ࡱ> 463bjbjUU n*??$4K 0WWWWWWWW(JWWWWWWWWWWWWWWWWWWW0fxsWW0WWWW0WWWWWWWWWWWWWWWWWWWWWWWWW :Resumo Um cuidado especial deve ser considerado na integrao da subestao de energia no contexto das Smart Grids quanto aos seus protocolos de comunicao que no foram projetados considerando aspectos de segurana. As subestaes de energia das Smart Grids eventualmente estaro integradas em uma grande rede de comunicao com diversos dispositivos externos s concessionrias, e isso torna mais fcil para atacantes externos causarem efeitos devastadores na automao da subestao de energia. A norma IEC 62351 sugere o uso de assinatura digital baseada no algoritmo RSA para o protocolo GOOSE, utilizado na comunicao de dispositivos eletrnicos inteligentes das subestaes. Alm disso, a norma IEC 61850 define um requisito de latncia mximo de 3 ms para a comunicao fim-a-fim entre os dispositivos da subestao, no requisito mais estrito. Os equipamentos industriais utilizados atualmente nas subestaes possuem, em geral, baixo poder de processamento, tornando invivel o uso de algoritmos de segurana avanada, como o RSA, comprovado por alguns estudos publicados. A maneira mais bvia para se resolver o problema trocar os equipamentos por outros mais modernos e com maior poder de processamento, porm os custos so inviveis a curto prazo, sendo que so dispositivos fabricados para muitos anos de durabilidade e de alto valor. Este trabalho avalia algoritmos criptogrficos aplicados ao protocolo GOOSE em redes de comunicao IEC 61850 para subestaes de energia eltrica. demonstrado atravs de uma prova de conceito a distribuio segura de chaves simtricas em uma rede de subestao de energia, com o algoritmo RSA. Atravs de experimentos prticos com dispositivos de baixo poder de processamento, confirma-se a inviabilidade do RSA para proteger mensagens GOOSE. Ao mesmo tempo mostra-se grande viabilidade do algoritmo AES aplicado com a tcnica CMAC. Mesmo com carga til do pacote de 459 bytes, consegue garantir os requisitos de segurana exigidos pela norma IEC 62351. Por fim, o AES tambm apresenta bons resultados cifrando toda a carga til das mensagens GOOSE em tempo de execuo, garantindo confidencialidade, requisito superior ao exigido pela norma, com tempo de transmisso de 69 s. Para substituir o RSA por algoritmos simtricos, foi proposto um mecanismo de troca segura de chaves simtricas para redes IEC 61850. Palavras-chave: GOOSE, RSA, AES, CMAC, IEC 61850, IEC 62351, Subestao de Energia Abstract Particular care should be taken to the integration of energy substations in the context of Smart Grid and their communication protocols which were not designed considering security aspects. Smart Grids power substations will eventually be integrated into a large communication network with various external devices to the utility, and this makes it easier for external attackers to cause devastating effects on power substation automa- tion. The IEC 62351 standard suggests the use of digital signature based on the RSA algorithm for the GOOSE protocol, used in the communication of intelligent electronic devices of the substations. In addition, the IEC 61850 standard defines a maximum la- tency requirement of 3 ms for end-to-end communication between the substation devices, in the strictest requirement. The industrial equipment currently used in substations has, in general, low processing power, and, thus we are unable to use advanced security algo- rithms, such as RSA, as concluded by a number of studies in the literature. The most obvious way to solve the problem is to replace the equipment with more modern ones with more processing power, but the costs are not feasible in the short term, being de- vices manufactured for many years of durability and high value. This work evaluates cryptographic algorithms applied to the GOOSE protocol in IEC 61850 communication networks for electric power substations. It is demonstrated through a proof of concept the