IEC 62351:2018(E) specifies security requirements both at the transport layer and at the application layer. While IEC TS 62351-4:2007 primarily provided some limited support at the application layer for authentication during handshake for the Manufacturing Message Specification (MMS) based applications, this document provides support for extended integrity and authentication both for the handshake phase and for the data transfer phase. It provides for shared key management and data transfer encryption at the application layer and it provides security end-to-end (E2E) with zero or more intermediate entities. While IEC TS 62351-4:2007 only provides support for systems based on the MMS, i.e. systems using an Open Systems Interworking (OSI) protocol stack, this document provides support for application protocols using other protocol stacks, e.g. an Internet protocol suite. This support is extended to protect application protocols using XML encoding. This extended security at the application layer is referred to as E2E-security. In addition to E2E security, this part of IEC 62351 also provides mapping to environmental protocols carrying the security related information. Only OSI and XMPP environments are currently considered<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | Annex ZA(normative)Normative references to international publicationswith their corresponding European publications <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | CONTENTS <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 1 Scope 1.1 General <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 1.2 Code components 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 3 Terms, definitions and abbreviated terms 3.1 General <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 3.2 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 3.3 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 4 Security issues addressed by this part of IEC 62351 4.1 Communications reference models <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 4.2 Security for application and transport profiles Figures Figure 1 \u2013 Application and transport profiles (informative) <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 4.3 Compatibility and native modes 4.4 Security threats countered 4.4.1 General Tables Table 1 \u2013 Relationship between security andsecurity measure combinations <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 4.4.2 Threats countered in compatibility mode 4.4.3 Threats countered in native mode 4.5 Attack methods countered 4.5.1 General 4.5.2 Attacks countered in compatibility mode 4.5.3 Attacks countered in native mode <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 4.6 Logging 5 Specific requirements 5.1 Specific requirements for ICCP\/IEC 60870-6-x communication stack <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 5.2 Specific requirements for IEC 61850 6 Transport Security 6.1 General 6.2 Application of transport layer security (TLS) 6.2.1 General <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 6.2.2 The TLS cipher suite concept 6.2.3 TLS session resumption 6.2.4 TLS session renegotiation 6.2.5 Supported number of trust anchors 6.2.6 Public-key certificate size 6.2.7 Evaluation period for revocation state of public-key certificates <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 6.2.8 Public-key certificate validation 6.2.9 Security events handling 6.3 T-security in an OSI operational environment 6.3.1 General 6.3.2 TCP ports Figure 2 \u2013 T-profiles without and with TLS protection <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 6.3.3 Disabling of TLS 6.3.4 TLS cipher suites support Table 2 \u2013 Commented recommended cipher suites from IEC TS 62351-4:2007 <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 6.4 T-security in an XMPP operational environment 7 Application layer security overview (informative) 7.1 General Table 3 \u2013 Cipher suites combinations in the context of this document <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 7.2 Description techniques 7.2.1 General 7.2.2 ASN.1 as an XML schema definition <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 7.2.3 W3C XML Schema Definition (W3C XSD) 7.2.4 XML namespace 8 Use of cryptographic algorithms 8.1 General 8.2 Basic cryptographic definitions <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 8.3 Public-key algorithms <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 8.4 Hash algorithms 8.5 Signature algorithms 8.6 Symmetric encryption algorithms used for encryption only <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 8.7 Authenticated encryption algorithms 8.8 Integrity check value algorithms <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 9 Object identifier allocation (normative) 10 General OSI upper layer requirements (normative) 10.1 Overview <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 10.2 General on OSI upper layer requirements 10.3 Session protocol requirements Figure 3 \u2013 Association establishment <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 10.4 Presentation protocol requirements 10.4.1 Context list 10.4.2 Abstract syntaxes 10.4.3 Presentation user data <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 10.4.4 ASN.1 encoding requirements Figure 4 \u2013 Inclusion of User-data in SESSION DATA TRANFER SPDU <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 10.5 Association control service element (ACSE) protocol requirements 10.5.1 General 10.5.2 Protocol version 10.5.3 Titles 10.5.4 Use of ASN.1 EXTERNAL data type <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 11 A-security-profile (normative) 11.1 OSI requirements specific to A-security profile 11.1.1 General 11.1.2 Additional session protocol requirements 11.1.3 Additional presentation protocol requirement 11.1.4 Additional ACSE requirements <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 11.2 MMS Authentication value 11.2.1 General 11.2.2 MMS-Authentication value data type <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 11.2.3 Handling of the association request (AARQ-apdu) 11.2.4 Handling of the association result (AARE-apdu) <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 12 End-to-end application security model 12.1 Introduction and general architecture Figure 5 \u2013 E2E security building blocks Figure 6 \u2013 Relationship between environment, E2E-security and protected protocol <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 12.2 Abstract syntax specifications 12.2.1 General Figure 7 \u2013 Relationships between APDUs Figure 8 \u2013 The scope of E2E-security specification <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 13 End-to-end application security (normative) 13.1 Association management 13.1.1 General concept 13.1.2 UTC time specification 13.1.3 Handshake request <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 13.1.4 Handshake accept <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | 13.1.5 Association reject by the protected protocol 13.1.6 Association reject due to security issues <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 13.1.7 Handshake security abort 13.1.8 Data transfer security abort 13.1.9 Abort by protected protocol <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 13.1.10 Association release request 13.1.11 Association release response 13.2 Data transfer phase 13.2.1 General <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | 13.2.2 Clear data transfer 13.2.3 Encrypted data transfer <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | 13.3 ClearToken data types 13.3.1 The ClearToken1 data type <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 13.3.2 The ClearToken2 data type <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 13.3.3 The ClearToken3 data type <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 13.4 Authentication and integrity specifications 13.4.1 The Signature data type 13.4.2 The authenticator data type <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | 14 E2E security error handling (normative) 14.1 General 14.2 Specification of diagnostics 14.2.1 Handshake diagnostics <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 14.2.2 The data transfer diagnostics <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 14.3 Checking of E2E-security handshake request and accept 14.3.1 General 14.3.2 Signature checking <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | 14.3.3 Protected protocol identity checking 14.3.4 ClearToken1 checking <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | 14.4 Checking of security protocol control information during data transfer 14.4.1 General 14.4.2 Authenticator checking 14.4.3 Checks of the ClearToken2 value <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | 15 E2E security used in an OSI operational environment 15.1 General 15.2 Additional upper layer requirements 15.2.1 Additional presentation layer requirements 15.2.2 Additional ACSE requirements <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | 15.3 Association management in an OSI operational environment 15.3.1 General 15.3.2 Mapping to ACSE association request 15.3.3 Mapping to ACSE association response Table 4 \u2013 Mapping of SecPDUs to ACSE APDUs <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | 15.3.4 Mapping to ACSE abort <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | 15.3.5 Mapping to ACSE release request 15.3.6 Mapping to ACSE release response 15.4 Data transfer in OSI operational environment 15.4.1 General 15.4.2 Mapping of the clear data transfer SecPDU <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | 15.4.3 Mapping of the encrypted data transfer SecPDU 15.5 