Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives

IEC 62351:2018 specifies security requirements both at the transport layer and at the application layer. While IEC TS 62351-4:2007 primarily provided some limited support at the application layer for authentication during handshake for the Manufacturing Message Specification (MMS) based applications, this document provides support for extended integrity and authentication both for the handshake phase and for the data transfer phase. It provides for shared key management and data transfer encryption at the application layer and it provides security end-to-end (E2E) with zero or more intermediate entities. While IEC TS 62351-4:2007 only provides support for systems based on the MMS, i.e. systems using an Open Systems Interworking (OSI) protocol stack, this document provides support for application protocols using other protocol stacks, e.g. an Internet protocol suite. This support is extended to protect application protocols using XML encoding. This extended security at the application layer is referred to as E2E-security. In addition to E2E security, this part of IEC 62351 also provides mapping to environmental protocols carrying the security related information. Only OSI and XMPP environments are currently considered.

Gestion des systèmes de puissance et échanges d’informations associés - Sécurité des communications des données - Partie 4 : Profils comprenant le MMS et ses dérivés

IEC 62351:2018 spécifie les exigences de sécurité concernant à la fois la couche transport et la couche application. Alors que l’IEC TS 62351-4:2007 apportait principalement une aide limitée concernant la couche application pour l’authentification lors de l’établissement de liaison des applications fondées sur la messagerie MMS (manufacturing message specification), le présent document fournit également une assistance quant à l’extension de l’intégrité et l’authentification lors des phases d’établissement de liaison et de transfert de données. Il pourvoit à la gestion essentielle partagée et au chiffrement de transfert de données pour la couche application et assure la sécurité bout-à-bout (E2E - end-to-end) avec zéro entité intermédiaire ou plus. Alors que l’IEC TS 62351-4:2007 apporte une assistance uniquement pour les systèmes fondés sur la MMS, c’est-à-dire les systèmes utilisant une pile de protocoles OSI (open systems interworking - interconnexion de systèmes ouverts), le présent document fournit également une assistance quant aux protocoles d’application utilisant d’autres piles de protocoles, par exemple une suite de protocoles Internet (voir 4.1). Cette assistance est étendue afin d’assurer la protection des protocoles d’application utilisant le codage XML. Cette sécurité étendue au niveau de la couche application est appelée sécurité E2E.
En plus de la sécurité E2E, la présente partie de l’IEC 62351 présente également la mise en correspondance avec les protocoles environnementaux comportant les informations concernant la sécurité. Seuls les environnements OSI et XMPP sont actuellement pris en considération.

General Information

Status
Published
Publication Date
16-Jul-2020
Current Stage
PPUB - Publication issued
Start Date
23-Nov-2018
Completion Date
19-Nov-2018
Ref Project

Relations

Buy Standard

Standard
iec62351-4{ed1.0}en - IEC 62351-4:2018 - Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives Released:11/19/2018 Isbn:9782832262627
English language
109 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
iec62351-4{ed1.1}b - IEC 62351-4:2018+AMD1:2020 CSV - Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS and derivatives Released:7/17/2020
English and French language
494 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC 62351-4 ®
Edition 1.0 2018-11
INTERNATIONAL
STANDARD
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 4: Profiles including MMS and derivatives

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC 62351-4 ®
Edition 1.0 2018-11
INTERNATIONAL
STANDARD
colour
inside
Power systems management and associated information exchange – Data and

communications security –
Part 4: Profiles including MMS and derivatives

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 33.200 ISBN 978-2-8322-6262-7

