proposed SM2-based security mechanisms, reference [9] designed a security mechanism that was mixed with encryption by DES and RSA, but both of them require high computing performance to satisfy the real-time requirements of substation communications, so they are not suitable for substation systems. Aiming at the cyber threats of intelligent substations, this paper analyzes the security capabilities and shortages of IEC 62351 and presents an overall security scheme for intelligent substation communications taking into account real-time performance. The evaluation of security properties and the analysis of end-to-end delays prove that the security measures in this paper can meet the requirements of security and real-time performance of substation communications
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
