diff options
Diffstat (limited to 'doc/rfc/rfc8052.txt')
-rw-r--r-- | doc/rfc/rfc8052.txt | 1403 |
1 files changed, 1403 insertions, 0 deletions
diff --git a/doc/rfc/rfc8052.txt b/doc/rfc/rfc8052.txt new file mode 100644 index 0000000..dec2326 --- /dev/null +++ b/doc/rfc/rfc8052.txt @@ -0,0 +1,1403 @@ + + + + + + +Internet Engineering Task Force (IETF) B. Weis +Request for Comments: 8052 M. Seewald +Category: Standards Track Cisco Systems +ISSN: 2070-1721 H. Falk + SISCO + June 2017 + + + Group Domain of Interpretation (GDOI) Protocol + Support for IEC 62351 Security Services + +Abstract + + The IEC 61850 power utility automation family of standards describes + methods using Ethernet and IP for distributing control and data + frames within and between substations. The IEC 61850-90-5 and IEC + 62351-9 standards specify the use of the Group Domain of + Interpretation (GDOI) protocol (RFC 6407) to distribute security + transforms for some IEC 61850 security protocols. This memo defines + GDOI payloads to support those security protocols. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc8052. + + + + + + + + + + + + + + + + + +Weis, et al. Standards Track [Page 1] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +Copyright Notice + + Copyright (c) 2017 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 + 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 + 1.3. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 4 + 2. IEC 61850 Protocol Information . . . . . . . . . . . . . . . 5 + 2.1. ID Payload . . . . . . . . . . . . . . . . . . . . . . . 5 + 2.2. SA TEK Payload . . . . . . . . . . . . . . . . . . . . . 6 + 2.3. KD Payload . . . . . . . . . . . . . . . . . . . . . . . 11 + 3. Security Considerations . . . . . . . . . . . . . . . . . . . 12 + 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 + 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 + 5.1. Normative References . . . . . . . . . . . . . . . . . . 16 + 5.2. Informative References . . . . . . . . . . . . . . . . . 16 + Appendix A. Example ID, SA TEK, and KD Payloads for IEC 61850 . 19 + Appendix B. Implementation Considerations . . . . . . . . . . . 23 + B.1. DER Length Fields . . . . . . . . . . . . . . . . . . . . 23 + B.2. Groups with Multiple Senders . . . . . . . . . . . . . . 23 + Appendix C. Data Attribute Format . . . . . . . . . . . . . . . 23 + Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 24 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 + +1. Introduction + + Power substations use Generic Object Oriented Substation Events + (GOOSE) protocol [IEC-61850-8-1] to distribute control information to + groups of devices using a multicast strategy. Sources within the + power substations also distribute IEC 61850-9-2 sampled values data + streams [IEC-61850-9-2]. The IEC 62351-9 standard [IEC-62351-9] + describes key management methods for the security methods protecting + these IEC 61850 messages, including methods of device authentication + and authorization, and methods of policy and keying material + + + +Weis, et al. Standards Track [Page 2] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + agreement for IEC 61850 message encryption and data integrity + protection. These key management methods include the use of GDOI + [RFC6407] to distribute the security policy and session keying + material used to protect IEC 61850 messages when the messages are + sent to a group of devices. + + The protection of the messages is defined in IEC 62351-6 + [IEC-62351-6], IEC 61850-8-1 [IEC-61850-8-1], and IEC 61850-9-2 + [IEC-61850-9-2]. Protected IEC 61850 messages typically include the + output of a Message Authentication Code (MAC) and may also be + encrypted using a symmetric cipher such as the Advanced Encryption + Standard (AES). + + Section 5.5.2 of RFC 6407 specifies that the following information + needs to be provided in order to fully define a new security + protocol: + + o The Protocol-ID for the particular security protocol + + o The SPI Size + + o The method of SPI generation + + o The transforms, attributes, and keys needed by the security + protocol + + This document defines GDOI payloads to distribute policy and keying + material to protect IEC 61850 messages and defines the necessary + information to ensure interoperability between IEC 61850 + implementations. + + This memo extends RFC 6407 in order to define extensions needed by + IEC 62351-9. With the current IANA registry rules set up by RFC + 6407, this requires "Standards Action" [RFC5226] by the IETF; this + document satisfies that requirement. As the relevant IEC + specifications are not available to the IETF community, it is not + possible for this RFC to fully describe the security considerations + that apply. Therefore, implementers need to depend on the security + analysis within the IEC specifications. As two different Standards + Development Organizations are involved here, and since group key + management is inherently complex, it is possible that some security + issues have not been identified, so additional analysis of the + security of the combined set of specifications may be advisable. + + + + + + + + +Weis, et al. Standards Track [Page 3] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +1.