EN IEC 62351-6:2020 pdf free.Power systems management and associated information exchange – Data and communications security – Part 6: Security for IEC 61850 (IEC 62351-6:2020).
IEC 61850-8-1 and lEC 61850-9-2 specify two different application protocols that utilize theIEC 61850 Multicast Association model.These are GSE (e.g.GOoSE) and Multicast SampledValues.These application protocols are mapped over two different T-Profile mappings.
The T-Profiles specified provide a Layer 2 and a Routable mapping of the application protocol.The combination of the A-Profiles and T-Profiles are commonly referred to as as Layer 2 orRoutable (e.g. Layer 2 GO0SE or Routable GOOSE). This document specifies securitybehaviours that are common regardless of the T-Profile and specific security protocolextensions for the Layer 2 T-Profiles.
This clause specifies the expected behaviours for replay protection for both GOoSE andMulticast Sampled Values regardless of the T-Profile utilized.
Replay protection can be implemented for GO0SE and Sampled Value A-Profiles with or withoutsecurity extensions. The replay protection algorithms specified in the following clauses are forsubscribers claiming conformance to this part and therefore replay protection is to beimplemented regardless if the published G0oSE or Sampled Value APDU has security.Thereplay protection algorithm is implemented by the subscriber
The normal GoOSE subscriber state machine in lEC 61850-8-1 does not detail how to transitionout-of-order state numbers (stNum) or sequence numbers (sqNum) should be received.
lmplementations claiming conformance to this standard shall implement the state machineshown in Figure 2.Additional security and replay checks may be implemented.For this clause,the Application is defined as the coosE subscriber function and not the actual process thatutilizes GoOSEData(per lEC 61850-7-2) in order to perform protection, etc.
Figure 2 is relevant for GO0SE messages for which the subscriber has an active subscriptionshall be configured through the use of sCL and an ICT.Other configuration mechanisms areout-of-scope. Implementations claiming conformance to this clause shall maintain at least thefollowing internal state machine variables: last received stNum (lastRcvStNum); last receivedsqNum (lastRcvSqNum); last received state change timestamp (lastRcvT); and an internal TimeAllowed to Live (intTAL) value.The states and their transitions are defined as follows:
1) The Non-Existent state represents the state when there is no GooSE subscription.
2) Upon activating the subscription (e.g. power-up or subscription configuration), the state machine will internally set the lastRcvStNum , lastRcvSqNum,lastRcvT,and intTAL toinvalid since no GooSE message has been received and the state machine transitions tothe Wait for GooSE Message state.
Upon receiving the subscribed GoOSE message,the subscriber shall transition to theSecurity Checks state (State 3).
3) The processing in the Security Checks state is described in
lf the Subscriber has never received a key from the KDC, it shall pass the security checkfor non-encrypted packets and perform a GROUP-PULL as defined by lEC 62351-9.Subscribers receiving an encrypted GOoSE messages,and not having the key for the IDconveyed in the GooSE message shall transition to Security Check Failure and shallperform a GROUP-PULL as defined by lEC 62351-9.
lf the subscriber has been unable to receive keys prior to the expiration of the last keydelivered, it shall report an alarm indicating that key delivery has failed and that expiredkeys are being assumed. It shall process packets whose keyID is the last key delivered.EN IEC 62351-6 pdf download.