Upload
abdulyunus-amir
View
213
Download
0
Embed Size (px)
Citation preview
8/22/2019 How IDEs From Variety of Vendors Exchange Information
1/15
How IDEs from variety of vendors exchange information? Do these IDEs require
secure transaction to acquire data from others IDEs?
How IDEs from variety of vendors exchange information? Do these IDEs require
secure transaction to acquire data from others IDEs?
What will happen if these data for online usage!
2 months ago
Close viewer Like Comment Follow Flag
o Flag as Promotiono Flag as Jobo Flag as Inappropriate
Moreo Reply Privately
Darshan Patel,Dhiren Thakkerand1 otherlike this
You,Darshan Patel,Dhiren Thakkerand1 otherlike this
22 commentsJump to most recent comments
GeoffUnfollow Follow Geoff
Geoff Garber Data exchange between IED's (rather than between one IED and a data gatherer
or SCADA RTU) has become popular over the last dozen or so years. SEL has been usingmirrored bits to send very fast and highly reliable digital messages over a serial link between
relays. Other manufacturers have similar systems. In the last few years, IEC 61850 protocol has
been using Ethernet to send similar (in function, at least) messages between IED's.
In theory, these messages should be able to be sent (published) to IED's of any manufacturer. As
long as each manufacturer complies with the IEC 61850 protocol profile, the transaction should
be easy and seamless. In fact, this has proven difficult. I've made this work, but never without a
http://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?setLike=&gid=119621&type=member&item=242104860&csrfToken=ajax%3A0727308874102823049http://www.linkedin.com/groupItem?setLike=&gid=119621&type=member&item=242104860&csrfToken=ajax%3A0727308874102823049http://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?setLike=&gid=119621&type=member&item=242104860&csrfToken=ajax%3A0727308874102823049http://www.linkedin.com/groups8/22/2019 How IDEs From Variety of Vendors Exchange Information
2/15
lot of adjustment. I'd like to use this for many more substation automation functions. Perhaps the
technology or the protocol needs more maturity.
2 months ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
1
GrantUnfollow Follow Grant
Grant Gilchrist Do you mean IEDs, Intelligent Electronic Devices? If so, the reason IEDs from
a variety of vendors can communicate using IEC 61850 is that IEC 61850 is a set of documentsthat specifies the format of the data and how it is to be transmitted. Most communications
standards do this. IEC 61850 is special because it also specifies text names for all the data that a
power system IED is likely to transmit, a file format for configuring IEDs, and a process forengineering groups of IEDs, such as those found in a substation.
Some IEC 61850 IEDs do require secure communications with other IEDs. For these devices,
IEC 61850 specifies the use of IEC 62351 parts 3, 4 and 6. The IEC 62351 standards specifyhow to use digital signatures, TLS and other security mechanisms to ensure IEC 61850
communications are secure.
In general, the risk in using IEC 61850 without security measures will vary depending what you
mean by "online". Most utilities deploy a "nested" topology in which more critical systems like
IEC 61850 are protected from Internet access behind several layers of firewalls, or sometimes byan "air gap". In these cases the IEC 61850 network is often not authenticated or encrypted at all.
So although the data is "online" in the sense it is on a WAN or LAN, it is nowhere near any
public network, and usually protected from the corporate network.
2 months ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
1
http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12985023&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12985023&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138779378&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138779378&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138787401&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138787401&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138787401&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138779378&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12985023&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_2421048608/22/2019 How IDEs From Variety of Vendors Exchange Information
3/15
AhmedUnfollow Follow Ahmed
Ahmed ALTAHER Thanks Grant for this explanation, but considering the WAN connectivity
for remote transactions to read IEDs data. Does IEC standards guarantee secure communication?,
or that is require special countermeasures.
2 months ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
GrantUnfollow Follow Grant
Grant Gilchrist To use IEC 61850 over an untrusted WAN would require the use of IEC 62351,
as I noted, which would include TLS and other counter-measures. So yes, I guess you could saythat IEC 62351 "guarantees" secure communication for IEC 62850. Although not even your bank
"guarantees" that you will have secure communications with their on-line site. Your IEC 61850vendor must commit to implementing IEC 62351 as specified in the standards. This "secure IEC
61850" is beyond "normal" IEC 61850 implementation.