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in BCP + 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + +1.2. Terminology + + The following key terms are used throughout this document: + + Generic Object Oriented Substation Events: Power substation control + model defined as per IEC 61850. + + IEC 61850 message: A message in the IEC 61850 family of protocols + carrying control or data frames between substation devices. + +1.3. Acronyms + + The following acronyms are used throughout this document: + + AES Advanced Encryption Standard + + GCKS Group Controller/Key Server + + GDOI Group Domain of Interpretation + + GM Group Member + + GOOSE Generic Object Oriented Substation Events + + KD Key Download + + KEK Key Encryption Key + + MAC Message Authentication Code + + SA Security Association + + SPI Security Parameter Index + + TEK Traffic Encryption Key + + + + + + + + +Weis, et al. Standards Track [Page 4] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +2. IEC 61850 Protocol Information + + The following subsections describe the GDOI payload extensions that + are needed in order to distribute security policy and keying material + for the IEC 62351 Security Services. The Identification (ID) Payload + is used to describe an IEC 62351 GDOI group. The Security + Association (SA) Traffic Encryption Key (TEK) payload is used to + describe the policy defined by a Group Controller/Key Server (GCKS) + for a particular IEC 62351 traffic selector. No changes are required + to the Key Download (KD) Payload, but a mapping of IEC 62351 keys to + the KD payload key types is included. + + All multi-octet fields are in network byte order. + +2.1. ID Payload + + The ID payload in a GDOI GROUPKEY-PULL exchange allows the Group + Member (GM) to declare the group it would like to join. A group is + defined by an ID payload as defined in GDOI [RFC6407] and reproduced + in Figure 1. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! ID Type ! DOI-Specific ID Data = 0 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ~ Identification Data ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 1: RFC 6407 Identification Payload + + An ID Type name of ID_OID (value 13) is defined in this memo to + specify an Object Identifier (OID) [ITU-T-X.683] encoded using + Distinguished Encoding Rules (DER) [ITU-T-X.690]. Associated with + the OID may be an OID-Specific Payload DER encoded as further + defining the group. Several OIDs are specified in [IEC-62351-9] for + use with IEC 61850. Each OID represents a GOOSE or Sampled Value + protocol, and in some cases IEC 61850 also specifies a particular + multicast destination address to be described in the OID-Specific + Payload field. The format of the ID_OID Identification Data is + specified as shown in Figure 2. + + + + + + + + +Weis, et al. Standards Track [Page 5] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID Length ! OID ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID-Specific Payload Length ! OID-Specific Payload ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 2: ID_OID Identification Data + + The ID_OID Identification Data fields are defined as follows: + + o OID Length (1 octet) -- Length of the OID field. + + o OID (variable) -- An ASN.1 ObjectIdentifier encoded using DER + [ITU-T-X.690]. + + o OID-Specific Payload Length (2 octets) -- Length of the OID- + Specific payload. Set to zero if the OID does not require an OID- + Specific payload. + + o OID-Specific Payload (variable) -- OID-specific selector encoded + in DER. If OID-Specific Payload Length is set to zero, this field + does not appear in the ID payload. + +2.2. SA TEK Payload + + The SA TEK payload contains security attributes for a single set of + policy associated with a group TEK. The type of policy to be used + with the TEK is described by a Protocol-ID field included in the SA + TEK. As shown in Figure 3 reproduced from RFC 6407, each Protocol-ID + describes a particular TEK Protocol-Specific Payload definition. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Protocol-ID ! TEK Protocol-Specific Payload ~ + +-+-+-+-+-+-+-+-+ ~ + ~ ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 3: RFC 6407 SA TEK Payload + + The Protocol-ID name of GDOI_PROTO_IEC_61850 (value 3) is defined in + this memo for the purposes of distributing IEC 61850 policy. A + GDOI_PROTO_IEC_61850 SA TEK includes an OID and (optionally) an OID- + + + +Weis, et al. Standards Track [Page 6] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + Specific payload that together define the selectors for the network + traffic. The selector fields are followed by security policy fields + indicating how the specified traffic is to be protected. The + GDOI_PROTO_IEC_61850 TEK Protocol-Specific Payload is defined as + shown in Figure 4. