Received May 23, 2020, accepted June 9, 2020, date of publication June 12, 2020, date of current version

July 20, 2020.

Digital Object Identifier 10.1109/ACCESS.2020.3001926

IEC 62351-4 Security Implementations

for IEC 61850 MMS Messages
TAHA SELIM USTUN , (Member, IEEE), AND S. M. SUHAIL HUSSAIN , (Member, IEEE)
Fukushima Renewable Energy Institute, AIST (FREA), National Institute of Advanced Industrial Science and Technology (AIST), Koriyama 963-0298, Japan
Corresponding author: S. M. Suhail Hussain ([email protected])
This work was supported in part by the Fukushima Prefecture’s Reconstruction Grant, 2019.

ABSTRACT With the deployment of advanced information and communication technologies (ICT) the
legacy power grid is being transformed as smart grid. However, the extensive use of ICT makes it vulnerable
to cyberattacks. Standardization of power system communication with interoperable protocols has many
benefits and at the same time the standardized semantics makes it much more vulnerable to cyberattacks. IEC
has published a new standard IEC 62351 which provides the security guidelines for securing power system
communication against cyber-attacks. In this paper, the cybersecurity considerations for IEC 61850 Manu-
facturing Message Specification (MMS) messages as per the IEC 62351-4 standard are discussed in detail.
Further, the implementation of IEC 62351-4 security specifications for MMS messages are demonstrated
through experiments in lab.

INDEX TERMS Power system communication, security and privacy protection, IEC 61850, IEC 62351-4.

I. INTRODUCTION concerns [8]. Authors in [9], [10] presented a comprehensive

With the integration of instrumentation, control and infor- review of IEC 62351 security standards and assessment of its
mation communication technologies to conventional power applicability to IEC 61850 messages.
system has led to power system automation and transition IEC 62351-6-part deals with cybersecurity requirements
of legacy power grid to smart grid. Substations are digi- for IEC 61850 Generic Object-Oriented Substation Event
talized with incorporation of Intelligent Electronic Devices (GOOSE) and Sampled Value (SV) [11]. Since GOOSE
(IEDs) which enhances the control and automation capabil- message and SV carry time critical power system messages
ities [1]. IEC 61850 is by far the most popular standard for and measurement messages respectively, much attention has
power utility automation. Due to the object-oriented mod- been paid by researchers to secure these messages. IEC
elling approach and interoperability features, IEC 61850 has 62351-6 stipulates RSA based digital signatures for securing
become most popular standard for power utility automation GOOSE and SV messages [12]. However, numerous studies
not only for substation automation systems but also for other showed that RSA based digital signatures result is higher
areas of smart grid communication [2]–[4]. processing times and cannot meet the timing requirements of
However, with increased automation and use of standard- GOOSE and SV messages [13], [14]. Alternatively, Message
ized communication makes the power system/substations Authentication Code (MAC) based schemes were proposed
much more vulnerable to cyberattacks. Exploiting the stan- for securing GOOSE and SV messages [15].
dardized semantics make it is much easy for adversaries In literature the security concerns for GOOSE and SV
to launch different types of attacks [5]. Recent events such messages have been studied and reported in detail [12]–[16].
as Ukraine black out, Stux-net virus attack, etc., are some However, the security requirements of IEC 61850 Manu-
examples of such attacks [6]. Hence, cybersecurity consid- facturing Message Specification (MMS) messages was not
erations for preventing attacks on standardized communica- investigated extensively. The IEC 62351-4 standard enu-
tion in smart grids is essential. IEC 61850 standard doesn’t merates integrity, confidentiality and authentication as the
discuss the cybersecurity concerns [7]. IEC 62351 standard security requirements for IEC 61850 MMS messages [8].
compliments the IEC 61850 by addressing the cybersecurity For achieving these security requirements certificate-based
Transport Layer Security (TLS) mechanism is specified by
The associate editor coordinating the review of this manuscript and IEC 62351-4 standards. IEC 623451-4 recommends dif-
approving it for publication was Bin Zhou . ferent cipher suites that can be used during TLS session

