BSI PD IEC TS 62351-100-1:2018

$215.11

Power systems management and associated information exchange. Data and communications security – Conformance test cases for IEC TS 62351-5 and IEC TS 60870-5-7

Published By	Publication Date	Number of Pages
BSI	2018	114

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This part of IEC 62351, which is a technical specification, describes test cases of data and communication security for telecontrol equipment, substation automation systems (SAS) and telecontrol systems, including front-end functions of SCADA.

The goal of this document is to enable interoperability by providing a standard method of testing protocol implementations to verify that a device fulfils the requirement of the standard. Note that conformity to the standard does not guarantee interoperability between devices using different implementations. It is expected that using this specification during testing will minimize the risk of non-interoperability. A basic condition for this interoperability is a passed conformance test of both devices.

The scope of this document is to specify commonly available procedures and definitions for conformance and/or interoperability testing of IEC TS 62351-5 and IEC TS 60870-5-7. The conformance test cases defined herein are focused to verify the conformant integration of the underlying authentication, as specified in IEC TS 62351-5 and IEC TS 60870-5-7, to protect IEC 60870-5-101 and IEC 6870-5-104-based communications.

This document deals with data and communication security conformance testing; therefore, other requirements, such as safety or EMC, are not covered. These requirements are covered by other standards (if applicable) and the proof of compliance for these topics is done according to these standards.

