A Novel Approach for Mitigation of Replay and Masquerade Attacks in Smartgrids Using IEC 61850 Standard

Abstract

There is growing awareness towards cybersecurity threats in power systems. Deployment of more intelligent electronic devices (IEDs) and the communication lines increase the probability of such attacks. IEC 61850 standard facilitates communication between different IEDs and eases interoperable operation with set data and message structures. An unwanted consequence of this standardized communication over ethernet is increased viability to cyber threats. Replay and masquerade attacks are, especially, of concern due to their imminent impact on the operation. While detecting replay attacks is easier, since the original messages are used for the attack, masquerade attack messages may be difficult to distinguish from original ones. Furthermore, inadequate mitigation approaches may be tricked by the hackers and the system starts the attacker as the authentic sender and discards original messages from authentic sources. It is vital to develop an approach that incorporates message authentication. In this fashion, when the hackers modify the message contents to by-pass security systems, the tampering can be detected, and the messages will be discarded. This paper analyses replay and masquerade attacks on IEC 61850 GOOSE messages and develops a solution to mitigates both of those. To detect modified messages, two distinct authentication mechanisms are utilized: RSA since it is the algorithm stipulated in IEC 62351-6 and Elliptic Curve Digital Signature Algorithm (ECDSA) due to its widespread use in smartgrid cybersecurity solutions. A full solution to mitigate GOOSE replay and masquerade attacks is developed based on the proposed framework in IEC 62351 standard. Full implementation is tested in the lab and results are included to show the viability of the solution.