IEC TS 62351-5:2013
(Main)Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives
Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives
IEC/TS 62351-5:2013(E) specifies messages, procedures and algorithms for securing the operation of all protocols based on or derived from IEC 60870-5: Telecontrol equipment and systems - Transmission protocols. This Technical Specification applies to at least those protocols listed in IEC 60870-5-101, 5-102, 5-103, 5-104. This new edition includes the following main changes with respect to the previous edition:
- adds the capability to change Update Keys remotely;
- adds security statistics to aid in detecting attacks;
- adds measures to avoid being forced to change session keys too often;
- discards unexpected messages more often as possible attacks;
- adds to the list of permitted security algorithms;
- adds new rules for calculating challenge sequence numbers.
General Information
Relations
Buy Standard
Standards Content (Sample)
IEC/TS 62351-5 ®
Edition 2.0 2013-04
TECHNICAL
SPECIFICATION
Power systems management and associated information exchange – Data and
communications security –
Part 5: Security for IEC 60870-5 and derivatives
IEC/TS 62351-5:2013(E)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
Useful links:
IEC publications search - www.iec.ch/searchpub Electropedia - www.electropedia.org
The advanced search enables you to find IEC publications The world's leading online dictionary of electronic and
by a variety of criteria (reference number, text, technical electrical terms containing more than 30 000 terms and
committee,…). definitions in English and French, with equivalent terms in
It also gives information on projects, replaced and additional languages. Also known as the International
withdrawn publications. Electrotechnical Vocabulary (IEV) on-line.
IEC Just Published - webstore.iec.ch/justpublished Customer Service Centre - webstore.iec.ch/csc
Stay up to date on all new IEC publications. Just Published If you wish to give us your feedback on this publication
details all new publications released. Available on-line and or need further assistance, please contact the
also once a month by email. Customer Service Centre: csc@iec.ch.
IEC/TS 62351-5 ®
Edition 2.0 2013-04
TECHNICAL
SPECIFICATION
Power systems management and associated information exchange – Data and
communications security –
Part 5: Security for IEC 60870-5 and derivatives
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
XE
ICS 33.200 ISBN 978-2-83220-732-1
– 2 – TS 62351-5 © IEC:2013(E)
CONTENTS
FOREWORD . 6
1 Scope and object . 8
2 Normative references . 9
3 Terms and definitions . 10
4 Abbreviated terms . 11
5 Problem description (informative) . 11
5.1 Overview of clause . 11
5.2 Specific threats addressed . 11
5.3 Design issues . 11
5.3.1 Overview of subclause . 11
5.3.2 Asymmetric communications . 11
5.3.3 Message-oriented . 12
5.3.4 Poor sequence numbers or no sequence numbers . 12
5.3.5 Limited processing power . 12
5.3.6 Limited bandwidth. 12
5.3.7 No access to authentication server . 12
5.3.8 Limited frame length . 13
5.3.9 Limited checksum . 13
5.3.10 Radio systems . 13
5.3.11 Dial-up systems . 13
5.3.12 Variety of protocols affected . 13
5.3.13 Differing data link layers . 14
5.3.14 Long upgrade intervals . 14
5.3.15 Remote sites . 14
5.3.16 Multiple users . 14
5.3.17 Unreliable media . 14
5.4 General principles . 14
5.4.1 Overview of subclause . 14
5.4.2 Authentication only . 14
5.4.3 Application layer only . 15
5.4.4 Generic definition mapped onto different protocols . 15
5.4.5 Bi-directional . 15
