Received January 2, 2020, accepted January 28, 2020, date of publication February 3, 2020, date of current version February

11, 2020.
Digital Object Identifier 10.1109/ACCESS.2020.2971011

Implementing Secure Routable GOOSE and SV

Messages Based on IEC 61850-90-5
TAHA SELIM USTUN 1 , (Member, IEEE), SHAIK MULLAPATHI FAROOQ 2,3 , (Member, IEEE),
AND S. M. SUHAIL HUSSAIN 1 , (Member, IEEE)
1 Fukushima Renewable Energy Institute, AIST (FREA), Koriyama 963-0298, Japan
2 Department of Computer Science and Engineering, YSR Engineering College, Yogi Vemana University, Proddatur 516360, India
3 Department of Computer Science and Systems Engineering, Sree Vidyanikethan Engineering College (Autonomous), Tirupati 517102, India

Corresponding author: Shaik Mullapathi Farooq (smfarooq@ieee.org)

This work was supported in part by the Fukushima Prefecture’s Reconstruction under Grant 2019.

ABSTRACT Next generation power systems are active networks that handle two-way power flow. They
are equipped with extensive communication capabilities to perform dynamic monitoring, protection and
control operations. Synchrophasors provide a pseudo real-time representation of grid’s current state. Phasor
Measurement Units (PMU) placed in different parts of the grid periodically collect synchrophasor data. Then,
they send it to a Phasor Data Concentrator (PDCs) through Wide Area Monitoring Systems (WAMS). The
entire system formed as PMU Communication Network (PMU-CN) is based on two available frameworks:
IEEE C37.118.2 and IEC 61850-90-5. As New York Blackout of 2003 showed that accurate and timely
delivery of phasor measurements is vital for secure grid operation. Attacks on PMU-CN may lead to
several consequences in the grid and cause physical damage. IEEE C37.118.2 does not specify any security
mechanism to mitigate security attacks. To address this gap, security mechanism specified in IEC 61850-
90-5 have been implemented using OpenSSL library. A novel toolbox called R-GoSV has been developed
to construct PMU messages with cybersecurity mechanisms. Thanks to this tool, custom messages have
been transmitted in the network to investigate their effectiveness. Finally, the performance evaluation of the
specified security algorithms in terms of computational time sis carried out.

INDEX TERMS Cyber security in wide area monitoring system (WAMS), routable-generic object-oriented
substation event (R-GOOSE), routable-sample values (R-SV), IEC 61850-90-5, OpenSSL library.

I. INTRODUCTION Of-Change-Of-Frequency (ROCOF) and send them to PDCs

Integration of Distributed Energy Resources (DER), electric through a communication framework. There are two pop-
vehicles (EVs) and storage devices into traditional electrical ular communication frameworks for PMU communica-
power systems makes it more dynamic and increases its oper- tion; IEEE C37.118 [4] and IEC 61850-90-5 [5]. IEEE
ational complexity. Smart Grid (SG) concept is developed to C37.118 framework further divided into IEEE C37.118.1 and
manage this situation through Wide Area Monitoring, Pro- IEEE C37.118.2. The first part deals with measurement
tection and Control (WAMPAC) applications [1]. WAMPAC details of synchrophasors under dynamic conditions while
applications make use of synchrophasor technology which is the second part focuses on transmission requirements of
based on Phasor Measurement Units (PMUs), Phasor Data those synchrophasors. IEEE C37.118.2 is widely adopted in
Concentrators (PDCs) and Wide Area Measurement Systems commercial PMUs and PDCs. It does not put restrictions
(WAMS). Synchrophasor technology plays a key role in mon- on the choice of communication medium and transport pro-
itoring, control and protection of electric power systems [2] tocol to be used in synchrophasor data transmission. IEEE
and any failure in this field may lead to severe consequences C37.118.2 standard also does not specify security require-
such as blackouts [3]. ments to protect data communication over an insecure IP
PMUs measure synchrophasors which includes voltage network.
and current values (amplitude and angle), frequency, Rate- Due to involvement of critical infrastructure in syn-
chrophasor based communication, and transmission of data
The associate editor coordinating the review of this manuscript and
over insecure public network, a strong security mecha-
approving it for publication was Jenny Mahoney. nism is needed to mitigate cyber-attacks. Many attacks, e.g.

