IEC TS 62351-100-1:2018
(Main)Power systems management and associated information exchange - Data and communications security - Part 100-1: Conformance test cases for IEC TS 62351-5 and IEC TS 60870-5-7
Power systems management and associated information exchange - Data and communications security - Part 100-1: Conformance test cases for IEC TS 62351-5 and IEC TS 60870-5-7
IEC TS 62351-100-1:2018(E), which is a technical specification, describes test cases of data and communication security for telecontrol equipment, substation automation systems (SAS) and telecontrol systems, including front-end functions of SCADA.
The goal of this document is to enable interoperability by providing a standard method of testing protocol implementations to verify that a device fulfils the requirement of the standard. Note that conformity to the standard does not guarantee interoperability between devices using different implementations. It is expected that using this specification during testing will minimize the risk of non-interoperability. A basic condition for this interoperability is a passed conformance test of both devices.
The scope of this document is to specify commonly available procedures and definitions for conformance and/or interoperability testing of IEC TS 62351-5 and IEC TS 60870-5-7. The conformance test cases defined herein are focused to verify the conformant integration of the underlying authentication, as specified in IEC TS 62351-5 and IEC TS 60870-5-7, to protect IEC 60870-5-101 and IEC 6870-5-104-based communications.
This document deals with data and communication security conformance testing; therefore, other requirements, such as safety or EMC, are not covered. These requirements are covered by other standards (if applicable) and the proof of compliance for these topics is done according to these standards.
General Information
Standards Content (Sample)
IEC TS 62351-100-1 ®
Edition 1.0 2018-11
TECHNICAL
SPECIFICATION
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 100-1: Conformance test cases for IEC TS 62351-5 and IEC TS 60870-5-7
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TS 62351-100-1 ®
Edition 1.0 2018-11
TECHNICAL
SPECIFICATION
colour
inside
Power systems management and associated information exchange – Data and
communications security –
Part 100-1: Conformance test cases for IEC TS 62351-5 and IEC TS 60870-5-7
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 33.200 ISBN 978-2-8322-6182-8
– 2 – IEC TS 62351-100-1:2018 © IEC 2018
CONTENTS
FOREWORD . 6
INTRODUCTION . 8
1 Scope . 9
2 Normative references . 9
3 Terms, definitions and abbreviated terms . 10
3.1 Terms and definitions. 10
3.2 Abbreviated terms . 12
4 General . 12
4.1 Normatives covered by this technical specification . 12
4.2 Conformance testing structure . 12
4.2.1 General . 12
4.2.2 Conformance testing of security extension procedures . 13
4.2.3 Conformance testing addressed per station type . 14
4.2.4 Normal procedure tests and resiliency tests . 14
4.3 Conformance testing requirements . 14
4.3.1 Testing base protocols with security extension. . 14
4.3.2 Testing of profiles including TCP/IP . 14
4.3.3 Requirements for the device under test . 14
4.3.4 Requirements for the test facility . 15
4.3.5 Test logging . 15
5 Verification of configuration parameters . 16
5.1 General . 16
5.2 System definition . 16
5.3 Application security extension . 18
6 Verification of Communication . 21
6.1 General . 21
6.2 ASDU segmentation control . 21
6.3 Verification of ASDUs . 23
6.3.1 User management ASDUs . 23
6.3.2 Update key maintenance ASDUs . 26
6.3.3 Session key maintenance ASDUs . 32
6.3.4 Challenge/reply and aggressive mode authentication ASDUs . 35
6.3.5 Security statistics ASDU . 39
7 Verification of procedures . 39
7.1 General . 39
7.2 User management . 40
7.2.1 General . 40
7.2.2 Controlling station. 41
7.2.3 Controlled station . 43
7.3 Update key maintenance - Symmetric . 48
7.3.1 General . 48
7.3.2 Controlling station. 48
7.3.3 Controlled station . 52
7.4 Update key maintenance - Asymmetric . 54
7.4.1 General . 54
7.4.2 Controlling station. 55
7.4.3 Controlled station . 59
7.5 Session key maintenance . 61
7.5.1 General . 61
7.5.2 Controlling station. 62
7.5.3 Controlled station . 67
7.6 Challenge/reply authentication . 69
7.6.1 General . 69
7.6.2 Controlling station. 70
7.6.3 Controlled station . 76
7.7 Aggressive mode authentication . 80
7.7.1 General . 80
7.7.2 Controlling station. 81
7.7.3 Controlled station . 84
8 Tests results chart . 87
8.1 Verification of configuration parameters . 87
8.2 Verification of communication . 88
8.2.1 ASDUs segmentation control . 88
8.2.2 User management ASDUs . 89
8.2.3 Update key maintenance ASDUs . 90
8.2.4 Session key maintenance ASDUs . 92
8.2.5 Challenge/reply and aggressive mode authentication ASDUs . 93
8.2.6 Security statistics ASDU . 94
8.3 Verification of procedures . 95
8.3.1 User management . 95
8.3.2 Update key maintenance - Symmetric . 98
8.3.3 Update key maintenance - Asymmetric . 100
8.3.4 Session key maintenance . 102
8.3.5 Challenge/reply authentication . 105
8.3.6 Aggressive mode authentication . 109
Figure 1 – IEC TS 62351-5 Security extension procedures . 13
Table 1 – Configuration parameters: System definition . 17
Table 2 – Configuration parameters: Application security extension . 19
Table 3 – ASDU segmentation control. 22
Table 4 – User management ASDUs . 23
Table 5 – Update key maintenance ASDUs . 26
Table 6 – Session key maintenance ASDUs . 32
Table 7 – Challenge/reply and aggressive mode authentication ASDUs . 35
Table 8 – Security statistics ASDU . 39
Table 9 – User management: Controlling station normal procedure tests . 41
Table 10 – User management: Controlling station resiliency tests . 42
Table 11 – User management: Controlled station normal procedure tests . 43
Table 12 – User management: Controlled station resiliency tests . 44
Table 13 – Update key maintenance - Symmetric: Controlling station triggering
conditions . 48
– 4 – IEC TS 62351-100-1:2018 © IEC 2018
Table 14 – Update key maintenance - Symmetric: Controlling station normal procedure
tests . 49
Table 15 – Update key maintenance - Symmetric: Controlling station resiliency tests . 50
Table 16 – Update key maintenance - Symmetric: Controlled station normal
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.