Smart Grid and

IEC 62351 – Power system management

and associated information exchange –
Data and communication security

Wan Azlan Wan Kamarul Zaman

Telecontrol, Engineering,
Transmission Division,
Tenaga Nasional Berhad
1
Our Agenda

Intro* Core Parts

• Basis of IEC 62351 • IEC 62351-3
standard • IEC 62351-4
• IEC 62351-5
• IEC 62351-6

Supporting Parts Technical Digression

• IEC 62351-7 • Encryption techniques
• IEC 62351-8 • Message Authentication
• IEC 62351-9 • TLS use case
• IEC 62351-10 • Certificate use case
NIST SG Conceptual Model

Markets Operations Service Providers

Generation Transmission Distribution Customer/

Producer
3
SG Targets of Cyber Attacks –
[Ref: NISTR 7628 Guideline to SG Security]
DLMS,Homes
IEC 60870-5

ZigBee
DER
Distribution Automation
Meter
IEC 61850,
IEC 60870-5
Phasors Controls
IEEE C37.118
SCADA
Alarms EV
Controls Appliance

Gateway

Meters
Operations Gateway Automation DLMS,
Controls IEC 60870-5
IEC 60870-5, IEC 61850,
IEC 60870-6, IEC 60870-5 Buildings
IEEE 1815 (DNP3) Customer/Producer 4
SG Security Requirements and Threats
[Ref: IEC 62351-1]
Why don’t we just shoot power transformer, bushing, insulators etc?

5
SG Security Requirements and Threats
[Ref: IEC 62351-1]

Confidentiality Integrity Availability Non-Repudiation

Listening: Tampering:
Exchanges: Plants: Denial:
Eavesdropping Control
Man-In-The-Middle Spoofing Busy Service
6
Our Agenda

Intro Core Parts*

• Basis of IEC 62351 • IEC 62351-3
standard • IEC 62351-4
• IEC 62351-5
• IEC 62351-6

Supporting Parts Technical Digression

• IEC 62351-7 • Encryption techniques
• IEC 62351-8 • Message Authentication
• IEC 62351-9 • TLS use case
• IEC 62351-10 • Certificate use case
IEC 62351 for SG Security

7 Network Objects
ISO RFC ITU NIST
60870-6 TASE.2

IEC 62351--9 Key Mgmt

62351-8 RBAC
IEC 62351-1 Intro IEC 62351-2 Glossary
61850 MMS
IEC 62351-3 TCP/IP Profile
60870-5 -104 and

IEC 62351
DNP

IEC 62351-7
IEC 62351-4 MMS Profile
60870-5 Serial
DNP IEC 62351-5 60870-5 & Derivatives
61850 GOOSE,
IEC 62351-6 61850 GOOSE, SV
SV

IEC 62351-10 Security Architecture Guidelines for TC 57

IEC 62351-3: TCP/IP Security Profile

• Specifies protection of TCP/IP based

Objective: protocols through Transport Layer Security
(TLS) encryption

• SSL versions 1, 2 and 3 by Netscape

• TLS 1 = SSL 3 maintained by IETF
History • TL 1.2 current version
• TLS 1.3 under way

• Man-In-The-Middle attacks
Threat • Authentication;
• Message replay;
Mitigation • Eavesdropping;
IEC 62351-3: TCP/IP Security Profile

Client Server

Secure Socket Layer

TLS TLS
TCP UDP TCP UDP
IP Encrypted IP
TCP IP
Message
Insecure Medium

Client Server
Non-Secure Socket Layer

TCP UDP Encrypted Packet TCP UDP

IP Message TCP IP IP IP
IPSec IPSec
Tunnel [IEC 62351-2]
Transport Layer Security – Simplified
Symmetric Encryption
Message Encrypted
Send an
encrypted
+ message and key +
Secret Client Server
Secret

Encrypted Encrypted
Message
Secret

? Attacker
?
Secret Client Server
I need a secure Encrypted I need a secret key
line to send the to read this message
secret key
Transport Layer Security – Simplified
Asymmetric Encryption Key Exchange
Attacker

Client Server
Private Key
Send public key
Public Key
Secret

+ Public Key Attacker +

Private Key
Client Server
Secret
Secret
Secret
Secret Send encrypted secret
+ Encrypted

Message
Transport Layer Security – Simplified
Authentication
Attacker

Client Server

I owe you $10 Encrypted I owe you

Attacker changes $10,000,000
encrypted message

Attacker

Client Server

I owe you $10 I owe you

MAC Encrypted
$10,000,000
Attacker changes encrypted
message appended with
Message Authentication
Code (MAC)
IEC 62351-3: Handshake and Transfer
[RFC 5246]
Client Server
TCP Handshake TCP Handshake
ClientHello
Cipher Suite List ServerHello
Certificate*
ServerKeyExchange*
Certificate*
CertificateRequest*
ClientKeyExchange
ServerHelloDone
CertificateVerify*
[ChangeCipherSpec]
Finished [ChangeCipherSpec]
Finished
Request
Response

