DOCSLIB.ORG

On-Device Security and Privacy Mechanisms for Resource-Limited Devices: a Bottom-Up Approach

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
On-Device Security and Privacy Mechanisms for Resource-Limited Devices: a Bottom-Up Approach Florida International University FIU Digital Commons FIU Electronic Theses and Dissertations University Graduate School 3-23-2020 On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-up Approach Leonardo Babun Florida International University, [email protected] Follow this and additional works at: https://digitalcommons.fiu.edu/etd Part of the Electrical and Computer Engineering Commons Recommended Citation Babun, Leonardo, "On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-up Approach" (2020). FIU Electronic Theses and Dissertations. 4431. https://digitalcommons.fiu.edu/etd/4431 This work is brought to you for free and open access by the University Graduate School at FIU Digital Commons. It has been accepted for inclusion in FIU Electronic Theses and Dissertations by an authorized administrator of FIU Digital Commons. For more information, please contact [email protected]. FLORIDA INTERNATIONAL UNIVERSITY Miami, Florida ON-DEVICE SECURITY AND PRIVACY MECHANISMS FOR RESOURCE-LIMITED DEVICES: A BOTTOM-UP APPROACH A dissertation submitted in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY in ELECTRICAL AND COMPUTER ENGINEERING by Leonardo Babun 2020 To: Dean John Volakis College of Engineering and Computing This dissertation, written by Leonardo Babun, and entitled On-device Security and Privacy Mechanisms for Resource-limited Devices: A Bottom-Up Approach, having been approved in respect to style and intellectual content, is referred to you for judgment. We have read this dissertation and recommend that it be approved. Kemal Akkaya Alexander Perez-Pons Leonardo Bobadilla A. Selcuk Uluagac, Major Professor Date of Defense: March 23, 2020 The dissertation of Leonardo Babun is approved. Dean John Volakis College of Engineering and Computing Andres G. Gil Vice-President for Research and Economic Development and Dean of University of Graduate School Florida International University, 2020 ii c Copyright 2020 by Leonardo Babun All rights reserved. iii DEDICATION To my family. iv ACKNOWLEDGMENTS I would like to express my gratitude to the members of my dissertation committee for their insightful comments, encouragement, and generous support. In addition, I would like to express my deepest gratitude to my major professor, Prof. A. Selcuk Uluagac, for his priceless guidance, mentorship, motivation, patience, and immense support while completing this research and during all my doctoral graduate studies. His insights and words of encouragement have often inspired me and encouraged me to overcome all difficulties. I am deeply indebted to him for his tireless support. Also, I would like to thank my colleagues from the Cyber-Physical Systems Security Lab (CSL) for their encouragement, accompaniment, and collaboration through all these years. Finally, I would also like to acknowledge the support provided by the U.S. Department of Energy, U.S. National Science Foundation, the University Graduate School, and the Department of Electrical and Computer Engineering at Florida In- ternational University. This dissertation is mostly based upon the work supported by the U.S. Department of Energy under Award Number DE-OE0000779 and the U.S. National Science Foundation under Award Number NSF-1663051. v ABSTRACT OF THE DISSERTATION ON-DEVICE SECURITY AND PRIVACY MECHANISMS FOR RESOURCE-LIMITED DEVICES: A BOTTOM-UP APPROACH by Leonardo Babun Florida International University, 2020 Miami, Florida Professor A. Selcuk Uluagac, Major Professor This doctoral dissertation introduces novel mechanisms to provide on-device security and privacy for resource-limited smart devices and their applications. These mech- anisms aim to cover five fundamental contributions in the emerging Cyber-Physical Systems (CPS), Internet of Things (IoT), and Industrial IoT (IIoT) fields. First, we present a host-based fingerprinting solution for device identification that is com- plementary to other security services like device authentication and access control. Then, we design a kernel- and user-level detection framework that aims to discover compromised resource-limited devices based on behavioral analysis. Further we ap- ply dynamic analysis of smart devices applications to uncover security and privacy risks in real-time. Then, we describe a solution to enable digital forensics analysis on data extracted from interconnected resource-limited devices that form a smart environment. Finally, we offer to researchers from industry and academia a collection of benchmark solutions for the evaluation of the discussed security mechanisms on different smart domains. For each contribution, this dissertation comprises specific novel tools and techniques that can be applied either independently or combined to enable a broader security services for the CPS, IoT, and IIoT domains. vi TABLE OF CONTENTS CHAPTER PAGE 1. INTRODUCTION . 