S-GoSV: Framework for Generating Secure IEC 61850 GOOSE and Sample Value Messages

Abstract

Standardized communication plays an important role in substation automation system (SAS). IEC 61850 is a de-facto standard in SAS. It facilitates smooth communication between different devices located in the substation by achieving interoperability. Generic Object-Oriented Substation Event (GOOSE) and Sample Value (SV) messages developed according to IEC 61850 enable efficient monitoring and operation control of SAS. IEC 61850 is very popular due to its flexible and robust modeling. As the number of critical infrastructures that employed IEC 61850 increases, it is important to study cybersecurity aspects as well. To this end, this paper develops a software framework, S-GoSV (Secure GOOSE and SV), that generates custom GOOSE and Sample Value messages. Furthermore, security features are added to protect them from different security attacks within a substation. IEC 62351-6 specifies digital signatures to achieve node authentication and messages integrity. Therefore, S-GoSV implements RSASSA-PKCS1-v1_5 digital signature algorithm based on RFC 2313. Performance studies show that digital signature algorithms based on RSA signing and verification take long times and do not conform to timing requirements stipulated by IEC 61850 for power system communication. To address this, Message Authentication Code (MAC) based digital signature algorithm, Keyed Hash-Message Authentication Code- Secure Hash Algorithm (HMAC-SHA256), is additionally implemented in S-GoSV framework for securing GOOSE messages.

1. Introduction

Legacy power systems are transforming into smart grids which are designed to operate in a more reliable and resilient fashion. Existing Supervisory Control and Data Acquisition (SCADA) systems do not have the capability to implement these features [1]. Substations play a key role in smart grid revolution. IEC 61850 is a de-facto standard for substation automation [2]. It offers different protocol services such Generic Object-Oriented Substation Event (GOOSE), Sample Value (SV) and Manufacturing Message Service (MMS) [2]. It enables interoperability among substation devices of different vendors with standard modeling. It also offers many services that include seamless communication, defining data sets, defining logical nodes for substation communication equipment [3].

IEC 61850 standard was initially developed for substation automation. Due to its widespread popularity and success, it was extended to other components in power grids such as fault current limiters [4], Distributed Energy Resources (DERs) [5], Electric Vehicles (EVs) [6] and smart meters [7]. In these new implementations, IEC 61850 GOOSE and SV are utilized to exchange different data sets between DERs, EVs and other components. Some researchers have developed open access tools for generating GOOSE and SV messages, which are quite helpful in conducting different studies [8,9,10]. However, the reported tools only use datasets based on IEC 61850-9-2 LE SV format (only include three-phase current and voltages values) or GOOSE formats. Addressing this knowledge gap; in this paper, a C based framework ‘GoSV’ [11] is developed for generating custom GOOSE and SV messages which can be used to send customized data sets in GOOSE and SV formats.

Cyber security is a rising concern for substation communication networks [12,13,14] and phasor measurement units [15] as reported in the literature recently. Authors in [12], proposed Anomaly Detection System (ADS) for the substations to protect simultaneous intrusions into multiple substations which may cause severe cascading events that have catastrophic consequences. Authors in [14] reviewed cyber security challenges and potential threats in IEC 61850-substation network and summarized security measures. They argue that among different IEC 61850 services such as GOOSE, SV and MMS, GOOSE message service is of paramount importance as it carries time critical information related to power system operation. If GOOSE message service is compromised, then it may cause severe loss to power system. To address these concerns, IEC 62351-6 specifies security mechanisms for GOOSE message service [16]. The security requirements such as authentication and integrity are very important in IEC 61850 substation networks and IEC 62351-6 recommends digital signatures to mitigate cyber-attacks. Furthermore, the said standard specifies RSA digital signature algorithm for signing and verifying the GOOSE messages. The timing performance of the specified digital signature is evaluated and reported in [17,18]. Authors in [19] specify that the actual digital signature algorithm explicitly specified by IEC 62351-6 to secure GOOSE is RSA-Probabilistic Signature Scheme based on Signature Scheme with Appendix (RSASSA-PSS) based on RFC 3447 [20], which should be also compatible with RFC 2313 [21].