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/
26162 VOLUME 8, 2020
T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

reconnaissance, Man-In-The-Middle (MITM), replay and and R-SV messages which can be transmitted in insecure
Denial of Service (DoS), demonstrated in literature were wide area public network [18]. To ensure the security of R-
proven to compromised synchrophasor communication based GOOSE and R-SV, the security mechanisms recommended
on IEEE C37.118.2 framework [6]–[9]. Authors in [6] anal- in IEC 61850-90-5 standard are implemented in the session
yses the impact of Black Energy malware which involved layer. The developed R-GoSV toolbox can be used to generate
in several major cyber-attacks including coordinated DDoS secure R-GOOSE and R-SV messages which can be further
attack on Georgia’s finance, military and government agen- utilized for performing different tests and evaluating different
cies, fraudulent bank transactions and the Ukraine power grid. security mechanisms.
Different security vulnerabilities of IEEE C37.118.2 com- Rest of the paper is organized as follows: section
pliant PMU communication is documented in [7]. Node 2 describes about synchrophasor communication. Section 3
authentication vulnerabilities have been documented and a outlines the popular two communication frameworks: IEEE
certificate-based solution is developed in [8]. The impact of C37.118.2 and IEC 61850-90-5. Section 4 gives implemen-
data integrity attacks on the system and how wrong decisions tation details of the security mechanism specified in IEC
such as triggering protection elements based on falsified data 61850-90-5. It also reports Wireshark captures of the gen-
causes a major loss have been documented in [9]. The vul- erated secure R-GOOSE and R-SV packets. Finally, section
nerability of IEEE C37.118.2 compliant PMU against DoS 5 concludes the paper.
attack has been shown in [10]. Tests have been performed
by flooding legitimate and forged packets to PMUs and II. SYNCHROPHASOR COMMUNICATION
checking their unresponsiveness. In PMU networks high time Smart grid requires Information and Communication Tech-
synchronization is achieved through GPS, but GPS spoofing nologies (ICT) to perform monitoring, control and protection
attack may hamper it [11]. GPS spoofing may cause major operations effectively. Synchrophasor technology play cru-
damage to the system such as unintentional tripping of power cial role in this regard. It includes IEDs such as PMUs, PDCs
generators [12]. As IEEE C37.118.2 framework does not and a platform WAMS to perform the task. Synchrophasors
specify transport layer protocol to be used for transmission of are measurement values of electrical quantities captured at
synchrophasors, it has security impacts on TCP and UDP pro- different parts of the grid. They are complex representation of
tocols in transport layer communication among synchropha- sinusoidal voltage and current having magnitude and phase
sors and phasor data concentrators [13]. False data injection angle with timestamp synchronized with common precise
attacks and DoS attacks on TCP and UDP transport layer time source [19]. Hence, PMUs are connected to Global
protocols can be performed in Wide Area Monitoring and Positioning Systems (GPS) clocks or GPS antenna. GPS
Control (WAMC) system [14], [15]. time stamp provides higher accuracy and universal time.
To address the cybersecurity issues in synchrophasor com- Geographically located PMUs periodically measures from
munication, a new framework for synchrophasor data com- different parts of the grid and sends these measurements
munication based on IEC 61850 standard was developed. to PDCs. The data fed to the PDCs can be used to view
IEC 61850 is a default standard for substation automation near real time snapshot of a grid and perform post incident
system in a smart grid. It offers time critical protocols such analysis in case of blackouts [20]. Figure 1 describes about
as Generic Object-Oriented Substation Event (GOOSE) and WAMS structure where PMUs collects phasor measurement
Sample Value (SV) and information modelling based on and send to substation PDC, substation PDC forwards data
logical nodes to achieve interoperability among Intelligent to regional PDCs. Regional PDCs gather data from different
Electronic Devices (IEDs) developed by different vendors PMUs, combines data according to timestamps Further, then
within a substation. To achieve compatibility between syn- forwards to central controller PDC via Wide Area Network
chrophasor data transfer based on IEEE C37.118.2 with IEC (WAN). Generally, PDCs have local storage and verification
61850 substation automation standard, IEC 61850-90-5 was facility along with application functions.
introduced [5]. It has additional security features and speci- PMU operates in two modes: command and spon-
fies Hash based Message Authentication Code (HMAC) for taneous. In command mode, PMU communication with
message authentication. In [16] authors developed a gateway local or regional PDC is bi-directional and unicast in nature
and protocol converter for exchanging IEEE C37.118.2 and where PDC can send command signals to PMU to control
IEC 61850-90-5 synchrophasor data. However, in [16] cyber- its operation. Whereas in spontaneous mode, PMU commu-
security features were not considered. In [17], in addition nication with PDC is unidirectional and multicast in nature.
to IEC 61850-90-5 security features a Group Domain of PDC can receive synchrophasor from multiple PMUs or from
Interpretation (GDOI) mechanism based on key distribution regional PDCs to control center PDC. It accumulates data
technique is proposed to secure IEC 61850-90-5 synchropha- and send as one output stream. As shown in the Figure 1,
sor data communication. The main idea behind the theme is synchrophasor data is transmitted over an insecure public
to secure the synchrophasor communication by refreshing a WAN. The accumulated data at control center is used in
secret key periodically. visualization, monitoring, control and protection operations.
In this paper, a new toolbox called R-GoSV has been devel- IEEE C37.118.2 communication framework is used to trans-
oped using openSSL library that generates secure R-GOOSE mit data in WAN. As IEEE C37.118.2 doesn’t specify any

VOLUME 8, 2020 26163

 T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

FIGURE 2. PMU communication with PDC based on IEEE

C37.118.2 framework.

