Demostrador para el análisis de tráfico de red en subestaciones de tracción basadas en IEC61850

  1. Baltuille Puente, Pablo 1
  2. Morán, Antonio 1
  3. Alonso, Serafin 1
  4. Prada, Miguel Ángel 1
  5. Fuertes, Juan José 1
  6. Domínguez, Manuel 1
  1. 1 Universidad de León
    info

    Universidad de León

    León, España

    ROR https://ror.org/02tzt0b78

Journal:
Jornadas de Automática
  1. Cruz Martín, Ana María (coord.)
  2. Arévalo Espejo, V. (coord.)
  3. Fernández Lozano, Juan Jesús (coord.)

ISSN: 3045-4093

Year of publication: 2024

Issue: 45

Type: Article

DOI: 10.17979/JA-CEA.2024.45.10920 DIALNET GOOGLE SCHOLAR lock_openOpen access editor

Abstract

This paper presents an analysis of the network traffic in modern electrical substations, based on the IEC 61850 standard,which provide energy to the railways. It is proposed to deploy several probes in order to detect the events generated by different Intelligent Electronic Devices (IEDs) in the network, along with a methodology for the generation and analysis of these packets.In addition, an experiment is performed using a cabinet that replicates the automation system of the electrical substation. In this system, IEC 60870-5-104 and IEC 61850 GOOSE and MMS traffic are generated through the execution of an electrical operation under normal conditions. This traffic is monitored through the mentioned probes. A study of the events is performedusing a packet analysis tool, resulting in a inspection of the types of packets detected during the period of the operation.

