1、 g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58exchange Data and communications security Part 4: Profiles including MMS ICS 33.200Power systems ma
2、nagement and associated information DRAFT FOR DEVELOPMENTDD IEC/TS 62351-4:2007DD IEC/TS 62351-4:2007This Draft for Development was published under the authority of the Standards Policy and Strategy Committee on 31 July 2007 BSI 2007ISBN 978 0 580 56446 8to withdraw it. Comments should be sent to th
3、e Secretary of the responsible BSI Technical Committee at British Standards House, 389 Chiswick High Road, London W4 4AL.The UK participation in its preparation was entrusted to Technical Committee PEL/57, Power systems management and associated information exchange.A list of organizations represent
4、ed on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application.Amendments issued since publicationAmd. No. Date Commentsresponsible for its conversion to an in
5、ternational standard. A review of this publication will be initiated not later than 3 years after its publication by the international organization so that a decision can be taken on its status. Notification of the start of the review period will be made in an announcement in the appropriate issue o
6、f Update Standards.According to the replies received by the end of the review period, the responsible BSI Committee will decide whether to support the conversion into an international Standard, to extend the life of the Technical Specification or National forewordThis Draft for Development is the UK
7、 implementation of IEC/TS 62351-4:2007.This publication is not to be regarded as a British Standard.It is being issued in the Draft for Development series of publications and is of a provisional nature. It should be applied on this provisional basis, so that information and experience of its practic
8、al application can be obtained.Comments arising from the use of this Draft for Development are requested so that UK experience can be reported to the international organization TECHNICAL SPECIFICATION IECTS 62351-4First edition2007-06Power systems management and associated information exchange Data
9、and communications security Part 4: Profiles including MMS Reference number IEC/TS 62351-4:2007(E) DD IEC/TS 62351-4:2007CONTENTS 1 Scope and object3 1.1 Scope3 1.2 Object .3 2 Normative References 3 3 Terms and definitions .4 4 Security issues addressed by this technical specification4 4.1 Security
10、 for application and transport profiles4 4.2 Security threats countered.5 4.3 Attack methods countered .5 5 A-Profile security5 5.1 MMS .6 5.2 Logging .6 5.3 ACSE 6 5.3.1 Peer entity authentication 6 5.3.2 AARQ9 5.3.3 AARE 96 T-Profile security 9 6.1 TCP T-Profiles.9 6.1.1 Conformance to this techni
11、cal specification .9 6.1.2 Use of TLS in TCP T-Profiles.9 6.1.3 TP0 .10 6.1.4 RFC 100611 6.1.5 TLS requirements 11 6.1.6 Use of TLS 11 6.2 OSI T-Profiles .12 6.3 Certificate authority support 13 7 Conformance13 7.1 General conformance 13 7.2 Conformance of IEC 60870-6 TASE.2 security 13 Bibliography
12、14 Figure 1 Application and transport profiles .5 Figure 2 Non-secure and secure TCP T-Profiles IEC 62351.10 Table 1 TP0 maximum sizes 10 Table 2 Recommended cipher suite combinations12 Table 3 Supported cipher suites.13 DD IEC/TS 62351-4:2007 2 POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EX
13、CHANGE DATA AND COMMUNICATIONS SECURITY Part 4: Profiles including MMS 1 Scope and object 1.1 Scope This part of IEC 62351 specifies procedures, protocol extensions, and algorithms to facilitate securing ISO 9506 Manufacturing Message Specification (MMS) based applications. It is intended that this
14、technical specification be referenced as a normative part of other IEC TC 57 standards that have the need for using MMS in a secure manner. This technical specification represents a set of mandatory and optional security specifications to be implemented for applications when using ISO/IEC 9506 (Manu
15、facturing Automation Specification). NOTE Within the scope of IEC TC 57, there are two identified standards that may be impacted: IEC 61850-8-1 and IEC 60870-6. This specification contains a set of specifications that are to be used by referencing standards in order to secure information transferred
16、 when using MMS. The recommendations are based upon specific communication profile protocols used in order to convey MMS information. IEC 61850-8-1 and IEC 60870-6 make use of MMS in a 7-layer connection-oriented mechanism. Each of these standards is used over either the OSI or TCP profiles. 1.2 Obj
17、ect The initial audience for this specification is intended to be the members of the working groups developing or making use of the protocols within IEC TC 57. For the measures described in this specification to take effect, they must be accepted and referenced by the specifications for the protocol
18、s themselves, where the protocols make use of ISO 9506. This document is written to enable that process. The subsequent audience for this specification is intended to be the developers of products that implement these protocols. Portions of this specification may also be of use to managers and execu
