IEC 62351-6:2020 pdf free download – Power systems management and associated information exchange -Data and communication security
4.1 operational issues affecting choice of security options
For applications using Layer 2 IEC 61850-8-1 GOOSE and Layer 2 IEC 61850-9-2 SampledValue and requiring 3 ms response times，multicast configurations and low CPu overhead,encryption is not recommended. Instead, the communication path selection process (e.g. thefact that Layer 2 GoOSE and sV are supposed to be restricted to a logical substation LAN)shall be used to provide confidentiality for information exchanges.However, this document doesdefine a mechanism for allowing confidentiality for applications where the 3 ms delivery criterionis not a concern.
NOTE The actual performance characteristics of an implementation claiming conformance to this technicalspecification is outside the scope of this document.
With the exception of confidentiality，this document sets forth a mechanism that allows co-existence of secure and non-secure PDUs.
5.4 IEC 61850-8-2 for ClientlServer communications
IEC 61850 implementations claiming conformance to this document and declaring support forthe lEC 61850-8-2A-Profile for Client/Server communications shall implement the End-to-Endsecurity mechanism as specified by lEC62351-4.
IEC 61850-8-2 does not support ACSE therefore, the lEC 62351-4 security mechanism of ACSEauthentication (A-Profile) are not implemented or supported.
Additionally,IEC 61850-8-2 utilizes a T-Profile consisting of XMPP, which in turn controls TLS.Therefore, the TLS security mechanisms,and cipher suites, specified in lEC 62351-4 are out-of-scope for IEC 61850-8-2.
5.5 Using OriginatorID for Client/Server Services
There are several Common Data Classes (CDCs) defined in lEC 61850-7-3 and service trackingfunctions that explicitly define the ability to provide information about the originator of thecontrol or service.The actual value representing the initiating entity in both lEC 61850-8-1 andIEC 61850-8-2 is originatorlD and is a 64-octet octetstring.
The use of certificate-based authentication and security provides a mechanism for providingauthoritative information regarding the originator.However, the size restriction of originatorIDis not large enough to provide exposure of the lssuer and Serial Number. Therefore,implementations claiming conformance to this standard shall implement the optionalDataAttribute certlssuer in the instance to the lEC 61850-7-3 CDCs of: CST,BTS,UTS,LTS,GTS, MTS, NTS, and STS.
6.2Replay Protection
Replay protection can be implemented for GOoSE and Sampled Value A-Profiles with or withoutsecurity extensions.The replay protection algorithms specified in the following clauses are forsubscribers claiming conformance to this part and therefore replay protection is to beimplemented regardless if the published GooSE or Sampled Value APDU has security.Thereplay protection algorithm is implemented by the subscriber
6.2.1.1 General
The normal GooSEsubscriber state machine in lEC 61850-8-1 does not detail how to transitionout-of-order state numbers (stNum) or sequence numbers (sqNum) should be received.
lmplementations claiming conformance to this standard shall implement the state machineshown in Figure 2.Additional security and replay checks may be implemented.For this clause,the Application is defined as the GoosE Subscriber function and not the actual process thatutilizes GoOSEData(per lEC 61850-7-2) in order to perform protection, etc.
Figure 2 is relevant for GooSE messages for which the subscriber has an active subscriptionshall be configured through the use of sCL and an ICT.Other configuration mechanisms areout-of-scope. lmplementations claiming conformance to this clause shall maintain at least thefollowing internal state machine variables: last received stNum (lastRcvStNum); last receivedsqNum (lastRcvSqNum); last received state change timestamp (lastRcvT); and an internal TimeAllowed to Live (intTAL)value.The states and their transitions are defined as follows:
1) The Non-Existent state represents the state when there is no GOoSE subscription.
2) Upon activating the subscription (e.g. power-up or subscription configuration), the state machine will internally set the lastRcvStNum , lastRcvSqNum，lastRcvT, and intTAL toinvalid since no cooSE message has been received and the state machine transitions tothe Wait for GooSE Message state.
Upon receiving the subscribed GooSE message,the subscriber shall transition to thesecurity Checks state (State 3).