Real-Time Performance and Security of IEC 61850 Process Bus Communications

Keywords: IEC 61850, Process Bus, Sampled Measured Value, Parallel Redundancy Protocol (PRP), High-availability Seamless Redundancy (HSR)

Abstract

Modern power-network communications are based on the IEC 61850 series standards. In this paper, we investigate the real-time performance and the vulnerabilities and attack scenarios at the sensor level communication networks more precisely on Sampled Measured Value protocol. The approach jointly evaluates the communication protocol, network topology and impact on electrical protection functions. We test the practical feasibility of the attacks on an experimental workbench using real devices in a hardware-in-the-loop setup. The tests are conducted on the two high-availability automation networks currently used in IEC 61850 process bus communications: Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR)

Downloads

Download data is not yet available.

Author Biographies

Stéphane Mocanu, Laboratoire d’Informatique de Grenoble, Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, Grenoble France

Stéphane Mocanu obtained a Ph.D in Control Systems in 1999 from Grenoble-INP. He is assistant professor in Grenoble-INP and in Laboratoire d’Informatique de Grenoble (LIG, UNR 5217 CNRS/G-INP/UGA) in the joint Inria CTRL-A team. He start working on industrial control systems cybersecurity in 2012 and he’s running a large size experimental lab for industrial systems cybersecurity pentesting and vulnerability research (http://lig-g-ics.imag.fr/).

Jean-Marc Thiriet, GIPSA-Lab, Univ. Grenoble Alpes, Grenoble France

Jean-Marc Thiriet has been a professor in Université Grenoble Alpes (UGA, previously Univ. Joseph Fourier) and in the Grenoble Images Parole Signal Automatique (GIPSA-Lab UMR 5216 CNRS/G-INP/UGA) Research Laboratory since September 2005. He received his engineering (master) degree and PhD from Université Henri Poincaré Nancy 1, in 1989 and 1993, respectively. He was associate Professor in Université Henri Poincaré Nancy 1 from 1993 to 2005. His research and teaching interests deal with diagnosis and dependability of Networked Control Systems, and Cyber-security of Cyber-physical systems. He was involved in European Thematic Network projects (i.e. ELLEIEC, SALEIE) and in Atlantis projects (ILERT, DESIRE2).

He has been responsible for the international bachelor programme WiNS (Wireless Networks and Security) from 2007 to 2016. Finally, he was Head of the GIPSA-Lab Research Laboratory from 2011 to 2015. He is presently Deputy Head of Ecole Universitaire de Technologie, UGA.

References

IEC, IEC international standard – communication networks and systems for power utility automation – part 5: Communication requirements for functions and device models, 2013.

N. Higgins, V. Vyatkin, N. C. Nair and K. Schwarz, “Distributed power system automation with IEC 61850, IEC 61499, and intelligent control,” IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 41, no. 1, pp. 81–92, 2011.

ISO, ISO 9506 Industrial automation systems – Manufacturing Message Specification – Part 1: Service definition and Part 2: Protocol Specification, 2003.

IEC, Communication networks and systems for power utility automation – Part 8-1: Specific communication service mapping (SCSM) – Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3.

IEC, IEC International Standard – Communication networks and systems for power utility automation – Part 9-2: Specific communication service mapping (SCSM) – Sampled values over ISO/IEC 8802-3, 2012.

IEC , IEC international standard industrial communication networks – High availability automation networks – Part 3: Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR), 2011.

M. Kabir-Querrec, S. Mocanu, J.-M. Thiriet and E. Savary, “A Test bed dedicated to the Study of Vulnerabilities in IEC 61850 Power Utility Automation Networks,” in 21st IEEE Emerging Technologies and Factory Automation, Berlin, 2016.

S. Mocanu, M. Puys and P.-H. Thevenon, “An Open-Source Hardware-In-The-Loop Virtualization System for Cybersecurity Studies of SCADA Systems,” in C&esar 2019 - Virtualization and Cybersecurity, Rennes, France, 2019.

IEC, IEC international standard – communication networks and systems for power utility automation – part 90-4: Network engineering guidelines, IEC, 2013.

Range Commanders Council, IRIG serial time code formats, IRIG Standard 200-04, New Mexico: Range Commanders Council, U.S. Army White Sands Missile Range, 2004.

ITU, X.680-X.693: Information Technology – Abstract Syntax Notation One (ASN.1) and ASN.1 encoding rules, 2015.

UCA, “Implementation Guideline for Digital Interface to Instrument Transformers using IEC 61850-9-2,” UCA International Users Group, pp. 1–3, 2006.

H. Schulzrinne, S. Casner, R. Frederick and V. Jacobson, “RFC 3550 RTP: A Transport Protocol for Real-Time Applications,” 2003.

