Nowadays, Ethernet is the most popular technology in digital communication thanks to its flexibility and worldwide spread. This is the reason why the main industrial communication protocols today are based on Ethernet. Everybody says that Ethernet supports a large amount of different protocols, but only accurate laboratory tests can make this assumption true. Tests are performed on a hybrid network using three protocols: Profinet, IEC 61850 and TCP/IP. The combination of these three protocols represents an ideal industrial application where process automation, substation automation and general purpose data sharing interact. However, a shared network can be the cause of a drop in terms of safety and security in the industrial plant network. Safety has always played an important role in the life of human beings and the environment. The safety of process control systems is standardized in IEC 61508 and IEC 61784-3, but this is not the same in the area of substation automation system. Several tests are performed to prove if IEC 61850 (the standard protocol for substation automation) meets the requirements stated in IEC 61508 and if it can be used for safety-related functions. Security issues for industrial plants have become increasingly relevant during the past decade as the industry relied more and more on communication protocols. This work examines the security issues for IEC 61850 addressed by IEC 62351-6 providing a deepening for a secure GOOSE communication. The major issue implementing such a standard remains the computational power requested by the SHA algorithm in low-powered devices. As no manufacturer has made available a device implementing secure GOOSE communication yet, this solution is discussed only from a theoretical point of view. After that, it is presented a security test on the GOOSE communication during which the security issues of such a communication are exploited. This test aims to show what consequences may occur when a packet artfully created is injected within the IEC 61850 network. In the last part of this section, some countermeasures to mitigate such an issue are provided.
IEC 61850: a safety and security analysis in industrial multiprotocol networks
ROCCA, LUCA
2019-05-15
Abstract
Nowadays, Ethernet is the most popular technology in digital communication thanks to its flexibility and worldwide spread. This is the reason why the main industrial communication protocols today are based on Ethernet. Everybody says that Ethernet supports a large amount of different protocols, but only accurate laboratory tests can make this assumption true. Tests are performed on a hybrid network using three protocols: Profinet, IEC 61850 and TCP/IP. The combination of these three protocols represents an ideal industrial application where process automation, substation automation and general purpose data sharing interact. However, a shared network can be the cause of a drop in terms of safety and security in the industrial plant network. Safety has always played an important role in the life of human beings and the environment. The safety of process control systems is standardized in IEC 61508 and IEC 61784-3, but this is not the same in the area of substation automation system. Several tests are performed to prove if IEC 61850 (the standard protocol for substation automation) meets the requirements stated in IEC 61508 and if it can be used for safety-related functions. Security issues for industrial plants have become increasingly relevant during the past decade as the industry relied more and more on communication protocols. This work examines the security issues for IEC 61850 addressed by IEC 62351-6 providing a deepening for a secure GOOSE communication. The major issue implementing such a standard remains the computational power requested by the SHA algorithm in low-powered devices. As no manufacturer has made available a device implementing secure GOOSE communication yet, this solution is discussed only from a theoretical point of view. After that, it is presented a security test on the GOOSE communication during which the security issues of such a communication are exploited. This test aims to show what consequences may occur when a packet artfully created is injected within the IEC 61850 network. In the last part of this section, some countermeasures to mitigate such an issue are provided.
| File | Dimensione | Formato | |
|---|---|---|---|
|
phdunige_3274855.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Dimensione
7.13 MB
Formato
Adobe PDF
|
7.13 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