OSI upper layer routing Figure 9 \u2013 Upper layer routing <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | 15.6 OSI operational environment checking 15.6.1 General checking 15.6.2 Environment mapping checking <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | 15.6.3 OSI operational environment diagnostics 16 E2E security used in in an XMPP operational environment 16.1 General on wrapping to an XMPP operational environment <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | 16.2 Mapping of SecPDUs to iq stanzas Table 5 \u2013 Mapping of SecPDUs to XMPP stanzas <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | 16.3 Mapping of SecPDUs to message stanzas 16.4 XMPP stanza error handling <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | 16.5 XML namespaces 16.6 Encoding of EnvPDUs within XMPP stanzas <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | 16.7 Multiple associations 16.8 Release collision consideration 17 Conformance to this document 17.1 General 17.2 Notation 17.3 Conformance to operational environment <\/td>\n<\/tr>\n | ||||||
| 77<\/td>\n | 17.4 Conformance to modes of operation 17.5 Conformance to compatibility mode Table 6 \u2013 Conformance to operational environment Table 7 \u2013 Conformance to modes of operation Table 8 \u2013 Conformance to compatibility mode <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | 17.6 Conformance to native mode Table 9 \u2013 Conformance to TLS cipher suites in compatibility mode Table 10 \u2013 Conformance to native mode Table 11 \u2013 Conformance to mode of encryption <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | Table 12 \u2013 Conformance to TLS cipher suites in native mode Table 13 \u2013 Conformance to cryptographic algorithms for E2E-security <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | Annex A (normative)Formal ASN.1 specification for the A-security-profile <\/td>\n<\/tr>\n | ||||||
| 81<\/td>\n | Annex B (normative)Formal ASN.1 specification for the End-to-End security <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | Annex C (normative)Formal W3C XSD specification for the end-to-end security <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | Annex D (normative)ASN.1 module for OSI operational environment D.1 Scope of annex D.2 ASN.1 module <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | Annex E (normative)ASN.1 modules and W3C XSDs for an XMPP operational environment E.1 Scope of Annex E.2 ASN.1 modules for the XMPP operational environment E.2.1 ASN.1 module for the urn:ietf:params:xml:ns:xmpp-stanzas XML namespace E.2.2 ASN.1 module for the http:\/\/www.iec.ch\/62351\/2018\/ENV_4 XML namespace <\/td>\n<\/tr>\n | ||||||
| 98<\/td>\n | E.3 W3C XSDs for the XMPP operational environment E.3.1 W3C XSD for the urn:ietf:params:xml:ns:xmpp-stanzas XML namespace <\/td>\n<\/tr>\n | ||||||
| 99<\/td>\n | E.3.2 W3C XSD for the http:\/\/www.iec.ch\/62351\/2018\/ENV_4 XML namespace <\/td>\n<\/tr>\n | ||||||
| 101<\/td>\n | Annex F (normative)Template for virtual API specifications F.1 General Figure F.1 \u2013 Virtual API concept <\/td>\n<\/tr>\n | ||||||
| 102<\/td>\n | F.2 ASN.1 virtual API specification F.3 W3C XSD virtual API specification <\/td>\n<\/tr>\n | ||||||
| 103<\/td>\n | Annex G (normative)End-entity public-key certificate specification G.1 Scope of annex G.2 General requirement G.3 Length considerations G.4 Basic Structure requirement and recommendations G.4.1 Version component G.4.2 Serial number component G.4.3 Issuer signature algorithm component <\/td>\n<\/tr>\n | ||||||
| 104<\/td>\n | G.4.4 Issuer component G.4.5 Validity component G.4.6 Subject component G.4.7 Subject public key Information component <\/td>\n<\/tr>\n | ||||||
| 105<\/td>\n | G.4.8 Issuer unique ID and subject unique ID components G.5 Extensions G.5.1 General G.5.2 Key usage extension G.5.3 Revocation checking <\/td>\n<\/tr>\n | ||||||
| 106<\/td>\n | G.5.4 IEC user role information extension G.6 Specific requirements for operational environments G.6.1 General G.6.2 OSI operational environment G.6.3 XMPP operational environment <\/td>\n<\/tr>\n | ||||||
| 107<\/td>\n | Annex H (normative)Lower layer requirements for the OSI operational environment H.1 Scope of annex H.2 Transport protocol class 0 H.2.1 Enforcement of maximum lengths H.2.2 Response to Class 0 unsupported TPDUs H.2.3 Transport selectors Table H.1 \u2013 TP class 0 maximum sizes <\/td>\n<\/tr>\n | ||||||
| 108<\/td>\n | H.3 IETF RFC 1006 H.3.1 General H.3.2 Version number H.3.3 Length H.3.4 Keep-alive <\/td>\n<\/tr>\n | ||||||
| 109<\/td>\n | Annex I (informative)ASN.1 definition of ACSE <\/td>\n<\/tr>\n | ||||||
| 113<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Power systems management and associated information exchange. Data and communications security – Profiles including MMS and derivatives<\/b><\/p>\n |