In order to investigate cybersecurity considerations in power system communication networks, this paper extends the GoSV framework with security implementations as Secure-GoSV (S-GoSV) [22] using openSSL libraries. In S-GoSV framework RSASSA-PKCS1-v1_5 digital signature algorithm is implemented to secure IEC 61850 GOOSE messages. However, investigations show that performance of RSASSA-PKCS1_v1-5 digital signature algorithm is not suitable for time critical GOOSE messages [19]. Therefore, authors have proposed the use of fast computing Message Authentication Code (MAC) based digital signature algorithm, Hash based Message Authentication Code- Secure Hash Algorithm (HMAC-SHA-256) [23]. HMAC-SHA-256 based implementations are also included in the S-GoSV framework for studying their performance.

The rest of the paper is organized as follows, Section 2 discusses GOOSE and SV message structures according to IEC 61850-8-1 and IEC 61850-9-2 standards, respectively. It also shows implementation details of GoSV software framework that generates custom GOOSE and Sample Values. Section 3 briefly discusses S-GoSV software that implements RSASSA-PKCS1-v1_5 digital algorithm specified by IEC 62351-6. Section 4 describes the implementation details of RSASSA-PKCS1-v1_5 digital algorithm and HMAC-SHA256 on GOOSE messages. Section 5 demonstrates the results with Wireshark captures. Section 5 draws the conclusions.

2. GoSV Framework

The GoSV framework is developed for generating and publishing customized GOOSE and SV messages. The crucial part of this framework is to accurately construct Ethernet frame according to IEC 61850-9-2 (Sample Values) and IEC 61850-8-1 (GOOSE) formats. Figure 1 shows the ethernet frame and its fields. The Ethernet frame format starts with destination and source MAC address followed by 802.1q and 802.1p (VLAN and priority tag) optional fields. The next field is ‘ethertype’ which defines the Ethertype Protocol Data unit (PDU) in the frame. The value of the ‘ethertype’ field for GOOSE and SV messages are 0x88-0xB8 and 0x88-0xBA, respectively. All the fields of ‘Ethertype PDU’ are encoded according to ASN.1 BER as specified in ISO/IEC 8825-1. All the fields are in triplet format of Tag, Length and Value (TLV). Again, the value can contain a new set of triplets in itself as shown in Figure 2. ‘Ethertype PDU’ consists of ‘APPID’, ‘Length’, ‘Reserved1’, ‘Reserved2’ followed by either Sample Values or GOOSE message fields. Ethernet frame ends with Frame Check Sequence (FCS) field. The ‘APPID’ field of 2 bytes contains the tag of ‘Ethertype PDU’. For ‘Ethertype SV PDU’ the ‘APPID’ value can be 0x4000 to 0x7FFF. The length field of 2 bytes contains the value of the total length of the Ethertype SV or GOOSE PDU and it should be less than 1501 bytes. The ‘reserved1’ field of the Ethertype SV or GOOSE PDU are reserved for security related information when the SV or GOOSE is sent with IEC 62351-6 security considerations. The ‘reserved2’ field is of 2 bytes to store 16-bit Cyclic Redundancy Check (CRC) value. Figure 3 and Figure 4 gives the description of set of fields that can be interpreted as T-L-V format.

