Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communications

IEC TR 62351-90-2:2018, which is a technical report, addresses the need to perform Deep Packet Inspection (DPI) on communication channels secured by IEC 62351. The main focus is the illustration of the state-of-the art of DPI techniques that can be applied to the various kinds of channels, highlighting the possible security risks and implementation costs. Additional, beyond state-of-the-art proposals are also described in order to circumvent the main limits of existing solutions.
It is to be noted that some communications secured by IEC 62351 are not encrypted, but only add integrity and non-repudiation of the message – however they are mentioned here for the sake of completeness around IEC 62351 and DPI

General Information

Status
Published
Publication Date
19-Sep-2018
Current Stage
PPUB - Publication issued
Completion Date
20-Sep-2018
Ref Project

Buy Standard

Technical report
IEC TR 62351-90-2:2018 - Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communications
English language
28 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

IEC TR 62351-90-2
Edition 1.0 2018-09
TECHNICAL
REPORT
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 90-2: Deep packet inspection of encrypted communications
IEC TR 62351-90-2:2018-09(en)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2018 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC

copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or

your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC

The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes

International Standards for all electrical, electronic and related technologies.
About IEC publications

The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the

latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org

The stand-alone application for consulting the entire The world's leading online dictionary of electronic and

bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in

Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional

documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical

iPad. Vocabulary (IEV) online.

IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary

The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and

variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of

committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been

and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc

details all new publications released. Available online and If you wish to give us your feedback on this publication or

also once a month by email. need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
---------------------- Page: 2 ----------------------
IEC TR 62351-90-2
Edition 1.0 2018-09
TECHNICAL
REPORT
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 90-2: Deep packet inspection of encrypted communications
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 33.200 ISBN 978-2-8322-6038-8

Warning! Make sure that you obtained this publication from an authorized distributor.

® Registered trademark of the International Electrotechnical Commission
---------------------- Page: 3 ----------------------
– 2 – IEC TR 62351-90-2:2018  IEC 2018
CONTENTS

FOREWORD ........................................................................................................................... 4

INTRODUCTION ..................................................................................................................... 6

1 Scope .............................................................................................................................. 7

2 Normative references ...................................................................................................... 7

3 Terms, definitions and abbreviated terms ........................................................................ 8

3.1 Terms and definitions .............................................................................................. 8

3.2 Abbreviated terms ................................................................................................... 8

4 Overview ......................................................................................................................... 8

5 Monitoring and auditing requirements .............................................................................. 9

5.1 Use cases from utilities ........................................................................................... 9

5.2 Use cases from vendors.......................................................................................... 9

5.3 A similar use case: Encrypted SIP Calls Recording ............................................... 10

6 Overview of encrypted channels in IEC 62351 ............................................................... 10

6.1 General ................................................................................................................. 10

6.2 IEC 62351-3 ......................................................................................................... 10

6.3 IEC TS 62351-4 .................................................................................................... 10

6.4 IEC TS 62351-6 .................................................................................................... 11

7 DPI for encrypted communication techniques evaluation framework .............................. 11

8 State of the art of ready techniques ............................................................................... 12

8.1 General ................................................................................................................. 12

8.2 Unencrypted TLS .................................................................................................. 12

8.3 Private key sharing ............................................................................................... 13

9 State of the art of techniques that need adaptation ........................................................ 14

9.1 General ................................................................................................................. 14

9.2 Proxy .................................................................................................................... 14

9.3 Advanced Middlebox (mcTLS) ............................................................................... 16

9.4 Secure session-key sharing .................................................................................. 18

9.5 Delayed secure session-key sharing ..................................................................... 20

9.6 Application-level mirroring ..................................................................................... 21

10 Additional proposals ...................................................................................................... 23

10.1 Secure private-key sharing ................................................................................... 23

11 State of the art summary ............................................................................................... 24

12 Practical considerations for ready techniques ................................................................ 26

12.1 General ................................................................................................................. 26

12.2 Unencrypted TLS .................................................................................................. 26

12.3 Private-key sharing ............................................................................................... 26

12.4 Recommendations to mitigate risks ....................................................................... 26

13 Future challenges .......................................................................................................... 27

Bibliography .......................................................................................................................... 28

Figure 1 – Unencrypted TLS sample architecture .................................................................. 12

Figure 2 – Private Key sharing sample architecture .............................................................. 13

Figure 3 – Proxy scenario sample architecture ...................................................................... 15

Figure 4 – Advanced Middlebox sample architecture ............................................................. 17

---------------------- Page: 4 ----------------------
IEC TR 62351-90-2:2018  IEC 2018 – 3 –

Figure 5 – Secure session-key sharing sample architecture .................................................. 18

