Secure multicast for power grid systems faces a number of challenges like complex and error-prone group configuration, inefficient group key management, real-time challenges to existing security protocols and the balance among correctness, efficiency, feasibility and cost.We propose an application-aware approach to setting up secure multicast for power grid communications that automatically derives group memberships and verifies configuration conformance from data dependencies in system specifications. We present an analytic publish-subscribe model, which formally depicts the relationships between data objects, publishers, subscribers and group controllers in a secure multicast system. Based on the model, we study anomalies in multicast functionality configurations like redundant and unauthorized publications, source-anomaly and data-dissatisfaction subscriptions. Algorithms are developed to detect the anomalies and verify the configuration conformance. A practical architecture is designed for automatic and error-resistant group configuration. It transforms the application layer system specifications to the network layer group security associations, policies and credentials. We also demonstrate the feasibility of raising link layer control messages to the network layer and protecting timing critical multicast traffic using one of the off-the-shelf network layer security protocols, namely IPsec. We provide experimental evidence that native IPsec multicast is capable of addressing latency constraints in medium scale networks.To evaluate the approach, we present a case study of IEC 61850 power substation networks and have developed a demo system, SecureSCL. The case study shows the benefits a real-world application gains from the automatically-generated group security configurations and demonstrates the practicality and efficiency of the approach.This work provides a cross-layer approach of automatically self-generated group configuration for power grid communications, addressing key concerns of both system implementation and conformance analysis. The proposed multicast model and verification mechanism can be extended for generic secure communication configurations. On the other hand, the prototype system SecureSCL has a potential of being developed into a realistic application for power substations.
PDF
download
878987797
028-85220240