The SV APDU starts with ‘savPdu’ field with a tag of 0x60 followed by its length. The ‘noASDU’ field (number of ASDU) has a tag 0x80 followed by its length and value. The ‘Sequence of ASDU’ field (Sequence of ASDU) begins with a tag 0xA2 followed by its length and value. The ‘ASDU’ field (Application Service Data Unit) has a tag 0x30 followed by its length and value. Each ASDU consists of the following fields: ‘svID’ (sample value ID), ‘smp_Cnt’ (sampling count), ‘confRev’ (count of configuration changes), ‘smpSynch’ (sample synchronization), ‘Sequence of Data’ (sequence of data) and ‘data’ (the actual dataset). The ‘svID’ field begins with a tag 0x80 followed by its length and value. The ‘smp_Cnt’ field has tag 0x82 followed by its length and value. The ‘confRev’ field has a tag 0x83 followed by its length and value. The ‘smpSynch’ field begins with tag of 0x85 followed by its length and value. The ‘Sequence of Data’ field begins with tag of 0x87 followed by its length and value. The final field is the actual data set. Figure 3 describes the Tag, length, value triplets of every field of SV message.

Similarly, PDU of GOOSE consists of following fields as gocbRef, ‘timeAllowedtoLive’, ‘datSet’, ‘goID’, ‘t’, ‘stNum’, ‘sqNum’, ‘test’, ‘confRev’, ‘ndsCom’, ‘numDatSetEntries’, ‘allData’ as shown in Figure 4. The frame format of GOOSE message along with description of its fields is given in

Table 1. GOOSE payload fields.

Field Name		Hex Value/Value in Bytes	Size (in Bytes)	Description
goosePDU Tag		0x6181	2	GOOSE protocol data unit
goosePDU Length		145	2
goosePDU Value field	gocbRef_Tag	0x80	1	Reference to the associated GoCB that is controlling the GOOSE message
	gocbRef_length	26	1
	gocbRef_value		26
	timeAllowedtoLive_Tag	0x81	1	The time a receiver waits before receiving a re-transmitted
	timeAllowedtoLive_Length	3	1
	timeAllowedtoLive_value		3
	Dataset_Tag	0x82	1	Name of the Data Set
	Dataset_length	24	1
	Dataset_value		24
	goID_tag	0x83	1	ID of publishing IED
	goID_length	11	1
	goID_value		11
	Time_tag	0x84	1	Time stamp indicating a new GOOSE event
	Time_length	8	1
	Time_value		8
	st_Num_tag	0x85	1	Status Number—counter that increments with every GOOSE event
	st_Num_length	1	1
	st_Num_value		1
	sq_Num_tag	0x86	1	Sequence Number—counter that increments with every repeated GOOSE message
	sq_Num_length	1	1
	sq_Num_value		1
	Test_tag	0x87	1	Specifies if a message is/is not intended for testing
	Test_length	1	1
	Test_value		1
	confRev_tag	0x88	1	Number of times Data Set has changed
	confRev_length	1	1
	confRev_value		1
	ndsCom_tag	0x89	1	Needs commissioning field
	ndsCom_length	1	1
	ndsCom_value		1
	numDatSetEntries_tag	0x8A	1	Number of data elements in ‘allData’ field
	numDatSetEntries_length	1	1
	numDatSetEntries_value		1
	All_data_tag	0xAB	1	Actual data being sent (bool, integer, float, etc.)
	All_data_length	32	1
	All_data_value		32

.

The GoSV software framework is implemented in C programming language using Ethernet libraries available in ether.h, sys/socket.h and sys/ioctl.h header files. The implementation can be accomplished at layer 2 of Open Systems Interconnect (OSI) reference model. Figure 5 describes the implementation details. First it is needed to configure the network device at the sending end of the GOOSE and Sample Values. It includes the following steps: The packet interface is used to create a raw socket on the device. Linux supports ioctls (input-output controls) to configure network devices. For configuring network device, it is needed to set the structure called ifreq (Interface request) with the name and index of the interface using ioctls. Structure ifreq facilitates low level access to Linux network devices. Device independent physical layer structure called sockaddr_ll is used to set the destination MAC address of the packet. A buffer with the max size of 2048 is taken to construct the ethernet frame. Construction of payload field for GOOSE/SV protocol is considered by taking standard fields in the form of cascading tag, length and value. Authors have uploaded the developed version of GoSV [11] in the GitHub repository.