FIGURE 1. WAMS Architecture.

modelling of devices using logical nodes, it also offers dif-
ferent protocols such as Sample Value (SV), Generic Object-
security features, IEC 61850-90-5 based communication is Oriented Substation Event (GOOSE) and Manufacturing
considered in this paper. Measurement Specification (MMS) for the smooth operation
of substation automation system. This standard also extended
III. PMU COMMUNICATION BASED ON IEC 61850-90-5 from substation automation domain to power utility automa-
A. IEEE C37.118.2 COMMUNICATION FRAMEWORK tion domain such as Distributed Energy Resources (DERs),
IEEE C37.118.2 has four types of messages. They are data, Demand-Response, wide area transmission of synchrophasor
header, configuration and command messages. Data mes- data according to IEEE C37.118.
sage consists of synchrophasor data measured by PMU. Besides communication services, IEC 61850 define data
Data, header and configuration messages are sent by source modeling of IEDs and its operations in the communication.
device PMU/PDC whereas command message is received Data modeling provides standardized syntax and semantics
by the PMU/PDC. Header message consists of information of data exchanged between different devices in the com-
in human readable descriptive format given by user. Con- munication. Data modeling initiated with physical device
figuration message consists of information which is used to such as IED. An IED may consists of one or more logical
interpret information in data message. They are CFG-1, CFG- devices. Each function of IED can be modelled with Logical
2 and CFG-3. CFG-1 describes about the reporting capability Device (LD). Each LD may perform one or more substation
of PMU. CFG-2 explains about synchrophasor data trans- operations which can be modelled with Logical Nodes (LNs).
mission which are currently being transmitted. CFG-3 gives Each LN contains data objects whose type and structure is
enhanced information about the measurements being done by defined by Common Data Class (CDC) standardized in IEC
PMU. Command messages are used to control the operation 61850-7-2. Each CDC contains one or more data attributes
of PMU and transmission of data. In IEEE C37.118.2 com- that can be categorized by functional constraints. For exam-
munication as shown in the Figure 2, PDC send a request ple, PMU is LD within an IED which consists of related LNs
(command message) to PMU for the type of configuration such as MMXU, LPHD etc. along with their data objects
message. PMU responds with CFG-2. PDC send command for PMU. Table 1 describes about MMXU LN which mainly
message to initiate synchrophasor data transfer. PMU send deals with measurement data. IEEE C37.118.1 specifies that
the measured values using data message continuously until PMU must measure and send values of voltage, current, fre-
PDC send another command message to stop sending the quency and rate of change of frequency (ROCOF). Accord-
measured data. PMU recognizes the type of command mes- ingly, MMXU LN contains data objects such as PhV, A, Hz,
sages based on CMD field. HZRte which are used to hold information about voltage,
current, frequency and rate of change of frequency (ROCOF)
B. IEC 61850-90-5 COMMUNICATION FRAMEWORK respectively. Besides phasor data, information about the sta-
Unlike IEEE C37.118.2 communication framework, IEC tus of PMU is transmitted using PhyHealth data element of
61850-90-5 is based on IEC 61850 substation automa- LPHD logical node.
tion protocol which offers interoperability among differ- In PMU communication based on IEC 61850-90-5 shown
ent vendor’s Intelligent Electronic Devices (IEDs) through in the Figure 3, PDC send a MMS request to PMU to initiate

26164 VOLUME 8, 2020

T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

FIGURE 4. Protocol stack for PMU communication via wide area network
and local area network.

and IEC 61850-90-5 in WAN. Due to the cyclic nature

of SV and GOOSE protocols at transport level, UDP with
multicasting protocol is suitable for implementation. Hence,
FIGURE 3. PMU communication with PDC based on IEC
61850-90-5 framework.
we considered UDP in transport layer for our implementation.
The scope of this work is to develop a software library that
TABLE 1. Description of MMXU and LPHD logical nodes.
implements security mechanisms based on IEC 61850-90-5
specifications in R-SV and R-GOOSE to protect data from
security attacks.