Bibliographic References

  • Adepu, S., Kandasamy, N. K., Mathur, A., 01 2019. Epic: An electric power testbed for research and training in cyber physical systems security. In: 17th International Workshop, IWDW 2018, Jeju Island, Korea, October 22-24, 2018, Proceedings. pp. 37–52. DOI: 10.1007/978-3-030-12786-2 3 DOI: https://doi.org/10.1007/978-3-030-12786-2_3
  • Akbarzadeh, A., Erdódi, L., Houmb, S., Soltvedt, T., 05 2024. Two-stage advanced persistent threat (APT) attack on an IEC 61850 power grid substation. International Journal of Information Security, 1–20. DOI: 10.1007/s10207-024-00856-6 DOI: https://doi.org/10.1007/s10207-024-00856-6
  • Bohara, A., Ros-Giralt, J., Elbez, G., Valdes, A., Nahrstedt, K., Sanders, W. H., 2020. Ed4gap: Efficient detection for GOOSE-based poisoning attacks on IEC 61850 substations. In: 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). pp. 1–7. DOI: 10.1109/SmartGridComm47815.2020.9303015 DOI: https://doi.org/10.1109/SmartGridComm47815.2020.9303015
  • Chalé, M., Bastian, N. D., 2022. Generating realistic cyber data for training and evaluating machine learning classifiers for network intrusion detection systems. Expert Systems with Applications 207, 117936. DOI: 10.1016/j.eswa.2022.117936 DOI: https://doi.org/10.1016/j.eswa.2022.117936
  • Chawla, A., Aftab, M. A., Hussain, S. S., Panigrahi, B., Ustun, T. S., 2022. Cyber–physical testbed for wide area measurement system employing IEC 61850 and IEEE C37.118 based communication. Energy Reports 8, 570–578, 2022 The 4th International Conference on Clean Energy and Electrical Systems. DOI: 10.1016/j.egyr.2022.05.207 DOI: https://doi.org/10.1016/j.egyr.2022.05.207
  • Gaspar, J., Cruz, T., Lam, C.-T., Sim˜oes, P., 2023. Smart substation communications and cybersecurity: A comprehensive survey. IEEE Communications Surveys & Tutorials 25 (4), 2456–2493. DOI: 10.1109/COMST.2023.3305468 DOI: https://doi.org/10.1109/COMST.2023.3305468
  • Gautam, A., Ashok, S., 01 2020. Problem Diagnostic Method for IEC61850 MMS Communication Network. pp. 41–54. DOI: 10.1007/978-981-32-9346-5 4 DOI: https://doi.org/10.1007/978-981-32-9346-5_4
  • Hemmati, M., Palahalli, H., Gajani, G., Gruosso, G., 01 2022. Impact and vulnerability analysis of IEC61850 in smartgrids using multiple HIL real-time testbeds. IEEE Access PP, 1–1. DOI: 10.1109/ACCESS.2022.3209698 DOI: https://doi.org/10.1109/ACCESS.2022.3209698
  • Hong, J., Song, T.-J., Lee, H., Zaboli, A., 2022. Automated cybersecurity tester for IEC61850-based digital substations. Energies 15. DOI: 10.3390/en15217833 DOI: https://doi.org/10.3390/en15217833
  • Hunt, R., Flynn, B., Smith, T., 2019. The substation of the future: Moving toward a digital solution. IEEE Power and Energy Magazine 17 (4), 47–55. DOI: 10.1109/MPE.2019.2908122 DOI: https://doi.org/10.1109/MPE.2019.2908122
  • Hussain, S., Hernandez Fernandez, J., Al-Ali, A. K., Shikfa, A., 2021. Vulnerabilities and countermeasures in electrical substations. International Journal of Critical Infrastructure Protection 33, 100406. DOI: 10.1016/j.ijcip.2020.100406 DOI: https://doi.org/10.1016/j.ijcip.2020.100406
  • Hussain, S., Ustun, T. S., Kalam, A., 09 2020. A review of IEC 62351 security mechanisms for IEC 61850 message exchanges. IEEE Transactions on Industrial Informatics 16, 5643–5654. DOI: 10.1109/TII.2019.2956734 DOI: https://doi.org/10.1109/TII.2019.2956734
  • Hussain, S. M. S., Aftab, M. A., Farooq, S. M., Ali, I., Ustun, T. S., Konstantinou, C., 2023. An effective security scheme for attacks on sample value messages in IEC 61850 automated substations. IEEE Open Access Journal of Power and Energy 10, 304–315. DOI: 10.1109/OAJPE.2023.3255790 DOI: https://doi.org/10.1109/OAJPE.2023.3255790
  • Jorgensen, P.-A., Waltoft-Olsen, A., Houmb, S. H., Toppe, A. L., Soltvedt, T. G., Muggerud, H. K., 2022. Building a hardware-in-the-loop (hil) digital energy station infrastructure for cyber operation resiliency testing. In: 2022 IEEE/ACM 3rd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS). pp. 9–16. DOI: 10.1145/3524489.3527299 DOI: https://doi.org/10.1145/3524489.3527299
  • Labonne, A., Caire, R., Braconnier, T., Guise, L., Jardim, M., Hadjsaid, N., 2021. Teaching digital control of substation and iec 61850 with a test bench validation. IEEE Transactions on Power Systems 36 (2), 1175–1182. DOI: 10.1109/TPWRS.2020.3010446 DOI: https://doi.org/10.1109/TPWRS.2020.3010446
  • Mackiewicz, R., 2006. Overview of IEC 61850 and benefits. In: 2006 IEEE PES Power Systems Conference and Exposition. pp. 623–630. DOI: 10.1109/PSCE.2006.296392 DOI: https://doi.org/10.1109/PSCE.2006.296392
  • Mocanu, S., Thiriet, J.-M., 04 2021. Real-time performance and security of iec 61850 process bus communications. Journal of Cyber Security and Mobility. DOI: 10.13052/jcsm2245-1439.1021 DOI: https://doi.org/10.13052/jcsm2245-1439.1021
  • Quincozes, S. E., Albuquerque, C., Passos, D., Moss´e, D., 2021. A survey on intrusion detection and prevention systems in digital substations. Compu- ter Networks 184, 107679. DOI: 10.1016/j.comnet.2020.107679 DOI: https://doi.org/10.1016/j.comnet.2020.107679
  • Quincozes, V. E., Quincozes, S. E., Albuquerque, C., Passos, D., Moss´e, D., 2022. Feature extraction for intrusion detection in IEC-61850 communication networks. In: 2022 6th Cyber Security in Networking Conference (CSNet). pp. 1–7. DOI: 10.1109/CSNet56116.2022.9955599 DOI: https://doi.org/10.1109/CSNet56116.2022.9955599
  • Roomi, M. M., Hussain, S. M. S., Mashima, D., Chang, E.-C., Ustun, T. S., 2023. Analysis of false data injection attacks against automated control for parallel generators in iec 61850-based smart grid systems. IEEE Systems Journal 17 (3), 4603–4614. DOI: 10.1109/JSYST.2023.3236951 DOI: https://doi.org/10.1109/JSYST.2023.3236951
  • Sarhan, M., Layeghy, S., Portmann, M., Nov. 2021. Towards a standard feature set for network intrusion detection system datasets. Mobile Networks and Applications 27 (1), 357–370. DOI: 10.1007/s11036-021-01843-0 DOI: https://doi.org/10.1007/s11036-021-01843-0
  • Soares, A. A. Z., Soares, L. F., Mattos, D. P., Pinheiro, P. H. B. S., Quincozes, S. E., Ferreira, V. C., Apostolo, G. H., Carrara, G. R., Moraes, I. M., Albuquerque, C., Lopes, Y., Fernandes, N. C., Muchaluat-Saade, D. C., 2021. Enabling emulation and evaluation of IEC 61850 networks with titan. IEEE Access 9, 49788–49805.DOI: 10.1109/ACCESS.2021.3068366 DOI: https://doi.org/10.1109/ACCESS.2021.3068366
  • Ustun, T. S., Hussain, S. M. S., Ulutas, A., Onen, A., Roomi, M. M., Mashima, D., 2021. Machine learning-based intrusion detection for achieving cybersecurity in smart grids using IEC 61850 GOOSE messages. Symmetry 13 (5). DOI: 10.3390/sym13050826 DOI: https://doi.org/10.3390/sym13050826
  • Yang, Y., Xu, H., Mclaughlin, K., Sezer, S., Jiang, H., Huang, W., 01 2019. Cybersecurity Testing Technology in Smart Substations. pp. 223–254. DOI: 10.1016/B978-0-12-815158-7.00007-X DOI: https://doi.org/10.1016/B978-0-12-815158-7.00007-X
  • Yildirim Yayilgan, S., Holik, F., Abomhara, M., Abraham, D., Gebremedhin, A., 2022. An approach for analyzing cyber security threats and attacks: A case study of digital substations in norway. Electronics 11 (23). DOI: 10.3390/electronics11234006 DOI: https://doi.org/10.3390/electronics11234006
  • Yohanandhan, R. V., Elavarasan, R. M., Pugazhendhi, R., Premkumar, M., Mihet-Popa, L., Zhao, J., Terzija, V., 2022. A specialized review on outlook of future cyber-physical power system (CPPS) testbeds for securing electric power grid. International Journal of Electrical Power & Energy Systems 136, 107720. DOI: 10.1016/j.ijepes.2021.107720 DOI: https://doi.org/10.1016/j.ijepes.2021.107720
Data source: Dialnet