PDF Catalog

PDF Pages	PDF Title
2	undefined
4	CONTENTS
8	FOREWORD
10	INTRODUCTION
11	1 Scope 2 Normative references
12	3 Terms, definitions and abbreviated terms 3.1 Terms and definitions
14	3.2 Abbreviated terms 4 General 4.1 Normatives covered by this technical specification 4.2 Conformance testing structure 4.2.1 General
15	4.2.2 Conformance testing of security extension procedures Figure 1 – IEC TS 62351-5 Security extension procedures
16	4.2.3 Conformance testing addressed per station type 4.2.4 Normal procedure tests and resiliency tests 4.3 Conformance testing requirements 4.3.1 Testing base protocols with security extension 4.3.2 Testing of profiles including TCP/IP 4.3.3 Requirements for the device under test
17	4.3.4 Requirements for the test facility 4.3.5 Test logging
18	5 Verification of configuration parameters 5.1 General 5.2 System definition
19	Tables Table 1 – Configuration parameters: System definition
20	5.3 Application security extension
21	Table 2 – Configuration parameters: Application security extension
23	6 Verification of Communication 6.1 General 6.2 ASDU segmentation control
24	Table 3 – ASDU segmentation control
25	6.3 Verification of ASDUs 6.3.1 User management ASDUs Table 4 – User management ASDUs
28	6.3.2 Update key maintenance ASDUs Table 5 – Update key maintenance ASDUs
34	6.3.3 Session key maintenance ASDUs Table 6 – Session key maintenance ASDUs
37	6.3.4 Challenge/reply and aggressive mode authentication ASDUs Table 7 – Challenge/reply and aggressive mode authentication ASDUs
41	6.3.5 Security statistics ASDU 7 Verification of procedures 7.1 General Table 8 – Security statistics ASDU
42	7.2 User management 7.2.1 General
43	7.2.2 Controlling station Table 9 – User management: Controlling station normal procedure tests
44	Table 10 – User management: Controlling station resiliency tests
45	7.2.3 Controlled station Table 11 – User management: Controlled station normal procedure tests
46	Table 12 – User management: Controlled station resiliency tests
50	7.3 Update key maintenance – Symmetric 7.3.1 General 7.3.2 Controlling station Table 13 – Update key maintenance – Symmetric: Controlling station triggering conditions
51	Table 14 – Update key maintenance – Symmetric: Controlling station normal procedure tests
52	Table 15 – Update key maintenance – Symmetric: Controlling station resiliency tests
54	7.3.3 Controlled station Table 16 – Update key maintenance – Symmetric: Controlled station normal procedure tests
55	Table 17 – Update key maintenance – Symmetric: Controlled station resiliency tests
56	7.4 Update key maintenance – Asymmetric 7.4.1 General
57	7.4.2 Controlling station Table 18 – Update key maintenance – Asymmetric: Controlling station triggering conditions
58	Table 19 – Update key maintenance – Asymmetric: Controlling station normal procedure tests
59	Table 20 – Update key maintenance – Asymmetric: Controlling station resiliency tests
61	7.4.3 Controlled station Table 21 – Update key maintenance – Asymmetric: Controlled station normal procedure tests
62	Table 22 – Update key maintenance – Asymmetric: Controlled station resiliency tests
63	7.5 Session key maintenance 7.5.1 General
64	7.5.2 Controlling station Table 23 – Session key maintenance: Controlling station triggering conditions
65	Table 24 – Session key maintenance: Controlling station normal procedure tests
66	Table 25 – Session key maintenance: Controlling station resiliency tests
69	7.5.3 Controlled station Table 26 – Session key maintenance: Controlled station invalidating session key
70	Table 27 – Session key maintenance: Controlled station normal procedure tests
71	7.6 Challenge/reply authentication 7.6.1 General Table 28 – Session key maintenance: Controlled station resiliency tests
72	7.6.2 Controlling station Table 29 – Challenge/reply authentication: Controlling station triggering conditions
73	Table 30 – Challenge/reply authentication: Controlling station normal procedure tests
74	Table 31 – Challenge/reply authentication: Controlling station resiliency tests
78	7.6.3 Controlled station Table 32 – Challenge/reply authentication: Controlled station normal procedure tests
79	Table 33 – Challenge/reply authentication: Controlled station resiliency tests
82	7.7 Aggressive mode authentication 7.7.1 General
83	7.7.2 Controlling station Table 34 – Aggressive mode authentication: Controlling station normal procedure tests
84	Table 35 – Aggressive mode authentication: Controlling station resiliency tests
86	7.7.3 Controlled station Table 36 – Aggressive mode authentication: Controlled station normal procedure tests
87	Table 37 – Aggressive Mode Authentication: Controlled station resiliency tests
89	8 Tests results chart 8.1 Verification of configuration parameters Table 38 – Test results chart: Configuration parameters
90	8.2 Verification of communication 8.2.1 ASDUs segmentation control Table 39 – Test results chart: ASDU segmentation control
91	8.2.2 User management ASDUs Table 40 – Test results chart: User managements ASDUs
92	8.2.3 Update key maintenance ASDUs Table 41 – Test results chart: Update key maintenance ASDUs
94	8.2.4 Session key maintenance ASDUs Table 42 – Test results chart: Session key maintenance ASDUs
95	8.2.5 Challenge/reply and aggressive mode authentication ASDUs Table 43 – Test results chart: Challenge/reply and aggressive mode authentication ASDUs
96	8.2.6 Security statistics ASDU Table 44 – Test results chart: Security statistics ASDU
97	8.3 Verification of procedures 8.3.1 User management Table 45 – Test results chart: User management procedure – Controlling station
98	Table 46 – Test results chart: User management procedure – Controlled Station
100	8.3.2 Update key maintenance – Symmetric Table 47 – Test results chart: Update key maintenance – Symmetric – Controlling station
101	Table 48 – Test results chart: Update key maintenance – Symmetric – Controlled station
102	8.3.3 Update key maintenance – Asymmetric Table 49 – Test results chart: Update key maintenance – Asymmetric – Controlling station
103	Table 50 – Test results chart: Update key maintenance – Asymmetric – Controlled station
104	8.3.4 Session key maintenance Table 51 – Test results chart: Session key maintenance – Controlling station
106	Table 52 – Test results chart: Session key maintenance – Controlled station
107	8.3.5 Challenge/reply authentication Table 53 – Test results chart: Challenge/reply authentication – Controlling station
109	Table 54 – Test results chart: Challenge/reply authentication – Controlled station
111	8.3.6 Aggressive mode authentication Table 55 – Test results chart: Aggressive mode authentication – Controlling station
112	Table 56 – Test results chart: Aggressive mode authentication – Controlled station

Additional information

Status	Definitive
Pages	114
Publication Date	2018-11-15
ISBN	978 0 580 96671 2
Standard Number	PD IEC TS 62351-100-1:2018
Title	Power systems management and associated information exchange. Data and communications security – Conformance test cases for IEC TS 62351-5 and IEC TS 60870-5-7
Identical National Standard Of	IEC TS 62351-100-1:2018
Descriptors	Security, Data security, Information exchange, Information transfer, Management
Publisher	BSI
Committee	PEL/57
ICS Codes	33.200 - Telecontrol. Telemetering

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BSI PD IEC TS 62351-100-1:2018

PDF Catalog

Related products