See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/279852991

Security in Smart Grid Environments – Improving IEC 62351

Conference Paper · April 2010

CITATIONS READS

0 116

1 author:

Steffen Fries
Siemens
85 PUBLICATIONS   395 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Steffen Fries on 16 November 2015.

The user has requested enhancement of the downloaded file.

 Security in Smart Grid Environments – Improving IEC 62351

Steffen Fries
Siemens AG
Corporate Technology
Germany
steffen.fries@siemens.com

Abstract— Information security has gained tremen-
dous importance for energy distribution and energy
automation systems over the last years. Standards like
IEC61850 offer communication services and data mod-
els for communication in energy automation. IEC 61850
is flanked by the standard IEC 62351 that especially
addresses security and specifies technical requirements,
which have to be met by vendors. Especially, vendors
that cover the entire energy automation chain with their
product portfolio face new demanding challenges im-
posed by new use cases that come with the rise of the
Smart Grid. This contribution depicts the current state
of the standardization of IEC 62351, gives an overview
of current and new use cases, which are not completely
covered, and discusses potential enhancements of the
standard to address new use cases. The enhancements
allow multiple parallel distinguishable sessions based on
MMS and proper authentication as well as authoriza-
tion.
Keywords – Smart Grid, Security, Energy
Automation
I. INTRODUCTION
Decentralized energy generation (e.g., solar cells)
is getting more momentum to fight global warming
and to cope with the increasing local demand of
energy. Building a Smart Energy Grid, by introduc-
ing decentralized energy generators into the current
distribution network poses great challenges for the
energy transmission, distribution, and control net-
works from the physical as well as from the commu-
nication side. Security is a basic requirement for such
applications to ensure a safe and reliable operation of
the energy grid.
IEC 61850 is a popular standard for communica-
tion in the domain of energy automation. It is as-
sumed to be the successor of the currently used stan-
dards IEC 60870-4-104 and DNP3 also for the North
American region. IEC 61850 addresses the data ex-
change on process level, field level, and station level
and defines abstract communication services that are
mapped on existing protocols (e.g., MMS1, Web
1
Manufacturing Message Specification
Services, TCP/IP, and Ethernet). Security is ad-
dressed in an associated standard IEC 62351.
Today, IEC 61850 is mainly used for reporting
status and sampled value information from Intelligent
Electronic Devices (IED) to Substation automation
controller as well as for command transport from
Substation automation controller to IEDs. It also
addresses the communication directly between IEDs
using the Ethernet instead of dedicated wires.
In the near future it is expected that the related use
cases will be widened in scope. Smart Home scenar-
ios in combination with the Smart Grid will allow
people to understand how their household uses en-
ergy, manage energy use better, and reduce their
carbon footprint. It will also allow customers to feed
energy back into the smart grid and to participate on
energy market places.
This requires better control of the energy grid to
ensure the safe transportation and distribution of
available energy within the physical energy network.
Especially fast load changes or changes in the energy
provisioning through decentralized resources need to
be managed to ensure a consistent high quality en-
ergy supply.
New scenarios will influence the current energy
automation architecture in terms of a additional com-
ponents introduced, like smart meters or energy gate-
ways, which connect households directly to the smart
grid. This poses new requirements to security like the
provisioning of appropriate credentials to end cus-
tomers to enable secured communication as well as
authorization of energy providers to invoke certain
actions at the household site. Furthermore, it is also
expected roles leading to new participating parties in
the communication architecture will be introduced,
which most likely will lead to new or changed trust
relations. An example is a gateway service provider
in Smart Grid scenarios, which concentrate the con-
nections of a high number of smart home energy
gateways.
 II. SECURE ENERGY AUTOMATION BASED ON
IEC62351
In contrast to office networks, automation net-
works have different requirements to security ser-
vices as shown in the following figure.
Office EA-Network
Confidentiality (Data) High Low – Medium
Integrity (Data) Medium High
Availability / Reliability Medium High
Non-Repudiation Medium High
Component Lifetime Short - medium Long
Figure 1: Comparison Office/Automation security
For these security services IEC 62351 defines in
currently 7 parts explicit measures for TCP based
and serial protocols used directly in substation auto-
mation deploying IEC 61850 and IEC 60870-x pro-
tocols as well as in adjacent communication proto-
cols supporting energy automation, like ICCP
(TASE.2) used for control center communication. A
clear goal of the standardization of IEC62351 is the
assurance of end-to-end security.
For TCP based communication this is achieved by
relying on TLS and on integrity protection based on
keyed hashes or digital signatures for serial links,
Ethernet links or application layer connections.
Nevertheless, there is a gap between the security
services defined on network layer and the ones de-
fined on application layer, when considering espe-
cially the new scenarios addressed by smart grid use
cases.
III. MISSING PIECES IN IEC62351
Part 4 of IEC 612351 specifies procedures, proto-
col enhancements, and algorithms targeting the secu-
rity of applications utilizing the MMS. MMS is an
international standard (ISO 9506) defining a messag-
ing system for transferring real time process data and
supervisory control information either between net-
worked devices or in communication with computer
applications.
The security in Part 4 is defined as two profiles
targeting transport security as T-Profile on one hand
and application security as A-Profile. The T-Profile
describes the protection of information, which is
exchanged over TCP using TLS. The A-Profile de-
fines security services on application layer, targeting
mainly authentication. The authentication itself is
View publication stats
performed only during connection establishment on
application layer using the MMS initiate command.
Moreover this authentication does not provide appli-
cation layer message integrity and is also not used to
form a session. A session in this context crypto-
graphically binds the authentication performed dur-
ing the connection setup with the subsequent mes-
sages exchanged between the communicating peers.
Thus, in the current stage of the standard messages
on application layer are not protected regarding their
integrity. To achieve integrity protection, the applica-
tion of the T-Profile is being referred.
Combining A-Profile and T-Profile provides a
connection allowing for authentication, integrity
protection and confidentiality. This approach works
fine in scenarios, where the transport connection
spans the same entities as the application connections
and may be sufficient for many energy automation
scenarios. But it may not cope with all use cases in
the smart grid. As soon as there is a difference in
transport connection endpoints and application con-
nection endpoints, security problems may arise.
An example scenario is given through proxy com-
bining different connections or to multicast a single
command to several other connections. Here, the T-
Profile is terminated by the proxy, while the applica-
tion connection may be established end-to-end.
Hence, no end-to-end application level integrity is
provided. Such a scenario is called a multi-hop con-
nection from a transport level view and would re-
quire that the proxy is a trusted intermediate host,
which cannot be guaranteed in many scenarios.
The presentation depicts smart grid use cases in
which the shortcomings of IEC 62351 are evident
and suggests potential enhancements of the standard
based on existing approaches from multimedia re-
lated standards.
REFERENCES
[1] RFC 5246: The Transport Layer Security (TLS) Protocol,
Version 1.2, T. Dierks, E Rescorla, August 2008
[2] ISO-IEC 61850, Part 8-1: Specific Communication Service
Mapping (SCSM) – Mappings to MMS (ISO 9506-1 and
ISO 9506-2) and to ISO/IEC 8802-3, May 2004
[3] ISO-IEC 62351, Part 4: Communication Network and
System Security – Profiles Including MMS, October 2006
[4] ISO-IEC 62351, Part 5: Security for IEC 60870 and De-
rivatives, February 2007
[5] ISO-IEC 62351, Part 6: Security for IEC 61850, October
2006