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
VOLUME 8, 2020 123979
 T. S. Ustun, S. M. S. Hussain: IEC 62351-4 Security Implementations for IEC 61850 MMS Messages

for achieving the security requirements. In [17], [18],

authors have discussed the certificate-based authentication
mechanism for MMS messages. IEC 623451-4 recom-
mends different cipher suites that can be used during TLS
session for achieving the security requirements. The security
considerations such as TLS session introduces additional
computational latencies for processing MMS messages. The
computational latencies for establishing TLS (i.e. hand-
shake) and during data transfer (encrypted MMS message
exchanges) depends on the algorithms of cipher suites.
Hence, evaluation of different recommend cipher suites for
satisfactory and acceptable performance is required. In [19] FIGURE 1. Protocol stack for compatible and native T-security
authors presented the comparison of latencies for MMS mes- specifications for MMS messages.
sage exchanges after TLS establishment for different cipher
suites. In [20], authors presented an experimental platform tions for MMS message with relevant RFCs at each layer is
for implementing TLS and calculating latencies for TLS shown in Fig. 1.
handshake for different cipher suites. However, these works The T-security specification for compatibility mode rec-
report overall latencies for implementing TLS handshake ommend use of TLS 1.0 (as per RFC 2246) before
rather individual latencies for different algorithms in cipher a TCP session. While the native mode recommends TLS 1.2
suites. This information of computational latencies for dif- (as per RFC 5246). Implementing TLS process provides the
ferent algorithms in a cipher suite is important to assess its encryption and nodal authentication for the TCP session.
applicability to MMS messages. For implementing the TLS at transport layer port 3782 is
This paper presents the experimental lab implementation of used instead of the usual port 102. Hence, the secure MMS
different algorithms of the IEC 62351-4 recommended cipher messages use the port 3782 at the transport layer.
suites by establishing a TLS connection for securing IEC The MMS message exchange takes place in two phases,
61850 MMS messages. Further, this paper develops signed i.e. handshake phase and data transfer phase. The handshake
X.509 certificates, using different public key algorithms, for phase refers to the establishment and negotiation of TLS
the IEC 61850 client and server, required to establish the TLS session. This is followed by actual data transmission which
connections. is termed as data transfer phase. The message exchanges for
Section II provides a comprehensive overview of IEC establishment of TLS session is shown in Fig. 2. Initially, cer-
62351-4 security requirements for securing IEC 61850 MMS tificates of both client and server are exchanged and verified.
messages. Section III presents the implementation and evalu- Then, a secret key is exchanged between client and server
ation of different cipher suites for IEC 61850 MMS messages.
Finally, conclusions are presented in Section IV.

II. IEC 62351-4 SECURITY REQUIREMENTS

FOR MMS MESSAGES
The IEC 62351-4 standard specifies security requirements for
MMS messages both at the application and transport profiles.
The top three layers of OSI reference model (i.e. application,
presentation and session layers) form the application profile.
While the bottom four layers (transport, network, data link
and physical) form the transport profile.

A. SECURITY FOR TRANSPORT PROFILE

The IEC 62351-4 defines two transport security (T-security)
specifications, i.e. compatible and native, for transport
profile. T-security specification in compatibility mode is
exclusively for MMS using OSI stack implementation
according to ISO 9506-2 and this mode is not recommended
for new implementations of MMS messages. Whereas the
T-security specification in native mode is relevant for both
MMS using IP suite and IEC 61850-8-2 XMPP implemen-
tations. For all future implementations of MMS messages
native mode T-security specification shall be considered. The
protocol stack of compatible and native T-security specifica- FIGURE 2. Message exchanges for TLS establishment for client and server.

123980 VOLUME 8, 2020

T. S. Ustun, S. M. S. Hussain: IEC 62351-4 Security Implementations for IEC 61850 MMS Messages

TABLE 1. Recommended cipher suites for MMS messages. Hash values. Furthermore, either RSA or DH or DHE or
ECDHE are specified for secure key exchanges. SHA256 and
RSA/ECDSA algorithms are utilized to generate digital sig-
natures which are used for message authentication. Hence,
with the TLS security mechanism the transport profile of the
MMS messages is secured to provide confidentiality (AES
128/256 encryption), node authentication (X.509 certificates
during TLS) and message authentication (digital signatures
using SHA and RSA/ECDSA) to the MMS messages.