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID Length ! OID ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID-Specific Payload Length ! OID-Specific Payload ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Auth Alg ! Enc Alg ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Remaining Lifetime Value ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SA Data Attributes ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 4: IEC 61850 SA TEK Payload + + The GDOI_PROTO_IEC_61850 SA TEK payload fields are defined as + follows: + + o OID Length (1 octet) -- Length of the OID field. + + o OID (variable) -- An ASN.1 ObjectIdentifier encoded using DER. + OIDs defined in IEC 61850 declare the type of IEC 61850 message to + be protected, as defined by [IEC-62351-9]. + + o OID-Specific Payload Length (2 octets) -- Length of the OID- + Specific payload. This field is set to zero if the policy does + not include an OID-Specific payload. + + o OID-Specific Payload (variable) -- The traffic selector (e.g., + multicast address) specific to the OID encoded using DER. Some + OID policy settings do not require the use of an OID-Specific + payload, in which case this field is not included in the TEK and + the OID-Specific Payload Length is set to zero. + + o SPI (4 octets) -- Identifier for the Current Key. This field + represents an SPI. + + o Auth Alg (2 octets) -- Authentication Algorithm ID. Valid values + are defined in Section 2.2.2. + + + +Weis, et al. Standards Track [Page 7] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + o Enc Alg (2 octets) -- Confidentiality Algorithm ID. Valid values + are defined in Section 2.2.3. + + o Remaining Lifetime value (4 octets) -- The number of seconds + remaining before this TEK expires. A value of zero (0) shall + indicate that the TEK does not have an expire time. + + o SA Data Attributes (variable length) -- Contains zero or more + attributes associated with this SA. Section 2.2.4 defines + attributes. + +2.2.1. Selectors + + The OID and (optionally) an OID-Specific payload together define the + selectors for the network traffic. While they may match the OID and + OID-Specific payload that the GM had previously requested in the ID + payload, there is no guarantee that this will be the case. Including + selectors in the SA TEK is important for at least the following + reasons: + + o The Key Server (KS) policy may direct the KS to return multiple + TEKs, each representing different traffic selectors, and it is + important that every GM receiving the set of TEKs explicitly + identify the traffic selectors associated with the TEK. + + o The KS policy may include the use of a GDOI GROUPKEY-PUSH message, + which distributes new or replacement TEKs to group members. Since + the GROUPKEY-PUSH message does not contain an ID payload, the TEK + definition must include the traffic selectors. + +2.2.2. Authentication Algorithms + + This memo defines the following authentication algorithms for use + with this TEK. These algorithms are defined in [IEC-TR-61850-90-5], + including requirements on one or more algorithms defined as mandatory + to implement. + + o NONE. Specifies that an authentication algorithm is not required, + or when the accompanying confidentiality algorithm includes + authentication (e.g., AES-GCM-128). See Section 3 for cautionary + notes regarding using this value without any confidentiality + algorithm. + + o HMAC-SHA256-128. Specifies the use of SHA-256 [FIPS180-4] + combined with HMAC [RFC2104]. The output is truncated to 128 + bits, as per [RFC2104]. The key size is the size of the hash + value produced by SHA-256 (256 bits). + + + + +Weis, et al. Standards Track [Page 8] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + o HMAC-SHA256. Specifies the use of SHA-256 [FIPS180-4] combined + with HMAC [RFC2104]. The key size is the size of the hash value + produced by SHA-256 (256 bits). + + o AES-GMAC-128. Specifies the use of AES [FIPS197] in the Galois + Message Authentication Code (GMAC) mode [SP.800-38D] with a + 128-bit key size. + + o AES-GMAC-256. Specifies the use of AES [FIPS197] in the Galois + Message Authentication Code (GMAC) mode [SP.800-38D] with a + 256-bit key size. + +2.2.3. Confidentiality Algorithms + + This memo defines the following confidentiality algorithms for use + with this TEK. These algorithms are defined in [IEC-TR-61850-90-5], + including requirements on one or more algorithms defined as mandatory + to implement. + + o NONE. Specifies that confidentiality is not required. Note: See + Section 3 for guidance on cautionary notes regarding using this + value. + + o AES-CBC-128. Specifies the use of AES [FIPS197] in the Cipher + Block Chaining (CBC) mode [SP.800-38A] with a 128-bit key size. + This encryption algorithm does not provide authentication and MUST + NOT be used with the NONE authentication algorithm. + + o AES-CBC-256. Specifies the use of AES [FIPS197] in the Cipher + Block Chaining (CBC) mode [SP.800-38A] with a 256-bit key size. + This encryption algorithm does not provide authentication and MUST + NOT be used with the NONE authentication algorithm. + + o AES-GCM-128. Specifies