3. Secure GoSV Framework

Security is a growing concern in power system communication networks. Compromising it may lead to plethora of security attacks such as Data integrity attack, replay attack, Man in The Middle (MITM) attack, Denial of Service (DoS) attack etc. These attacks may cause catastrophic damages to power grid. IEC 62351-6 specifies authentication and integrity as the security requirements and recommends using of digital signatures to protect IEC 61850 GOOSE or SV messages from cyber-attacks. Further, the IEC 62351-6 standard recommends RSASSA-PKCS1-v1_5 to Secure GOOSE and SV. However, the RSA based digital signature algorithms exhibit higher computational delays and do not meet the strict timing requirement of 3 ms for GOOSE messages [19]. The computational times required for generating digital signatures using RSASSA-PKCS1-v1_5 are given in the

Table 2. Computational time for RSASSA-PKCS1-v1_5 digital signature algorithm.

DS Algorithm	Key Size (bits)	DS Signing Time (ms)	DS Verification Time (ms)	Processor	Reference
RSASSA-PKCS1-v1_5	1024	0.942	0.283	Intel i5-3210M CPU @2.50GHz	[19]
	2048	3.56	0.75

. Accordingly, Keyed Hash based Message Authentication Code (HMAC) based digital are proposed in literature for securing GOOSE messages [23].

In this paper, authors developed S-GoSV software framework that implements both RSASSA-PKCS1-v1_5 digital signature and HMAC algorithms. Authors considered securing Sample Value messages as a future work.

3.1. RSASSA-PKCS1-v1_5 Digital Signature Algorithm

Development of secure S-GoSV software framework for RSASSA-PKCS1-v1_5 digital signature is done in two steps. In the first step, the digital signature is generated using RSASSA-PKCS1-v1_5 digital signature algorithm. The first step is implemented using python Crypto.PKCS1_v1_5 libraries. In the second step, the generated digital signature is transmitted using GoSV software which is developed using C language by adding extension fields.

Digital signatures for GOOSE message are generated in two major steps. First, an EMSA encoded message (EAPDU) generated for the GOOSE message. The EMSA encoding involves generation of hash value using SHA256 and addition of paddings [19]. Second, the generated encoded message is converted to octet string format and then signed by digital signature algorithm RSASSA-PKCS1-v1_5. The complete process of digital signature generation and verification for RSASSA-PKCS1-v1_5 is described in [19]. Figure 6 outlines the generation and verification of digital signature using RSASSA-PKCS1-v1_5 algorithm. GOOSE message along with appended DS is sent to subscriber in the network. At subscriber, a new EMSA encoded message (newEAPDU) is generated with the received GOOSE message and the received DS is decrypted by using the public key of the publisher. This decrypted digital signature value (EAPDU) is compared with the a new EMSA encoded value (newEAPDU) generated at the subscriber. If both are the same, then GOOSE message is valid otherwise it will not be accepted as a legitimate message.

In order to carry this additional Digital Signature (DS) value in the ethernet frame, IEC 62351-6 standard specifies extension to be added at the end of ethernet frame as shown in the Figure 7. Extension field consists of SEQUENCE field and authentication value. SEQUENCE field is reserved for future security considerations other than encryption and message authentication. Authentication value contains digital signature value generated by RSASSA-PKCS1-v1_5.

RSASSA-PKCS1-v1_5 (Public Key Cryptography Standard #1 version 1.5) digital signature algorithm generates digital signature in three steps, as shown in Algorithm 1 below. In the first step, it takes GOOSE APDU as input and performs encoding using EMSA_PKCS1-v1_5 encoding scheme. The output of the encoding scheme is Encoded APDU (EAPDU). In the second step, EAPDU is converted into integer representation. In the final step, integer representation is encrypted with private key of RSA algorithm that gives digital signature (ds).