B. SECURITY FOR APPLICATION PROFILE

For application profile security two security specifications
namely peer-to-peer (or A-security) and End to End appli-
using some public key exchange algorithm such as ‘‘Diffie– cation security (E2E security) are specified by IEC 62351-4
Hellman (DH)’’ or RSA based key exchange algorithm. Using standards.
this secret key, a cipher suite is negotiated. Cipher suite is In A-security specification only peer entity authentication
a set of cryptographic algorithms which specifies an algo- during association setup is specified. For providing peer
rithm each for key exchange, digital signature, encryption and entity authentication, authentication information is added
message authentication. Further data exchanges during the to association setup messages i.e. the Association Control
session are secured by applying the negotiated algorithms. Service Element (ACSE)-association request (AARQ) and
Initially, after exchanging the hello messages, server sends association response (AARE) messages. The authentication
its certificate along with public key to the client. The cer- information is added to authentication value fields in ACSE-
tificates shall have X.509 format with a maximum size AARQ and AARE messages. The authentication information
of 8192 bytes to be in conformance with IEC 62351-4 spec- contains BER encoded X.509 certificate, digital signature
ifications. The client verifies the certificate by contacting and time value (it is the GMT value of the time at which
a Certificate Authority (CA) and if the certificate is valid the authentication values are generated). The certificates for
it replies by sending its own certificate along with public both client and server participating in authentication are
key to server. The server again verifies the client certificate. exchanged and verified. The verification is carried out by
If the certificate verification is successful, server sends a comparing the digital signatures which are generated using
‘ServerHelloDone’ message to client. Which signifies that ‘‘RSASSA-PKCS1-v1_5’’ algorithm implementation. During
the mutual node authentication of both client and server is the data transfer phase after the association setup, no security
complete successfully. By using any public key cryptographic is applied. Hence, the use of only application profile security
algorithm, a secret key is exchanged. Utilizing this secret key, without transport profile security will result in a non-secure
cipher suite is negotiated. IEC 62351-4 recommended cipher system. For Transport profile security, TLS mechanism is
suites for MMS message exchanges are shown in Table 1. specified which gives reasonable security. Hence, any system
Among the listed cipher suites, it is further mandated implementing Transport profile security is reasonably secure.
at a minimum ‘‘TLS_RSA_WITH_AES_128_CBC_SHA256’’ Table 2 gives the comparison of different security implemen-
cipher suite should be supported in order to claim confor- tations with application and transport profile securities.
mance to IEC 62351-4. Where RSA algorithm is used for both In E2E security specification peer authentication and mes-
key exchange and digital signatures, AES_128_CBC is used sage integrity and confidentiality both during association
for encryption and SHA256 for HASH generation. setup and data transfer phase is specified. Public key sig-
In these mandated cipher suites Advanced Encryption nature algorithms and symmetric encryption algorithms are
Standard (AES) 128/256 is used for encryption and Secure utilized to achieve the above security requirements in E2E
Hash Algorithm (SHA 256/384) is used for generating security specification. When the E2E security specifications

TABLE 2. Security specifications for application and transport profiles.

VOLUME 8, 2020 123981

 T. S. Ustun, S. M. S. Hussain: IEC 62351-4 Security Implementations for IEC 61850 MMS Messages

FIGURE 3. MMS message exchanges between IEC 61850 client and server without security features.

are fully implemented without TLS security at transport

profile results in a reasonably secure system. When E2E
security is implemented with TLS security results in a secure
system.