– 2 – IEC 62351-4:2018 © IEC 2018
CONTENTS
FOREWORD . 8
1 Scope . 10
1.1 General . 10
1.2 Code components . 11
2 Normative references . 11
3 Terms, definitions and abbreviated terms . 12
3.1 General . 12
3.2 Terms and definitions . 13
3.3 Abbreviated terms . 16
4 Security issues addressed by this part of IEC 62351 . 17
4.1 Communications reference models . 17
4.2 Security for application and transport profiles . 18
4.3 Compatibility and native modes. 19
4.4 Security threats countered . 19
4.4.1 General . 19
4.4.2 Threats countered in compatibility mode . 20
4.4.3 Threats countered in native mode . 20
4.5 Attack methods countered . 20
4.5.1 General . 20
4.5.2 Attacks countered in compatibility mode . 20
4.5.3 Attacks countered in native mode . 20
4.6 Logging . 21
5 Specific requirements . 21
5.1 Specific requirements for ICCP/IEC 60870-6-x communication stack . 21
5.2 Specific requirements for IEC 61850 . 22
6 Transport Security . 22
6.1 General . 22
6.2 Application of transport layer security (TLS) . 22
6.2.1 General . 22
6.2.2 The TLS cipher suite concept . 23
6.2.3 TLS session resumption . 23
6.2.4 TLS session renegotiation . 23
6.2.5 Supported number of trust anchors . 23
6.2.6 Public-key certificate size . 23
6.2.7 Evaluation period for revocation state of public-key certificates . 23
6.2.8 Public-key certificate validation . 24
6.2.9 Security events handling . 24
6.3 T-security in an OSI operational environment . 24
6.3.1 General . 24
6.3.2 TCP ports . 24
6.3.3 Disabling of TLS . 25
6.3.4 TLS cipher suites support . 25
6.4 T-security in an XMPP operational environment . 26
7 Application layer security overview (informative) . 26
7.1 General . 26
7.2 Description techniques . 27

7.2.1 General . 27
7.2.2 ASN.1 as an XML schema definition . 27
7.2.3 W3C XML Schema Definition (W3C XSD) . 28
7.2.4 XML namespace . 28
8 Use of cryptographic algorithms . 28
8.1 General . 28
8.2 Basic cryptographic definitions . 28
8.3 Public-key algorithms . 29
8.4 Hash algorithms . 30
8.5 Signature algorithms . 30
8.6 Symmetric encryption algorithms used for encryption only . 30
8.7 Authenticated encryption algorithms . 31
8.8 Integrity check value algorithms . 31
9 Object identifier allocation (normative) . 32
10 General OSI upper layer requirements (normative) . 32
10.1 Overview. 32
10.2 General on OSI upper layer requirements . 33
10.3 Session protocol requirements . 33
10.4 Presentation protocol requirements . 34
10.4.1 Context list . 34
10.4.2 Abstract syntaxes . 34
10.4.3 Presentation user data . 34
10.4.4 ASN.1 encoding requirements . 35
10.5 Association control service element (ACSE) protocol requirements . 36
10.5.1 General . 36
10.5.2 Protocol version . 36
10.5.3 Titles . 36
10.5.4 Use of ASN.1 EXTERNAL data type . 36
11 A-security-profile (normative) . 37
11.1 OSI requirements specific to A-security profile . 37
11.1.1 General . 37
11.1.2 Additional session protocol requirements . 37
11.1.3 Additional presentation protocol requirement . 37
11.1.4 Additional ACSE requirements . 37
11.2 MMS Authentication value . 39
11.2.1 General . 39
11.2.2 MMS-Authentication value data type . 39
11.2.3 Handling of the association request (AARQ-apdu) . 40
11.2.4 Handling of the association result (AARE-apdu) . 40
12 End-to-end application security model . 41
12.1 Introduction and general architecture . 41
12.2 Abstract syntax specifications . 42
12.2.1 General . 42
13 End-to-end application security (normative) . 43
13.1 Association management . 43
13.1.1 General concept . 43
13.1.2 UTC time specification . 43
13.1.3 Handshake request . 43
...


IEC 62351-4 ®
Edition 1.1 2020-07
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 4: Profiles including MMS and derivatives

Gestion des systèmes de puissance et échanges d'informations associés –
Sécurité des communications et des données –
Partie 4: Profils comprenant le MMS et ses dérivés

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and definitions clause of
IEC publications issued between 2002 and 2015. Some
IEC Customer Service Centre - webstore.iec.ch/csc entries have been collected from earlier publications of IEC
If you wish to give us your feedback on this publication or TC 37, 77, 86 and CISPR.

need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - Electropedia - www.electropedia.org
webstore.iec.ch/advsearchform Le premier dictionnaire d'électrotechnologie en ligne au
La recherche avancée permet de trouver des publications IEC monde, avec plus de 22 000 articles terminologiques en
en utilisant différents critères (numéro de référence, texte, anglais et en français, ainsi que les termes équivalents dans
comité d’études,…). Elle donne aussi des informations sur les 16 langues additionnelles. Egalement appelé Vocabulaire
projets et les publications remplacées ou retirées. Electrotechnique International (IEV) en ligne.

