Vulnerability Analysis And Testing Of Communication Protocols For Smart Substations

Smart grid security is the top priority of national infrastructure security,substations are the core facilities of power grid transmission and distribution networks.With the intelligence and Networked of substations,cyberattacks may penetrate the internal facilities of smart grids and cause great damage.At present,many countries in the world have experienced smart grid's intrusions against and caused great damage,including the earthquake network event and the Ukrainian black energy incident.The above events show that security protection and anomaly detection for facilities such as smart grids and substations have become more and more important.In this paper,the security between the station control layer,bay layer and process layer of the intelligent substation is the focus of this article.This paper conducts research on the security of smart substation protocols.The main contri-butions are summarized as follows:1.In view of the communication process of smart substations,this paper starts from MMS,GOOSE,and SMV protocols in smart substation communication,focusing on the proto-col security mechanisms of the application layer and transport layer of the three-layer OSI seven-layer structure.The hardening measures and the protocol protector stipulated in the IEC62351 protocol have produced a detailed investigation and summary.At the same time,From unreasonable(or undesigned)encryption,authentication,verification,authorization,and time stamping mechanisms,their protocol vulnerability was analysed and summarized;2.A parsing mechanism was designed for the above three protocols,which made up for the problems of incomplete and inadequate parsing of the existing security protection equipment for the three protocols and ignored payload information.The specific idea is to fully parse the data packets of the above protocol,and use the actual device to verify the correctness of the parsing by applying the protocol application layer payload information to the actual device operating variables.The corresponding code is open source3.The corresponding fuzzy test mechanism is designed for the substation simulation platform libIEC61850 and the actual intelligent substation platform.The fuzzing experiments on open source simulation software have resulted in the software downtime effect of the open source software.At the same time,the gcov tool is used to monitor the code coverage of the open source software and LLVM is used to locate corresponding vulnerabilities.The realization of the fuzzy test mechanism of the actual intelligent substation bottom equipment was explored.The problem of sending and receiving packets for embedded devices was solved,and corre-sponding fuzzing algorithms were designed for the characteristics of the three protocols.4.an open source data set was designed for the interval and process layer scenarios of smart substations,making up for the current situation that there is no open source test data set for the bottom layer of smart substations.The experimental scheme designed 19 kinds of attacks and 11 kinds of abnormal operation of the substation for the communication between the in-telligent substation line protection,the bus differential protection device and the underlying intelligent terminal.The corresponding data packets are collected and standardized.And de-signed more than 30 features to provide a new scenario and data set for the anomaly detection research of the CPS system.The attack packets,processed CSV files,and code have been open sourced.