Abstract
There is growing awareness towards cybersecurity threats in power systems. IEC 61850 standard facilitates communication between different Intelligent Electronic devices (IEDs) and eases interoperable operation with set data and message structures. An unwanted consequence of this standardized communication over ethernet is increased viability to cyber threats. The IEC 62351-6 standard stipulates the use of digital signatures for ensuring integrity in IEC 61850 message exchanges. However, the digital signatures result in higher computational times which makes it very difficult to use for Generic Object-Oriented Substation Events (GOOSE) messages. This short communication article proposes implementation of the Message Authentication Code (MAC) algorithms, such as Hash-based Message Authentication Code (HMAC) and Advanced Encryption Standard-Galois Message Authentication Code (AES-GMAC), for GOOSE message integrity. Lab tests are run to observe their timing performances and feasibility for GOOSE.
Highlights
IEC 61850 is the de-facto communication standard for Substation Automation Systems (SAS) [1]
In this article, Generic ObjectOriented Substation Events (GOOSE) message structure is modified as per IEC 62351 to secure them with different MAC algorithms (such as hash-based message authentication code (HMAC) and Advanced Encryption Standard - Galois Message Authentication Code (AESGMAC))
MAC algorithms that are recommended in IEC 61850-90-5 are Hash based Message Authentication Code – Secure Hash Algorithm (HMAC-SHA-256) with 80 and 128 truncations, AES-GMAC-64 and AES-GMAC-128
Summary
IEC 61850 is the de-facto communication standard for Substation Automation Systems (SAS) [1]. In [6], [7] authors investigated Elliptic Curve Digital Signature Algorithm (ECDSA) based DS which resulted comparatively lower computational times compared to RSA based DS. It is possible to use Message Authentication Code (MAC) algorithms for GOOSE security as IEC 61850-90-5 [9] already stipulates it for Routable GOOSE (R-GOOSE) and Routable SV (R-SV). In this article, GOOSE message structure is modified as per IEC 62351 to secure them with different MAC algorithms (such as HMAC and Advanced Encryption Standard - Galois Message Authentication Code (AESGMAC)). Lab tests have been run with different MAC algorithms to observe their timing performances
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