Algorithm 1. RSASSA_PKCS1-v1_5_Gen_Signature (gooseAPDU)

$1:\left(Pub\_Key, \mathrm{Pr}\_Key\right) \leftarrow Gen\_Keys()$

$2:EAPDU\leftarrow EMSA\_PKCS1\_v1\_5\_Encode\left(gooseAPDU\right)$

$3:x \leftarrow OctetString2Integer\left(EAPDU\right)$

$4:ds\leftarrow RSAEn{c}_{\mathrm{Pr}\_Key}\left(x\right)$

$5:return ds$

Algorithm 2. RSASSA_PKCS1-v1_5_Signature_Verify (gooseAPDU, ds)

$1:\left(Pub\_Key, \mathrm{Pr}\_Key\right) \leftarrow Gen\_Keys()$

$2:x\leftarrow RSADe{c}_{\mathrm{Pub}\_Key}\left(ds\right)$

$3:EAPDU\leftarrow Integer2OctetString\left(x\right)$

$4:newEAPDU\leftarrow EMSA\_PKCS1\_v1\_5\_Encode\left(gooseAPDU\right)$

$5:if \left(EAPDU=newEAPDU\right)$

$6:then$

$7: received GOOSE message valid$

$8:else$

$9: received GOOSE messge is invalid$

$10:return False$

At the publisher device, Algorithm 2 takes input a GOOSE APDU (gooseAPDU) and gives encoded code (EAPDU) using EMSA_PKCS1-v1_5 encoding algorithm. The output of encoding scheme is converted into integer representation (x) which is further signed with RSA private key (Pr_Key) that generates digital signature (ds). At the subscriber device, RSASSA_PKCS1-v1_5_Signature_verify algorithm verifies the generated signature (ds). The received digital signature (ds) is decrypted with RSA public key (Pub_Key) that gives integer representation x. Further, integer representation (x) value is converted into octet string that gives Encoded APDU (EAPDU). A new Encoded APDU (newEAPDU) is generated by taking received GOOSE APDU (gooseAPDU) as input to EMSA Encoding scheme. Newly generated EAPDU and received EAPDU is compared, if both are same then received GOOSE APDU (gooseAPDU) is valid otherwise it is invalid. Figure 6 illustrates the signature generation and verification process based on RSASSA_PKCS1-v1_5 digital signature algorithm.

3.2. HMAC

Keyed Hash based Message Authentication Code (HMAC) is used for data origin authentication and integrity verification mechanisms in the network communications. It can be combined with either of the three different Secure Hash Algorithms: SHA256, SHA384 and SHA512. Secure Hash algorithms are cryptographic hash functions that generate hash values. HMAC combined with either of the above Secure Hash algorithms can be employed to generate digital signature instead of asymmetric RSASSA-PKCS1-v1_5 specified by IEC 62351-6. In this paper, among the above variants we have chosen HMAC with SHA256 algorithm for digital signature calculation. The main goal of these variants is to ensure the authenticity of data and it is not modified during its transmission in the network. HMAC implementation requires a pre-shared key shared by both publisher and subscriber. The security of the HMAC is ensured by the secure distribution and unpredictability of the associated secret symmetric key. The size of input data is arbitrary and produces a fixed size output. For HMAC-SHA256 where key size is 256 bits, it produces 32 bytes of digital signature.

In S-GoSV framework the HMAC algorithm is implemented using openSSL/hmac C libraries. The openSSL/hmac libraries are used to generate the MAC value (i.e., digital signature), using the pre-shared key, which is appended to GOOSE message and sent to subscriber. At the subscriber, again the MAC value is calculated for the received GOOSE message using the pre-shared key. The newly generated MAC value at the subscriber is compared with the received MAC value. If they do not match the GOOSE message is rejected. Figure 8 shows the process of securing GOOSE messages with HMAC algorithm.