1 1.1 Research Purposes . .9 1.2 Research Problem . .9 1.3 Significance of the Study . 12 1.4 Organization of the Dissertation . 13 2. PRELIMINARIES . 14 2.1 Overview of Cyber-Physical Systems . 14 2.2 CPS Device-class Identification . 15 2.3 System-level Smart Grid Substation Architecture . 16 2.3.1 Behavioral Analysis of Smart Grid Devices . 18 2.3.2 Genuine Smart Grid Devices . 19 2.3.3 Compromised Smart Grid Devices . 20 2.3.4 Behavioral Analysis of Smart Grid Devices . 22 2.3.5 Classes of Smart Grid Devices . 23 2.3.6 Open-source Design Approach . 24 2.3.7 Extracting Operations from Smart Grid Devices . 25 2.4 Resource-limited App Taint Sources and Sinks . 26 2.4.1 Sources of Sensitive Information in IoT Apps . 26 2.4.2 Functions to Leak Information in IoT Apps . 26 2.5 IoT Application Context . 27 2.6 Generic Smart Environment Architecture . 28 2.7 Smart App Structure . 29 3. LITERATURE REVIEW . 32 3.1 Identification of Resource-limited Devices . 32 3.1.1 Device-class Fingerprinting . 32 3.1.2 Device-host Fingerprinting . 33 3.1.3 Behavioral-based Device Fingerprinting . 33 3.2 Detecting Compromised Resource-limited Devices in CPS . 34 3.2.1 Security Challenges of Cyber-physical Systems . 34 3.2.2 Detection of Compromised Resource-limited Devices . 35 3.2.3 Call Tracing Techniques for Security Applications . 36 3.3 Resource-limited Device Application Analysis . 37 3.3.1 Static Analysis of IoT Applications . 37 3.3.2 Dynamic Analysis of IoT Applications . 39 3.4 Digital Forensics on Resource-limited Device Data . 40 3.4.1 Forensic Data Collection from the Smart Environment . 40 3.4.2 Smart Data Logging . 41 vii 4. HOST-BASED RESOURCE-LIMITED DEVICE CLASS IDENTIFICATION 42 4.1 Introduction . 42 4.1.1 Differences from Existing Works. 43 4.2 Threat Model and Use Case . 44 4.2.1 Problem Scope . 45 4.3 Overview of S&F ............................... 46 4.4 Device Feature Acquisition . 47 4.4.1 Challenge-Response Approach . 47 4.4.2 Parametric Call List (PCL) . 48 4.4.3 Device Performance Index (DPI) . 48 4.5 Device Signature Generation . 50 4.6 Ground Truth Devices - Learning Phase . 51 4.7 Signature Correlation and Decision - Prediction Phase . 54 4.8 Performance Evaluation . 56 4.8.1 Testbed Implementation . 56 4.8.2 Performance Metrics . 60 4.9 Performance of S&F during the Learning Phase . 61 4.10 Performance of S&F during the Prediction Phase . 62 4.11 Overhead Introduced by S&F ........................ 66 4.12 Summary and Benefits . 68 4.13 Conclusion . 69 5. DETECTION OF COMPROMISED RESOURCE-LIMITED DEVICES . 70 5.1 Introduction . 70 5.1.1 Differences from Existing Works . 72 5.2 Adversary Model . 73 5.3 Overview of the Detection Framework . 75 5.3.1 Probability of Detecting a Compromised Device . 77 5.3.2 Learning Process . 79 5.3.3 Detection Process . 81 5.3.4 Decision Process . 84 5.4 Performance Analysis and Discussion . 85 5.4.1 Evaluation with a Realistic Smart Grid Testbed . 85 5.4.2 Detection Performance . 86 5.4.3 Performance Metrics . 90 5.4.4 System Overhead . 94 5.4.5 Benefits and Features . 95 5.5 Conclusion . 96 6. SECURITY AND PRIVACY ANALYSIS OF RESOURCE-LIMITED DE- VICE APPLICATIONS . 98 6.1 Introduction . 98 6.1.1 Differences from Existing Works . 100 6.2 IoT Privacy Survey . 100 viii 6.2.1 Survey Results . 102 6.2.2 Summary of Findings . 104 6.2.3 Example IoT Privacy Survey Questions . 105 6.3 Problem Statement and Threat Model . 107 6.4 Approach Overview . 109 6.4.1 Understanding Leakage in IoT Apps . 110 6.4.2 Terminology Used . 112 6.5 IoTWatcH .................................. 113 6.5.1 Code Instrumentor . 114 6.5.2 IoTWatcH Analyzer . 120 6.5.3 Response to App Data Leaks . 126 6.5.4 IoTWatcH API.............................. 128 6.6 IoTWatcH's Implementation Details ................. 129 6.7 Performance Evaluation . 132 6.7.1 Evaluation Metrics . 134 6.7.2 Assigning Privacy Labels . 135 6.7.3 Performance of IoT String Classification . 136 6.7.4 Analysis of Data Leaks in IoT Apps . 140 6.7.5 Overhead Analysis . 142 6.8 Discussion . 143 6.9 Conclusion . 144 7. FORENSICS ANALYSIS OF RESOURCE-LIMITED DEVICE DATA . 146 7.1 Introduction . 146 7.1.1 Differences from Existing Works . 147 7.2 Problem and Threat Model . 149 7.2.1 Problem Definition . 149 7.2.2 Assumptions and Definitions . 151 7.2.3 Threat Model . 152 7.3 IoTDots ................................... 155 7.3.1 Forensically-valuable features in.