I will also point out that standards have not yet been released for the use of IEC 61850 between
control centers and substations, if that is why you are planning to use IEC 61850 over a WAN.
2 months ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138854649&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138854649&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138854649&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l8/22/2019 How IDEs From Variety of Vendors Exchange Information
4/15
AhmedUnfollow Follow Ahmed
Ahmed ALTAHER Well, our main work is for research target. We try to define framework that
would force secure and safe applications for SAS systems (particularly IEC 61850). The issue,
many power and control engineers know how to configure, protect and manage power systems,but they have less knowledge about information security dealing with data and communication
networks.
2 months ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
IlanUnfollow Follow Ilan
Ilan Barda Indeed once you have an Ethernet network its easy to expand its usage creating a
cyber security problem to the critical SCADA traffic.For that reason we believe that you need to deploy security also in internal sub-station networks
and we have implemented a SCADA firewall in our sub-station switches.
We will have a booth in the upcoming Smart-Grid Paris event. In case you visit this event we cancontinue discussing the subject.
2 months ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
2
http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=1794007&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=1794007&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=139810316&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=139810316&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=139810316&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=1794007&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l8/22/2019 How IDEs From Variety of Vendors Exchange Information
5/15
Juan EstebanUnfollow Follow Juan Esteban
Juan Esteban Hoyos So sorry to said that but actually there is no secure transactions betweenIEDs.
part of and article that I wrote last summer... you can find it complete inhttp://markdehus.com/SGCOMM.pdf
The Problem of Encryption & Message Authenticationversus Latency
Latency is one of the primary barriers to implementing security
for peer-to-peer communications between IEDs. For
instance, IEC 61850-5 specifies a 4ms maximum delay forclass P1 type 1A GOOSE messages related to breaker trip
functions [12]. As a result, encryption or other security
measures, which increase the delay or latency, are avoided.
The IEC 62351 standard defines a mechanism that requireslow computational power to authenticate the data adding a digital
signature. The digital signature is created via mathematicaltechniques to validate the authenticity of a digital message usingasymmetrical cryptography. This kind of scheme uses public
and private keys to authenticate the message. The public
key is shared with everyone to decrypt a hash of the message,while the private key is kept private by the publisher to sign the
message. In the IEC 62351 standard part 6 states for applications
using GOOSE and IEC 61850-9-2 and requiring 4ms response
times, multicast configurations and low CPU overhead,encryption is not recommended [9]. Nevertheless the standard
does not say anything about authentication and its limitation.
Based on the ambiguity of authentication or encryption some
manufacturers do not implement any security in their IEDs,arguing that any security mechanism will increase the processing
time decreasing the speed of action against a fault.
At present it is difficult to reconcile the needs for securityand low latency. One study conducted by Cambridge University
and ABB in 2010 showed that processing (encoding and
decoding) digital signatures required intense CPU consumption.
Therefore, 32-bit Intel and ARM cores are generally incapableof computing and verifying a digital signature using the Rivest,
Shamir and Adleman (RSA) algorithm with 1024-bit keys
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/redirect?url=http%3A%2F%2Fmarkdehus%2Ecom%2FSGCOMM%2Epdf&urlhash=2Hko&_t=tracking_dischttp://www.linkedin.com/redirect?url=http%3A%2F%2Fmarkdehus%2Ecom%2FSGCOMM%2Epdf&urlhash=2Hko&_t=tracking_dischttp://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053352&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053352&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053352&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/redirect?url=http%3A%2F%2Fmarkdehus%2Ecom%2FSGCOMM%2Epdf&urlhash=2Hko&_t=tracking_dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l8/22/2019 How IDEs From Variety of Vendors Exchange Information
6/15
4
Juan EstebanUnfollow Follow Juan Esteban
Juan Esteban Hoyos within 4ms [11]. The time for a digital signature to be generated
at the sender and verified at the receiver is shown in Table I
as well as other similar algorithms such as the Digital SignatureAlgorithm (DSA), the Elliptic Curve DSA (ECSDA), and the
Boneh, Lynn, Shacham (BLS) scheme [13]. Although RSA is
the fastest (8.3ms), this time is not enough to comply with the
4ms time constraint. In fact NIST in a report of 2011 qualifiedthe RSA 1024-bits keys as acceptable through 2011, deprecated,
from 2011 through 2013, and disallowed after 2013. After2013 it is recommended to use 2048-bit keys, which will make
the 4ms time restriction more difficult to meet [14].The central processor unit (CPU) embedded in the IEDs has
some restriction due to the power dissipation. The IEDs are
fan-less; installed commonly in closed cases to avoid environmentalissues like dust, water, or insects. Thus, many embedded
processors are slower than the 1.0 GHz processor used in
this table and times will be even longer. New technologies like
multiple cores may enable faster times within the same heatdissipation budget. However, there are many IEDs already installed
in the market with slower CPUs.Currently neither the IEC 62351 recommendation nor proprietarymanufacturer solutions have been implemented extensively
to improve the security of GOOSE messages. In November
2011 Siemens published a patent to implement a newmethod of group key generation and management for the
GOOSE model that could help to address the need for low latency
security [15]. Meanwhile there is little clarity on how to
implement security for fast GOOSE messages without degradingthe actual performance of the IEDs.
