Real-Time Performance and Security of IEC 61850 Process Bus Communications
Modern power-network communications are based on the IEC 61850 series standards. In this paper, we investigate the real-time performance and the vulnerabilities and attack scenarios at the sensor level communication networks more precisely on Sampled Measured Value protocol. The approach jointly evaluates the communication protocol, network topology and impact on electrical protection functions. We test the practical feasibility of the attacks on an experimental workbench using real devices in a hardware-in-the-loop setup. The tests are conducted on the two high-availability automation networks currently used in IEC 61850 process bus communications: Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR)
IEC, IEC international standard – communication networks and systems for power utility automation – part 5: Communication requirements for functions and device models, 2013.
N. Higgins, V. Vyatkin, N. C. Nair and K. Schwarz, “Distributed power system automation with IEC 61850, IEC 61499, and intelligent control,” IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 41, no. 1, pp. 81–92, 2011.
ISO, ISO 9506 Industrial automation systems – Manufacturing Message Specification – Part 1: Service definition and Part 2: Protocol Specification, 2003.
IEC, Communication networks and systems for power utility automation – Part 8-1: Specific communication service mapping (SCSM) – Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3.
IEC, IEC International Standard – Communication networks and systems for power utility automation – Part 9-2: Specific communication service mapping (SCSM) – Sampled values over ISO/IEC 8802-3, 2012.
IEC , IEC international standard industrial communication networks – High availability automation networks – Part 3: Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR), 2011.
M. Kabir-Querrec, S. Mocanu, J.-M. Thiriet and E. Savary, “A Test bed dedicated to the Study of Vulnerabilities in IEC 61850 Power Utility Automation Networks,” in 21st IEEE Emerging Technologies and Factory Automation, Berlin, 2016.
S. Mocanu, M. Puys and P.-H. Thevenon, “An Open-Source Hardware-In-The-Loop Virtualization System for Cybersecurity Studies of SCADA Systems,” in C&esar 2019 - Virtualization and Cybersecurity, Rennes, France, 2019.
IEC, IEC international standard – communication networks and systems for power utility automation – part 90-4: Network engineering guidelines, IEC, 2013.
Range Commanders Council, IRIG serial time code formats, IRIG Standard 200-04, New Mexico: Range Commanders Council, U.S. Army White Sands Missile Range, 2004.
ITU, X.680-X.693: Information Technology – Abstract Syntax Notation One (ASN.1) and ASN.1 encoding rules, 2015.
UCA, “Implementation Guideline for Digital Interface to Instrument Transformers using IEC 61850-9-2,” UCA International Users Group, pp. 1–3, 2006.
H. Schulzrinne, S. Casner, R. Frederick and V. Jacobson, “RFC 3550 RTP: A Transport Protocol for Real-Time Applications,” 2003.
M. Kabir-Querrec, S. Mocanu, J.-M. Thiriet and E. Savary, “Power Utility Automation Cybersecurity: IEC 61850 Specification of an Intrusion Detection Function,” in 25th European Safety and Reliability conference (ESREL 2015), Zürich, Switzerland, 2015.
J. Hoyos, M. Dehus and T. Brown, “Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure,” in IEEE Globecom Workshops, 2012.
R. R. R. Barbosa, R. Sadre and A. Pras, “A first look into SCADA network traffic,” in IEEE Network Operations and Management Symposium, 2012.
K. Mai, X. Qin, N. Silva and A. A. Cardenas, “IEC 60870-5-104 Network Characterization of a Large-Sclae Operational Power Grid,” in IEEE Security and Privacy Workshops, San Francisco, 2019.
L. Xu, H. Li and L. Chen, “Modeling and performance analysis of data flow for HSR and PRP under fault conditions,” in IEEE Power Energy Society General Meeting (PESGM), 2018.
S. Kumar, N. Das and S. Islam, “Implementing PRP and HSR schemes in a HV substation based on IEC 62439-3,” in Condition Monitoring and Diagnosis, 2018.
