BS EN IEC 62351-9:2023 – TC
$216.05
Tracked Changes. Power systems management and associated information exchange. Data and communications security – Cyber security key management for power system equipment
| Published By | Publication Date | Number of Pages |
| BSI | 2023 | 376 |
IEC 62351-9:2023 specifies cryptographic key management, primarily focused on the management of long-term keys, which are most often asymmetric key pairs, such as public-key certificates and corresponding private keys. As certificates build the base this document builds a foundation for many IEC 62351 services (see also Annex A). Symmetric key management is also considered but only with respect to session keys for group-based communication as applied in IEC 62351-6. The objective of this document is to define requirements and technologies to achieve interoperability of key management by specifying or limiting key management options to be used. This document assumes that an organization (or group of organizations) has defined a security policy to select the type of keys and cryptographic algorithms that will be utilized, which may have to align with other standards or regulatory requirements. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. This document assumes that the reader has a basic understanding of cryptography and key management principles. The requirements for the management of pairwise symmetric (session) keys in the context of communication protocols is specified in the parts of IEC 62351 utilizing or specifying pairwise communication such as: • IEC 62351-3 for TLS by profiling the TLS options • IEC 62351-4 for the application layer end-to-end security • IEC TS 62351-5 for the application layer security mechanism for IEC 60870-5-101/104 and IEEE 1815 (DNP3) The requirements for the management of symmetric group keys in the context of power system communication protocols is specified in IEC 62351-6 for utilizing group security to protect GOOSE and SV communication. IEC 62351-9 utilizes GDOI as already IETF specified group-based key management protocol to manage the group security parameter and enhances this protocol to carry the security parameter for GOOSE, SV, and PTP. This document also defines security events for specific conditions which could identify issues which might require error handling. However, the actions of the organisation in response to these error conditions are beyond the scope of this document and are expected to be defined by the organizations security policy. In the future, as public-key cryptography becomes endangered by the evolution of quantum computers, this document will also consider post-quantum cryptography to a certain extent. Note that at this time being no specific measures are provided. This second edition cancels and replaces the first edition published in 2017. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) Certificate components and verification of the certificate components have been added; b) GDOI has been updated to include findings from interop tests; c) GDOI operation considerations have been added; d) GDOI support for PTP (IEEE 1588) support has been added as specified by IEC/IEEE 61850-9-3 Power Profile; e) Cyber security event logging has been added as well as the mapping to IEC 62351-14; f) Annex B with background on utilized cryptographic algorithms and mechanisms has been added.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 1 | 30477934 |
| 227 | A-30419232 |
| 228 | undefined |
| 231 | Annex ZA (normative)Normative references to international publicationswith their corresponding European publications |
| 233 | English CONTENTS |
| 239 | FOREWORD |
| 241 | 1 Scope |
| 242 | 2 Normative references |
| 243 | 3 Terms, definitions, and abbreviations 3.1 Terms and definitions |
| 248 | 3.2 Abbreviations and acronyms |
| 250 | 4 Security concepts applicable to power systems 4.1 General 4.2 Security objectives 4.2.1 Confidentiality 4.2.2 Data integrity 4.2.3 Authentication |
