Secure communication interface for line current differential protection over Ethernet-based networks

We consider a line current differential protection (LCDP) system, where the protective relays communicate via Ethernet-based networks. In correct function, LCDP devices switch off the protected power line in case of a fault. Since such a switching may immensely effect the entire power grid, the communication line between the protective relays is an attractive target to attack power grids. For LCDP systems, we identify the measurement exchange and the channel based clock synchronization as vulnerable components, for which we introduce threat models and a security concept. More specifically, we use IPsec to protect the communication and a newly introduced algorithm to detect delay attacks. Only the combination of both ensures secure operation of LCDP, which is shown in real measurements.

[1]  Konstantin Beznosov,et al.  A Security Analysis of the Precise Time Protocol (Short Paper) , 2006, ICICS.

[2]  Penny Hitchin Keeping the lights on , 2014 .

[3]  Mourad Debbabi,et al.  A detection and mitigation model for PTP delay attack in a smart grid substation , 2015, 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[4]  T. Mizrahi A game theoretic analysis of delay attacks against time synchronization protocols , 2012, 2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings.

[5]  Joachim Fabini,et al.  Security Challenges for Wide Area Monitoring in Smart Grids , 2014, Elektrotech. Informationstechnik.

[6]  Andreas Aichhorn,et al.  Realization of Line Current Differential Protection over IP-based Networks using IEEE 1588 for Synchronous Sampling , 2016 .

[7]  O. Rintamaki,et al.  Communicating line differential protection for urban distribution networks , 2008, 2008 China International Conference on Electricity Distribution.

[8]  René Mayrhofer,et al.  Accurate clock synchronization for power systems protection devices over packet switched networks , 2016, Computer Science - Research and Development.