HelloRequest
Cipher Re-Negotiation
IEC 62351-3: TCP Ports

62351-
• mms-sec = 3782/tcp
4 • mms = 102/tcp
MMS
62351- • iec-104-sec= 19998/tcp
• dnp-sec = 19999/tcp
5 for • iec-104 = 2404/tcp
870-5 • dnp = 20000/tcp
ClientHello [RFC 5246]
• TLS Version ID

General • Session ID
• Cipher Suite List
• Random Number

62351-3 • Non-acceptable cipher suite

• TLS_NULL_WITH_NULL_NULL
• TLS_RSA_NULL_WITH_NULL_MD5

TCP/IP • TLS_RSA_NULL_WITH_NULL_SHA
• Version >= TLS 1.0

62351-4 • Mandatory TLS_DH_DSS_WITH_AES_256_SHA

• TLS_DH_RSA_WITH_AES_128_SHA for 61850 in substation

MMS [62351-6]

62351-5 • Uses pre-shared keys

• TLS_PSK_WITH_XXX_XXX
for 870-5
IEC 62351-4: MMS Security Profile
A-Profile
Specifies security
authentication
parameters in MMS
61850 Tase.2 and ACSE 61850 Tase.2
ACSE ACSE
A-Profile
MMS MMS
Presentation Presentation
Session Session
OSI TP0 OSI TP0
T-Profile
RFC 1006 RFC 1006
TLS TLS
Secure Socket Layer
TCP UDP TCP UDP
IP Encrypted IP
TCP IP
Message
Insecure Medium T-Profile
Defines correct parameter
configuration for TP0 and
RFC 1006 to avoid security
loopholes
IEC 62351-4: Security Enhancement

• Declare signed certificate and value

A-Profile • AARQ and AARE authentication defined
• ACSE checks the signature from peer

• Enforce maximum TP0 TPDU length in

T-Profile OSI T0 and RFC 1006
• Keep alive timer <= 1 minute

• Mandatory and recommended cipher

TLS • Mandatory port usage
• Cipher re-negotiation time <= 10 min
IEC 62351-5: IEC 60870-5 and Derivatives

60870-5-104 TCP/IP Based Protocols 60870-5-104

Authentication Authentication
Secure Socket Layer
TLS TLS
TCP UDP TCP UDP
IP Encrypted
TCP IP Challenge TCP IP IP
APDU

Insecure Medium

60870-5-101 Serial Based Protocols 60870-5-101

Authentication Authentication

60870-5 APDU

T ASDU H T Challenge H
Link Layer Link Layer
Insecure Medium
IEC 62351-5: Challenge-Reply Authentication

Client Server

Non-Critical ASDU

Standard Protocol Response

Critical ASDU

Authentication Challenge
Authentication Response
Authenticate
Perform Operation
Standard Protocol Response
IEC 62351-5: Challenge Format

Session ID
Session ID to be used
• <0> = Monitor direction
• <1> = Control direction
• <2> = Per user basis

HMAC Algorithm
•Defines authentication
method of the challenger
•HMAC SHA1 digital
signature – minimum spec

Random Challenge Data

•Prevent replay attacks
•Generated using FIPS
standard PRF
IEC 62351-5: Reply Format

HMAC Value
The reply contains hash
digest of:
•Challenge message
•Address information e.g.
CAASDU + IOA of
challenger and responder
•Challenge
Challenge ASDU
•Padding data
TLS Pre-Shared Key (TLSPSK) Handshake for IEC
60870-5-104 [RFC 4279]
Client Server
TCP Handshake TCP Handshake
ClientHello
Cipher Suite List ServerHello
(Certificate)* - Not applicable
ServerKeyExchange*
(Certificate)*
(CertificateRequest)*
ClientKeyExchange
ServerHelloDone
(CertificateVerify)*
[ChangeCipherSpec]
Finished [ChangeCipherSpec]
Finished
Request
Response

HelloRequest
Cipher Re-Negotiation
IEC 62351-6: Security Profiles for VLAN

Extension
•Defines authentication
parameters for VLAN
•HMAC SHA256 digital
signature
IEC 62351-6: Authenticated Publisher-Subscriber

Subscriber Publisher

Authenticate Publish | Authentication

Operate
Authenticate Publish | Authentication
Operate
Authenticate Publish | Authentication
Operate
Authenticate Publish | Authentication
Operate

GOOSE Authentication Times

• Study by University of
Colorado in 2010
• HMAC generated using 5
different keys. RSA is fastest
but 2 x operating time
Our Agenda