| 251 | 4.2.4 Non-repudiation 4.3 Cryptographic algorithms and concepts |
| 252 | 5 Key establishment and management techniques 5.1 General 5.2 Key management lifecycle 5.2.1 Key management in the life cycle of a device |
| 253 | Figures Figure 1 – Overview key management in the life cycle of an entity |
| 254 | 5.2.2 Lifecycle of a cryptographic key Figure 2 – Cryptographic key life cycle |
| 255 | 5.3 Cryptographic key usages |
| 256 | 5.4 Key management system security policy 5.5 Key management design principles for power system operations |
| 257 | 5.6 Establishment of symmetric keys 5.6.1 Overview 5.6.2 The Diffie-Hellman key agreement method 5.6.3 Key derivation function (KDF) method |
| 258 | 5.6.4 Group key management Figure 3 – Overview of group key management on the example of GDOI |
| 259 | Figure 4 – GDOI IKE Phase 1 – Authentication and securing communication channel |
| 260 | Figure 5 – GDOI Pull Phase 2 |
| 261 | 5.7 Trust supported by public-key infrastructures (PKI) and privilege management infrastructures (PMI) 5.7.1 General 5.7.2 Registration authorities (RA) 5.7.3 Certification authority (CA) Figure 6 – Overview of PKI infrastructure and realization examples |
| 262 | 5.7.4 Public-key certificates |
| 263 | 5.7.5 Attribute certificates Figure 7 – Central certificate generation |
| 264 | 5.7.6 Public-key certificate and attribute certificate extensions 5.8 Certificate management of public-key certificates 5.8.1 Certificate management process Figure 8 – Relationship between public-key certificates and attribute certificates |
| 265 | 5.8.2 Initial certificate creation 5.8.3 Onboarding of an entity |
| 266 | 5.8.4 Enrolment of an entity |
| 267 | Figure 9 – Example of the SCEP entity enrolment and CSR process |
| 268 | Figure 10 – Example of the EST entity enrolment and CSR process |
| 269 | 5.8.5 Certificate signing request (CSR) processing Figure 11 – CSR processing |
| 270 | Figure 12 – Certification request format |
| 271 | Figure 13 – Certificate request message format |
| 272 | 5.8.6 Enrolment Protocols |
| 273 | 5.8.7 Trust Anchor Management Protocol (TAMP) 5.9 Revocation of public-key certificates 5.9.1 Certificate revocation lists (CRLs) |
| 274 | 5.9.2 Online certificate status protocol (OCSP) Figure 14 – Certificate revocation list |
| 275 | Figure 15 – Overview of the online certificate status protocol (OCSP) |
| 276 | Figure 16 – Diagram using a combination of CRL and OCSP processes |
| 277 | 5.9.3 Server-based certificate validation protocol (SCVP) Figure 17 – Call Flows for the Online Certificate Status Protocol (OCSP) |
| 278 | 5.9.4 Recovering from certificate revocation of an end entity 5.10 Trust via non-PKI issued (self-signed) certificates Figure 18 – Overview Server-Based Certificate Validation Protocol using OCSP Backend |
| 279 | 5.11 Authorization and validation lists 5.11.1 General 5.11.2 AVLs in non-constrained environments |
| 280 | 5.11.3 AVLs in constrained environments 6 Key management (normative) 6.1 General 6.2 Handling of security events |
| 281 | 6.3 Required cryptographic material 6.4 Random Number Generation 6.5 Object identifiers 6.5.1 Concept of object identifiers 6.5.2 Use of object identifiers by this document |
| 282 | 7 Asymmetric key management (normative) 7.1 General 7.2 Certificate components 7.2.1 Public-Key certificate components Tables Table 1 – Public-key certificate components |
| 283 | 7.2.2 Attribute certificate components |
| 284 | 7.3 Certificate generation and installation 7.3.1 Private and public key generation and installation Table 2 – Attribute certificate components |
| 285 | 7.3.2 Cryptographic key protection 7.3.3 Use of existing security key management infrastructure 7.3.4 Certificate policy |
| 286 | 7.3.5 Entity registration for identity establishment 7.3.6 Entity configuration |
| 287 | 7.3.7 Entity enrolment |