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
3
http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053561&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053561&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053561&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmt8/22/2019 How IDEs From Variety of Vendors Exchange Information
7/15
Juan EstebanUnfollow Follow Juan Esteban
Juan Esteban Hoyos the proposal in 62351 it is some nice concepts, but nowone has any real
implementation that support 62351.
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
3
DavidUnfollow Follow David
David Ingram Juan, I think encryption ASICs or code executing in FPGAs will significantly
improve encryption or signing performance. Here is a link to a recent PhD thesis from the
University of Cork: "Hardware design of cryptographic accelerators"http://cora.ucc.ie/handle/10468/1112
65231-6 does not suggest encrypting the entire GOOSE or SV message, just the hash of the
message. This provides authenticity and prevents replay attacks. The standard states that the
overhead of fully encrypting and decrypting messages is likely to be too high. Perhaps astechnology improves this will be feasible.
It is a worry to see the number patents being applied for by manufacturers that cover system
integration and interoperability. Whether this is key management, network design or testing, itindicates to me that despite the benefits of a standard like 61850 the major manufacturers would
prefer to build automation systems where each box has the same logo on the front.
I think it is up to customers (the utilities that pay for these systems) to insist that interoperabilityis maintained from a technical perspective and with regards to licensing. There is no point having
a 61850 substation automation system from Vendor X that could take a new bay from Vendor Y
(meeting Vendor X's obligations for extensibility), but the lawyers stop it because Vendor Ydoes not have a licence for some patent that Vendor X holds).
http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053780&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053780&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/redirect?url=http%3A%2F%2Fcora%2Eucc%2Eie%2Fhandle%2F10468%2F1112&urlhash=qkzx&_t=tracking_dischttp://www.linkedin.com/redirect?url=http%3A%2F%2Fcora%2Eucc%2Eie%2Fhandle%2F10468%2F1112&urlhash=qkzx&_t=tracking_dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/redirect?url=http%3A%2F%2Fcora%2Eucc%2Eie%2Fhandle%2F10468%2F1112&urlhash=qkzx&_t=tracking_dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053780&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l8/22/2019 How IDEs From Variety of Vendors Exchange Information
8/15
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
1
NishchalUnfollow Follow Nishchal
Nishchal Kush Dr. Ingram is correct in that Section 7.2.2.1 in Part 6 of the IEC 62351 standard
specifies only the signing of a SHA256 hash of the extended PDU is required.
However the recommended signing scheme is RSASSA-PSS (spelling error in standard
"RSASA-PSS"), which requires the server to produce an X.509 certificate (see 7.2.2.2 in Part 6of the IEC 62351 standard) to be installed on (or made accessible in some way to) clients to
access the "AES 128 bit public Key". We should note that AES is a symmetric cipher :) so there
is an anomaly in this part of the standard.
I suspect the point Mr. Hoyos is making is that existing IEDs may not be computationally robust
to handle such computation within the time constraints.
