Abstract
Smart grids are becoming increasingly popular thanks to their ability to operate with higher precision and smaller margins. Dynamic operation control in smart grids can be achieved with phasor measurement unit (PMU) based wide area monitoring and control systems. The data communication requirements for the PMU based applications are well addressed in the IEEE C37.118.2 and IEC 61850-90-5 standards. Due to the higher probability of cyberattacks and the scale of their impact, data security is a critical requirement in PMU communication networks. The IEC 61850-90-5 communication standard addresses this security concern and proposes the HMAC (hash based message authentication code) with key distribution center (KDC) scheme for achieving information authentication and integrity. However, these IEC 61850-90-5 security recommendations do not consider the mechanism for attacks such as man-in-the-middle (MITM) attacks during KDC key exchanges. MITM attacks can be easily implemented and may have a large impact on the grid operation. This paper proposed an explicit certificate-based authentication mechanism to mitigate MITM attacks in PMU communication networks. The proposed certificate-based authentication mechanisms were implemented in real-time using Python-based terminals to observe their performance with different signature algorithms.
Highlights
State estimation, monitoring, controlling, and protection of smart grids can be accomplished by phasor measurement unit (PMU) based wide area monitoring and control systems
These capabilities highly depend on measurements and their secure transmission over wide area
With the increased connectivity and intelligence introduced to smart capabilities highly depend on PMU
Summary
State estimation, monitoring, controlling, and protection of smart grids can be accomplished by phasor measurement unit (PMU) based wide area monitoring and control systems. The PMU is an intelligent electronic device (IED) in a smart grid that periodically records data pertaining to the power system dynamics. Having replaced C37.118.2 with its own requirements, IEC 61850-90-5 addresses this security gap and specifies a hash based message authentication code (HMAC) with key distribution center (KDC) scheme to achieve information authentication and integrity of the PMU data. IEC 61850-90-5 recommends the use of a node authentication mechanism during KDC key exchanges, yet, it does not specify a certain mechanism This paper addresses this gap and proposes the implementation of certificate-based authentication as a solution for node authentication during KDC key exchanges. The motivation behind choosing certificate-based authentication is that it is the only authentication mechanism that can prevent MITM attacks during the KDC key exchanges [20,21].
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call