Secure Protocol and IP Core for Configuration of Networking Hardware IPs in the Smart Grid

Nowadays, the incorporation and constant evolution of communication networks in the electricity sector have given rise to the so-called Smart Grid, which is why it is necessary to have devices that are capable of managing new communication protocols, guaranteeing the strict requirements of processing required by the electricity sector. In this context, intelligent electronic devices (IEDs) with network architectures are currently available to meet the communication, real-time processing and interoperability requirements of the Smart Grid. The new generation IEDs include an Field Programmable Gate Array (FPGA), to support specialized networking switching architectures for the electric sector, as the IEEE 1588-aware High-availability Seamless Redundancy/Parallel Redundancy Protocol (HSR/PRP). Another advantage to using an FPGA is the ability to update or reconfigure the design to support new requirements that are being raised to the standards (IEC 61850). The update of the architecture implemented in the FPGA can be done remotely, but it is necessary to establish a cyber security mechanism since the communication link generates vulnerability in the case the attacker gains physical access to the network. The research presented in this paper proposes a secure protocol and Intellectual Property (IP) core for configuring and monitoring the networking IPs implemented in a Field Programmable Gate Array (FPGA). The FPGA based implementation proposed overcomes this issue using a light Layer-2 protocol fully implemented on hardware and protected by strong cryptographic algorithms (AES-GCM), defined in the IEC 61850-90-5 standard. The proposed secure protocol and IP core are applicable in any field where remote configuration over Ethernet is required for IP cores in FPGAs. In this paper, the proposal is validated in communications hardware for Smart Grids.

[1]  Peter Fairley,et al.  Cybersecurity at U.S. utilities due for an upgrade: Tech to detect intrusions into industrial control systems will be mandatory [News] , 2016 .

[2]  Ingrid Verbauwhede,et al.  A single-chip solution for the secure remote configuration of FPGAs using bitstream compression , 2013, 2013 International Conference on Reconfigurable Computing and FPGAs (ReConFig).

[3]  Ross J. Anderson,et al.  The Protection of Substation Communications , 2009 .

[4]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping , 2012 .

[5]  Göran N Ericsson,et al.  Cyber Security and Power System Communication—Essential Parts of a Smart Grid Infrastructure , 2010, IEEE Transactions on Power Delivery.

[6]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[7]  Hirak J. Kashyap Secure dynamic reconfiguration of FPGAs , 2014 .

[9]  Ingrid Verbauwhede,et al.  Secure, Remote, Dynamic Reconfiguration of FPGAs , 2015, TRETS.

[10]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[11]  Yang Xiao,et al.  Cyber Security and Privacy Issues in Smart Grids , 2012, IEEE Communications Surveys & Tutorials.

[12]  Jérémie Crenne,et al.  SecURe DPR: Secure update preventing replay attacks for dynamic partial reconfiguration , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[13]  Georgios Zervas,et al.  REoN: A protocol for reliable software-defined FPGA partial reconfiguration over network , 2016, 2016 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[14]  Javier Castillo,et al.  Secure IP downloading for SRAM FPGAs , 2007, Microprocess. Microsystems.