Load more

Recommended publications
  • A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid
    electronics Review A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid Jesús Lázaro 1,* , Armando Astarloa 1, Mikel Rodríguez 2, Unai Bidarte 1 and Jaime Jiménez 1 1 UPV/EHU, 48015 Bilbao, Spain; [email protected] (A.A.); [email protected] (U.B.); [email protected] (J.J.) 2 System-on-Chip Engineering, 48950 Erandio, Spain; [email protected] * Correspondence: [email protected] Abstract: Since the 1990s, the digitalization process has transformed the communication infras- tructure within the electrical grid: proprietary infrastructures and protocols have been replaced by the IEC 61850 approach, which realizes interoperability among vendors. Furthermore, the latest networking solutions merge operational technologies (OTs) and informational technology (IT) traffics in the same media, such as time-sensitive networking (TSN)—standard, interoperable, deterministic, and Ethernet-based. It merges OT and IT worlds by defining three basic traffic types: scheduled, best-effort, and reserved traffic. However, TSN demands security against potential new cyberattacks, primarily, to protect real-time critical messages. Consequently, security in the smart grid has turned into a hot topic under regulation, standardization, and business. This survey collects vulnerabilities of the communication in the smart grid and reveals security mechanisms introduced by international electrotechnical commission (IEC) 62351-6 and how to apply them to time-sensitive networking. Citation: Lázaro, J.; Astarloa, A.; Keywords: IEC 62351-6; smart grid; time-sensitive networking; IEC 61950 Rodríguez, M.; Bidarte U.; Jiménez, J. A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid. 1. Introduction Electronics 2021, 10, 1881.
    [Show full text]
  • IEC 62351-7 ® Edition 1.0 2017-07
    This is a preview - click here to buy the full publication IEC 62351-7 ® Edition 1.0 2017-07 INTERNATIONAL STANDARD colour inside Power systems management and associated information exchange – Data and communications security – Part 7: Network and System Management (NSM) data object models INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 33.200 ISBN 978-2-8322-4442-5 Warning! Make sure that you obtained this publication from an authorized distributor. ® Registered trademark of the International Electrotechnical Commission This is a preview - click here to buy the full publication – 2 – IEC 62351-7:2017 © IEC 2017 CONTENTS FOREWORD ........................................................................................................................... 8 1 Scope ............................................................................................................................ 10 2 Normative references .................................................................................................... 10 3 Terms and definitions .................................................................................................... 12 4 Abbreviated terms and acronyms ................................................................................... 13 5 Overview of Network and System Management (NSM) .................................................. 14 5.1 Objectives ............................................................................................................. 14 5.2 NSM concepts......................................................................................................
