Secure DNP3 Services Scheme in Smart Grid Link Layer Based on GCM-AES

This paper defines a new DNP3 link layer frame structure based on the link layer packet characteristics of transmission time requirements and security requirements in substation automation system (SAS). The new frame structure can provide three different work modes: authentication, authorization-encryption, non-authenticated encryption. Then we propose a link-layer security service mechanism in substation automation system based on the GCM-AES, including the session key agreement protocol based on EKE, GMAC-based message authentication protocol, GCM-AES Authentication Encryption-based DNP3 protocol and GCM-AES-based message transform algorithm. Through experimental calculation and analysis, the results show that the new security mechanisms achieve the efficient and safety in substation packets transmission.

[1]  Kwangjo Kim,et al.  Simulated Attack on DNP3 Protocol in SCADA System , 2014, SCIS 2014.

[2]  H. T. Mouftah,et al.  Authentication and authorization mechanisms for substation automation in smart grid network , 2013, IEEE Network.

[3]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[4]  Soojin Park,et al.  The Sensors Connectivity within SCADA Automation Environment and New Trends for Security Development during Multicasting Routing Transmission , 2015, Int. J. Distributed Sens. Networks.

[5]  Ye Xiamin Propagation Mechanism of Cyber Physical Security Risks in Power Systems , 2015 .

[6]  Stéphane Manuel,et al.  Classification and generation of disturbance vectors for collision attacks against SHA-1 , 2011, Des. Codes Cryptogr..

[7]  David M. Nicol,et al.  An event buffer flooding attack in DNP3 controlled SCADA systems , 2011, Proceedings of the 2011 Winter Simulation Conference (WSC).

[8]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[9]  Ernest Foo,et al.  Formal modelling and analysis of DNP3 secure authentication , 2016, J. Netw. Comput. Appl..

[10]  Gan Wang,et al.  A SMART GRID CLIENT-SIDE TESTING PLATFORM FOR MONITORING , 2015 .

[11]  Jianfeng Ma,et al.  Authentication and Integrity in the Smart Grid: An Empirical Study in Substation Automation Systems , 2012, Int. J. Distributed Sens. Networks.

[12]  Eduardo Jacob,et al.  Cyber-security in substation automation systems , 2016 .

[13]  Akashi Satoh High-Speed Parallel Hardware Architecture for Galois Counter Mode , 2007, 2007 IEEE International Symposium on Circuits and Systems.

[14]  Tomoiaga Radu,et al.  Evaluation of DES, 3 DES and AES on Windows and Unix platforms , 2010, 2010 International Joint Conference on Computational Cybernetics and Technical Informatics.