application aware secure multicast for power grid communications n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Application-Aware Secure Multicast for Power Grid Communications PowerPoint Presentation
Download Presentation
Application-Aware Secure Multicast for Power Grid Communications

Loading in 2 Seconds...

play fullscreen
1 / 27

Application-Aware Secure Multicast for Power Grid Communications - PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on

Application-Aware Secure Multicast for Power Grid Communications. Jianqing Zhang * and Carl A. Gunter University of Illinois at Urbana-Champaign. * Now working at Energy Systems Research Lab, Intel Labs. Outline. Motivation Introduction Formal Model for Multicast

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Application-Aware Secure Multicast for Power Grid Communications' - nevina


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
application aware secure multicast for power grid communications

Application-Aware Secure Multicast for Power Grid Communications

Jianqing Zhang* and Carl A. Gunter

University of Illinois at Urbana-Champaign

* Now working at Energy Systems Research Lab, Intel Labs

outline
Outline
  • Motivation
  • Introduction
  • Formal Model for Multicast
    • Data Model and Publish-Subscribe Model
    • Multicast Configuration Anomaly
  • Implementation: SecureSCL
  • Performance Analysis of IPsec Based Multicast
  • Conclusion
multicast in power grid systems
Multicast in Power Grid Systems

Substation

Networks

DNP3

PMUs

PMU: Phasor Measurement Unit

iec 61850 substation network
IEC 61850 Substation Network

Abstract Communication Service Interface (ACSI)

Generic Object Oriented Substation Event (GOOSE)

  • Substation Bus

*

Ethernet

Process Bus

Sampled Measured Value (SMV)

  • Data objects model
  • Communication protocols suite
    • Link layer multicast
  • Substation Configuration Language (SCL)
  • IEC: International Electrotechnical Commission
  • HMI: Human Machine Interface
  • PMU: Phasor Measurement Unit

* Based on Baigent, D. et. al. IEC 61850 Communication Networks and Systems in Substations: An Overview for Users

cyber security threats to substation networks
Cyber Security Threats to Substation Networks
  • Integrity
    • Tampered power grid status data
    • Faked control commands
  • Confidentiality
    • Valuable raw data
  • Availability
    • Data packets flood

Cryptographically Secured Protocols?

challenges manageable configuration
Challenges:Manageable Configuration
  • Complex and error-prone configuration for current systems
    • Intricate system designs
    • Changing specifications during design phases
    • Large and hardly auditable configuration files
      • TVA Bradley Substation: 7.4Mbytes and 98K lines XML files
    • Proprietary configuration tools from multiple vendors
    • Complexity of current off-the-shelf security protocols and tools
  • Security vulnerabilities due to incorrect system configuration
challenges latency requirements
Challenges: Latency Requirements
  • Timing requirements for real-time operations*
    • PMU: 30 times per second
    • Substation: event notification for protection

e.g. GOOSE, 2-10ms

  • VT: Volt Transformer
  • CT: Current Transformer

* IEEE Std. 1646: Communication Delivery Time Performance Requirements for Electric Power Substation Automation

challenges efficient group key management configuration
Challenges: Efficient Group Key Management & Configuration
  • Integration with power grid systems
    • How to partition multicast groups in a particular domain, like a power substation?
    • What’s the role of each control device in a group?
    • How to distribute group keys?
  • Standardized security protocols
    • How to integrate group key management with secure multicast protocols?
approach application aware secure multicast
Approach: Application-Aware Secure Multicast
  • Derive group membership by application data dependency in system functional configurations
    • Observation: data dependency determines publish-subscribe relationships and group memberships
data dependency in substation configuration language scl
Data Dependency in Substation Configuration Language (SCL)

<IED name=“IED2” desc=“Switchgear (subsriber) ” >

<LN desc="CircuitBreaker" inst="1" …>

<Inputs>

<ExtRefdaName="general" doName="Tr" iedName="IED1" …/>

<ExtRefdaName="q" doName="Tr" iedName="IED1" …/>

<ExtRefdaName="general" doName="Op" iedName="IED1" …/>

<ExtRefdaName="q" doName="Op" iedName="IED1" …/>

<ExtRefdaName="general" doName="Op" iedName="IED1" …/>

<ExtRefdaName="q" doName="Op" iedName="IED1" …/>

</Inputs>

</LN>

</IED>

<IED name=“IED3” desc=“Switchgear (subsriber)” >

<LN desc="CircuitBreaker" inst=“2" …>

<Inputs>

<ExtRefdaName="general" doName="Tr" iedName="IED1" …/>

<ExtRefdaName="q" doName="Tr" iedName="IED1" …/>

<ExtRefdaName="general" doName="Op" iedName="IED1" …/>

<ExtRefdaName="q" doName="Op" iedName="IED1" …/>

<ExtRefdaName="general" doName="Op" iedName="IED1" …/>

<ExtRefdaName="q" doName="Op" iedName="IED1" …/>

</Inputs>

</LN>

</IED>

<IED name="IED1" desc=“Protective relay (publisher)">

<GSE cbName="gcbTrip" ldInst="PROT">

<Address>…

<P type="MAC-Address">01-0C-CD-01-01-46</P>

</Address>

</GSE>

<DataSet name="dsTripLogic">

<FCDA daName="general" doName="Tr" …/>

<FCDA daName="q" doName="Tr“ …/>

<FCDA daName="general" doName="Op" …/>

<FCDA daName="q" doName="Op" …/>

<FCDA daName="general" doName="Op …/>

<FCDA daName="q" doName="Op" …/>

</DataSet>

</IED>

Trip command

approach application aware secure multicast1
Approach: Application-Aware Secure Multicast
  • Derive group membership by application data dependency in system functional configuration
  • Detect inconsistent configurations automatically
  • Configure group key management system based on the derived group memberships and extended configuration files
  • Raise the link layer multicast to the network layer and secure multicast traffic using IPsec
a formal multicast model components
A Formal Multicast Model: Components
  • D, the set of data objects
  • E, the entities which have relationships with data objects
    • O, the set of data owners
    • C, the set of data consumer
    • P, the set of publishers
    • S, the set of subscribers
  • G, the set of group controllers
publish subscribe model in scl ownership publication
Publish-Subscribe Model in SCL:Ownership & Publication

<IED name="IED1" type="SecureIED" desc="Protective Relay">

...