| 289 | 7.3.8 Trust anchor information update 7.4 Certificate components and certificate verification 7.4.1 General 7.4.2 Certificate format and encoding |
| 290 | 7.4.3 Certificate signature verification 7.4.4 Public-key certificate components |
| 297 | 7.4.5 Attribute certificate components |
| 300 | 7.4.6 Certificate revocation status |
| 301 | 7.5 Certificate revocation |
| 302 | 7.6 Certificate expiration and renewal |
| 303 | 7.7 Clock Synchronization and Accuracy 7.8 Authorization and validation lists 7.8.1 General 7.8.2 Syntax for authorization and validation list (AVL) for public-key certificates |
| 304 | 7.8.3 AVL scope restriction |
| 305 | 7.8.4 AVL protocol restriction extension 7.8.5 AVL pinning of certificate and associated identifier |
| 306 | 7.8.6 Public-key certificate extensions related to use of AVLs 7.8.7 Issuing of an AVL 7.8.8 Endpoint Handling of AVLs 8 Group based key management (normative) 8.1 GDOI requirements |
| 307 | 8.2 Internet Key Exchange Version 1 (IKEv1) Table 3 – KDC IKEv1 Requirements |
| 308 | 8.3 Phase 1 IKEv1 main mode exchange type 2 8.3.1 General |
| 309 | 8.3.2 Certificate request payload 8.3.3 Security association exchange (1) Figure 19 – IKEv1 (RFC 2409) main mode exchange with RSA digital signatures Figure 20 – IKEv1 main mode exchange and security association messages |
| 310 | 8.3.4 Key exchange (2) Figure 21 – IKEv1 main mode exchange: key exchange messages |
| 311 | 8.3.5 ID authentication exchange (3) Figure 22 – IKEv1 Main Mode Exchange: ID authentication messages |
| 312 | 8.4 Phase 1/2 ISAKMP informational exchange type 5 8.4.1 General Figure 23 – IKEv1 HASH_I calculation |
| 313 | 8.4.2 Phase 1 informational exchange Figure 24 – Phase 1 Informational Exchange (cf. RFC 2408, section 4.8) |
| 314 | 8.4.3 Phase 2 Informational Exchange 8.5 Phase 2 GDOI GROUPKEY-PULL exchange type 32 8.5.1 General Figure 25 – Phase 2 Informational Exchange (cf. RFC 2409, section 5.7) Figure 26 – IKEv1 HASH(1) calculation |
| 315 | 8.5.2 Hash computations Figure 27 – GDOI GROUPKEY-PULL as defined in RFC 6407 Figure 28 – GROUPKEY-PULL hash computations |
| 316 | 8.5.3 Multi-sender and counter mode encryption algorithm 8.5.4 SA KEK, SEQ, KEK/LKH key download payload support 8.5.5 GROUPKEY-PULL group SA request exchange Figure 29 – GROUPKEY-PULL initial SA request exchange |
| 317 | Figure 30 – RFC 6407 Identification Payload |
| 318 | Figure 31 – ID_OID Identification Data Table 4 – IEC 61850 Object IDs: Mandatory (m) and Optional (o) |
| 319 | Figure 32 – 61850_UDP_ADDR_GOOSE/SV ASN.1 BNF Figure 33 – IPADDRESS ASN.1 BNF |
| 320 | Figure 34 – Example IecUdpAddrPayload ASN.1 Data with DER Encoding Figure 35 – 61850_UDP_TUNNEL Payload ASN.1 BNF Figure 36 – 61850_ETHERNET_GOOSE/SV Payload ASN.1 BNF |
| 321 | 8.5.6 SA TEK payload Figure 37 – RFC 6407 SA TEK Payload |
| 322 | 8.5.7 IEC 61850 SA TEK payload Figure 38 – IEC-61850 SA TEK Payload |
| 323 | 8.5.8 SA TEK payload for IEC 61850-9-3 |
| 325 | 8.5.9 SPI discussion Figure 39 – Correlation of SPI Value |
| 326 | 8.5.10 SA data attributes 8.5.11 GROUPKEY-PULL group key download exchange Figure 40 – GROUPKEY-PULL Key Download Exchange Figure 41 – GROUPKEY-PULL group key download hash computations |
| 328 | Figure 42 – Key renewal triggered by the entities |
| 329 | 8.5.12 TEK Key Download Handling 8.6 Phase 2 GROUPKEY-PUSH exchange type 33 8.6.1 General Figure 43 – GROUPKEY-PUSH message (from RFC 6407) Figure 44 – GROUPKEY-PUSH ACK message (from RFC 8263) |
| 330 | 8.6.2 GROUPKEY-PUSH Message 8.6.3 GROUPKEY-PUSH acknowledgement message Figure 45 – GROUPKEY-PUSH ACK hash computations Figure 46 – GROUPKEY-PUSH ack_key computations |
| 331 | 8.7 Operational considerations 8.7.1 General 8.7.2 Group Security Policy 8.7.3 Group dynamicity |
| 333 | 8.7.4 Handling of Key Delivery Assurance (informative) 9 Protocol Implementation Conformance Statement (PICS) 9.1 General |
| 334 | 9.2 Notation 9.3 Conformance to general key management requirements 9.4 Conformance to requirements for asymmetric key management Table 5 – PICS for general key management Table 6 – PICS for asymmetric key management |