III. IMPLEMENTATION AND EVALUATION

From the Section II, it can be noted that transport profile
security is more important for securing the MMS messages.
In this paper, for reducing complexity only transport profile
security is implemented and evaluated.
In order to implement the IEC 62351-4 transport pro-
file security for MMS messages a test setup consisting
of an IEC 61850 client and IEC 61850 server is devel-
oped. The IEC 61850 client and server are emulated with
the help of a commercial software. A SCD file is loaded FIGURE 4. Certificate generation process.
on two computers A and B, which now emulates as an
IEC 61850 server (IP:192.168.0.4) and IEC 61850 client
(IP:192.168.0.7) respectively. 61850 client and server, security module is configured with
Figure 3 shows connection establishment between IEC the security profile. The first step for configuring security
61850 client and server without any security. A TCP connec- profile is to setup certificates for client and server. Signed
tion is established using ports 102 as per the IEC 61850 spec- certificates ‘ENT-PC.pem’ and ‘beast-X99-s01.pem’ are gen-
ifications for MMS messages without security. After the erated by trusted CA for IEC 61850 server and client respec-
TCP connection establishment, MMS initiate-request and tively. As shown in Fig. 4, the IEC 61850 client/server (IED)
initiate-response messages are exchanged. Figure 3 gives the send a request to CA for issuing a certificate. The CA receives
wireshark capture of the unsecure MMS exchanges between the request, formats it according to X.509 and signs with its
IEC 6180 client and server. private key using any public key algorithms such as RSA
For establishing secure MMS message exchanges TLS or ECDSA. In this paper, the signature for certificates is
connection between IEC 61850 client and server must be generated using RSA and ECDSA algorithms with different
established. To implement TLS security in emulated IEC key sizes.

123982 VOLUME 8, 2020

T. S. Ustun, S. M. S. Hussain: IEC 62351-4 Security Implementations for IEC 61850 MMS Messages

FIGURE 6. Certificate configuration in emulated IEC 61850 client and

server.

TABLE 3. Certificate verification computational times for different digital

signature algorithms.

FIGURE 5. Certificate of IEC 61850 server in X.509 format. Figure 7 shows captured sequence of message exchanges
for TLS connection establishment. After the certificate
exchanges the server sends the cipher specifications. Here
Figure 5 shows encoded signed certificate ‘ENT-PC.pem’ the cipher used is ‘‘TLS_ECDHE_RSA_WITH_AES_256_
of IEC 61850 server generated by CA. It can be noticed GCM_SHA384’’.
that the certificate follows X.509 format and the algorithm The IEC 61850 client accepts the cipher suite by send-
used for generating signature is SHA256 with RSA. The ing an acknowledgement message. Once the chipper suite is
‘beast-X99-s01.pem’ certificate is similar to ‘ENT-PC.pem’ negotiated, it concludes the TLS process. Further message
certificate. exchanges are encrypted by AES 256_GCM encryption algo-
These generated certificates are configured in emulated rithm. And all the message exchanges during this TLS session
IEC 61850 client and server using the security module. as encrypted by AES 256_GCM and shown as application
Figure 6 (a) and (b) shows the configuration process of data in Fig. 7. From Fig. 7 it can be noticed that the port
certificates in emulated IEC 61850 client and server respec- no. 3782 is utilized for secure message exchanges as specified
tively. Once the certificates are configured in emulated IEC by the IEC 62351-4 standards.
61850 client and server, a TLS connection can be established. The MMS message exchanges between emulated IEC
Initially, client hello and server hello messages along with 61850 server and client during the TLS session are shown
certificates are exchanged. Both the client and server ver- as application data in Fig. 7. At the receiving side the
ify the respective certificates. If the certificates verification encrypted messages are decrypted as normal MMS messages.
process fails, the TLS connection is aborted. Table 3 presents The encryption of MMS messages provides confidentiality
the computation times required for verification of different security requirement. In [20] authors provided the delays
certificates signed by different RSA and ECDSA algorithms for establishing TLS session for different cipher suites listed
with different key sizes and curves on a test system. The test in Table 1. The time delay for establishing TLS session is
system is an Intel(R) Celeron (R) with 4GB RAM. the time elapsed from sending of ‘client hello’ message till

VOLUME 8, 2020 123983

 T. S. Ustun, S. M. S. Hussain: IEC 62351-4 Security Implementations for IEC 61850 MMS Messages

FIGURE 7. MMS message exchanges between IEC 61850 client and server with TLS security.

TABLE 4. Computational times for encryption and HASH algorithms in in different cipher suites specified for MMS messages well
different cipher suites.
within the accepted limits for MMS messages. However,
in legacy IEDs with computational powers the timing perfor-
mance of different algorithms becomes very vital for success-
ful implementation.

