Xelas Energy Software IEC 62351-4 Security

Introduction

IEC 62351 is a standard developed by WG15 of IEC TC57 for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The various security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection.

In this overview the integration of IEC 62351-4 with IEC 61850 Xelas products is described.

IEC 62351-4: Security for any profiles including MMS (e.g., ICCP-based IEC 60870-6, IEC 61850, etc.) contains following sections: - Authentication for MMS - TLS (RFC 2246) is inserted between RFC 1006 & RFC 793 to provide transport layer security

TLS stands for Transport Layer Security and defines encryption algorithms. RFC1006 is the standard which defines OSI on top of TCP/IP. The RFC1006 stack is completely developed and maintained by Xelas. RFC 793 is the standard which defines TCP/IP.

Integration with Xelas products

IEC 62351-4 is integrated with IEC 61850 client and server products as optional plugin. From the client database it can be defined as a profile.

These IEC61850 products are described in other Xelas Energy datasheets.

As a summary, these products, based on the IEC 61850 standard, can be used for substation automation, wind energy, hydro power, DER and other energy solutions.

Example integration

In this picture on the left the ‘client’ is described and on the right the ‘server’ side is described.

The client consists out of IEC 61850/61400 MMS based adapters, a database, a Web GUI and services on top of the database. This runs on top of the RFC 1006 stack.

The server (or server simulator) also runs on top of the RFC 1006 stack, and is configured with a SCL/ICD file (a configuration file used during bootup).

Optionally the IEC 62351 adapter plugin is also available for both client and server (as described in this picture). Authentication for MMS: This is performed during association establishment in ACSE layer (one of the OSI layers). The client passes an authentication string, which is verified by the server. The server can define the authentication in the SCL/ICD file.

TLS Encryption: On the client side, in the database/GUI IEC 62351 or RFC 1006 can be configured as a profile. Within process management the IEC 62351 client adapter can be started and stopped. On the server side (or server simulator) a IEC 62351 server adapter (or task on embedded platform such as VxWorks) can be configured as well. These adapters facilitate the TLS encryption.

The solution is backwards compatible. If a server does not support IEC 62351, on the client side RFC1006 can be configured as a profile. This defines regular OSI on top of TCP/IP protocol.

Xelas Energy Software Product Portfolio

The Xelas Energy Software product portfolio offers all the smart and necessary building blocks to implement an IEC 61805 standard based communication network.

Protocols for all essential layers of the stacks

 Protocols are delivered with toolkits to implement customer solutions  Manufacturing Message Specification (MMS) Protocol Stack including OSI Protocols  GOOSE/GSSE, SV and SNTP

IEC 61850 Client Development Toolkit

 Native MMS, GOOSE/SV Support  Built on top of Java J2EE Framework  Persistent storage of all data, multiple database support though ODBC/JDBC  Multiple Northbound interfaces (IEC 61870-5-104, Web services, OPC)  Multi-threaded scalable architecture  Ported on various platforms: Linux/Windows/UNIX

IEC 61850 Server Development Toolkit

 Native MMS, GOOSE/SV Support  Extendable Common Information Model (CIM) based on IEC 61870-7-x  Supports all version 1 and 2 functions  Embedded architecture for rapid integration with client hardware  Ported to VxWorks/pSOS/Embedded Linux  Both binary as well as source code available

IEC 61850 Dynamic Mediation Framework

 Integrate various Protocols and Information Models  Java script rules provide for quick runtime mapping  Off the shelf adaptors: IEC 61850, SCADA5-104, XML, SNMP, ASCII  Off the shelf Adaptations for various Information Models: o IEC 61850-8-x – ACSI to MMS/OSI including RFC-1006 o IEC 61850-7-2/3/4 – Substation Automation o IEC 61400 – Windpower o IEC61850-Part 7-410 – Hydro-electric Power Plants (HYDRO) o IEC61850-Part 7-420 – Distributed Energy Resources (DER)

Check www.xelasenergy.com for more Product Information

About Xelas Energy Software

Xelas Energy Software is a dedicated division within Xelas Software. The energy products and solutions are based on 20 years of experience of implementing complex network management solutions. The multiple various products, originally built for telecom network management are applicable to IEC 61850 management as well.

Xelas Software is a privately owned company, which acquired the software licenses and intellectual property of Vertel Corporation and Retix in 2004. It has offices in Los Angeles and the Netherlands.

For over twenty years, the Vertel and Retix software has proven to deliver cornerstone functionalities to manage standards based networks, by offering mediation and integration solutions for network management. Xelas Software products are made to fit energy, telecom, messaging and aviation network management markets.

Since 1990, new technology introductions, internationalization and liberation of the telecom market created a strong momentum to develop open, multivendor network management standards. Xelas Software established its market role through intense participation in industry collaboration, and developed standard software components now widely used by market leaders such as Alcatel-Lucent, Nokia Siemens Networks (NSN), Motorola, Ericsson, IBM, NTT, NEC, Samsung and Huawai.

Xelas Energy Software 13160 Mindanao Way, Suite 252 Marina Del Rey, CA 90292 Web: www.xelasenergy.com E-mail: [email protected]