IEC 62351 - Security
IEC 62351-4: Security for any profiles including MMS ( ICCP-based IEC 60870-6, IEC 61850) contains the following sections:
IEC 62351-6: GOOSE / SV Security
Integration with Xelas Energy Management Products
In this picture on the left the 'client' is described and on the right the 'server' side is described.
The client consists out of IEC 61850/61400 MMS based adapters, a database, a Web GUI and services on top of the database. This runs on top of the RFC 1006 stack.
The IEC 61850 server also runs on top of the RFC 1006 stack, and is configured with a SCL/ICD file, a configuration file used during bootup.
The IEC 62351 adapter plugin is available for both client and server, as described in the picture above.
It provides the following functions :
· Authentication for MMS : This is performed during association establishment in ACSE layer (one of the OSI layers). The client passes an authentication string, which is verified by the server. The server can define the aut
hentication the SCL/ICD file
· TLS Encryption : on the client side, in the database/GUI IEC 62351 or RFC 1006 can ve configured as a profile. Within process management the IEC 62351 client adapter can be started and stopped. On the server side
(or server simulator) a IEC 62351 server adapter (or task on embedded platform such as VxWorks) can be configured as well. These adapters facilitate the TLS encryption.
The solution is backwards compatible. If a server dose not support IEC 62351, on the client side RFC1006 can be configured as a profile. This defines regular OSI on top of TCP/IP protocol.
The 62351-6 security module has the following features:
· Authentication security
· HMAC algorithm SHA-256 (256, 128 or 80 bit)
·AES-128 or AES-256
· Configurable per IE 61850 dataset for GOOSE or SV Control block
· Available for IEC 61850 and 61850-5 (Routed GOOSE and SV)
The solution is backwards compatible. If a server does not support IEC 62351, on the client side RFC1006 can be configured as a profile. This defines regular OSI on top of TCP./IP protocol.
Java configuration Tool
Both security implementations make use of JAVA based GUI configuration tool. The configuration tool takes care of importing and distribution of the X.509 certificates.
VIEW61850 Embedded SERVER/CLIENT Development
VIEWIEC 61850 Simulators
VIEWIEC 61850 Conformance Testing
VIEW61850 Protocol Stack Libraries
VIEWR-GOOSE / R-SV
VIEWIEC 61850 Modbus Gateway
VIEWSubstation Data Gateway
VIEWIEC 60870-5-104 Gateway
VIEWNetwirk Data Inregration Framework
VIEW61850 CLIENT Development