secure distribution of symmetric keys in an energy substation network, with the RSA algorithm. Through practical experiments with low processing power devices, the infe- asibility of RSA to protect GOOSE messages is confirmed. At the same time, the AES algorithm applied with the CMAC technique is very feasible. Even with a 459-byte packet payload, it can guarantee the security requirements of the IEC 62351 standard. Finally, AES also performs well by encrypting the full payload of GOOSE messages at run time, ensuring confidentiality, a requirement higher than the defined by the standard, with a transmission time of 69 s. To replace the RSA with symmetric algorithms, a mechanism of safe exchange of symmetric keys for IEC 61850 networks has been proposed. Keywords: GOOSE, RSA, AES, CMAC, IEC 61850, IEC 62351, Power Substation !jv      ' ( * + . / 5 6 : ; = > I J M N [ \ e f h i t u w ๣͐}}jjjj$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH*h{h3l6@CJRHi]aJmHsH&h{h3l6CJRHi]aJmHsH$h{h3l@CJRHiaJmHsH h{h3lCJRHiaJmHsHh{h3lCJaJmHsH%Gj zw^zgd{$mdd]m^d`a$gd{gd{gd{dgd{md$d]m^d`$gd{$mdd]m^d`a$gd{^gd{ w x  ! H O ] d  !'(*2<=?@CDHIKLVWYZܶܶܶܶܶܣܐ}}ܣܣܣܣܣܣܣܣܣܣܣ$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH h{h3lCJRHiaJmHsH$h{h3l@CJRHiaJmHsH1Zx   %&0156;<?@FG|i|܏|i|Zh{h3lCJaJmHsH$h{h3l@ CJRHiaJmHsH$h{h3l@ CJRHiaJmHsH$h{h3l@ CJRHiaJmHsH&h{h3l6CJRHi]aJmHsH$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH$h{h3l@CJRHiaJmHsH h{h3lCJRHiaJmHsH GU!8=@PS̶}}n}}nn_}}}nh{h3l@CJRHiaJh{h3l@CJRHiaJh{h3l@CJRHiaJh{h3l@CJRHiaJh{h3lCJRHiaJh{h3l5CJ\aJh{h3lCJaJh{h3lmHsHh{h3lCJaJmHsH h{h3lCJRHiaJmHsH&h{h3l5CJRHi\aJmHsH#14x $%-.01:;?@CDGHMNVWZ[_`ijնէ՘Չ՘Չz՘zՉ՘՘՘oh{h3lCJaJh{h3l@CJRHiaJh{h3l@CJRHiaJh{h3l@CJRHiaJh{h3l@CJRHiaJh{h3l6CJRHi]aJh{h3l@CJRHiaJh{h3lCJRHiaJh{h3l@CJRHiaJh{h3l@CJRHiaJ(jr h{h3lh{h3lCJaJh{h3lCJRHiaJh{h3l5CJRHi\aJ2P. A!@"#,$% Dp8P:p. A!@"#,$% Dp^ 666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH6666666666666666666666666666666666666666666666666666666666666666662 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~_HmHnHsHtHJ`J {Normal 1$7$8$CJ_HaJmH sH tH L@L {0 Heading 1@&^5CJ1\aJ1DA D 0Default Paragraph FontRiR 0 Table Normal4 l4a (k ( 0No List b/b ,fHeading 1 Char.5CJ KH OJPJQJ\^JaJ mH sH tH 6B@6 {0 Body TextCJaJ@/@ ,f0Body Text Char mH sH tH PK![Content_Types].xmlj0Eжr(΢Iw},-j4 wP-t#bΙ{UTU^hd}㨫)*1P' ^W0)T9<l#$yi};~@(Hu* Dנz/0ǰ $ X3aZ,D0j~3߶b~i>3\`?/[G\!-Rk.sԻ..a濭?PK!֧6 _rels/.relsj0 }Q%v/C/}(h"O = C?hv=Ʌ%[xp{۵_Pѣ<1H0ORBdJE4b$q_6LR7`0̞O,En7Lib/SeеPK!kytheme/theme/themeManager.xml M @}w7c(EbˮCAǠҟ7՛K Y, e.|,H,lxɴIsQ}#Ր ֵ+!,^$j=GW)E+& 8PK!Ptheme/theme/theme1.xmlYOo6w toc'vuر-MniP@I}úama[إ4:lЯGRX^6؊>$ !)O^rC$y@/yH*񄴽)޵߻UDb`}"qۋJחX^)I`nEp)liV[]1M<OP6r=zgbIguSebORD۫qu gZo~ٺlAplxpT0+[}`jzAV2Fi@qv֬5\|ʜ̭NleXdsjcs7f W+Ն7`g ȘJj|h(KD- dXiJ؇(x$( :;˹! I_TS 1?E??ZBΪmU/?~xY'y5g&΋/ɋ>GMGeD3Vq%'#q$8K)fw9:ĵ x}rxwr:\TZaG*y8IjbRc|XŻǿI u3KGnD1NIBs RuK>V.EL+M2#'fi ~V vl{u8zH *:(W☕ ~JTe\O*tHGHY}KNP*ݾ˦TѼ9/#A7qZ$*c?qUnwN%Oi4 =3ڗP 1Pm \\9Mؓ2aD];Yt\[x]}Wr|]g- eW )6-rCSj id DЇAΜIqbJ#x꺃 6k#ASh&ʌt(Q%p%m&]caSl=X\P1Mh9MVdDAaVB[݈fJíP|8 քAV^f Hn- "d>znNJ ة>b&2vKyϼD:,AGm\nziÙ.uχYC6OMf3or$5NHT[XF64T,ќM0E)`#5XY`פ;%1U٥m;R>QD DcpU'&LE/pm%]8firS4d 7y\`JnίI R3U~7+׸#m qBiDi*L69mY&iHE=(K&N!V.KeLDĕ{D vEꦚdeNƟe(MN9ߜR6&3(a/DUz<{ˊYȳV)9Z[4^n5!J?Q3eBoCM m<.vpIYfZY_p[=al-Y}Nc͙ŋ4vfavl'SA8|*u{-ߟ0%M07%<ҍPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 +_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!Ptheme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] *4*w ZGj{rL3l>@@@UnknownG*Ax Times New Roman5Symbol3" Arial7@CambriaACambria Math"zz!@,0$P{!xxResumoHelioHelioOh+'0x  4 @ LX`hpResumoHelioNormal_WordconvHelio1Microsoft Office Outlook@Ik@d s@6ws՜.+,0 hp|   Resumo Title  !"$%&'()*,-./0125Root Entry F@Qs71TableWordDocumentn*SummaryInformation(#DocumentSummaryInformation8+CompObjy  F'Microsoft Office Word 97-2003 Document MSWordDocWord.Document.89q  F#Documento do Microsoft Office Word MSWordDocWord.Document.89q