Uma avaliação de Algoritmos Criptográficos em Redes IEC 61850: Uma Abordagem Prática
Resumo
This paper evaluates cryptographic algorithms applied to the GOOSE protocol in IEC 61850 communication networks for electrical substations.The IEC suggest the use of RSA for digital signature of GOOSE messages andat the same time define a maximum communication latency of 3 ms for critical messages. Through practical experiments with devices with low computational power, the inviability of the RSA suggested by the IEC is confirmed. Results show that the AES symmetric cryptography algorithm with the CMAC technique meets the time constraints defined by IEC, even when the entire payload of a 459-byte packet is encrypted.
Palavras-chave:
Algoritmos Criptograficos, Avaliação de Performance, RSA, AES
Referências
ABB, G. (2009). Manual técnico dos ieds da série 670. https://library. e.abb.com/public/9830608e2e48f75fc12576f10031debf/ 1MRK580172-XEN_A_en_670_series_self_supervision.pdf. Úl-timo acesso março de 2019.
ABNT5460 (1992). Sistemas elétricos de potência. In ABNT NBR 5460:1992. Associação Brasileira de Normas Técnicas. https://www.abntcatalogo.com.br/norma.aspx?ID=4123.
Barker, E. (2016). NIST special publication 800-57 part 1, revision 4, recomendation for key management. In NIST Special Publication 800-57 Part 1 Revision 4, page 160. National Institute of Standards and Technology.
Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., and Marchesin, S. (2002). Effi-cient software implementation of aes on 32-bit platforms. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 159-171. Springer.
Digilent (2018). Website do NetFPGA Virtex-II Pro FPGA De-velopment System. https://store.digilentinc.com/ netfpga-virtex-ii-pro-fpga-development-system/. Último acesso em dezembro de 2018.
Farhangi, H. (2010). The path of the smart grid. IEEE Power and Energy Magazine, 8(1):18-28.
Hohlbaum, F., Braendle, M., and Alvarez, F. (2010). Cyber security practical considera-tions for implementing IEC 62351. In PAC World Conference.
Hoyos, J., Dehus, M., and Brown, T. X. (2012). Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure. 2012 IEEE Globecom Workshops, pages 1508-1513.
IEC61850 (2003). Communication networks and systems in substations. In IEC 61850 Standard. International Electrotechnical Commission.
IEC62351 (2007). Power systems management and associated information exchange -data and communications security. In IEC 62351 Standard. International Electrotech-nical Commission.
Kush, N., Ahmed, E., Branagan, M., and Foo, E. (2014). Poisoned GOOSE: Exploiting the GOOSE Protocol. In Proceedings of the Twelfth Australasian Information Security Conference -Volume 149, AISC '14, pages 17-22.
Lopes, Y., Fernandes, N., Castro, T., and Muchaluat-Saade, V. (2016). Desafios de segu-rança e confiabilidade na comunicação para smart grids. XVI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.
Lu, X., Wang, W., and Ma, J. (2012). Authentication and integrity in the smart grid: An empirical study in substation automation systems. International Journal of Distributed Sensor Networks, 2012.
Mendel, F., Pramstaller, N., Rechberger, C., and Rijmen, V. (2006). Analysis of step-reduced SHA-256. In International workshop on fast software encryption, pages 126 -143.
Miranda, J. C. (2016). Segurança Cibernética com Hardware Reconfigurável em Subes-tações de Energia Elétrica Utilizando o Padrão IEC 61850. PhD thesis, Universidade de São Paulo, Escola de Engenharia de São Carlos.
Project, T. G. (2018). Libgcrypt home page. https://www.gnupg.org/ software/libgcrypt/index.html. Ultimo acesso em dezembro de 2018.
Rivest, R. L., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signa-tures and public-key cryptosystems. Communications of the ACM, 21(2):120 -126.
Singla, A., Mudgerikar, A., Papapanagiotou, I., and Yavuz, A. A. (2015). HAA: Hardware-accelerated authentication for internet of things in mission critical vehicular networks. In Milcom, pages 1298-1304.