Figure 6 – Delayed secure session-sharing sample architecture ........................................... 20

Figure 7 – Application-level mirroring sample architecture .................................................... 22

Table 1 – State of the art summary ....................................................................................... 25

---------------------- Page: 5 ----------------------
– 4 – IEC TR 62351-90-2:2018  IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
POWER SYSTEMS MANAGEMENT
AND ASSOCIATED INFORMATION EXCHANGE –
DATA AND COMMUNICATIONS SECURITY –
Part 90-2: Deep packet inspection
of encrypted communications
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote

international co-operation on all questions concerning standardization in the electrical and electronic fields. To

this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,

Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC

Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested

in the subject dealt with may participate in this preparatory work. International, governmental and non-

governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely

with the International Organization for Standardization (ISO) in accordance with conditions determined by

agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence

between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in

the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

services carried out by independent certification bodies.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

The main task of IEC technical committees is to prepare International Standards. However, a

technical committee may propose the publication of a technical report when it has collected

data of a different kind from that which is normally published as an International Standard, for

example "state of the art".

IEC TR 62351-90-2, which is a technical report, has been prepared by IEC technical

committee 57: Power systems management and associated information exchange.
---------------------- Page: 6 ----------------------
IEC TR 62351-90-2:2018  IEC 2018 – 5 –
The text of this Technical Report is based on the following documents:
Enquiry draft Report on voting
57/1939/DTR 57/2002/RVDTR

Full information on the voting for the approval of this technical report can be found in the

report on voting indicated in the above table.

This document has been drafted in accordance with the ISO/IEC Directives, Part 2.

A list of all parts in the IEC 62351 series, published under the general title Power systems

management and associated information exchange – Data and communications security, can

be found on the IEC website.

The committee has decided that the contents of this document will remain unchanged until the

stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to

the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates

that it contains colours which are considered to be useful for the correct

understanding of its contents. Users should therefore print this document using a

colour printer.
---------------------- Page: 7 ----------------------
– 6 – IEC TR 62351-90-2:2018  IEC 2018
INTRODUCTION

This part of IEC 62351, which is a technical report, analyses the impact of encrypted

communication channels in power systems introduced with the IEC 62351 series. As defined

in IEC 62351 an encrypted channel can be employed when communicating with IEDs and

encryption can be adopted at message level as well. For example, the use of encrypting TLS

setups according to IEC 62351-3 introduces some difficulties when Deep Packet Inspection

(DPI) is needed to inspect the communication channel for monitoring, auditing and validation

needs.

In this document different techniques are analyzed that can be employed to circumvent these

issues when DPI of communications is required.
---------------------- Page: 8 ----------------------
IEC TR 62351-90-2:2018  IEC 2018 – 7 –
POWER SYSTEMS MANAGEMENT
AND ASSOCIATED INFORMATION EXCHANGE –
DATA AND COMMUNICATIONS SECURITY –
Part 90-2: Deep packet inspection
of encrypted communications
1 Scope

This part of IEC 62351, which is a technical report, addresses the need to perform Deep

Packet Inspection (DPI) on communication channels secured by IEC 62351. The main focus is

the illustration of the state-of-the art of DPI techniques that can be applied to the various

kinds of channels, highlighting the possible security risks and implementation costs.

Additional, beyond state-of-the-art proposals are also described in order to circumvent the

main limits of existing solutions.

It is to be noted that some communications secured by IEC 62351 are not encrypted, but only

add integrity and non-repudiation of the message – however they are mentioned here for the

sake of completeness around IEC 62351 and DPI.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their

content constitutes requirements of this document. For dated references, only the edition

cited applies. For undated references, the latest edition of the referenced document (including

any amendments) applies.

IEC 62351-3, Power systems management and associated information exchange – Data and

communications security – Part 3: Communication network and system security – Profiles

including TCP/IP

IEC TS 62351-4, Power systems management and associated information exchange – Data

and communications security – Part 4: Profiles including MMS

IEC TS 62351-5, Power systems management and associated information exchange – Data

and communications security – Part 5: Security for IEC 60870-5 and derivatives

IEC TS 62351-6, Power systems management and associated information exchange – Data

and communications security – Part 6: Security for IEC 61850

IEC 62351-7, Power systems management and associated information exchange – Data and

communications security – Part 7: Network and System Management (NSM) data object

models

IEC TS 62351-8, Power systems management and associated information exchange – Data

and communications security – Part 8: Role-based access control
---------------------- Page: 9 ----------------------
– 8 – IEC TR 62351-90-2:2018  IEC 2018
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions

For the purposes of this document, the terms and definitions given in IEC 62351-3,

IEC TS 62351-4 and IEC TS 62351-5 apply.

