IEEE P1711
From SCADApedia
The Substation Committee of the IEEE Power Engineering Society is writing P711 Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links. This standard defines a security protocol, the Serial SCADA Protection Protocol (SSPP), for control system serial communication. "The fundamental objective (of the) SSPP is to assure the integrity of SCADA messages, that messages are not forged, modified, spliced, reordered or replayed. With an appropriate cipher suite SSPP also provides confidentiality."
While the standard envisions a retrofit, bump-in-the-line, device, there is no reason the protocol specified in this standard could not be integrated into a PLC, RTU or IED.
The security protocol address protecting the control communication via a SCADA Cryptographic Module (SCM) and field device management communication via a Maintenance Cryptographic Module (MCM).
Contents |
SSPP
The SSPP is defined at session, transport and link layers. The session layer can be considered the protocol management and has message types to indicate various phases of session negotiation and control as well as a message types indicating a data message. The transport layer is where security controls such as encryption and integrity checking take place. At the link layer, the SSPP ensures that parameters required to transit the network, such as modem commands, are passed in the clear and the device supports mixed mode.
To support the phased or partial deployment of P1711 devices, the standard specifies a mixed mode where some traffic is secured and others is not depending on the destination.
The SSPP defines two types of sessions:
- A static session is created between each communicating pair of P1711 devices. The static session is used primarily for key exchange and other negotiation required to create a dynamic session. Static sessions can be used to exchange data, but they do not provide any replay or reordering protection. P1711 is silent on static session key management.
- Dynamic sessions are used to securely exchange data. The process of establishing a dynamic session is transparent to the user and is defined in P1711.
Part of the dynamic session negotiation includes a selection of the cipher suite. A cipher suite is a combination of crypto algorithms, security parameter criteria and sometimes special features. There are ten cipher suites defined in the current P1711 draft. For example, if encryption for privacy is not required, cipher suites 7 (clear text with HmacSHA1 with 160-bit keys) and 8 (clear text with HmacSHA256) are limited to message authentication.
The protocol also supports a number of special security modes.
- Broadcast Mode: a broadcast key associated with a destination address of 0xFFFF can be deployed to all P1711 devices to support broadcast.
- PE Mode with no holdback: the data is passed to the SCADA device immediately after decryption and prior to verifying the integrity of the data. This mode is for environments with strict latency requirements.
Comparison with AGA 12 Part 2
There are currently no significant differences between P1711 and AGA 12 Part 2.
Exclusions
P1711 does not prevent denial of service attacks.
P1711 does not provide reliable delivery. Retransmission of dropped messages is not part of P1711.
P1711 does not specify key management mechanisms or requirements. Asset owners deploying P1711 retrofit devices will need to securely generate, allocate, distribute, use and destroy crypto keys used in the static sessions.
Status
In development. Latest draft issued on 28 February 2007.