IV. IMPLEMENTATION OF R-GOSV TOOLBOX

Security is utmost important in PMU communication as
PMU traffic travels through wide area communication net-
work which is a public network. An eavesdropper may mod-
ify packets causing major loss to grid network [23]. IEC
61850-90-5 standard specifies message authentication and
integrity as essential requirements whereas confidentiality
as an optional requirement for PMU communication over
WANs. To achieve message integrity and authentication, IEC
61850-90-5 standard specifies different Message Authentica-
tion Code (MAC) algorithms such as keyed Hash Message
data transfer. PMU reply with MMS response message to Authentication Code (HMAC), with SHA256 as inherent
PDC. Further, PMU sends measured sample values after the secure hash algorithm, and Advanced Encryption Standard
sample value control block is set to enable. The SV protocol – Galois Message Authentication Code (AES-GMAC) to
defined in IEC 61850-9-2 [21] is used to transmit measure- generate hash values. Even though confidentiality is optional,
ment data inside a substation local area network whereas the standard specifies AES-128 and AES-256 algorithms
GOOSE protocol is defined in IEC 61850-8-1 [22] used to encryption for IEC 61850-90-5 R-GOOSE and R-SV mes-
transmit time critical event-based data. In order to transfer sages. Hence, R-GoSV toolbox developed in this paper
the GOOSE and SV over WANs. The IEC 61850-90-5 stan- implements the recommended security mechanisms. It imple-
dard specifies two solutions for transmitting GOOSE and ments HMAC-SHA256 digital signature to ensure message
SV over WAN. First, the GOOSE and SV protocols can authentication and integrity and AES-128 symmetric encryp-
be tunneled over high speed communication networks such tion algorithm to achieve confidentiality.
as SDH or SONNET in WANs. Second, GOOSE and SV Application layer specifications in IEC 61850-90-5 are
messages are extended as R-GOOSE (Routable-GOOSE) and GOOSE and SV protocols, whereas session layer consists
R-SV (Routable-SV) by adding network and transport layers of security related header fields as shown in Figure 5. The
so that it can communicated over WANs. Among both the packet generated at session layer starts with Session Identifier
solutions, tunneling is less advantageous because for estab- (SI) followed by length field which consists of the length of
lishing tunnel dedicated gateways must be employed and all the parameter fields of the session header excluding user
the message exchanges are strictly point to point in WAN. information field. Further, each parameter field consists of
Whereas, R-GOOSE and R-SV messages can be multicast in Parameter Identifier (PI), Length Identifier (LI) followed by
WANs. Figure 4 illustrates the protocol stack with respect to the Parameter Value (PV).
Open Systems Interconnect (OSI) referent model for PMU IP and Transport layer header such as UDP header of
communication based on IEC 61850 in local area network IEC 61850-90-5 R-GOOSE/R-SV packet is shown in the

VOLUME 8, 2020 26165

 T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

FIGURE 5. Session protocol structure.

FIGURE 6. IEC 61850-90-5 R-GOOSE/R-SV Transport layer headers.

Figure 6. IP header fields consists of version, Type of Service UDP data fields are further extended with session layer
(ToS), Total length, Identification, Fragment offset, Time to related fields. Each data packet generated at session layer
live, protocol, header checksum, source and destination IP is treated as Session Protocol Data Unit (SPDU). According
addresses. Version field is of 1-byte that represents Internet to session protocol structure as shown in the Fig. 5, SPDU
protocol version either 4 or 6. In this implementation we starts with Session Identifier (SI), Length Identifier (LI) of
consider IPv4. Type of Service (ToS) field is 1-byte size and SI, Common session header as PI with value 0×80, Length
represents IP precedence and differentiated code point. Total Identifier (LI) of Common header and Parameter Value (PV).
length field is 2 bytes size which consists of the total length According to IEC 61850-90-5, SI has four possible val-
of IP header fields plus UDP Segment length which includes ues: 0×A0 (Tunneled GOOSE and Sampled Value packets),
UDP header and data. Identification field is 2 bytes size which 0×A1 (Non-Tunneled GOOSE Application Protocol Data
represents unique identification of each packet to be transmit- Units (APDUs)), 0×A2 (Non-Tunneled SV APDUs), 0×A3
ted in the network. Flags and Fragment Offset field is 2 bytes (Non-tunneled management APDUs). Further, PV consists
size deals with the issues related to packet fragmentation and of SPDU Length, SPDU Number, Version Number, Time of
defragmentation. Current Key, Time of Next Key, Security Algorithm and Key
Time to live field is 1-byte size represents the lifetime of ID. As shown in the Figure 7, SPDU Length is 4 bytes size
packet in the network. Protocol field is 2 bytes size represents and consists of total length starting from SPDU Number to
the protocol used in the data field of IP packet. In our imple- HMAC field. SPDU Number is 4 bytes size which represents
mentation we have considered it User Datagram Protocol unique identification of session packet and to detect duplica-
(UDP) as transport layer protocol. Header Checksum field is tion in packet at the destination device.
2 bytes to handle errors in the IP header fields. Source and Version Number is 2 bytes that represent session protocol
Destination IP addresses are 4 bytes size each and represents version number, which is 1 in this case. In IEC 61850-90-5,
the address of source and destination devices in the network security information is provided by KDC (Key Distribu-
where to where the packet should be traveled. UDP segment tion Center) protocol. Security information such as Time of
consists of Source and Destination fields, Length, Checksum Current Key, Time of Next Key are 4- and 2-bytes sizes
fields followed by UDP data fields. Source and Destination respectively. Time of Current Key is the time the present
port fields are 2 bytes each representing port numbers of key being used by the communicating devices whereas Time
source and destination devices on the network in which UDP of Next key is the time period between old and s new keys
connection is established. Length field is 2 bytes size consists being used in the encryption and authentication. Security
of total length of UDP segment which includes UDP header Algorithm field is 2 bytes size and represents the type of
and data. Checksum field is 2 bytes size for error checking of encryption algorithm such as AES256-GCM and the type
UDP header. of Hashed Message Authentication Code (HMAC) algorithm

