cryptography and the smart grid ppt
TRANSCRIPT
![Page 1: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/1.jpg)
An Introduction to Cryptography as Applied to the Smart GridJacques Benoit, Cooper Power Systems
Western Power Delivery Automation ConferenceSpokane, WashingtonMarch 2011
![Page 2: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/2.jpg)
Agenda
> Introduction> Symmetric Cryptography> Message Integrity and Authentication> The IEC 62351 Standards> DNP3 Secure Authentication> Asymmetric Cryptography> Digital Signatures> Certificates and Certificate Authorities> Transport Layer Security> Conclusion
2
![Page 3: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/3.jpg)
Introduction
> Cryptography is the practice and study of hiding information.> Origins date more than 2000 years ago.> Takes it root in the Greek word kryptos, meaning hidden.> The National Institute of Science and Technology (NIST) plays
a major role in defining cryptographic standards.> NIST published first encryption algorithm for general use in
1974.> Cryptography provides a set of tool to meet information security
requirements: Confidentiality Authentication Integrity Non-repudiation
3
![Page 4: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/4.jpg)
Symmetric Cryptography
4
ALICE BOB
![Page 5: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/5.jpg)
Symmetric Cryptography Standards
> 1977 – Data Encryption Standard (DES) adopted as FIPS 46 federal standard for unclassified data. 56-bit key
> 1999 – FIPS 46-3 standard recommends the use of Triple DES (TDES or 3DES) for increased security. With 2 keys, effective strength of 80 bits With 3 keys, effective strength of 112 bits and approved for
use until 2029> 2001 – FIPS 197 Advanced Encryption Standard (AES)
128, 192, or 256 bit keys 128 bit key is approved for use beyond 2030
5
![Page 6: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/6.jpg)
Message Integrity
6
Message Authentication Code(MAC)
![Page 7: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/7.jpg)
Message Authentication Codes
> Checksums and Cyclic Redundancy Check (CRC) designed to detect common communications errors.
> Fast. But not designed to provide security. Easy to generate two messages with same value.
> Cryptographic hashes are slower, but it is extremely difficult to generate two messages with same hash.
> MD5 (Message-Digest algorithm 5) is widely used and generates a 128 bit digest. It is no longer considered secure.
> SHA-1 replaced MD5 and produces a 160 bit digest. Weaknesses have been identified.
> SHA-2 defines four functions to replace SHA-1: SHA-224, SHA-256, SHA-384 and SHA-512.
> SHA-224 is approved for use until 2029.> SHA-3 is under development.
7
![Page 8: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/8.jpg)
Message Integrity and Authentication
8
Hashed-based Message Authentication Code
(HMAC)
![Page 9: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/9.jpg)
Hash-based Message Authentication Code (HMAC)
> Hash-based Message Authentication Code (HMAC) algorithm uses the key as part of the hashing process.
> HMAC algorithm is designed to be used with any hash function.
> SHA-1 with key greater than 112 bits, but shorter that 128 bits is acceptable until 2030.
> After 2030, key should have more than 128 bits.
9
![Page 10: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/10.jpg)
IEC 62351 Information Security for Power System Control Operations
> IEC 62351 was developed for handling the security of TC-57 protocols including IEC 61850, IEC 60870-5 and it derivatives, such as DNP3 IEC 62351-3 specifies how to secure TCP/IP-
based protocols through the use of Transport Layer Security (TLS).
IEC 62351-5 specifies how to add user and device authentication, and data integrity.
> The DNP3 Secure Authentication extension was designed to meet the requirements of IEC 62351-5
10
![Page 11: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/11.jpg)
DNP3 Secure AuthenticationInitial Handshake
11
![Page 12: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/12.jpg)
DNP3 Secure AuthenticationChallenge-Response
12
![Page 13: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/13.jpg)
Solving the Key Management Challenge:Asymmetric Cryptography
> In symmetric cryptography both parties share a secret key used to encrypt and decrypt messages.
> In asymmetric cryptography, keys come in pairs.> A message encrypted with one key can only be decrypted
using the other key.> One key is known as the public key and can be widely shared. > The other key, known as the private key, is kept in a secure
location. > The sender of a message can use the intended receiver’s
public key to encrypt the message. > Only the intended receiver with the appropriate private key will
then be able to decrypt the message.
13
![Page 14: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/14.jpg)
Asymmetric Cryptography
14
ALICE BOB
![Page 15: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/15.jpg)
Digital Signatures
15
ALICE BOB
![Page 16: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/16.jpg)
Public Key Certificates
16
![Page 17: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/17.jpg)
Approved Asymmetric Algorithms
> Approved algorithms are: Rivest, Shamir and Adleman (RSA) with 2048
bits until 2029, RSA with 3072 bits, for CAs after 2030. Elliptic Curve Cryptography (ECC) with curves P-
224, K-233, or B-233 until 2029 until 2029. ECC with curves P-256, P-384, P-521, K-283, K-
409, K-571, B-283, B-409 and B-571 after 2030.
17
![Page 18: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/18.jpg)
Certificates and the Smart Grid
Certificates are widely used in a variety of protocols and technologies:> ZigBee Smart Energy devices> 802.1x port-based access control for WLANs> Internet Protocol Security (IPsec) protocol suite> Transport Layer Security (TLS) protocol> S/MIME (Secure/Multipurpose Internet Mail
Extensions) and PKCS#7 for secure email and signed software updates
18
![Page 19: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/19.jpg)
Transport Layer Security (TLS)
19
![Page 20: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/20.jpg)
Conclusion
> Cryptography is a hidden component in many of the technologies of the Smart Grid
> It provides confidentiality, authentication and integrity for data exchanges
> NIST has been mandated to recommend standards and a security model for the Smart Grid.
> NIST has submitted five “foundational” family of standards to FERC
> FERC will introduce regulation when there is sufficient consensus
> IEC 62351 is one of the recommended standards
20
![Page 21: Cryptography and the Smart Grid PPT](https://reader036.vdocuments.mx/reader036/viewer/2022081716/5436bab7219acd0f088b4573/html5/thumbnails/21.jpg)
Contact Information
Jacques BenoitSenior Analyst Information Security
Cooper Power [email protected]
21