Wang, W. and Lu, Z. (2013). Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5):1344 -1371.
Yavuz, A. A. (2014). An efficient real-time broadcast authentication scheme for com-mand and control messages. IEEE Transactions on Information Forensics and Secu-rity, 9(10):1733-1742.
ABNT5460 (1992). Sistemas elétricos de potência. In ABNT NBR 5460:1992. Associação Brasileira de Normas Técnicas. https://www.abntcatalogo.com.br/norma.aspx?ID=4123.
Barker, E. (2016). NIST special publication 800-57 part 1, revision 4, recomendation for key management. In NIST Special Publication 800-57 Part 1 Revision 4, page 160. National Institute of Standards and Technology.
Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., and Marchesin, S. (2002). Effi-cient software implementation of aes on 32-bit platforms. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 159-171. Springer.
Digilent (2018). Website do NetFPGA Virtex-II Pro FPGA De-velopment System. https://store.digilentinc.com/ netfpga-virtex-ii-pro-fpga-development-system/. Último acesso em dezembro de 2018.
Farhangi, H. (2010). The path of the smart grid. IEEE Power and Energy Magazine, 8(1):18-28.
Hohlbaum, F., Braendle, M., and Alvarez, F. (2010). Cyber security practical considera-tions for implementing IEC 62351. In PAC World Conference.
Hoyos, J., Dehus, M., and Brown, T. X. (2012). Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure. 2012 IEEE Globecom Workshops, pages 1508-1513.
IEC61850 (2003). Communication networks and systems in substations. In IEC 61850 Standard. International Electrotechnical Commission.
IEC62351 (2007). Power systems management and associated information exchange -data and communications security. In IEC 62351 Standard. International Electrotech-nical Commission.
Kush, N., Ahmed, E., Branagan, M., and Foo, E. (2014). Poisoned GOOSE: Exploiting the GOOSE Protocol. In Proceedings of the Twelfth Australasian Information Security Conference -Volume 149, AISC '14, pages 17-22.
Lopes, Y., Fernandes, N., Castro, T., and Muchaluat-Saade, V. (2016). Desafios de segu-rança e confiabilidade na comunicação para smart grids. XVI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.
Lu, X., Wang, W., and Ma, J. (2012). Authentication and integrity in the smart grid: An empirical study in substation automation systems. International Journal of Distributed Sensor Networks, 2012.
Mendel, F., Pramstaller, N., Rechberger, C., and Rijmen, V. (2006). Analysis of step-reduced SHA-256. In International workshop on fast software encryption, pages 126 -143.
Miranda, J. C. (2016). Segurança Cibernética com Hardware Reconfigurável em Subes-tações de Energia Elétrica Utilizando o Padrão IEC 61850. PhD thesis, Universidade de São Paulo, Escola de Engenharia de São Carlos.
Project, T. G. (2018). Libgcrypt home page. https://www.gnupg.org/ software/libgcrypt/index.html. Ultimo acesso em dezembro de 2018.
Rivest, R. L., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signa-tures and public-key cryptosystems. Communications of the ACM, 21(2):120 -126.
Singla, A., Mudgerikar, A., Papapanagiotou, I., and Yavuz, A. A. (2015). HAA: Hardware-accelerated authentication for internet of things in mission critical vehicular networks. In Milcom, pages 1298-1304.
Wang, W. and Lu, Z. (2013). Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5):1344 -1371.
Yavuz, A. A. (2014). An efficient real-time broadcast authentication scheme for com-mand and control messages. IEEE Transactions on Information Forensics and Secu-rity, 9(10):1733-1742.
Publicado
24/09/2019
Como Citar
SCARSELLI, Rafael B.; SOARES, Leonardo Fiório; MORAES, Igor Monteiro.
Uma avaliação de Algoritmos Criptográficos em Redes IEC 61850: Uma Abordagem Prática. In: WORKSHOP DE SEGURANÇA CIBERNÉTICA EM DISPOSITIVOS CONECTADOS (WSCDC), 2. , 2019, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 37-50.
DOI: https://doi.org/10.5753/wscdc.2019.7704.