    [Show full text]
  • Author Information Only
    Cyber Security Practical considerations for implementing IEC 62351 Frank Hohlbaum, Markus Braendle, Fernando Alvarez ABB [email protected] Switzerland 1. Introduction Two trends are currently changing substation automation systems: IEC 61850 and the need for increased cyber security. IEC 61850 has gained global acceptance by both vendors as well as customers. Cyber security on the other hand has quickly become one of the most dominant topics for control systems in general and electrical utilities in particular. The combination of the two, securing IEC 61850 based communications, has been one of the goals of the recently published technical specification IEC 62351. In the authors‟ view IEC 62351 is overall a good starting point and will be the future standard to help secure IEC 61850 communication. However, there are some shortcomings of the current standard and some challenges that need to be addressed before IEC 62351 can be implemented and gain wide acceptance. This paper will highlight the challenge of addressing secure communication in the substation real-time environment, complying with the IEC 61850 real-time specifications. The major difficulties are to reach the performance defined in IEC 61850 for GOOSE and SV data with today‟s proposed technical specification defined for IEC 62351 part 6. In chapter 2, we will give a short overview about the structure of IEC 61850 as well as the detailed performance requirements for the various data types. Chapter 3 will present an introduction of the IEC 62351 standard including the used methods to secure the IEC 61850 communication. Chapter 4 will then show the major implementation issues of IEC 62351 part 6.
    [Show full text]
  • Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (Hereafter Referred to As “IEC Publication(S)”)
    This is a preview - click here to buy the full publication IEC/TS 62351-5 ® Edition 2.0 2013-04 TECHNICAL SPECIFICATION Power systems management and associated information exchange – Data and communications security – Part 5: Security for IEC 60870-5 and derivatives INTERNATIONAL ELECTROTECHNICAL COMMISSION PRICE CODE XE ICS 33.200 ISBN 978-2-83220-732-1 Warning! Make sure that you obtained this publication from an authorized distributor. ® Registered trademark of the International Electrotechnical Commission This is a preview - click here to buy the full publication – 2 – TS 62351-5 © IEC:2013(E) CONTENTS FOREWORD ........................................................................................................................... 6 1 Scope and object .............................................................................................................. 8 2 Normative references ....................................................................................................... 9 3 Terms and definitions ..................................................................................................... 10 4 Abbreviated terms .......................................................................................................... 11 5 Problem description (informative) ................................................................................... 11 5.1 Overview of clause ................................................................................................ 11 5.2 Specific threats addressed ...................................................................................
    [Show full text]
  • IEC 62351 Security Standards for the Power System Information Infrastructure
    IEC TC57 WG15: IEC 62351 Security Standards for the Power System Information Infrastructure Frances Cleveland, WG15 Convenor Xanthus Consulting International Contents 1. OVERVIEW: IEC TC57 WG15 SECURITY FOR POWER SYSTEM COMMUNICATIONS ................... 1 2. DUAL INFRASTRUCTURES: THE POWER SYSTEM AND THE INFORMATION SYSTEM .................. 2 3. WHY CYBERSECURITY? ............................................................................................................ 3 3.1 Legacy Approach: Security by Obscurity .......................................................................... 3 3.2 Smart Grid as Cyber-Physical Systems .............................................................................. 4 4. SECURITY CONCEPTS ............................................................................................................... 5 4.1 Security Threats ............................................................................................................... 5 4.2 Security Purposes ............................................................................................................ 5 4.3 Security Processes ........................................................................................................... 6 4.4 Security Planning ............................................................................................................. 7 4.5 Security Requirements .................................................................................................... 8 4.6 Security Attacks ..............................................................................................................
    [Show full text]
  • Timing, Networking & Security
    Timing, Networking & Security Company Profile ........................................................................... 5 Technology ....................................................................................... 6 Providing Time-Sensitive Networking Providing High-Availability Networking Providing Security for Critical-Mission Embedded Systems IP Cores for FPGAs: Networking ....................................... 8 Deterministic Ethernet Switch IPs ...........................................................................8 Multiport TSN Switch IP Determinisitic HSR IP High-Availability Ethernet Switch IPs: ..............................................................10 HSR/PRP Swith IP Secure HSR IP MRP IP Time-Aware & Industrial Ethernet Switch IPs ..............................................12 Managed Ethernet Switch IP Unmanaged Ethernet Switch IP Profinet IP Ethernet IP/DLR IP Cyber-Security Surveillance Switch IP IP Cores for FPGAs : Synchronization ....................... 14 MultiSync IP IEEE 1588 Precise Time Multi-profile IP 1588Tiny Slave-Only IP IRIG-B Master IP IRIG-B Slave IP IP Cores for FPGAs: Security for Critical Traffic ....18 Substation Automation Systems (SAS) Crypto-core IP Secure Configuration-over-Ethernet IP Secure IEEE 1588 Secure HSR IP FPGA Networking Modules SMARTmpsoc Family ............................................................................................... 20 Module Brick Kits SMARTzynq Family ..................................................................................................
