Abstract

There is growing awareness towards cybersecurity threats in power systems. IEC 61850 standard facilitates communication between different Intelligent Electronic devices (IEDs) and eases interoperable operation with set data and message structures. An unwanted consequence of this standardized communication over ethernet is increased viability to cyber threats. The IEC 62351-6 standard stipulates the use of digital signatures for ensuring integrity in IEC 61850 message exchanges. However, the digital signatures result in higher computational times which makes it very difficult to use for Generic Object-Oriented Substation Events (GOOSE) messages. This short communication article proposes implementation of the Message Authentication Code (MAC) algorithms, such as Hash-based Message Authentication Code (HMAC) and Advanced Encryption Standard-Galois Message Authentication Code (AES-GMAC), for GOOSE message integrity. Lab tests are run to observe their timing performances and feasibility for GOOSE.

Highlights

  • IEC 61850 is the de-facto communication standard for Substation Automation Systems (SAS) [1]

  • In this article, Generic ObjectOriented Substation Events (GOOSE) message structure is modified as per IEC 62351 to secure them with different MAC algorithms (such as hash-based message authentication code (HMAC) and Advanced Encryption Standard - Galois Message Authentication Code (AESGMAC))

  • MAC algorithms that are recommended in IEC 61850-90-5 are Hash based Message Authentication Code – Secure Hash Algorithm (HMAC-SHA-256) with 80 and 128 truncations, AES-GMAC-64 and AES-GMAC-128

Read more

Summary

INTRODUCTION

IEC 61850 is the de-facto communication standard for Substation Automation Systems (SAS) [1]. In [6], [7] authors investigated Elliptic Curve Digital Signature Algorithm (ECDSA) based DS which resulted comparatively lower computational times compared to RSA based DS. It is possible to use Message Authentication Code (MAC) algorithms for GOOSE security as IEC 61850-90-5 [9] already stipulates it for Routable GOOSE (R-GOOSE) and Routable SV (R-SV). In this article, GOOSE message structure is modified as per IEC 62351 to secure them with different MAC algorithms (such as HMAC and Advanced Encryption Standard - Galois Message Authentication Code (AESGMAC)). Lab tests have been run with different MAC algorithms to observe their timing performances

MAC ALGORITHMS FOR GOOSE MESSAGE SECURITY
CONCLUSIONS

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.