IV. CONCLUSIONS
This paper has implemented and demonstrated secure MMS
message exchanges by implementing TLS security as speci-
receiving ‘change cipher spec’ message. This time delay fied in IEC 62351-4 standards. For implementing TLS, signed
includes the time required for processing different crypto- X.509 certificates were developed for both IEC 61850 client
graphic algorithms listed in cipher suite and communication and server. The computational times for verifying digital
delays for exchanging TLS messages. In this paper, in order certificates using different digital signature algorithms is pre-
to obtain the computational performance of each algorithm sented. Secure IEC 61850 server and clients were emulated,
individually, these algorithms are implemented in C language and TLS connection based on IEC 62351-4 recommended
using OpenSSL libraries. Table 4 presents the computation security cipher suite was established successfully. The secure
times required for verification of different certificates signed encrypted messages were successfully exchanged over the
by different RSA and ECDSA algorithms with different key established TLS connection. This study provides insights on
sizes and curves on a test system. The test system is an implementing IEC 62351-4 security specifications for IEC
Intel(R) Celeron (R) with 4GB RAM. The computational 61850 MMS messages and their performance before actual
delays are obtained by sampling the CPU times at the start and deployment is planned in the field.
end of C program using the clock() functions. The procedure
REFERENCES
is repeated several times and average values computational
[1] I. Ali, S. M. S. Hussain, A. Tak, and T. S. Ustun, ‘‘Communication mod-
delays is reported. eling for differential protection in IEC-61850-based substations,’’ IEEE
Similarly, the computational times for implementing dif- Trans. Ind. Appl., vol. 54, no. 1, pp. 135–142, Jan. 2018.
ferent encryption and HASH algorithms specified in Table 1 [2] S. M. S. Hussain, T. S. Ustun, P. Nsonga, and I. Ali, ‘‘IEEE 1609 WAVE
and IEC 61850 standard communication based integrated EV charging
are shown in Table 4. From Table 3 and Table 4, it can be management in smart grids,’’ IEEE Trans. Veh. Technol., vol. 67, no. 8,
observed that computational times of different algorithms pp. 7690–7697, Aug. 2018.