26166 VOLUME 8, 2020

T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

FIGURE 8. Testbed to generate secure IEC 61850-90-5 R-GOOSE and R-SV

messages.

0x82 (Non-Tunneled SV PDU), 0x83 (Tunneled GOOSE and

SV packets) and ox84 (Non-Tunneled management APDUs).
Simulation is a Boolean type value used for testing the IEC
61850-90-5 R-GOOSE or R-SV packet. APPID (Application
Identification) is a 2 bytes length that distinguishes between
R-GOOSE and R-SV packets. APDU length contains the
length of GOOSE or SV APDU. APDU length is 2 bytes.
Payload field are followed by signature fields. Signature
fields start with one-byte tag of 0x85, signature length which
is of one byte and signature itself (HMAC).

A. IMPLEMENTATION RESULTS
Figure 8 shows a testbed where computers are connected
to a router via two different LANs. Laptop computer1 in
LAN1 runs R-GoSV toolbox and sends into the network and
laptop computer 2 is LAN2 runs Wireshark sniffer tool that
captures generated packets.
R-GoSV software tool generates IEC 61850-90-5
R-GOOSE and R-SV packets with full stack of IP, UDP,
Session layer followed by GOOSE and Sample Value Data.
FIGURE 7. Session layer fields of IEC 61850-90-5. Figures 9 and 10 shows the R-GOOSE and R-SV packets
captures. Wireshark shows all the require fields staring from
ethernet, IP, UDP and Session headers. Security Algorithms
field consists of zero values indicating that there is no encryp-
such as HMAC-SHA256 for message authentication. The tion and no digital signature algorithms were implemented
most significant byte is used for representing encryption to either R-GOOSE or R-SV packets. Hence the length of
algorithm whereas least significant byte is used for message HMAC field also contains zero value.
authentication algorithm. As shown in the Figures 6 and 7, secure R-GoSV software
Key ID field is 4 bytes length that represents unique library first construct R-GOOSE and R-SV packets by adding
identification of key generated by KDC. After this session headers of ethernet, IP, UDP and Session layers followed
header information, session user information fields consist of by constructing GOOSE or SV frame formats according
payload length, payload and signature fields are encountered. to IEC 61850-8-1 and IEC 61850-9-2 respectively along
Payload length is 4 bytes length which covers session user with implementation of encryption and authentication secu-
information except signature fields as shown in the Fig. 7. rity algorithms at session layer. Authors have implemented
The IEC 61850-90-5 R-G OOSE or R-SV payload fields AES256-GCM algorithm for encrypting R-GOOSE or R-SV
consists of payload type, simulation, APPID, APDU length APDU fields and HMAC-SHA-256, with 256-, 128- and
and GOOSE or SV protocols defined by IEC 61850-8-1 and 80-bit truncations, AES-GMAC-128 and AES-GMAC-64 for
IEC 61850-9-2 respectively. IEC 61850-90-5 specifies pay- generating digital signature to achieve message integrity
load types such as 0x81 (Non-Tunneled GOOSE APDU), and authentication. Table 2 lists the size of R-GOOSE and

VOLUME 8, 2020 26167

 T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

FIGURE 9. Wireshark capture of R-GOOSE without security.

FIGURE 10. Wireshark capture of R-SV without security.