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
GrantUnfollow Follow Grant
Grant Gilchrist Hi folks, Please note that the performance concerns that many vendors havewith IEC 62351-6 are well-known to the members of IEC TC57 Working Group 15, which . A
draft Edition 2 has been submitted to the working group which will provide less
computationally-intense options.
http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=33120497&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=33120497&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142308714&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142308714&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142457641&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142457641&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142457641&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142308714&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=33120497&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_2421048608/22/2019 How IDEs From Variety of Vendors Exchange Information
9/15
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
Vinoo SUnfollow Follow Vinoo S
Vinoo S Warrier The 4ms timeline is only for use within the station LANs. It should be quite
possible and feasible to secure the station LAN from external traffic using firewalls or other
mechanisms and then IEDs within the "trusted" zone do not need to use encryption orauthentication. It would be the responsibility of external CPUs (in the firewall or other intrusion
detection systems) to handle the isolation of the station LAN.For communicating GOOSE messages to external world (outside the substation) the 4ms
deadline is ir-relevant. I believe there is no use case for sending a GOOSE requiring such latency
restrictions outside the substations. The performance classes for messaging outside the station
LAN have much higher allowed latencies and in those cases we may be able to use encryptionand authentication technologies. For that, we can avoid loading the IED CPUs, by having an
external gateway device, that performs the encryption and authentication.
In all cases therefore we can probably avoid implementing encryption and authentication insidethe IEDs themselves.
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
RodneyUnfollow Follow Rodney
Rodney Hughes Allow me to jump back to the three original questions ... assuming we are
talking about GOOSE and SV here since it is talking about IEDs getting data from other IEDs
http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142619265&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142619265&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=34936759&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=34936759&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142669457&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142669457&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142669457&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=34936759&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142619265&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_2421048608/22/2019 How IDEs From Variety of Vendors Exchange Information
10/15
Firstly GOOSE itself has no transmitted semantic - it is just a 1 or a 0 as the status of a function.
However in the engineering process, that 1 or 0 is configured as part of a DataSet - the
engineering of the data set is where the semantics makes our human efforts much much easier.What is transmitted is the Identifiers of the dataset so we can work out what is happening, but in
principle the other IED only needs to know it has to Subscribe to a particualr GOOSE message
identifier, and extract one (or more) elements - each element being a 1 or a 0So to encrypt a single bit (or series of bits as a dataset) which can be 1 or a 0 will simply slowdown communication immensely.
So the next part of the question relates to security of that GOOSEAs a heartbeat, yes someone could inject a false dataset message - but they first have to know
what the next message sequence number is going to be (ok they have a full one second to
monitor the network to work that out)
In changing one bit and advancing the sequence number, they then have to initiate the fast
repetition cycle
and then don't forget that there would still be the correct heartbeat at some point which would be
a lower sequence number than the spoofed message so some detection would be possible in less
than 1 second - OK a lot can happen in a substation in 1 second but you would have an alarm
that something was wrong
But simply seeing a dataset with a bunch of 1's or 0's say a data set of 1100001101010100101 -
how do they know which element is the bit that could cause the CB to trip if it was changed from1 to 0 or vice versa?? Only if they have access to all the semantics of the engineering process,
otherwise it is guess work.
Perhaps they could just invert all the bits - but then if there is a quality bit as part of the dataset, itwould also be reversed from healthy to unhealthy so the message would be ignored
So there is a bit of work to do to upset a GOOSE message exchange - it can be done but has to bedone very carefully so arguably you have some time to manage access and monitor activity
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
1
NishchalUnfollow Follow Nishchal
http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142867244&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142867244&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142867244&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_2421048608/22/2019 How IDEs From Variety of Vendors Exchange Information
11/15
Nishchal Kush Hello Mr. Hughes,
If I am not mistaken aren't the GOOSE datasets specified as ASN.1 in the standard and shouldfollow the format of having a Tag, Length, and then value (TLV) ? Therefore they should not
just be a bit stream, but instead encoded in this (TLV) format?
Also, in your comments above, I think you may be referring to the status number and not thesequence number. Is that correct?
SincerelyKush
1 month ago Unlike Like
Reply privately Flag as inappropriate
Flag as promotion
0
NishchalUnfollow Follow Nishchal
Nishchal Kush Hello Mr. Gilchrist,
Is the draft available outside the TC57 working group? If so then could you direct me to it, if not,then is there some way for me to join the TC57 working group?
