ZigBee
DER
Distribution Automation
Meter
IEC 61850,
IEC 60870-5
Phasors Controls
IEEE C37.118
SCADA
Alarms EV
Controls Appliance
Gateway
Meters
Operations Gateway Automation DLMS,
Controls IEC 60870-5
IEC 60870-5, IEC 61850,
IEC 60870-6, IEC 60870-5 Buildings
IEEE 1815 (DNP3) Customer/Producer 4
SG Security Requirements and Threats
[Ref: IEC 62351-1]
Why don’t we just shoot power transformer, bushing, insulators etc?
5
SG Security Requirements and Threats
[Ref: IEC 62351-1]
Listening: Tampering:
Exchanges: Plants: Denial:
Eavesdropping Control
Man-In-The-Middle Spoofing Busy Service
6
Our Agenda
7 Network Objects
ISO RFC ITU NIST
60870-6 TASE.2
IEC 62351
DNP
IEC 62351-7
IEC 62351-4 MMS Profile
60870-5 Serial
DNP IEC 62351-5 60870-5 & Derivatives
61850 GOOSE,
IEC 62351-6 61850 GOOSE, SV
SV
• Man-In-The-Middle attacks
Threat • Authentication;
• Message replay;
Mitigation • Eavesdropping;
IEC 62351-3: TCP/IP Security Profile
Client Server
Client Server
Non-Secure Socket Layer
Encrypted Encrypted
Message
Secret
? Attacker
?
Secret Client Server
I need a secure Encrypted I need a secret key
line to send the to read this message
secret key
Transport Layer Security – Simplified
Asymmetric Encryption Key Exchange
Attacker
Client Server
Private Key
Send public key
Public Key
Secret
Message
Transport Layer Security – Simplified
Authentication
Attacker
Client Server
Attacker
Client Server
HelloRequest
Cipher Re-Negotiation
IEC 62351-3: TCP Ports
62351-
• mms-sec = 3782/tcp
4 • mms = 102/tcp
MMS
62351- • iec-104-sec= 19998/tcp
• dnp-sec = 19999/tcp
5 for • iec-104 = 2404/tcp
870-5 • dnp = 20000/tcp
ClientHello [RFC 5246]
• TLS Version ID
General • Session ID
• Cipher Suite List
• Random Number
TCP/IP • TLS_RSA_NULL_WITH_NULL_SHA
• Version >= TLS 1.0
MMS [62351-6]
Insecure Medium
60870-5 APDU
T ASDU H T Challenge H
Link Layer Link Layer
Insecure Medium
IEC 62351-5: Challenge-Reply Authentication
Client Server
Non-Critical ASDU
Critical ASDU
Authentication Challenge
Authentication Response
Authenticate
Perform Operation
Standard Protocol Response
IEC 62351-5: Challenge Format
Session ID
Session ID to be used
• <0> = Monitor direction
• <1> = Control direction
• <2> = Per user basis
HMAC Algorithm
•Defines authentication
method of the challenger
•HMAC SHA1 digital
signature – minimum spec
HMAC Value
The reply contains hash
digest of:
•Challenge message
•Address information e.g.
CAASDU + IOA of
challenger and responder
•Challenge
Challenge ASDU
•Padding data
TLS Pre-Shared Key (TLSPSK) Handshake for IEC
60870-5-104 [RFC 4279]
Client Server
TCP Handshake TCP Handshake
ClientHello
Cipher Suite List ServerHello
(Certificate)* - Not applicable
ServerKeyExchange*
(Certificate)*
(CertificateRequest)*
ClientKeyExchange
ServerHelloDone
(CertificateVerify)*
[ChangeCipherSpec]
Finished [ChangeCipherSpec]
Finished
Request
Response
HelloRequest
Cipher Re-Negotiation
IEC 62351-6: Security Profiles for VLAN
Extension
•Defines authentication
parameters for VLAN
•HMAC SHA256 digital
signature
IEC 62351-6: Authenticated Publisher-Subscriber
Subscriber Publisher
MAC
Secure Hash
Key Exchange
Public Key = ECDHE
Certificate Authenticator = RSA
Principles of Cipher [IEC 62351-2]
Plaintext Plaintext
Message Message
Key
Encrypt Decrypt
Encryption
Ciphertext = Encrypt key (Plaintext)
Decryption
Plaintext = Decrypt key (Ciphertext)
Asymmetric Cipher [IEC 62351-2]
Public Key
Server sends public key
Plaintext over insecure medium for
Message client encryption process
Encrypt
Plaintext
Message
Send
Ciphertext
Decrypt
Client #1
Receive
Ciphertext
Plaintext
Message
Server
Encrypt Private Key
Server decrypts cipher
Send from clients using
Ciphertext private key
Client #2
Authentication: Symmetric – Hash Message
Authentication Code (HMAC) [IEC 62351-2]
Plaintext Secret
Message
Concatenate
Secret Value
Client and server Digest
compute same secret (Plaintext +
value from session ID Secret)
Hash
Algorithm
Secret
HMAC
Client Server
Authentication: Asymmetric – Digital Signature
[IEC 62351-2] DSA
RSA-PSS, El Gamal,
ECDSA
Plaintext
DS is Regulated Message
Verify Digital Signature Act
1997 (Act 562)
Digest Digest
(Hash) (Hash)
Decrypt Encrypt
Encrypted Encrypted
MAC MAC
Client Server
Issuer
The CA issuer of this certificate
Subject
To whom this certificate is
issued e.g. device, individual or
another CA
IETF Standards
Overview • RFC 5246 – TLS
• Whitepaper on Security • RFC 4279 – TLSPSK
Standard in IEC TC57 • RFC 4158 – PKI
by Frances Cleveland
Convener WG 15
Books Miscellaneous
• Applied Cryptography, Bruce • Information Security Stack
Schneier, Wiley Exchange
• Practical Cryptography, Bruce • Wikipedia
Schneier, Wiley
• SSL/TLS and PKI, Joshua
Davies, Wiley