R-SV messages after appending the authentication signatures 32 bytes. Whereas, the AES-GMAC-64 is comparatively
for different algorithms. Among the different algorithms, small with 8 bytes signature length. Table 2 also shows
HMAC-SHA-256 results in largest size with signature length the computational times required for generating the signa-

26168 VOLUME 8, 2020

T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

FIGURE 11. Wireshark capture of R-GOOSE with IEC 61850-90-5 security specifications.

FIGURE 12. Wireshark capture of R-SV with IEC 61850-90-5 security specifications.

tures for different algorithms. The R-GoSV programs were 61850-90-5 PMU protocols have much higher computational
executed on a system with Intel Celeron(R) processor with power than the relatively old system selected in this paper
4 GB RAM. The latest commercial IEDs supporting IEC [24]. Hence, it can be safely assumed that if the computational

VOLUME 8, 2020 26169

 T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

TABLE 2. Communication delays and message size of R-GOOSE and R-SV specifying encryption and authentication as an essential
for different security algorithms.
security requirement. Furthermore, it specifies AES-GCM
algorithm for encryption of data to protect from accessing
by unauthorized party and HMAC algorithm to achieve
message authentication. In this paper, a new toolbox has
been developed by implementing an openSSL library. It
constructs packet format based on IEC 61850-90-5 standard
to transmit GOOSE and SV based on IEC 61850-8-1 and IEC
61850-9-2, respectively. Additionally, it encrypts data using
AES256-GCM algorithm and HMAC-SHA256 for message
authentication. The computational delays experienced for
different security algorithms is analyzed and it is found
the computational delays for all the algorithms is within
the acceptable limits. Real network message exchanges are
TABLE 3. Computational time for encryption/decryption of R-GOOSE and captured in Wireshark sniffer tool.
R-SV. Implementation of encryption and message authenti-
cation algorithms can mitigate data integrity attack so
that it protects the grid from causing huge loss. Fur-
thermore, utilizing the developed R-GoSV toolbox, future
research can be focused to implement security mecha-
nisms to mitigating several types of attacks such as Denial
of Service attacks, Distributed Denial of Service (DDoS)
attacks etc.
timing results on this system are acceptable then it must
be acceptable for current IEDs. From Table 2 it is quite
evident that the computational times are very negligible in REFERENCES
comparison to allowed end-to-end (ETE) delays for applica- [1] M. A. Aftab, S. Roostaee, S. Suhail Hussain, I. Ali, M. S. Thomas,
tions based on PMU data (which is of the order of 50 ms to and S. Mehfuz, ‘‘Performance evaluation of IEC 61850 GOOSE-
500 ms) [5]. based inter-substation communication for accelerated distance protection
scheme,’’ IET Gener., Transmiss. Distrib., vol. 12, no. 18, pp. 4089–4098,
Table 3 gives the results for computational time Oct. 2018.
for encryption of R-GOOSE and R-SV using AES- [2] I. Ali, S. M. S. Hussain, and A. Aftab, ‘‘Communication model-
GCM256 algorithm. From the results it is clear that additional ing of phasor measurement unit based on IEC 61850-90-5,’’ in Proc.
encryption of R-GOOSE/R-SV introduces around 0.5 ms of Annu. IEEE India Conf. (INDICON), New Delhi, India, Dec. 2015,
pp. 1–6.
computational delays, which is comparatively negligible to [3] NERC-DOE, Final Report on the August 14, 2003 Blackout in the United
the allowed ETE delays for most of applications using PMU States and Canada: Causes and Recommendations, US-Canada Power
data. Hence, it can be concluded that for R-GOOSE and R-SV System Outage Task Force. Accessed: Apr. 5, 2004. [Online]. Available:
http://www.nerc.com/docs/docs/blackout/NERC_Final_Blackout_Report
encryption can be safely employed without compromising the _07_13_04.pdf
performance. [4] K. E. Martin, ‘‘Synchrophasor standards development—IEEE C37.118 &
Figures 11 and 12 shows Wireshark captures of R-GOOSE IEC 61850,’’ in Proc. 44th Hawaii Int. Conf. Syst. Sci., Jan. 2011, pp. 1–8,
doi: 10.1109/HICSS.2011.393.
and R-SV encrypted with AES-GCM256 and signature gen- [5] Communication Networks and Systems for Power Utility Automation,
erated with HMAC-SHA-256 algorithms respectively. The Part 90-5: Use of IEC 61850 to Transmit Synchrophasor Information
developed R-GoSV toolbox can be further used to investigate According to IEEE C37.118, IEC Standard IEC TR 61850-90-5:2012,
2012.
the effect of security attacks on IEC 61850-90-5 R-GOOSE
[6] R. Khan, K. McLaughlin, P. Maynard, D. Laverty, and S. Sezer, ‘‘Threat
and R-SV packets. Furthermore, it can be extended for imple- analysis of black energy malware of synchrophasor based real-time control
menting different security algorithms and different operat- and monitoring in smart grid,’’ in Proc. 4th Int. Symp. ICS SCADA Cyber
ing environments for IEC 61850 messages such as software Secur. Res. (ICS-CSR), 2016, pp. 1–11.
[7] R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, ‘‘IEEE C37.118-2
defined network (SDN) [25], eXtensible Messaging and Pres- synchrophasor communication framework–overview, cyber vulnerabil-
ence Protocol (XMPP) [26], etc. ities analysis and performance evaluation,’’ in Proc. ICISSP, 2016,
pp. 159–170.
[8] S. M. Farooq, S. M. Hussain, S. Kiran, and T. S. Ustun, ‘‘Certificate based
V. CONCLUSION authentication mechanism for PMU communication networks based on
IEC 61850-90-5,’’ Electronics, vol. 7, no. 12, p. 370, 2018.
Mitigating cybersecurity vulnerabilities is an essential
[9] S. Paudel, P. Smith, and T. Zseby, ‘‘Data integrity attacks in smart grid
requirement in PMU communication networks. IEEE wide area monitoring,’’ in Proc. 4th Int. Symp. ICS SCADA Cyber Secur.
C37.118.2 standard specifies the syntax and semantics of Res. (ICS-CSR), Aug. 2016, pp. 74–83.
synchrophasor data communication, but it does not spec- [10] T. Morris, S. Pan, J. Lewis, J. Moorhead, N. Younan, R. King, M. Freund,
and V. Madani, ‘‘Cyber security risk testing of substation phasor measure-
ify any security mechanism to protect PMU data in the ment units and phasor data concentrators,’’ in Proc. 7th Annu. Workshop
network. IEC 61850-90-5 standard addresses this gap with Cyber Secur. Inf. Intell. Res. (CSIIRW), 2011, p. 1.

