Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Prelim Slides - Illinois Security Lab - University of Illinois at Urbana

advertisement 
Application-Aware Secure
Multicast for Power Grid
Communications
Jianqing Zhang* and Carl A. Gunter
University of Illinois at Urbana-Champaign
* Now working at Energy Systems Research Lab, Intel Labs
Outline
• Motivation
• Introduction
• Formal Model for Multicast
– Data Model and Publish-Subscribe Model
– Multicast Configuration Anomaly
• Implementation: SecureSCL
• Performance Analysis of IPsec Based Multicast
• Conclusion
2
Multicast in Power Grid Systems
Substation
Networks
PMU: Phasor Measurement Unit
DNP3
PMUs
3
IEC 61850 Substation Network
Abstract Communication
Service Interface (ACSI)
Substation Bus
Generic Object Oriented
Substation Event (GOOSE)
*
Ethernet
Process Bus
Sampled Measured
• Data objects model
Value (SMV)
• Communication protocols suite
• Link layer multicast
• Substation Configuration Language (SCL)
• IEC: International Electrotechnical Commission
• HMI: Human Machine Interface
• PMU: Phasor Measurement Unit
* Based on Baigent, D. et. al. IEC 61850 Communication Networks and Systems in Substations: An Overview for Users
4
Cyber Security Threats to
Substation Networks
•
Integrity
– Tampered power grid status data
– Faked control commands
•
Cryptographically Secured
Protocols?
Confidentiality
– Valuable raw data
•
Availability
– Data packets flood
5
Challenges:
Manageable Configuration
• Complex and error-prone configuration for current
systems
– Intricate system designs
– Changing specifications during design phases
– Large and hardly auditable configuration files
• TVA Bradley Substation: 7.4Mbytes and 98K lines XML files
– Proprietary configuration tools from multiple vendors
– Complexity of current off-the-shelf security protocols and
tools
• Security vulnerabilities due to incorrect system
configuration
6
Challenges: Latency Requirements
• Timing requirements for real-time operations*
– PMU: 30 times per second
– Substation: event notification for protection
e.g. GOOSE, 2-10ms
• VT: Volt Transformer
• CT: Current Transformer
* IEEE Std. 1646: Communication Delivery Time Performance Requirements for Electric Power Substation Automation
7
Challenges: Efficient Group Key
Management & Configuration
• Integration with power grid systems
– How to partition multicast groups in a particular
domain, like a power substation?
– What’s the role of each control device in a group?
– How to distribute group keys?
• Standardized security protocols
– How to integrate group key management with secure
multicast protocols?
8
Approach: Application-Aware
Secure Multicast
• Derive group membership by application data
dependency in system functional configurations
– Observation: data dependency determines publishsubscribe relationships and group memberships
9
Data Dependency in Substation
Configuration Language (SCL)
<IED name="IED1" desc=“Protective relay (publisher)">
…
<GSE cbName="gcbTrip" ldInst="PROT">
…
<Address>…
<P type="MAC-Address">01-0C-CD-01-01-46</P>
</Address>
</GSE>
<DataSet name="dsTripLogic">
<FCDA daName="general" doName="Tr" …/>
<FCDA daName="q" doName="Tr“ …/>
<FCDA daName="general" doName="Op" …/>
<FCDA daName="q" doName="Op" …/>
<FCDA daName="general" doName="Op …/>
<FCDA daName="q" doName="Op" …/>
</DataSet>
…
</IED>
Trip command
<IED name=“IED2” desc=“Switchgear (subsriber) ” >
…
<LN desc="CircuitBreaker" inst="1" …>
<Inputs>
<ExtRef daName="general" doName="Tr" iedName="IED1" …/>
<ExtRef daName="q" doName="Tr" iedName="IED1" …/>
<ExtRef daName="general" doName="Op" iedName="IED1" …/>
<ExtRef daName="q" doName="Op" iedName="IED1" …/>
<ExtRef daName="general" doName="Op" iedName="IED1" …/>
<ExtRef daName="q" doName="Op" iedName="IED1" …/>
</Inputs>
</LN>
</IED>
…
<IED name=“IED3” desc=“Switchgear (subsriber)” >
…
<LN desc="CircuitBreaker" inst=“2" …>
<Inputs>
<ExtRef daName="general" doName="Tr" iedName="IED1" …/>
<ExtRef daName="q" doName="Tr" iedName="IED1" …/>
<ExtRef daName="general" doName="Op" iedName="IED1" …/>
<ExtRef daName="q" doName="Op" iedName="IED1" …/>
<ExtRef daName="general" doName="Op" iedName="IED1" …/>
<ExtRef daName="q" doName="Op" iedName="IED1" …/>
</Inputs>
</LN>
</IED>
10
Approach: Application-Aware
Secure Multicast
• Derive group membership by application data dependency in
system functional configuration
• Detect inconsistent configurations automatically
• Configure group key management system based on the derived
group memberships and extended configuration files
• Raise the link layer multicast to the network layer and secure
multicast traffic using IPsec
11
A Formal Multicast Model:
Components
• D, the set of data objects
• E, the entities which have relationships with data
objects
– O, the set of data owners
– C, the set of data consumer
– P, the set of publishers
– S, the set of subscribers
• G, the set of group controllers
12
A Formal Multicast Model:
Publish-Subscribe Model
13
Publish-Subscribe Model in SCL:
Ownership & Publication
<IED name="IED1" type="SecureIED" desc="Protective Relay">
...