Intro Core Parts

• Basis of IEC 62351 • IEC 62351-3
standard • IEC 62351-4
• IEC 62351-5
• IEC 62351-6

Supporting Parts* Technical Digression

• IEC 62351-7 • Encryption techniques
• IEC 62351-8 • Message Authentication
• IEC 62351-9 • TLS use case
• IEC 62351-10 • Certificate use case
Supporting Standard Parts

62351-7 • Data objects for network and system

management (NSM)
NSM • Management of end-to-end security

62351-8 • RBAC = Role Based Access Control

• Define access control management
RBAC
62351-9 • Management and distribution of certificates
and keys
Key • Includes X.509 certificate, public keys,
PSK and session ID
Mgmt
Conclusion
• Smart grid impacts how electricity will be delivered,
lifestyle, environment and a nation’s economy;
• The Internet will still be the main medium due its
pervasiveness and cost despite its insecurities;
• Advances in e-commerce provide clues of how a
pervasive but secure future smart grid will evolve;
• This vision is held by IEC TC57 WG 15;
• Cyber security is not only an enabler but a game
changer in the smart grid evolution;
• [See Further reading]
Our Agenda

Intro Core Parts

• IEC 62351-3
• Basis of IEC 62351 • IEC 62351-4
standard • IEC 62351-5
• IEC 62351-6

Supporting Parts Technical Digression*

• IEC 62351-7 • Encryption techniques
• IEC 62351-8 • Message Authentication
• IEC 62351-9 • TLS use case
• IEC 62351-10 • Certificate use case
Cipher Suite [RFC 5246]
TLS_[Key Exchange]_WITH_[Bulk Cipher]_[MAC]

Key Exchange Algorithm

Asymmetric Encryption
Public Key-Certificate Authenticator pair
RSA = Rivest-Shamir-Adelman
DH = Diffie-Hellman
DSS = Digital Signature Standard
EC = Elliptic Curve

Bulk Cipher Algorithm

Symmetric Encryption
DES = Digital Encryption Standard
3DES = Triple DES
AES = Advanced Encryption Standard

Message Authentication Code (MAC)

Keyed MAC
SHA = Secure Hash Algorithm
Cipher Suite [RFC 5246]
TLS Example: HTTPS [IEC 62351-2]

TLS Version number

Bulk Cipher Algorithm

AES_256_CBC

MAC
Secure Hash

Key Exchange
Public Key = ECDHE
Certificate Authenticator = RSA
Principles of Cipher [IEC 62351-2]

Plaintext Plaintext
Message Message
Key
Encrypt Decrypt

Send Insecure Medium Receive Key

Ciphertext Ciphertext
Intelligible
Client Ciphertext Server

Encryption
Ciphertext = Encrypt key (Plaintext)

Decryption
Plaintext = Decrypt key (Ciphertext)
Asymmetric Cipher [IEC 62351-2]
Public Key
Server sends public key
Plaintext over insecure medium for
Message client encryption process

Encrypt
Plaintext
Message
Send
Ciphertext
Decrypt
Client #1
Receive
Ciphertext
Plaintext
Message
Server
Encrypt Private Key
Server decrypts cipher
Send from clients using
Ciphertext private key
Client #2
Authentication: Symmetric – Hash Message
Authentication Code (HMAC) [IEC 62351-2]

Plaintext Secret
Message

Concatenate

Secret Value
Client and server Digest
compute same secret (Plaintext +
value from session ID Secret)

Hash
Algorithm

Secret
HMAC

Client Server
Authentication: Asymmetric – Digital Signature
[IEC 62351-2] DSA
RSA-PSS, El Gamal,
ECDSA
Plaintext
DS is Regulated Message
Verify Digital Signature Act
1997 (Act 562)
Digest Digest
(Hash) (Hash)

Decrypt Encrypt

Encrypted Encrypted
MAC MAC

Client Server

Public Key Private Key

Client decrypts hash Server encrypts hash
using public key (signs) message using
private key and sends
to client
Contents of a Certificate

Issuer
The CA issuer of this certificate

Subject
To whom this certificate is
issued e.g. device, individual or
another CA

Authentication Public Key

Public key for the certificate
Further Reading

Overview
• Whitepaper on Security
Standard in IEC TC57
by Frances Cleveland
Convener WG 15
IETF Standards
• RFC 5246 – TLS
• RFC 4279 – TLSPSK
• RFC 4158 – PKI

Books Miscellaneous
• Applied Cryptography, Bruce • Information Security Stack
Schneier, Wiley Exchange
• Practical Cryptography, Bruce • Wikipedia
Schneier, Wiley
• SSL/TLS and PKI, Joshua
Davies, Wiley