    [Show full text]
  • Vulnerability and Impact Analysis of the IEC 61850 GOOSE Protocol in the Smart Grid
    sensors Article Vulnerability and Impact Analysis of the IEC 61850 GOOSE Protocol in the Smart Grid Haftu Tasew Reda 1 , Biplob Ray 2 , Pejman Peidaee 3 , Adnan Anwar 4 , Abdun Mahmood 1 , Akhtar Kalam 3 and Nahina Islam 2,* 1 Department of Computer Science and IT, La Trobe University, Plenty Rd., Bundoora 3086, Australia; [email protected] (H.T.R.); [email protected] (A.M.) 2 Centre for Intelligent Systems (CIS), School of Engineering and Technology, CQUniversity, Rockhampton 4700, Australia; [email protected] 3 Department of Electrical and Electronics Engineering, Victoria University, Ballarat Rd., Footscray 3011, Australia; [email protected] (P.P.); [email protected] (A.K.) 4 School of IT, Deakin University, 75 Pigdons Rd, Waurn Ponds 3216, Australia; [email protected] * Correspondence: [email protected] Abstract: IEC 61850 is one of the most prominent communication standards adopted by the smart grid community due to its high scalability, multi-vendor interoperability, and support for several input/output devices. Generic Object-Oriented Substation Events (GOOSE), which is a widely used communication protocol defined in IEC 61850, provides reliable and fast transmission of events for the electrical substation system. This paper investigates the security vulnerabilities of this protocol and analyzes the potential impact on the smart grid by rigorously analyzing the security of the GOOSE protocol using an automated process and identifying vulnerabilities in the context of smart grid communication. The vulnerabilities are tested using a real-time simulation and industry standard Citation: Reda, H.T.; Ray, B.; Peidaee, hardware-in-the-loop emulation.
    [Show full text]
  • Requirements and Challenges of a Future Proof Migration Towards A
    Panel Session #1 Standards for Smart Grids Your Panelists • Lars Nordström, KTH, Sweden – is associate professor in Power System Management at KTH – The Royal Institute of Technology, Stockholm, Sweden, Since 2006 Director of the Swedish centre of Excellence in electric power engineering and active in IEC’s SMB Strategic group on Smartgrids and EU DG Energy taskforce on Smartgrids. • Mathias Uslar, OFFIS, Germany – Dr. Uslar is head of the CISE, the Centre for IT Standards in the Energy Sector. He is member of German GI, IEEE, ACM and IEC german mirror commitee member DKE K 952, 952.0.10, 952.0.17 and international member of IE TC 57 WG 14 and 16 • Karlheinz Schwarz, Nettedautomation, Germany – President of Schwarz Consulting Company, SCC, specializing in distributed automation systems, is involved in many international standardization projects (IEC 61850 – utility automation, DER, hydro power, IEC 61400-25 – wind power, IEC 61158 - Fieldbus, ISO 9506 – MMS, …) since 1984. • Arshad Saleem, DTU, Denmark – is currently pursuing a Ph.D. degree from the Department of Electrical Engineering of DTU, Denmark. He received his bachelor degree in Computer Science and an M.Sc degree in Intelligent Systems from BTH, Sweden. His research interests are application of intelligent systems and autonomous agents to power system control, communication in power systems and distributed control. Definitions of Smartgrids “Smart“Smart GridGrid isis anan electricityelectricity networknetwork thatthat cancan costintelligently efficiently integrate integrate the
    [Show full text]
  • Timing, Networking & Security
    Timing, Networking & Security Company Profile ........................................................................... 4 Technology ....................................................................................... 6 Silicon IP cores .............................................................................. 8 Ethernet Networking ........................................................................................ 8 1G Multiport TSN Switch 10G Multiport TSN Switch 1G HSR/PRP Switch D-S HSR Switch 10G Managed Ethernet Switch 1G Managed Ethernet Switch Spacecraft Networking & Interfacing .................................................. 16 SpaceWire Cameralink RX Interface Accurate Timing Synchronization ......................................................... 17 MULTIsync 1588Tiny Slave-Only IRIG-B Master IRIG-B Slave Wire-speed Cryptography .......................................................................... 21 Multi-algorithmic low-latency AES-GCM Crypto-core Secure Ethernet for Substation Automation Systems Crypto-core Secure Configuration-over-Ethernet IP Industrial Computing Acceleration........................................................22 Sampled Measured Values Subscriber Deep-packet Inspection Engine FPGA Networking Modules ............................................... 24 SMARTmpsoc Family SMARTzynq Family SMARToem Family Multiport FMC Board MEZU Family Embedded Software ............................................................... 32 SoC-e Portable Tools RSTP Posix-compliant Software Stack SoC-e Layer-3
    [Show full text]
  • Technical Iec Specification Ts 62351-1