<LDevice inst="PROT">
<LN0 lnClass="LLN0" lnType="IED1-LLN0-Type">
<DataSet name="dsTripLogic">
<FCDA daName="general" doName="Tr" ... ldInst="PROT" lnInst="1"/>
<FCDA daName="general" doName="Op" ... ldInst="PROT" lnInst="1"/>
...
</DataSet>
<GSEControl appID="TripGoose" datSet="dsTripLogic" name="gcbTrip".../>
</LN0>
...
<LN inst="1" lnClass="PTRC" lnType="IED1-PTRC-Type"/>
</LDevice>
...
</IED>
...
<DataTypeTemplates>
<LNodeType id="IED1_PTRC_Type" lnClass="PTRC">
<DO name="Tr" type="tPTRC_TrOp"/>
<DO name="Op" type="tPTRC_TrOp"/>
</LNodeType>
</DataTypeTemplates>
14
Publish-Subscribe Model in SCL:
Consumption & Subscription
<IED name="IED2" desc="Switchgear" type="SecureIED">
...
<LDevice inst="CTRL">
<LN desc="CircuitBreaker" inst="1" lnClass="XCBR" lnType="IED2-CTRL-XCBR">
<Inputs>
<ExtRef doName="Tr" ldInst="PROT”, iedName="IED1".../>
<ExtRef doName="Op" ldInst="PROT”, iedName="IED1".../>
</Inputs>
</LN>
<\LDevice>
<\IED>
15
Multicast Configuration Anomaly:
Publication Anomaly
16
Multicast Configuration Anomaly:
Subscription Anomaly
17
Architecture of SecureSCL
18
Benefits of IPsec Based Multicast
in Power Grid Networks
• Preserves a variety of security properties, proved by
a degree of formal analysis
• Supports wide area multicast, important to intersubstation communications and PMU networks
• Obtains strong support from security communities
• Capable of addressing latency constraints in medium
scale networks
19
Performance Analysis of IPsec
Based Multicast
• Test Bed Setup
– Hardware
• Deterlab: 8, 16, 32, 64-node scenarios
• Xeon Quad 3.00GHz PCs
– Software
• Platform: Ubuntu 8.04
• Process Control Emulation System*
– Measure round trip latency
* Credits to Chris Grier and Sam King
20
Performance of IPsec Multicast
21
Conclusion
• Application-aware secure multicast is an efficient
solution for multicast in power grid systems
– Automate group configuration and minimize errors
– Integrate security configurations with functional
configurations
• IPsec is a promising solution for secure multicast in
power grid systems
• Future work
– WAN or Inter-substation network multicast
communication and configuration
– Dynamic group management
22
Questions?
http://seclab.illinois.edu/web/
Dr. Jianqing Zhang
Intel Labs, RNB6-61
2200 Mission College Blvd.
Santa Clara, CA 94054
Tel: (408)653-5461
Email: jianqing.zhang@intel.com
Professor Carl A. Gunter
4304 Siebel Center for Computer Science
201 N. Goodwin Ave.
Urbana, IL 61801
Tel: (217)244-1982
Email: cgunter@cs.illinois.edu
Contributions
1. Propose a formal multicast data model and a publishsubscribe model depicting the publish-subscribe relationships
2. Classify a number of configuration anomalies in multicast
systems
3. Design algorithms detecting the anomalies
4. Design a multicast and group key management architecture
5. Develop a prototype system, SecureSCL
6. Provide a case study of secure GOOSE in IEC 61850
substations
7. Evaluate the performance of IPsec based multicast
24
Related Work
• IEC 62351: sign each GOOSE frame using RSA
CRC
Header
GOOSE PDU
Authentication Value
Length
• Gjermundrod, H. et al. GridStat: A Flexible QoS-Managed Data
Dissemination Framework for the Power Grid, IEEE Transactions on
Power Delivery, Jan. 2009
• Ehab S. et al. Discovery of Policy Anomalies in Distributed Firewalls.
INFOCOM 2004
25
System Working Phases
26
GDOI Based Group Key Management
Architecture
• Group Domain of Interpretation (GDOI, RFC 3547): IKEv1
based group key management protocol for IPsec multicast
1. IKEv1 Phase1: Reg. SA
2. Phase 2 GROUPKEY-PULL: (first) Rekey SA and Data SA
3. GROUPKEY-PUSH: subsequent Rekey SAs and Data SAs
27
Related documents
PowerPoint 프레젠테이션
PowerPoint 프레젠테이션
A Preferred Link Based Multicast Protocol for Wireless Mobile Ad
A Preferred Link Based Multicast Protocol for Wireless Mobile Ad
Category of Ad Hoc Multicast Routing Protocols
Category of Ad Hoc Multicast Routing Protocols
Indoor Localization System
Indoor Localization System
multicast
multicast
Multicast for Video Streaming
Multicast for Video Streaming
Reconstruction of substation of 35/6 kV "Crimea" Author: Voronov
Reconstruction of substation of 35/6 kV "Crimea" Author: Voronov
Multicast ICC
Multicast ICC
IPTV
IPTV
Ch4-4Multicast
Ch4-4Multicast
MSEC Working Group B. Weis Internet-Draft Cisco
MSEC Working Group B. Weis Internet-Draft Cisco
Download
advertisement