26170 VOLUME 8, 2020

T. S. Ustun et al.: Implementing Secure Routable GOOSE and SV Messages Based on IEC 61850-90-5

[11] Shepard, D., Humphreys, T., and Fansler, A. (2012). ‘‘Evaluation of the TAHA SELIM USTUN (Member, IEEE) received
vulnerability of phasor measurement units to GPS spoofing attacks,’’ the Ph.D. degree in electrical engineering from
Int. J. Crit. Infrastruct. Protection, vol. 5, nos. 3–4, pp. 146–153, Victoria University, Melbourne, VIC, Australia.
2012. He was an Assistant Professor of electrical engi-
[12] D.-Y. Yu, A. Ranganathan, T. Locher, S. Capkun, and D. Basin, ‘‘Short neering with the School of Electrical and Com-
paper: Detection of GPS spoofing attacks in power grids,’’ in Proc. Int. puter Engineering, Carnegie Mellon University,
Conf. Secur. Privacy Wireless Mobile Netw., 2014, pp. 99–104. Pittsburgh, PA, USA. He is currently a Researcher
[13] Y. Wang, T. T. Gamage, and C. H. Hauser, ‘‘Security implications with the Fukushima Renewable Energy Institute,
of transport layer protocols in power grid synchrophasor data com- AIST (FREA), and leads the Smart Grid Cyberse-
munication,’’ IEEE Trans. Smart Grid, vol. 7, no. 2, pp. 807–816, curity Laboratory. He has edited several books and
Mar. 2016.
special issues with international publishing houses. He has been invited to run
[14] K. Demir, F. Nayyer, and N. Suri, ‘‘MPTCP-H: A DDoS attack resilient
specialist courses in Africa, India, and China. He delivered talks for Qatar
transport protocol to secure wide area measurement systems,’’ Int. J. Crit.
Foundation, World Energy Council, Waterloo Global Science Initiative, and
Infrastruct. Protection, vol. 25, pp. 84–101, Jun. 2019.
European Union Energy Initiative (EUEI). His research interests include
[15] s. M. Farooq, S. Nabirasool, S. Kiran, S. S. Hussain, and T. S.
Ustun, ‘‘MPTCP based mitigation of denial of service (DoS) attack power systems protection, communication in power networks, distributed
in PMU communication networks,’’ in Proc. IEEE Int. Conf. Power generation, microgrids, electric vehicle integration and cybersecurity in
Electron., Drives Energy Syst. (PEDES), Chennai, India, Dec. 2018, smartgrids.
pp. 1–5. Dr. Ustun is a member of the IEEE 2800 Working Groups and IEC
[16] S. R. Firouzi, L. Vanfretti, A. Ruiz-Alvarez, H. Hooshyar, and F. Mah- Renewable Energy Management Working Group 8. He is an Associate Editor
mood, ‘‘Interpreting and implementing IEC 61850-90-5 routed-sampled of IEEE ACCESS and a Guest Editor of the IEEE TRANSACTIONS ON INDUSTRIAL
value and routed-GOOSE protocols for IEEE C37.118.2 compliant wide- INFORMATICS. He is a reviewer in reputable journals and has taken active roles
area synchrophasor data transfer,’’ Electr. Power Syst. Res., vol. 144, in organizing international conferences and chairing sessions.
pp. 255–267, Mar. 2017.
[17] R. Khan, K. Mclaughlin, D. Laverty, and S. Sezer, ‘‘Design and implemen-
tation of security gateway for synchrophasor based real-time control and
monitoring in smart Grid,’’ IEEE Access, vol. 5, pp. 11626–11644, 2017. SHAIK MULLAPATHI FAROOQ (Member,
[18] R-GoSV. Accessed: Feb. 2, 2020. [Online]. Available: https://github.com/ IEEE) received the B.Tech. and M.Tech. degrees