I am a PhD candidate at the Queensland University of Technology and am working on intrusiondetection, particularly IEC 61850 based substations, and am presently looking at the security of
the GOOSE protocol
SincerelyKush
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143036665&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143036665&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143037018&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143037018&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143037018&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143036665&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=198123228/22/2019 How IDEs From Variety of Vendors Exchange Information
12/15
RodneyUnfollow Follow Rodney
Rodney Hughes @Nishchal there is a lot of stuff in the total message format definition for a
GOOSE - I picked on one
The point is that the intruder does need to sort out some general stuff according to therequirements of the GOOSE message format definition so they can properly format a spoof
message to look and be accepted as a valid new GOOSE - it includes other things like having a
valid GoID etc etc - all those things are defined by the Standard so they can easily work that stuff
out because see this nice repetitive message which is identified as GOOSE.
but the meaning of the dataset itself is only known to the Systems Integrator (and the vendor in
the case of vendor-fixed datasets)
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
Juan EstebanUnfollow Follow Juan Esteban
Juan Esteban Hoyos We had this discussion before and I agree with Nishchal. All the
parameters in the GOOSE message except the meaning of each data sets could be known from
the message. Also you can know if the data inside each data set is analog or digital.
If the principal use of GOOSE is to transfer important signals between IEDs. This isinterlocking, fast trips, or important variable.
Then inverting the status " changing a 0 by 1 or viceversa" for each single bit the probability to
create a miss-operation in the substation is incredibly high. The more probable scenario is thatyou will hit some variables that could create possibles false trips.
Also in one second you can create at leats 250 types messages with different combination of 0sand 1s. This is the easiest attack that could be performed.
http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143043306&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143043306&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143043306&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l8/22/2019 How IDEs From Variety of Vendors Exchange Information
13/15
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
1
RodneyUnfollow Follow Rodney
Rodney Hughes and so we agree that the Systems Integrator needs to include various levels of
security (starting with intrusion detection/prevention at firewalls etc) because it is very possible
to send a bunch of spoofed GOOSE between one normal repetition and the next real GOOSE 1second later.
What I am simply saying is that the SI needs to think about GOOSE and how the system could
detect such "chattering" of signals whilst the intruder launches a bunch of attempts to make
something happen.
As an example to prevent an attack based on a total inversion of the dataset, you could imagine a
bit which is supposed to be permanently a 1 or a 0 - it doesn't even have to have a function
behind it - but a good example would be the q bit of the IED which should normally be 1 - if itreverts to a 0 then the receiving IED should ignore the whole message and go into a graceful
degradation mode.
We can also imagine some security being afforded for say a protection function operation byrequiring the data set to have both PTOC.Op as well as PTOC.Str set as 1 - the .Op will cause
trips but only if accompanied by the .Str - if only the .Op arrives as a 1 the message could be
ignored. If it was a valid .Op but the .Str processing in the publisher IED is a bit slow, it willonly be a millisecond or so before they both arrive.
And of course a GOOSE in principle should not arrive via an external comms interface - well
certainly only specific GOOSE should arrive that way in sub2sub schemes - so some port based"where has this GOOSE come from" filtering in the firewall/switches can help.
The point of all this is that the GOOSE message itself is not inherently secure so it is arequirement of the [good] Systems Integrator thinking about the message content and how the
subscriber is going to use the signals. It may not be 100% coverage but you can minimise the
opportunities for successful spoofing by building in some measures "layer upon layer upon layer
...".
1 month ago Unlike Like
http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143100994&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143100994&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143100994&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_2421048608/22/2019 How IDEs From Variety of Vendors Exchange Information
14/15
Reply privately Flag as inappropriate Flag as promotion
1
true 23 23 groupItem?seeM
BruceUnfollow Follow Bruce
Bruce Paterson Small quibble, but I agree with Rodney's general assertion: Quality is
represented as a 13 bit-field datatype, even in a Goose, and Boolean as a single bit, so it may be
easy enough to work out which bits to try flipping to cause potential chaos.
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
RodneyUnfollow Follow Rodney
Rodney Hughes "13 bit-field datatype, even in a Goose"
what are you sending in your GOOSE?
1 month ago Unlike Like
Reply privately Flag as inappropriate Flag as promotion
0
http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143114391&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143114391&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3324262&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3324262&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3324262http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3324262http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143647374&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2