4. Implementation Results

4.1. GoSV

Initially, GoSV software framework is implemented that generates custom GOOSE and Sample Values using C library. A testbed consists of three laptop computers connected in a Local Area Network (LAN) environment as shown in the Figure 9. GoSV software program running in a laptop computer constructs custom GOOSE and Sample Values according to TLV formats described in the Figure 3 and Figure 4 and send them in to LAN. Figure 10 and Figure 11 shows the screenshots of GoSV software program sending custom GOOSE and Sample Value frames respectively. In order to test the validity of messages generated by GoSV, Infotech Avenue SAV receiver [24] software is run at the destination node which runs Windows OS. The stream was successfully detected as shown in the Figure 12 where the input stream from GoSV is listed as a legitimate SV message. Further to test the legitimacy of the generated GOOSE and SV messages, Libiec61850’s SV subscriber [10] module is run at the receiving node. Libiec61850 SV subscriber run in Linux platform. The packets are successfully received as SV messages and unpacked as defined in IEC 61850 standard. Figure 12 shows how libiec61850 SV subscriber receives SV messages generated by GoSV software. In addition to this, Wireshark network sniffer software tool identifies GoSV frames as IEC SV and IEC GOOSE messages and all the required fields are successfully decoded as shown in the Figure 13 and Figure 14.

4.2. Secure-GoSV

As security of GOOSE messages is of prime importance which transmits time critical information, compromising it causes devastating consequences in the grid. Authors of this paper further extended the implementation of GoSV software framework to protect GOOSE messages using RSASSA-PKCS1-v1_5 digital signature algorithm as specified by IEC 62351-6 using openSSL library. Protecting Sample Value messages can be further implemented in the future works.

Figure 15 shows the Wireshark capture of implementation of RSASSA-PKCS1-v1_5 digital signature algorithm. Reserved1 and Reserved2 fields of GOOSE APDU fields are used when security mechanism is applied. In order to carry additional value of digital signature, an extension field which consists of SEQUENCE, Authentication value in tag-length-value (TLV) format is constructed in the program. Figure 15 shows tag value for SEQUENCE field is 0x30 and length is 0x24. Authentication field tag value is 0xA4 and length is 0x22. Finally, digital signature tag value is 0x85, length value is 0x80 followed by 128 bytes of generated digital signature value by RSASSA-PKCS1-v1_5 digital signature algorithm. Similarly, Figure 16 shows the Wireshark capture of implementation of HMAC algorithm for securing GOOSE message.

5. Conclusions

IEC 61850 standard is receiving more attention as it is poised to become the power system communication standard of the future. Much of the research focuses on customizing IEC 61850 information models as well as message structures to accommodate new smart grid equipment. Current software available for GOOSE and SV messages do not have the capability to customize their contents and properties, such as contained data and sampling rate. However, performance studies necessitate the existence of a tool that can construct and publish custom GOOSE and SV messages. GoSV software is developed to fill this gap. Lab tests show that messages published by GoSV strictly conform to IEC 61850 format as they are successfully identified by several other software such as Infotech Avenue receiver software which runs on Windows OS platform and Libiec61850 Subscriber module which runs on Linux. Furthermore, Wireshark network sniffer software tool also successfully decodes all the fields of generated custom GoSV frames. In addition to publishing messages, security requirements for GOOSE messages is implemented based on IEC 62351-6 which specifies digital signatures to achieve message authentication and integrity. GoSV software is extended as S-GoSV to implement RSASSA-PKCS1-v1_5 digital signature based on IEC 62351-6 recommendation. After running performance studies with S-GoSV, it is found that RSA based digital signatures do not meet the timing requirements of power system communication and an alternative is required. MAC based digital signature algorithm HMAC-SHA256 is implemented for GOOSE messages. For future work, it is possible to secure Sample Value messages in the substation communication network.