61850security/R-GoSV in computer science engineering from Jawahar-
[19] M. S. Almas, L. Vanfretti, R. S. Singh, and G. M. Jonsdottir, ‘‘Vulner- lal Nehru Technological University, Hyderabad,
ability of synchrophasor-based WAMPAC applications’ to time synchro- India. He is currently pursuing the Ph.D. degree
nization spoofing,’’ IEEE Trans. Smart Grid, vol. 9, no. 5, pp. 4601–4612, in computer science and engineering with Yogi
Sep. 2018. Vemana University, Kadapa, India. He was a
[20] R. Pourramezan, Y. Seyedi, H. Karimi, G. Zhu, and M. Mont-Briant, Visiting Researcher with the Fukushima Renew-
‘‘Design of an advanced phasor data concentrator for monitoring of dis- able Energy Institute, AIST (FREA), Japan, from
tributed energy resources in smart microgrids,’’ IEEE Trans. Ind. Informat., September 2018 to December 2018. He is also
vol. 13, no. 6, pp. 3027–3036, Dec. 2017. an Assistant Professor with the Department of Computer Science and Sys-
[21] Communication Networks and Systems for Power Utility Automation— tems Engineering, Sree Vidyanikethan Engineering College (Autonomous),
Part 9-2: Specific Communication Service Mapping (SCSM)— Tirupati, India. His research interest includes cryptography, cyber physical
Sampled Values Over ISO/IEC 8802-3, Standard IEC 61850-9-2:2011, systems, cybersecurity in vehicular networks, and power systems.
2011.
[22] IEC Standard for Communications Networks and Systems for Power
Utility Automation—Part 8-1: Specific Communication Service Mapping S. M. SUHAIL HUSSAIN (Member, IEEE)
(SCSM)—Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC received the Ph.D. degree in electrical engi-
8802-3, Standard IEC 61850-8-1-2011, 2011.
neering from Jamia Millia Islamia (a central
[23] S. M. Farooq, S. M. Hussain, S. Kiran, and T. S. Ustun, ‘‘Certificate
university), New Delhi, India, in 2018. He is
based security mechanisms in vehicular ad-hoc networks based on IEC
currently an AIST Postdoctoral Researcher with
61850 and IEEE WAVE standards,’’ Electronics, vol. 8, no. 1, p. 96,
2016. the Fukushima Renewable Energy Institute, AIST
[24] Data Sheet-SEL 3555 Real Time Automation Controller (RTAC). Accessed: (FREA), Koriyama, Japan. His research interests
Nov. 21, 2019. [Online]. Available: https://goo.gl/jjnfnV include power system communication, cyberse-
[25] G. Li, J. Wu, L. Guo, J. Li, and H. Wang, ‘‘SDN based dynamic and curity in power systems, substation automation
autonomous bandwidth allocation as ACSI services of IEC61850 commu- systems, IEC 61850 standards, electric vehicle
nications in smart grid,’’ in Proc. IEEE Smart Energy Grid Eng. (SEGE), integration, and smart grid.
Oshawa, ON, Canada, Aug. 2016, pp. 342–346. Dr. Hussain was a recipient of the IEEE Standards Education Grant
[26] S. M. S. Hussain, M. A. Aftab, and I. Ali, ‘‘IEC 61850 modeling of approved by the IEEE Standards Education Committee for implementing
DSTATCOM and XMPP communication for reactive power manage- project and submitting a student application paper from 2014–2015. He is
ment in microgrids,’’ IEEE Syst. J., vol. 12, no. 4, pp. 3215–3225, a Guest Editor of the IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS.
Dec. 2018.

VOLUME 8, 2020 26171