J. Liu, Y. Li, H. Lyu, G. Yang and J. Wen, “Design and implementation of delay measurement in PRP and HSR RedBox,” in IEEE 2nd International Conference on Electronics Technology (ICET), 2019.
M. Hosni Tawfeek Essa and P. Crossley, “GOOSE performance asessment on an IEC 61850 redundant network,” The Journal of Engineering, no. 15, pp. 841–845, 2018.
V. Leitloff, P. Brun, S. de Langle, B. Ilas, R. Darmony, M. Jobert, C. F. P. Bertheau, M. Boucherit, G. Duverbecq, J. Cayuela and R. Bouchet, “Testing of IEC 61850 based functional protection chain using non-conventional instrument transformers and SAMU,” in 13th International Conference on Development in Power System Protection, 2016.
A. G. Musleh, G. Chen and Z. Y. Dong, “A survey of the detection algorithms for false data injection attacks in smart grids,” IEEE Transactions on Smart Grid, vol. 11, no. 3, pp. 2218–2234, 2020.
F. Ahang, M. Mahler and Q. Li, “Flooding attacks against secure time-critical communications in the power grid,” in IEEE International Conference on Smart Grid Communications, 2017.
M. El Hariri, E. Harmon, T. Youssef, M. Saleh, H. Habib and O. Mohammed, “The IEC 61850 sampled measured values protocol: Analysis, threat identification, and feasibility of using NN Forecasters to Detect of Spoofed Packets,” in IEEE International Conference on Environment and Electrical Engineering and 2019 IEEE Industrial and Commercial Power Systems Europe (EEEIC / I&CPS Europe), Genova, Italy, 2019.
B. X. Zhu, Resilient control and intrusion detection for SCADA systems. Ph.D. dissertation, U.C. Berkley, 2014.
J. Bai, S. Hariri and Y. Al-Nashif, “A Network Protection Framework for DNP3 over TCP/IP protocol,” in Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA, 2015.
A. Babay, J. Schultz, T. Tantillo, S. Beckley, E. Jordan, K. Ruddell, K. Jordan and Y. Amir, “Deploying Intrusion-Tolerant SCADA for the Power Grid,” in 49th IEEE/IFIP Int. Conf. on Dependable Systems and Networks (DSN), 2019.
Y. Lopes, N. C. Fernandes, D. C. Muchaluat-Saade and K. Obraczka, “ARES: An autonomic and resilient framework for smart grids,” in IFIP/IEEE Symposium on Integrated Network and Service Management, 2017.
B. A. Baalbaki, Y. Al-Nashif, S. Hariri and D. Kelly, “A Network Protection Framework for DNP3 over TCP/IP protocol,” in IEEE/ACS International Conference on Computer Systems and Applications, AICCSA, 2015.
Q. Chen and S. Abdelwahed, “Towards Realizing Self-Protecting SCADA Systems,” in 9th Annual Cyber and Information Security Research Conference, Oak Ridge, Tennessee, USA, 2014.
IEC, IEC 61869-9 Instrument transformers – Part 9: Digital interface for instrument transformers, Geneva, Switzerland, 2016.
IEC, IEC/IEEE 61850-9-3: Communication Networks and Systems for Power Utility Automation – Part 9-3: Precision time protocol profile for power utility automation, Geneva, Switzerland, 2016.
S. Poretsky, J. Perser, S. Erramilli and S. Khurana, “RFC 4689 Terminology for Benchmarking Network-layer Traffic Control Mechanisms,” Network Working Group, 2006.
S. Mocanu and J.-M. Thiriet, “Experimental study of performance and vulnerabilities of IEC 61850 process bus communications on HSR networks,” in IEEE Security and Privacy Workshops (SPW), Genoa, Italy, 2020.
Copyright (c) 2021 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.