ISO and IEC maintain terminological databases for use in standardization at the following

addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.2 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
CA Certificate Authority
DPI Deep Packet Inspection
GDOI Group Domain of Interpretation
IED Intelligent Electronic Device
LDAP Lightweight Directory Access Protocol
TLS Transport Layer Security
PDU Protocol Data Unit
PFS Perfect Forward Secrecy
RBAC Role Based Access Control
SCADA Supervisory Control and Data Acquisition
SNMP Simple Network Management Protocol
4 Overview

DPI is a form of network communication analysis applied to every single bit of information

exchanged by nodes over the network. It is used for protocol validation, live virus checking,

and in general for intrusion detection or intrusion prevention purposes. DPI enables advanced

network monitoring and management but at the same time can enable for malicious intentions

as well (e.g. eavesdropping).

Plaintext communications between nodes can be easily examined with DPI tools over their

route. Encrypted channels on the other hand require additional steps to enable DPI, for

instance:
a) the sharing of the encryption key with the system performing DPI or
b) letting the communication flow into the DPI system be plaintext again.

Sharing some of the keying materials used for encryption with a DPI Probe will make the end

to end encryption less secure, and thus when adopting one approach or another it is important

to know advantages and disadvantages with respect to security impact, implementation costs

and performance impact.

The driving factor behind this document is the need of a structured, standardized manner of

enabling DPI with encrypted channels, to eliminate the chance that unofficial, less secure

methods will be used.
---------------------- Page: 10 ----------------------
IEC TR 62351-90-2:2018  IEC 2018 – 9 –
5 Monitoring and auditing requirements
5.1 Use cases from utilities
Ensuring reliable 24/7 operation of power systems requires:

1) The visibility of communication details, to validate correct behavior and troubleshoot

issues coming from software bugs, hardware malfunctions and/or network failures.

2) The need to continuously validate that the given security requirements are always applied

and not bypassed, temporarily or permanently after the first acceptance tests of the

system.

The need for deep monitoring of communication channels between IEDs and SCADA and/or

between IEDs by an independent device is basically driven by the same factors behind the

independent monitoring system required by IEC 62351-7. Leaving the system without an

independent monitoring device would expose its state to issues caused and hidden by the

system itself: these issues can be bugs, defects, software or hardware failures.

This trusted device, namely a DPI Probe, is needed to inspect the communication channels in

a controlled and trusted manner.

IEC 62351-7 defines a framework for proper monitoring of IEDs by employing a specific set of

status variables to be monitored through SNMP. Given the requirements detailed in this

section it should be clear that the current aim of IEC 62351-7 is quite different, as it enables

the provision of a synthesis of the status of IEDs and is not engineered to support the detailed

analysis of network packets sent and received on IEC 62351 channels.
5.2 Use cases from vendors

Automation vendors implement and maintain the hardware and software equipment behind

utilities’ infrastructures. The need to monitor encrypted channels can be analyzed considering

the different communications happening in the system:

1) Configuration communication between tool (client) and devices/IEDs (servers): when

encrypted, a TLS communication is often used to perform these tasks. Monitoring this kind

of communication can help to spot attacks trying to upload bad configuration data to the

IED.

2) SV (Sample Values) going to or coming from external sources, integrity checked with

IEC TS 62351-6. Monitoring this communication can spot if fake data is being injected into

the network and used to alter the process.

3) User authentication at GUIs/Applications/Tools: LDAP communication protected with TLS

(with Windows protocols or IEC TS 62351-8). It can be interesting to inspect these steps

to detect specific attacks to the authentication system.

4) Applications/Tools Browser GUIs: HTTPS. Attacks targeting HTTP/HTTPS endpoints are

worth analyzing to prevent several kinds of issues on the server side.

5) Patching: should be delivered via TLS. This is worth monitoring to help detect malicious

updates being delivered to IEDs or other system components.

Even though advanced/proper application logging may be used by the vendor to detect and

notify security breaches in all the communications happening above, there is still a blind spot

left: improper or incomplete implementation of the system itself. Combining logging and

monitoring by a trusted DPI Probe allows the improvement of detection capabilities.

---------------------- Page: 11 ----------------------
– 10 – IEC TR 62351-90-2:2018  IEC 2018
5.3 A similar use case: Encrypted SIP Calls Recording

A similar use case is reported and analyzed in the report of the IETF – SIPPING Working

Group 2008 [3] . In particular, in this scenario the communications of interest are VoIP calls

using the SIP protocol.