    This is a preview - click here to buy the full publication TECHNICAL IEC SPECIFICATION TS 62351-1 First edition 2007-05 Power systems management and associated information exchange – Data and communications security Part 1: Communication network and system security – Introduction to security issues PRICE CODE Commission Electrotechnique Internationale V International Electrotechnical Commission Международная Электротехническая Комиссия For price, see current catalogue This is a preview - click here to buy the full publication – 2 – TS 62351-1 © IEC:2007(E) CONTENTS FOREWORD...........................................................................................................................4 1 Scope and object..............................................................................................................6 1.1 Scope......................................................................................................................6 1.2 Object .....................................................................................................................6 2 Normative references .......................................................................................................7 3 Terms, definitions and abbreviations ................................................................................7 4 Background for information security standards .................................................................7 4.1 Rationale for addressing information security in power system operations...............7 4.2 IEC TC
    [Show full text]
  • A Review of IEC 62351 Security Mechanisms for IEC 61850 Message Exchanges
    A Review of IEC 62351 Security Mechanisms for IEC 61850 Message Exchanges This is the Accepted version of the following publication Hussain, S M Suhail, Ustun, Taha Selim and Kalam, Akhtar (2019) A Review of IEC 62351 Security Mechanisms for IEC 61850 Message Exchanges. IEEE Transactions on Industrial Informatics, 16 (9). pp. 5643-5654. ISSN 1551-3203 The publisher’s official version can be found at https://ieeexplore.ieee.org/document/8918111 Note that access to this version may require subscription. Downloaded from VU Research Repository https://vuir.vu.edu.au/41538/ > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 A Review of IEC 62351 Security Mechanisms for IEC 61850 Message Exchanges S. M. Suhail Hussain, Member, IEEE, Taha Selim Ustun, Member, IEEE, and Akhtar Kalam, Life Member, IEEE Different standards and protocols were developed for Abstract—Smart grid is the nexus of advanced Information standardizing the communication in smart grids. The and Communication Technologies (ICT) and legacy power communication standards and protocols define how the systems. With increasing awareness on vulnerabilities of smart information is exchanged between different components such grids to cyber-attacks, cybersecurity is becoming a prime as field equipment, controller Intelligent Electronic Devices concern. Earlier, it was assumed that power system communication protocols are very specialized and different, so (IEDs) and servers. Although initially proposed for substation the “security by obscurity” approach would be sufficient. automation only, IEC 61850 standard has emerged as the most However, with the standardization of communication protocols promising communication standard for smart grids [2]. This is for power utilities and emergence of power market, this approach thanks to its object-oriented design which serves for is no longer valid.
    [Show full text]
  • Secure Substation Declaration of Security Conformance IEC 62443-3-3
    Preface Table of Contents Overview 1 Secure Substation IEC 62443-3-3 Security Requirements 2 Declaration of Security Literature Conformance Glossary IEC 62443-3-3 V1.00 Manual E50417-T1040-C644-A1 NOTE i For your own safety, observe the warnings and safety instructions contained in this document, if available. Disclaimer of Liability Copyright Subject to changes and errors. The information given in Copyright © Siemens 2020. All rights reserved. this document only contains general descriptions and/or The disclosure, duplication, distribution and editing of this performance features which may not always specifically document, or utilization and communication of the content reflect those described, or which may undergo modifica- are not permitted, unless authorized in writing. All rights, tion in the course of further development of the products. including rights created by patent grant or registration of a The requested performance features are binding only when utility model or a design, are reserved. they are expressly agreed upon in the concluded contract. Document version: E50417-T1040-C644-A1.01 Trademarks Edition: 02.2020 SIPROTEC™, DIGSI™, SIGRA™, SIGUARD™, SAFIR™, SICAM™, Version of the product described: V1.00 and MindSphere™ are trademarks of Siemens. Any unau- thorized use is prohibited. All other designations in this document may represent trademarks whose use by third parties for their own purposes may violate the proprietary rights of the owner. Preface Purpose of the Manual This Declaration of Conformance describes the conformance of a typical Siemens substation automation and protection system based on the Siemens secure substation blueprint with the IEC 62443-3-3 system security requirements and security levels.
    [Show full text]