19、tives in order to understand the purpose and requirements of the work. 2 Normative References IEC 60870-6 (all parts), Telecontrol equipment and systems IEC 62351-1, Power systems management and associated information exchange Data and communications security Part 1: Communication network and system
20、 security Introduction to security issues DD IEC/TS 62351-4:2007 3 IEC 62351-3, Power systems management and associated information exchange Data and communications security Part 3: Communication network and system security Profiles including TCP/IP ISO/IEC 9594-8:2005 /ITU-T Recommendation X.509:20
21、05, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks ISO 9506 (all parts), Industrial automation systems Manufacturing Message Specification RFC 1006, ISO Transport Service on top of the TCP Version: 3 RFC 2313, PKCS #1: RSA Encryptio
22、n Version 1.5 RFC 2246, The TLS Protocol, Version 1.0 RFC 3447, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 3 Terms and definitions For the purposes of this document, the terms and definitions contained in IEC 62351-2 as well as the following terms and de
23、finitions apply. 3.3 bilateral agreement agreement between two control centres which includes the data elements to be accessed and the means to access them. IEC 60870-6-503:2002, definition 3.3 3.4 bilateral table computer representation of the bilateral agreement. The representation used is a local
24、 matter IEC 60870-6-503:2002, definition 3.4 4 Security issues addressed by this technical specification 4.1 Security for application and transport profiles The communication security, specified in this specification, shall be discussed in terms of: application profiles: an A-Profile defines the set
25、 of protocols and requirements for layers 5-7 of the OSI Reference Model; transport profiles: a T-Profile defines the set of protocols and requirements for layers 1-4 of the OSI Reference Model. There have been one (1) A-Profile and two (2) T-Profiles identified within the TC 57 context. This specif
26、ication shall specify security extensions for all of the identified profiles. (See Figure 1.) DD IEC/TS 62351-4:2007 4 Physical Datalink Network Transport Session PresentationIEEE 802.3ISO CLNPISO TP4IPTCPISO TP0ISO SessionISO PresentationMMS, ACSE Application OSI ReferenceModel OSI T-Profile RFC 10
27、06 A-Profile TCP T-Profile IEC 1048/07 Figure 1 Application and transport profiles 4.2 Security threats countered See IEC 62351-1 for a discussion of security threats and attack methods. If encryption is not employed, then the specific threats countered in this part include: unauthorized access to i
28、nformation. If IEC 62351-3 is employed, then the specific threats countered in this part include: unauthorized access to information through message level authentication and encryption of the messages; unauthorized modification (tampering) or theft of information through message level authentication
29、 and encryption of the messages. 4.3 Attack methods countered The following security attack methods are intended to be countered through the appropriate implementation of the specification/recommendations found within this document. The following list is exclusive of the attack methods countered thr
30、ough IEC 62351-3. In the case that IEC 62351-3 is not employed, the threats countered are restricted to protection during association establishment: man-in-the-middle: this threat will be countered through the use of a Message Authentication Code mechanism specified within this document; tamper dete
31、ction/message integrity: these threats will be countered through the algorithm used to create the authentication mechanism as specified within this document; replay: this threat will be countered through the use of specialized processing state machines specified within this specification. 5 A-Profil
32、e security The following clauses specify the application profiles (A-Profiles) that shall be supported for implementations claiming conformance to this specification. DD IEC/TS 62351-4:2007 5 5.1 MMS The implementation of MMS must provide some mechanism for configuring and making use of the capabili
33、ties of the secure profile. In general, the following needs to be provided. A mechanism for configuration of certificate information and the binding of that information to access authentication (e.g., the bilateral tables). A mechanism for configuration of the acceptable incoming association profile
34、 for the implementations access control mechanism. It is suggested that the following choices be provided: DONT_CARE: would indicate either a secure or non-secure profile would be allowed to establish a MMS association. NON_SECURE: would indicate that the non-secure profile must be used in order to
35、allow establishment of a MMS association. SECURE: would indicate that the secure profile must be used in order to allow establishment of a MMS association. A mechanism for configuration of the profile to use in order to initiate a MMS association. It is suggested that the following choices be provid
36、ed: NON_SECURE: would indicate that the non-secure profile must be used in order to allow establishment of a MMS association. SECURE: would indicate that the non-secure profile must be used in order to allow establishment of a MMS association. A mechanism to convey/verify the association parameters.