123984 VOLUME 8, 2020

T. S. Ustun, S. M. S. Hussain: IEC 62351-4 Security Implementations for IEC 61850 MMS Messages

[3] M. A. Aftab, S. M. S. Hussain, I. Ali, and T. S. Ustun, ‘‘IEC 61850 TAHA SELIM USTUN (Member, IEEE) received
and XMPP communication based energy management in microgrids the Ph.D. degree in electrical engineering from
considering electric vehicles,’’ IEEE Access, vol. 6, pp. 35657–35668, Victoria University, Melbourne, VIC, Australia.
2018. He is currently a Researcher with the Fukushima
[4] S. M. S. Hussain, A. Tak, T. S. Ustun, and I. Ali, ‘‘Communication Renewable Energy Institute, AIST (FREA),
modeling of solar home system and smart meter in smart grids,’’ IEEE National Institute of Advanced Industrial Science
Access, vol. 6, pp. 16985–16996, 2018. and Technology (AIST), and leads the Smart Grid
[5] S. M. Farooq, S. M. S. Hussain, and T. S. Ustun, ‘‘S-GoSV: Framework
Cybersecurity Lab. Prior to that, he was an Assis-
for generating secure IEC 61850 GOOSE and sample value messages,’’
tant Professor of electrical engineering with the
Energies, vol. 12, no. 13, p. 2536, Jul. 2019.
[6] Cyber-Attack Against Ukrainian Critical Infrastructure, document ICS School of Electrical and Computer Engineering,
Alert (IR-ALERT-H-16-056-01), Industrial Control Systems Cyber Emer- Carnegie Mellon University, Pittsburgh, PA, USA. His research interests
gency Response Team (ICSCERT), Feb. 2016. include power systems protection, communication in power networks, dis-
[7] Communication Networks and Systems for Power Utility Automation, 2.0, tributed generation, microgrids, electric vehicle integration, and cybersecu-
Standard IEC 61850, IEC, 2013. rity in smartgrids. He is a member of the IEEE 2004, the IEEE 2800 Working
[8] Power Systems Management and Associated Information Exchange— Groups, and IEC Renewable Energy Management Working Group 8. He has
Data and Communications Security—Part 4: Profiles Including MMS and been invited to run special courses in Africa, India, and China. He delivered
Derivatives, 1.0, Standard IEC 62351-4, IEC, 2018. talks for the Qatar Foundation, the World Energy Council, Waterloo Global
[9] S. M. S. Hussain, T. S. Ustun, and A. Kalam, ‘‘A review of IEC 62351 Science Initiative, and European Union Energy Initiative (EUEI). He has
security mechanisms for IEC 61850 message exchanges,’’ IEEE Trans. Ind. edited several books and special issues with international publishing houses.
Informat., doi: 10.1109/TII.2019.2956734. He is a Reviewer of reputable journals and has taken active roles in organizing
[10] R. Schlegel, S. Obermeier, and J. Schneider, ‘‘A security evaluation of IEC international conferences and chairing sessions. He is an Associate Editor of
62351,’’ J. Inf. Secur. Appl., vol. 34, no. 2, pp. 197–204, 2017. IEEE ACCESS and a Guest Editor of the IEEE TRANSACTIONS ON INDUSTRIAL
[11] Power Systems Management and Associated Information Exchange—Data
INFORMATICS.
and Communications Security—Part 6: Security for IEC 61850, 1.0. Stan-
dard IEC 62351-6, IEC, 2007.
[12] S. M. Farooq et al., ‘‘Performance evaluation and analysis of IEC 62351-
6 probabilistic signature scheme for securing GOOSE messages,’’ IEEE
Access, vol. 7, pp. 32343–32351, 2019.
[13] F. Hohlbaum, M. Braendle, and A. Fernando, ‘‘Cyber Security Practical
considerations for implementing IEC 62351,’’ in Proc. PAC World Conf.,
2010.
[14] D. Ishchenko and R. Nuqui, ‘‘Secure communication of intelligent elec-
tronic devices in digital substations,’’ in Proc. IEEE/PES Transmiss. Dis-
trib. Conf. Expo. (T D), 2018.
[15] S. M. S. Hussain et al., ‘‘Analysis and implementation of message authen-
tication code (MAC) algorithms for GOOSE message security,’’ IEEE
Access, vol. 7, pp. 80980–80984, 2019. S. M. SUHAIL HUSSAIN (Member, IEEE)
[16] S. M. S. Hussain, S. M. Farooq, and T. S. Ustun, ‘‘A method for achieving received the Ph.D. degree in electrical engineering
confidentiality and integrity in IEC 61850 GOOSE messages,’’ IEEE from Jamia Millia Islamia (A Central University),
Trans. Power Del., to be published, doi: 10.1109/TPWRD.2020.2990760. New Delhi, India, in 2018.
[17] T. S. Ustun and S. M. S. Hussain, ‘‘An improved security scheme for IEC He is currently a Postdoctoral Researcher with
61850 MMS Messages in intelligent substation communication networks,’’ the Fukushima Renewable Energy Institute, AIST
J. Modern Power Syst. Clean Energy, early access. (FREA), National Institute of Advanced Indus-
[18] J. Zhang, J. Li, X. Chen, M. Ni, T. Wang, and J. Luo, ‘‘A security scheme
trial Science and Technology (AIST), Koriyama,
for intelligent substation communications considering real-time perfor-
Japan. His research interests include power system
mance,’’ J. Mod. Power Syst. Clean Energy, vol. 7, no. 4, pp. 948–961,
Jul. 2019. communication, cybersecurity in power systems,
[19] O. Khaled, A. Marín, F. Almenares, P. Arias, and D. Díaz, ‘‘Analysis of substation automation systems, IEC 61850 standards, electric vehicle inte-
secure TCP/IP profile in 61850 based substation automation system for gration, and smart grids. He was a recipient of the IEEE Standards Education
smart grids,’’ Int. J. Distrib. Sensor Netw., 2016. Grant approved by the IEEE Standards Education Committee for implement-
[20] M. G. Todeschini, G. Dondossola, and R. Terruggia, ‘‘Impact evaluation of ing projects and submitting a student application paper, from 2014 to 2015.
IEC 62351 cybersecurity on IEC 61850 communications performance,’’ in He is a Guest Editor of the IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS.
Proc. 25th Int. Conf. Electr. Distrib. (CIRED), Jun. 2019.

VOLUME 8, 2020 123985