IEC 61850 Source Code Library

Our IEC 61850 Source Code Library provides a quick and cost effective way to implement an IEC 61850 Server, Client, GOOSE, or Sampled Values.  The library was designed from the ground up to fully support IEC 61850 services and efficiently use resources.  We offer our Library Components in ANSI-C, C++, Java or .NET Components for maximum flexibility across many different applications.  

For almost 30 years, Triangle has provided the diagnostic tools and protocol expertise to our customers to support all their conformance  & certification needs. We will work with you, as needed, to ensure that your implementation of our source code libraries will pass all industry related certification and conformance testing.

Related Products

  •  

What is Secure GOOSE & Sampled Values?

GOOSE is a mechanism for transmitting time-critical information, such as alarms or status changes, between intelligent electronic devices (IEDs) in a substation. Sampled Values provides synchronized sampling and transmission of analog data, such as voltage and current, from sensors to protection and control devices in substations. Securing GOOSE and Sampled Values refers to the implementation of enhanced security measures in the transmission of real-time events and analog measurements throughout the power system, namely authentication and optionally encryption: 

When using KDC, each GDOI (Group Domain of Interpretation as defined in RFC-6407) has one publisher and one or more subscribers.  The KDC Server is responsible for assigning cryptographic keys to each GDOI and sending them to each KDC Client, which then matches the GDOIs to the correct publisher or subscriber stream on the device.  

Authentication (mandatory for routable versions) - GOOSE and Sampled Values are authenticated by utilizing HMAC to validate that the messages were signed with the key supplied by the KDC Server, this verifies that the message was not corrupted in transit.       

Encryption (optional) - Implement encryption to protect the confidentiality of the data transmitted. Encryption ensures that unauthorized parties cannot decipher the content of the messages.

 

Why do I need to Secure GOOSE & Sampled Values?

  1. Confidentiality of Data:
  2. Integrity Assurance:
  3. Perfect Forward Secrecy :
    • Use Case: Breaking the key for one set of key pulls does not provide key materials that allow you to break future exchanges since key exchanges are protected via Diffie-Hellman Exchanges.
  4. Information Isolation:
    • Use Case: Each group consisting of a publisher and its subscribers has its own set of keys and policies therefore compromising one group does not compromise the other groups.
  5. Secure Communication in Shared Networks:
    • Use Case: Ensure confidentiality in shared network environments with non-critical systems or external entities.
  6. Compliance with Security Standards:
    • Use Case: Meet industry standards and regulations for power system security.
  7. Prevention of Man-in-the-Middle Attacks:
    • Use Case: Guard against unauthorized interception and alteration of communication.
  8. Maintaining Data Integrity in Wide-Area Networks:
    • Use Case: Secure communication over extended distances to ensure data integrity.
  9. Protection Against Insider Threats:
    • Use Case: Mitigate risks associated with malicious actions from within the organization.
  10. Ensuring System Resilience:
    • Use Case: Enhance infrastructure resilience against cyber threats for continuous and reliable power grid operation.

     

How do I secure GOOSE & Sampled Values?

The KDC, or Key Distribution Center, provides a mechanism for encryption and authentication of both GOOSE and Sampled Value messages. KDC is made up of two components, a KDC Server such as Garibaldi, which manages and distributes secure keys, and a KDC Client such as the one provided with Triangle MicroWorks’ IEC 61850 Source Code Library, which receives the keys and uses them to encrypt, decrypt, sign, and authenticate messages. This technology can be applied to both Routable and Layer 2 GOOSE and Sampled Value communications.

 

 

When using KDC, each GDOI (Group Domain of Interpretation as defined in RFC-6407) has one publisher and one or more subscribers.  The KDC Server is responsible for assigning cryptographic keys to each GDOI and sending them to each KDC Client, which then matches the GDOIs to the correct publisher or subscriber stream on the device.   

What does TMW support?

KDC Client Source Code Library

  • Supports failover to a secondary KDC Server.
  • Autonomously performs pull requests for clients as keys expire.
  • Fully compliant with IEC-62351-9 and RFCs 2407, 2408, 2409, 6407, and 8052.
  • Cryptographic algorithms supported include any combination of:
    • Authentication = HMAC-SHA256-128, HMAC-SHA256-256, AES-GMAC-128, AES-GMAC-256    
    • Encryption = none, AES-128-GCM, AES-256-GCM, AES-128-CBC, AES-256-CBC

Garibaldi 

  • Key Distribution and Access Control
  • Security Domains
  • IEC 61850 Security
  • Member Validation and Policy Delivery


 

 TMWLogo

 
Quick Links  Contact Us:
Home
Products
Videos
Training
Support
Reference
About Us

Triangle MicroWorks, Inc.
Sales: +1 919.870.5101
Support: +1 919.781.1931
Fax: +1 919.870.6692
sales@TriangleMicroWorks.com
support@TriangleMicroWorks.com

Follow us on YouTube Follow us on Facebook Visit us on LinkedIn Follow us on Twitter

 
Copyright © 2013-2024 Triangle MicroWorks, Inc. All Rights Reserved