5.4.6 Challenge-response. 15
5.4.7 Pre-shared keys as default option. 15
5.4.8 Backwards tolerance . 15
5.4.9 Upgradeable . 16
5.4.10 Perfect forward secrecy . 16
5.4.11 Multiple users and auditing . 16
6 Theory of operation (informative) . 16
6.1 Overview of clause . 16
6.2 Narrative description . 16
6.2.1 Basic concepts . 16
6.2.2 Initiating the challenge . 17
6.2.3 Replying to the challenge . 17
6.2.4 Authenticating . 18
6.2.5 Authentication failure . 18
TS 62351-5 © IEC:2013(E) – 3 –
6.2.6 Aggressive mode . 18
6.2.7 Changing keys . 18
6.2.8 Security statistics . 22
6.3 Example message sequences . 22
6.3.1 Overview of subclause . 22
6.3.2 Challenge of a Critical ASDU . 23
6.3.3 Aggressive Mode . 24
6.3.4 Initializing and changing Session Keys . 24
6.4 State machine overview . 28
7 Formal specification . 32
7.1 Overview of clause . 32
7.2 Message definitions . 32
7.2.1 Distinction between messages and ASDUs . 32
7.2.2 Challenge message . 33
7.2.3 Reply message . 35
7.2.4 Aggressive Mode Request message . 36
7.2.5 MAC := OS8i[1.8i]; i:=specified by MALKey Status Request
message . 38
7.2.6 Key Status message . 38
7.2.7 Session Key Change message . 41
7.2.8 Error message . 43
7.2.9 User Status Change message . 45
7.2.10 Update Key Change Request message . 49
7.2.11 Update Key Change Reply message . 51
7.2.12 Update Key Change message . 52
7.2.13 Update Key Change Signature message . 53
7.2.14 Update Key Change Confirmation message . 54
7.3 Formal procedures . 55
7.3.1 Overview of subclause . 55
7.3.2 Security statistics . 56
7.3.3 Challenger procedures . 58
7.3.4 Responder procedures . 74
7.3.5 Controlling station procedures . 75
7.3.6 Controlled station procedures . 88
8 Interoperability requirements . 90
8.1 Overview of clause . 90
8.2 Minimum requirements . 90
8.2.1 Overview of subclause . 90
8.2.2 MAC algorithms . 90
8.2.3 Key wrap / transport algorithms . 91
8.2.4 Fixed values . 91
8.2.5 Configurable values . 91
8.3 Options . 96
8.3.1 Overview of subclause . 96
8.3.2 MAC algorithms . 96
8.3.3 Encryption algorithms . 98
8.3.4 Key wrap / transport algorithms . 98
8.3.5 Configurable values . 98
9 Special Applications . 99
– 4 – TS 62351-5 © IEC:2013(E)
9.1 Overview of clause . 99
9.2 Use with TCP/IP . 99
9.3 Use with redundant channels. 99
9.4 Use with external link encryptors . 99
10 Requirements for referencing this specification.
...
IEC/TS 62351-5 ®
Edition 2.0 2013-04
TECHNICAL
SPECIFICATION
Power systems management and associated information exchange – Data and
communications security –
Part 5: Security for IEC 60870-5 and derivatives
IEC/TS 62351-5:2013(E)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
Useful links:
IEC publications search - www.iec.ch/searchpub Electropedia - www.electropedia.org
The advanced search enables you to find IEC publications The world's leading online dictionary of electronic and
by a variety of criteria (reference number, text, technical electrical terms containing more than 30 000 terms and
committee,…). definitions in English and French, with equivalent terms in
It also gives information on projects, replaced and additional languages. Also known as the International
withdrawn publications. Electrotechnical Vocabulary (IEV) on-line.
IEC Just Published - webstore.iec.ch/justpublished Customer Service Centre - webstore.iec.ch/csc
Stay up to date on all new IEC publications. Just Published If you wish to give us your feedback on this publication
details all new publications released. Available on-line and or need further assistance, please contact the
also once a month by email. Customer Service Centre: csc@iec.ch.