IEC Just Published - webstore.iec.ch/justpublished Glossaire IEC - std.iec.ch/glossary
Restez informé sur les nouvelles publications IEC. Just 67 000 entrées terminologiques électrotechniques, en anglais
Published détaille les nouvelles publications parues. et en français, extraites des articles Termes et définitions des
Disponible en ligne et une fois par mois par email. publications IEC parues entre 2002 et 2015. Plus certaines
entrées antérieures extraites des publications des CE 37, 77,
Service Clients - webstore.iec.ch/csc 86 et CISPR de l'IEC.

Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 62351-4 ®
Edition 1.1 2020-07
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Power systems management and associated information exchange – Data and

communications security –
Part 4: Profiles including MMS and derivatives

Gestion des systèmes de puissance et échanges d'informations associés –

Sécurité des communications et des données –

Partie 4: Profils comprenant le MMS et ses dérivés

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 33.200 ISBN 978-2-8322-8621-0

IEC 62351-4 ®
Edition 1.1 2020-07
REDLINE VERSION
VERSION REDLINE
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 4: Profiles including MMS and derivatives

Gestion des systèmes de puissance et échanges d'informations associés –
Sécurité des communications et des données –
Partie 4: Profils comprenant le MMS et ses dérivés

– 2 – IEC 62351-4:2018+AMD1:2020 CSV
© IEC 2020
CONTENTS
FOREWORD . 8
1 Scope . 10
1.1 General . 10
1.2 Code components . 11
2 Normative references . 11
3 Terms, definitions and abbreviated terms . 12
3.1 General . 12
3.2 Terms and definitions . 13
3.3 Abbreviated terms . 16
4 Security issues addressed by this part of IEC 62351 . 18
4.1 Communications reference models . 18
4.2 Security for application and transport profiles . 18
4.3 Compatibility and native modes. 19
4.4 Security threats countered . 19
4.4.1 General . 19
4.4.2 Threats countered in compatibility mode . 20
4.4.3 Threats countered in native mode . 20
4.5 Attack methods countered . 20
4.5.1 General . 20
4.5.2 Attacks countered in compatibility mode . 20
4.5.3 Attacks countered in native mode . 20
4.6 Logging . 21
5 Specific requirements . 21
5.1 Specific requirements for ICCP/IEC 60870-6-x communication stack . 21
5.2 Specific requirements for IEC 61850 . 22
6 Transport Security . 22
6.1 General . 22
6.2 Application of transport layer security (TLS) . 22
6.2.1 General . 22
6.2.2 The TLS cipher suite concept . 23
6.2.3 TLS session resumption . 23
6.2.4 TLS session renegotiation . 23
6.2.5 Supported number of trust anchors . 23
6.2.6 Public-key certificate size . 23
6.2.7 Evaluation period for revocation state of public-key certificates . 23
6.2.8 Public-key certificate validation . 24
6.2.9 Security events handling . 24
6.3 T-security in an OSI operational environment . 24
6.3.1 General . 24
6.3.2 TCP ports . 24
6.3.3 Disabling of TLS . 25
6.3.4 TLS cipher suites support . 25
6.4 T-security in an XMPP operational environment . 27
7 Application layer security overview (informative) . 27
7.1 General . 27
7.2 Description techniques . 28

© IEC 2020
7.2.1 General . 28
7.2.2 ASN.1 as an XML schema definition . 28
7.2.3 W3C XML Schema Definition (W3C XSD) . 28
7.2.4 XML namespace . 29
8 Use of cryptographic algorithms . 29
8.1 General . 29
8.2 Basic cryptographic definitions . 29
8.3 Public-key algorithms . 30
8.4 Hash algorithms . 31
8.5 Signature algorithms . 31
8.6 Symmetric encryption key algorithms used for encryption only . 31
8.7 Authenticated encryption algorithms . 32
8.8 Integrity check value algorithms . 32
9 Object identifier allocation (normative) . 33
10 General OSI upper layer requirements (normative) . 33
10.1 Overview. 33
10.2 General on OSI upper layer requirements . 34
10.3 Session protocol requirements . 34
10.4 Presentation protocol requirements . 35
10.4.1 Context list .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.