<LDeviceinst="PROT">

<LN0 lnClass="LLN0" lnType="IED1-LLN0-Type">

<DataSet name="dsTripLogic">

<FCDA daName="general" doName="Tr" ... ldInst="PROT" lnInst="1"/>

<FCDA daName="general" doName="Op" ... ldInst="PROT" lnInst="1"/>

...

</DataSet>

<GSEControlappID="TripGoose" datSet="dsTripLogic" name="gcbTrip".../>

</LN0>

...

<LN inst="1" lnClass="PTRC" lnType="IED1-PTRC-Type"/>

</LDevice>

...

</IED>

...

<DataTypeTemplates>

<LNodeType id="IED1_PTRC_Type" lnClass="PTRC">

<DO name="Tr" type="tPTRC_TrOp"/>

<DO name="Op" type="tPTRC_TrOp"/>

</LNodeType>

</DataTypeTemplates>

publish subscribe model in scl consumption subscription
Publish-Subscribe Model in SCL:Consumption & Subscription

<IED name="IED2" desc="Switchgear" type="SecureIED">

...

<LDeviceinst="CTRL">

<LN desc="CircuitBreaker" inst="1" lnClass="XCBR" lnType="IED2-CTRL-XCBR">

<Inputs>

<ExtRefdoName="Tr" ldInst="PROT”, iedName="IED1".../>

<ExtRefdoName="Op" ldInst="PROT”, iedName="IED1".../>

</Inputs>

</LN>

<\LDevice>

<\IED>

multicast configuration anomaly publication anomaly
Multicast Configuration Anomaly:Publication Anomaly
  • Ownership Anomaly: a publisher publishes data objects which are not owned by it
  • Publication Redundancy:
    • Full redundancy: No data object is consumed
    • Partial redundancy: some data objects are not consumed
multicast configuration anomaly subscription anomaly
Multicast Configuration Anomaly:Subscription Anomaly
  • Source Anomaly: a subscriber subscribes data from a “non-existent” publisher
  • Data Dissatisfaction
    • “Hard” data dissatisfaction: some data objects are not published by
    • “Soft” data dissatisfaction: some data objects are published by another publication
benefits of ipsec based multicast in power grid networks
Benefits of IPsec Based Multicast in Power Grid Networks
  • Preserves a variety of security properties, proved by a degree of formal analysis
  • Supports wide area multicast, important to inter-substation communications and PMU networks
  • Obtains strong support from security communities
  • Capable of addressing latency constraints in medium scale networks
performance analysis of ipsec based multicast
Performance Analysis of IPsec Based Multicast
  • Test Bed Setup
    • Hardware
      • Deterlab: 8, 16, 32, 64-node scenarios
      • Xeon Quad 3.00GHz PCs
    • Software
      • Platform: Ubuntu 8.04
      • Process Control Emulation System*
        • Measure round trip latency

* Credits to Chris Grier and Sam King

conclusion
Conclusion
  • Application-aware secure multicast is an efficient solution for multicast in power grid systems
    • Automate group configuration and minimize errors
    • Integrate security configurations with functional configurations
  • IPsec is a promising solution for secure multicast in power grid systems
  • Future work
    • WAN or Inter-substation network multicast communication and configuration
    • Dynamic group management
questions http seclab illinois edu web

Questions?http://seclab.illinois.edu/web/

Dr. Jianqing Zhang

Intel Labs, RNB6-61

2200 Mission College Blvd.

Santa Clara, CA 94054

Tel: (408)653-5461

Email: jianqing.zhang@intel.com

Professor Carl A. Gunter

  • 4304 Siebel Center for Computer Science

201 N. Goodwin Ave.

Urbana, IL 61801

  • Tel: (217)244-1982

Email: cgunter@cs.illinois.edu

contributions
Contributions
  • Propose a formal multicast data model and a publish-subscribe model depicting the publish-subscribe relationships
  • Classify a number of configuration anomalies in multicast systems
  • Design algorithms detecting the anomalies
  • Design a multicast and group key management architecture
  • Develop a prototype system, SecureSCL
  • Provide a case study of secure GOOSE in IEC 61850 substations
  • Evaluate the performance of IPsec based multicast
related work
Related Work
  • IEC 62351: sign each GOOSE frame using RSA
  • Gjermundrod, H. et al. GridStat: A Flexible QoS-Managed Data Dissemination Framework for the Power Grid, IEEE Transactions on Power Delivery, Jan. 2009
  • EhabS. et al. Discovery of Policy Anomalies in Distributed Firewalls. INFOCOM 2004

CRC

Header

GOOSE PDU

Authentication Value

Length

gdoi based group key management architecture
GDOI Based Group Key Management Architecture
  • Group Domain of Interpretation (GDOI, RFC 3547): IKEv1 based group key management protocol for IPsec multicast

IKEv1 Phase1: Reg. SA

Phase 2 GROUPKEY-PULL: (first) Rekey SA and Data SA

GROUPKEY-PUSH: subsequent Rekey SAs and Data SAs