37、 These parameters should include: presentation address; profile used indication (e.g., secure or non-secure); and ACSE authentication parameters. The indication of the use of a “secure profile” shall be reserved if the secure transport layer, as set forth within this document, has been negotiated as
38、 part of the MMS association1. This information shall be used, in conjunction with the configured MMS expected association values, to determine if a MMS association should be established. The entity that determines the actual acceptance is a local issue. It is a mandatory requirement that changes in
39、 the configuration parameters, discussed above, not require all MMS associations to be terminated in order for the configuration changes to take affect. It is strongly suggested that a MMS implementation log events and information associated with rejected associations that were rejected due to secur
40、ity violations. 5.2 Logging It is important that care be taken to log security related violations in a separate log whose contents is inherently secure from manipulation (e.g., modification of information or deletion of information). Implementers should strive to archive enough information so that s
41、ecurity audit and prosecution is facilitated. The actual implementation of this recommendation is a local issue. 5.3 ACSE 5.3.1 Peer entity authentication Peer entity authentication shall occur at association set-up time. Authentication information shall be carried in the calling-authentication-valu
42、e and responding-authentication-value fields of the authentication functional unit (FU) of the ACSE AARQ and AARE PDUs respectively. 1This allows for the ACSE authentication to be used over either the secure or non-secure profiles to achieve stronger authentication. DD IEC/TS 62351-4:2007 6 The bit
43、strings for the sender-ACSE-requirements and responder-ACSE-requirements fields of the authentication FU shall be DEFAULTED to include the authentication FU, when ACSE security is in use. Otherwise, the bits shall be DEFAULTED to exclude the authentication FU (this provides backward compatibility).
44、The calling-authentication-value and responding-authentication-value fields are of type authentication-value that is further defined in ISO 8650 as a CHOICE. The CHOICE for the Authentication-value shall be EXTERNAL. The presentation context shall include a reference to the abstract syntax that is u
45、sed for the EXTERNAL. The ACSE mechanism-name field shall be used to denote the format of the authentication-value field being conveyed. The definition of the mechanism-name field (both for AARQ and AARE) shall be: The ICCP authentication value (following) shall be carried in the authentication-valu
46、e field of the authentication FU of ACSE. This value shall be used when peer entity authentication is required. The value shall be carried as the “external” as defined by the ACSE authentication-value production (replicated below) as a SingleASN1Type. NOTE The following production is a reproduction
47、from ISO/IEC 8650 and is for informative purposes only. Authentication-value:= CHOICE charstring 0 IMPLICIT GraphicString, bitstring 1 IMPLICIT BIT STRING, external 2 IMPLICIT EXTERNAL, other 3 IMPLICIT SEQUENCE other-mechanism-name MECHANISM-NAME. MMS_Authentication-value:= CHOICE certificate-based
48、 0 IMPLICIT SEQUENCE authentication-Certificate 0 IMPLICIT (optional): may be supported. Table 3 Supported cipher suites Key Exchange Encryption Hash Support Algorithm Signature Interoperable Export restriction Supported TLS_RSA_ WITH_RC4_128_ SHA o C1 TLS_RSA_ WITH_3DES_EDE_CBC_ SHA o C1 TLS_DH_ DS
49、S_ WITH_3DES_EDE_CBC_ SHA o C1 TLS_DH_ RSA_ WITH_3DES_EDE_CBC_ SHA o C1 TLS_DHE_ DSS_ WITH_3DES_EDE_CBC_ SHA o C1 TLS_DHE_ RSA_ WITH_3DES_EDE_CBC_ SHA o C1 TLS_DH_ DSS_ WITH_AES_128_ SHA o C1 TLS_DH_ DSS_ WITH_AES_256_ SHA o C1 TLS_DH_ WITH_AES_128_ SHA o C1 TLS_DH_ WITH_AES_256_ SHA m C1,C2 C1 at least one of the cipher suites shall be supported based upon export restrictions. TLS interoperability may not be possible if T