Citing words in the IETF work, call recording is an important feature in enterprise telephony

applications. Some industries such as financial traders have requirements to record all calls in

which customers give trading orders. In others, calls are recorded, as the near ubiquitous

announcement says, “for training and quality control purposes”. Yet in others, all calls are not

recorded, and only statistical audits are done.

This scenario does not use TLS but instead a bespoke encrypted variation of the plain RTP

protocol, named SRTP.

Moreover, the system uses a scheme with a master key and session keys, thus without

mutual authentication.

Although the SIP use case has some technical differences with the use case analyzed in this

document, it will be used throughout the document as a basis for technical solutions and

known issues.
6 Overview of encrypted channels in IEC 62351
6.1 General

IEC 62351 defines encryption functionality in different parts of the standard. These are briefly

depicted in this clause. Note that although IEC 62351-3 defines encryption functionality by

defining specific cipher suites, it can only be used in conjunction with other parts such as 4, 5,

and 6.
6.2 IEC 62351-3

IEC 62351-3 regulates the use of the TLS protocol. It narrows down the available options in

TLS by predefining a certain feature set or functionality to be used. This relates to cipher

suites, enabling encryption and also specific requirements to the TLS session management. It

is the foundation of several specific secure protocols, such as IEC TS 62351-4, IEC TS

62351-6, and IEC 60870-5-7 and is thus the base for transport level security. Besides the

narrowing of options, IEC 62351-3 also requires the referencing standard to define certain

other features and setting of TLS.
6.3 IEC TS 62351-4

In IEC TS 62351-4, communication to IEDs can be secured with two main approaches:

1) T-Profile – transport level profile by means of TLS as described in IEC 62351-3. Note that

IEC TS 62351-4 defines a set of cipher suites to be supported mandatorily as well as

specific TLS session management settings. The negotiation of the encryption settings is

part of the TLS handshake, which is done at the setup time of a TLS session or as part of

the session management, when reconnecting or updating the session key. The negotiated

session key is direction specific and applied on a per message base.

2) A-Profile – application profiles define different cryptographic protection on application

level. Specifically, the A+-Profile and the AE+-Profile are defined. In the context of

encryption, only the AE+-Profile provides the features for confidentiality protection. In the

AE+-Profile the key management is included in the profile definition and is performed also

___________
Numbers in square brackets refer to the bibliography.
---------------------- Page: 12 ----------------------
IEC TR 62351-90-2:2018  IEC 2018 – 11 –

on application level. The negotiated key is used on a per message-level. The session key

may be updated during the established session by either side. The negotiated session key

is direction specific and applied on a per message base.

These two approaches can also be used jointly. Note that in IEC TS 62351-4:2008, the A-

Profile did not provide encryption options.
6.4 IEC TS 62351-6

In IEC TS 62351-6 the IEC 61850 communication channels are secured with different

approaches. GOOSE, GSE Management and Sampled Values channels use an

authentication, integrity and confidentiality security extension with group keys distributed

through GDOI. MMS communications are secured as specified in IEC TS 62351-4.
7 DPI for encrypted communication techniques evaluation framework

Existing or possibly new DPI techniques will be evaluated according to security, performance

and costs criteria:
Security

• Preserves End to End confidentiality: this criterion will be Yes if the communication

between devices is left “as-is”. It will be No if plaintext communication is restored at some

point.

• IEC 62351 RBAC works: this criterion is a Yes/No result on whether the technique allows

the RBAC functionalities to work in a transparent manner.

• Works without seeing handshake: this criterion is Yes if DPI can be performed without

having captured the entire handshake of the communication. This criterion has been

added because sometimes it’s interesting to start performing DPI even though the

communication is already active, as re-initializing just for DPI purposes may impact the

systems under observation in an undesired manner.

• Full third-party monitoring: this criterion is Yes if the technique allows to perform DPI with

a completely independent Probe and does not require to modify the endpoints and require

them to work properly.

• Cipher suite completeness: this criterion will be Yes if no limitation on cipher suite

selection is introduced. Otherwise if only some cipher suites can be used, it will be No.

• Difficulty to inject packets: can be Same/Easier where Same means same difficulty of the

case when no DPI has to be performed (e.g. the TLS using ephemeral ciphersuites,
periodic renewal of session keys, etc).
• Difficulty to steal data: scale as previous point.
Performance impact

• Real time or delayed: this criterion will say if DPI is performed in real time traffic or on

historical/delayed data.

• Adds constant delays to each frame: is a Yes/No criterion specifying if this technique

requires some computation on the endpoints for each application frame to be sent or

received.

• Requires more bandwidth: if Yes, it means that some additional packets have to be

transmitted from/to the endpoints, and thus additional bandwidth will be required.

• Requires more CPU power: if Yes, it means that the endpoints will need additional CPU

power to accomplish DPI-re
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.