M. Kabir-Querrec, S. Mocanu, J.-M. Thiriet and E. Savary, “Power Utility Automation Cybersecurity: IEC 61850 Specification of an Intrusion Detection Function,” in 25th European Safety and Reliability conference (ESREL 2015), Zürich, Switzerland, 2015.

J. Hoyos, M. Dehus and T. Brown, “Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure,” in IEEE Globecom Workshops, 2012.

R. R. R. Barbosa, R. Sadre and A. Pras, “A first look into SCADA network traffic,” in IEEE Network Operations and Management Symposium, 2012.

K. Mai, X. Qin, N. Silva and A. A. Cardenas, “IEC 60870-5-104 Network Characterization of a Large-Sclae Operational Power Grid,” in IEEE Security and Privacy Workshops, San Francisco, 2019.

L. Xu, H. Li and L. Chen, “Modeling and performance analysis of data flow for HSR and PRP under fault conditions,” in IEEE Power Energy Society General Meeting (PESGM), 2018.

S. Kumar, N. Das and S. Islam, “Implementing PRP and HSR schemes in a HV substation based on IEC 62439-3,” in Condition Monitoring and Diagnosis, 2018.

J. Liu, Y. Li, H. Lyu, G. Yang and J. Wen, “Design and implementation of delay measurement in PRP and HSR RedBox,” in IEEE 2nd International Conference on Electronics Technology (ICET), 2019.

M. Hosni Tawfeek Essa and P. Crossley, “GOOSE performance asessment on an IEC 61850 redundant network,” The Journal of Engineering, no. 15, pp. 841–845, 2018.

V. Leitloff, P. Brun, S. de Langle, B. Ilas, R. Darmony, M. Jobert, C. F. P. Bertheau, M. Boucherit, G. Duverbecq, J. Cayuela and R. Bouchet, “Testing of IEC 61850 based functional protection chain using non-conventional instrument transformers and SAMU,” in 13th International Conference on Development in Power System Protection, 2016.

A. G. Musleh, G. Chen and Z. Y. Dong, “A survey of the detection algorithms for false data injection attacks in smart grids,” IEEE Transactions on Smart Grid, vol. 11, no. 3, pp. 2218–2234, 2020.

F. Ahang, M. Mahler and Q. Li, “Flooding attacks against secure time-critical communications in the power grid,” in IEEE International Conference on Smart Grid Communications, 2017.

M. El Hariri, E. Harmon, T. Youssef, M. Saleh, H. Habib and O. Mohammed, “The IEC 61850 sampled measured values protocol: Analysis, threat identification, and feasibility of using NN Forecasters to Detect of Spoofed Packets,” in IEEE International Conference on Environment and Electrical Engineering and 2019 IEEE Industrial and Commercial Power Systems Europe (EEEIC / I&CPS Europe), Genova, Italy, 2019.

B. X. Zhu, Resilient control and intrusion detection for SCADA systems. Ph.D. dissertation, U.C. Berkley, 2014.

J. Bai, S. Hariri and Y. Al-Nashif, “A Network Protection Framework for DNP3 over TCP/IP protocol,” in Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA, 2015.

A. Babay, J. Schultz, T. Tantillo, S. Beckley, E. Jordan, K. Ruddell, K. Jordan and Y. Amir, “Deploying Intrusion-Tolerant SCADA for the Power Grid,” in 49th IEEE/IFIP Int. Conf. on Dependable Systems and Networks (DSN), 2019.

Y. Lopes, N. C. Fernandes, D. C. Muchaluat-Saade and K. Obraczka, “ARES: An autonomic and resilient framework for smart grids,” in IFIP/IEEE Symposium on Integrated Network and Service Management, 2017.

B. A. Baalbaki, Y. Al-Nashif, S. Hariri and D. Kelly, “A Network Protection Framework for DNP3 over TCP/IP protocol,” in IEEE/ACS International Conference on Computer Systems and Applications, AICCSA, 2015.

Q. Chen and S. Abdelwahed, “Towards Realizing Self-Protecting SCADA Systems,” in 9th Annual Cyber and Information Security Research Conference, Oak Ridge, Tennessee, USA, 2014.

IEC, IEC 61869-9 Instrument transformers – Part 9: Digital interface for instrument transformers, Geneva, Switzerland, 2016.

IEC, IEC/IEEE 61850-9-3: Communication Networks and Systems for Power Utility Automation – Part 9-3: Precision time protocol profile for power utility automation, Geneva, Switzerland, 2016.

S. Poretsky, J. Perser, S. Erramilli and S. Khurana, “RFC 4689 Terminology for Benchmarking Network-layer Traffic Control Mechanisms,” Network Working Group, 2006.

S. Mocanu and J.-M. Thiriet, “Experimental study of performance and vulnerabilities of IEC 61850 process bus communications on HSR networks,” in IEEE Security and Privacy Workshops (SPW), Genoa, Italy, 2020.

Published
2021-04-07
Section
WTMC 2020 Workshop