| 335 | 9.5 Requirements for group-based key management 9.6 Supported GDOI Payload OIDs Table 7 – PICS for group-based key management (valid for KDC and Client) Table 8 – PICS for supported OIDs for the identification payload |
| 336 | Annex A (informative)Relations to other parts of IEC 62351 and other IEC documents Figure A.1 – IEC 62351-9 relationship to other parts of IEC 62351 |
| 338 | Annex B (informative)Cryptographic algorithms and mechanisms B.1 Trust and trust anchor B.2 Cryptographic algorithms B.2.1 Introduction |
| 339 | B.2.2 Security strength B.3 Public-key algorithms B.3.1 General |
| 340 | B.3.2 The RSA public-key algorithm |
| 341 | B.3.3 The DSA public-key algorithm B.3.4 The ECDSA public-key algorithm |
| 343 | B.3.5 The EdDSA public-key algorithms |
| 345 | B.3.6 Digital signature algorithms |
| 347 | B.4 Symmetric key algorithms B.4.1 Stream ciphers vs. block ciphers B.4.2 Advance encryption standard |
| 348 | B.4.3 Advanced encryption standard – cipher block chaining (AES-CBC) B.4.4 Advanced encryption standard – counter mode (AES-CTR) |
| 349 | B.5 Hash algorithms |
| 350 | B.6 Integrity check value (ICV) algorithms B.6.1 General B.6.2 Keyed-hash message authentication code (HMAC) algorithm |
| 351 | B.6.3 Advance Encryption Standard (AES) – Galois message authentication code (GMAC) algorithm B.7 Authenticated encryption with associated data (AEAD) algorithms B.7.1 General |
| 352 | B.7.2 Advanced encryption standard (AES) – Galois/Counter Mode (GCM) B.7.3 Advanced encryption standard (AES) – Counter with CBC-MAC (CCM) |
| 353 | B.8 Diffie-Hellman key agreement B.8.1 General B.8.2 Introduction to cyclic groups |
| 354 | B.8.3 Diffie-Hellman method over finite field B.8.4 The discrete logarithm problem B.8.5 Elliptic curve Diffie-Hellman key agreement |
| 355 | B.8.6 Key establishment algorithms |
| 356 | B.9 Key derivation |
| 357 | B.10 Migration of cryptographic algorithms B.11 Post-quantum computing cryptography |
| 358 | B.12 Random Number Generation (RNG) B.12.1 Random number generation types B.12.2 Deterministic random bit generators |
| 359 | B.12.3 Non-deterministic random number generation B.12.4 Entropy sources |
| 360 | Annex C (informative)Certificate enrolment and renewal flowcharts C.1 Certificate Enrolment Figure C.1 – Certificate Enrolment (general) |
| 361 | C.2 Certificate Renewal Figure C.2 – Certificate Renewal State Machine |
| 362 | Annex D (informative)Security Event mapping to IEC 62351-14 D.1 General D.2 Security event log records for credential transport and enrolment Table D.1 – Security event logs for credential transportand certificate enrolment mapped to IEC 62351-14 |
| 363 | D.3 Security event log records for public-key certificate verification Table D.2 – Security event logs defined for public-keycertificate verification mapped to IEC 62351-14 |
| 365 | D.4 Security event log records for attribute certificate verification Table D.3 – Security event logs defined for attribute certificate verification mapped to IEC 62351-14 |
| 367 | D.5 Security event log records for certificate revocation status Table D.4 – Security event logs defined for certificaterevocation status mapped to IEC 62351-14 |
| 368 | D.6 Security event log records for group-based key management with GDOI Table D.5 – Security event logs for GDOI mapped to IEC 62351-14 |
| 369 | Bibliography |
Related products
-
BS EN IEC 62351-3:2023 – TC
Tracked Changes. Power systems management and associated information exchange. Data and communications security – Communication…
-
BS EN IEC 62351-5:2023 – TC
Tracked Changes. Power systems management and associated information exchange. Data and communications security – Security…
-
BS EN IEC 62657-2:2022 – TC 2023
Tracked Changes. Industrial networks. Coexistence of wireless systems – Coexistence management Published By Publication Date…