IEC/TS 62351-5 ®
Edition 2.0 2013-04
TECHNICAL
SPECIFICATION
Power systems management and associated information exchange – Data and
communications security –
Part 5: Security for IEC 60870-5 and derivatives
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
XE
ICS 33.200 ISBN 978-2-83220-732-1
– 2 – TS 62351-5 © IEC:2013(E)
CONTENTS
FOREWORD . 6
1 Scope and object . 8
2 Normative references . 9
3 Terms and definitions . 10
4 Abbreviated terms . 11
5 Problem description (informative) . 11
5.1 Overview of clause . 11
5.2 Specific threats addressed . 11
5.3 Design issues . 11
5.3.1 Overview of subclause . 11
5.3.2 Asymmetric communications . 11
5.3.3 Message-oriented . 12
5.3.4 Poor sequence numbers or no sequence numbers . 12
5.3.5 Limited processing power . 12
5.3.6 Limited bandwidth. 12
5.3.7 No access to authentication server . 12
5.3.8 Limited frame length . 13
5.3.9 Limited checksum . 13
5.3.10 Radio systems . 13
5.3.11 Dial-up systems . 13
5.3.12 Variety of protocols affected . 13
5.3.13 Differing data link layers . 14
5.3.14 Long upgrade intervals . 14
5.3.15 Remote sites . 14
5.3.16 Multiple users . 14
5.3.17 Unreliable media . 14
5.4 General principles . 14
5.4.1 Overview of subclause . 14
5.4.2 Authentication only . 14
5.4.3 Application layer only . 15
5.4.4 Generic definition mapped onto different protocols . 15
5.4.5 Bi-directional . 15
5.4.6 Challenge-response. 15
5.4.7 Pre-shared keys as default option. 15
5.4.8 Backwards tolerance . 15
5.4.9 Upgradeable . 16
5.4.10 Perfect forward secrecy . 16
5.4.11 Multiple users and auditing . 16
6 Theory of operation (informative) . 16
6.1 Overview of clause . 16
6.2 Narrative description . 16
6.2.1 Basic concepts . 16
6.2.2 Initiating the challenge . 17
6.2.3 Replying to the challenge . 17
6.2.4 Authenticating . 18
6.2.5 Authentication failure . 18
TS 62351-5 © IEC:2013(E) – 3 –
6.2.6 Aggressive mode . 18
6.2.7 Changing keys . 18
6.2.8 Security statistics . 22
6.3 Example message sequences . 22
6.3.1 Overview of subclause . 22
6.3.2 Challenge of a Critical ASDU . 23
6.3.3 Aggressive Mode . 24
6.3.4 Initializing and changing Session Keys . 24
6.4 State machine overview . 28
7 Formal specification . 32
7.1 Overview of clause . 32
7.2 Message definitions . 32
7.2.1 Distinction between messages and ASDUs . 32
7.2.2 Challenge message . 33
7.2.3 Reply message . 35
7.2.4 Aggressive Mode Request message . 36
7.2.5 MAC := OS8i[1.8i]; i:=specified by MALKey Status Request
message . 38
7.2.6 Key Status message . 38
7.2.7 Session Key Change message . 41
7.2.8 Error message . 43
7.2.9 User Status Change message . 45
7.2.10 Update Key Change Request message . 49
7.2.11 Update Key Change Reply message . 51
7.2.12 Update Key Change message . 52
7.2.13 Update Key Change Signature message . 53
7.2.14 Update Key Change Confirmation message . 54
7.3 Formal procedures . 55
7.3.1 Overview of subclause . 55
7.3.2 Security statistics . 56
7.3.3 Challenger procedures . 58
7.3.4 Responder procedures . 74
7.3.5 Controlling station procedures . 75
7.3.6 Controlled station procedures . 88
8 Interoperability requirements . 90
8.1 Overview of clause . 90
8.2 Minimum requirements . 90
8.2.1 Overview of subclause . 90
8.2.2 MAC algorithms . 90
8.2.3 Key wrap / transport algorithms . 91
8.2.4 Fixed values . 91
8.2.5 Configurable values . 91
8.3 Options . 96
8.3.1 Overview of subclause . 96
8.3.2 MAC algorithms . 96
8.3.3 Encryption algorithms . 98
8.3.4 Key wrap / transport algorithms . 98
8.3.5 Configurable values . 98
9 Special Applications . 99
– 4 – TS 62351-5 © IEC:2013(E)
9.1 Overview of clause . 99
9.2 Use with TCP/IP . 99
9.3 Use with redundant channels. 99
9.4 Use with external link encryptors . 99
10 Requirements for referencing this specification. 99
10.1 Overview of clause .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.