the use of AES [FIPS197] in the Galois/ + Counter Mode (GCM) mode [SP.800-38D] with a 128-bit key size. + This encryption algorithm provides authentication and is used with + a NONE authentication algorithm. + + o AES-GCM-256. Specifies the use of AES [FIPS197] in the Galois/ + Counter Mode (GCM) mode [SP.800-38D] with a 256-bit key size. + This encryption algorithm provides authentication and is used with + a NONE authentication algorithm. + + + + + + + + + +Weis, et al. Standards Track [Page 9] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +2.2.4. SA Attributes + + The following attributes may be present in an SA TEK. The attributes + must follow the format described in Appendix C). + +2.2.4.1. SA Time Activation Delay (SA_ATD) + + A GCKS will sometimes distribute an SA TEK in advance of when it is + expected to be used. This is communicated to group members using the + SA Activation Time Delay (SA_ATD) attribute. When a GM receives an + SA_TEK with this attribute, it waits for the number of seconds + contained within the attribute before installing it for either + transmitting or receiving. + + This Activation Time Delay attribute applies only this SA, and MAY be + used in either a GROUPKEY-PULL or GROUPKEY-PUSH exchange. RFC 6407 + also describes an ACTIVATION_TIME_DELAY attribute for the Group + Associated Policy (GAP) payload, which is applied to all Security + Associations and is restricted to use in a GROUPKEY-PUSH message. If + both attributes are included in a GROUPKEY-PUSH payload, the value + contained in SA_ATD will be used. + +2.2.4.2. Key Delivery Assurance (SA_KDA) + + Group policy can include notifying a multicast source ("Publisher") + of an indication of whether multicast receivers ("Subscribers") have + previously received the SA TEK. This notification allows a Publisher + to set a policy as to whether to activate the new SA TEK or not based + on the percentage of Subscribers that are able to receive packets + protected by the SA TEK. The attribute value is a number between 0 + and 100 (inclusive). + +2.2.5. SPI Discussion + + As noted in Section 1, RFC 6407 requires that characteristics of an + SPI must be defined. An SPI in a GDOI_PROTO_IEC_61850 SA TEK is + represented as a Key Identifier (KeyID). The SPI size is 4 octets. + The SPI is unilaterally chosen by the GCKS using any method chosen by + the implementation. However, an implementation needs to take care + not to duplicate an SPI value that is currently in use for a + particular group. + + + + + + + + + + +Weis, et al. Standards Track [Page 10] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +2.3. KD Payload + + The KD payload contains group keys for the policy specified in the SA + Payload. It is comprised of a set of Key Packets, each of which hold + the keying material associated with an SPI (i.e., an IEC 61850 Key + Identifier). The RFC 6407 KD payload format is reproduced in + Figure 5. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Number of Key Packets ! RESERVED2 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ~ Key Packets ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 5: KD Payload + + Each Key Packet holds the keying material associated with a + particular IEC 61850 Key Identifier, although GDOI refers to it as an + SPI. The keying material is described in a set of attributes + indicating an encryption key, integrity key, etc., in accordance with + the security policy of the group as defined by the associated SA + Payload. Each Key Packet has the following format, reproduced in + Figure 6. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! KD Type ! RESERVED ! Key Packet Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI Size ! SPI (variable) ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ~ Key Packet Attributes ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 6: Key Packet + + No changes are needed to GDOI in order to distribute IEC 61850 keying + material, but the keys MUST be distributed as defined in Section 5.6 + of RFC 6407. The KD Type MUST be TEK (1). + + A key associated with an IEC 61850 authentication algorithm + (distributed in the Auth Alg field) MUST be distributed as a + TEK_INTEGRITY_KEY attribute. The value of the attribute is + interpreted according to the type of key distributed in the SA TEK: + + + +Weis, et al. Standards Track [Page 11] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + o HMAC-SHA256-128, HMAC-SHA256. The value is 32 octets. + + o AES-GMAC-128. The value is 20 octets. The first 16 octets are + the 128-bit AES key, and the remaining four octets are used as the + salt value in the nonce. + + o AES-GMAC-256. The value is 36 octets. The first 32 octets are + the 256-bit AES key, and the remaining four octets are used as the + salt value in the nonce. + + A key associated with an IEC 61850 confidentiality algorithm + (distributed in the Enc Alg SA TEK field) MUST be distributed as a + TEK_ALGORITHM_KEY attribute. The value of the attribute is + interpreted according to the type of key distributed in the SA TEK: + + o AES-CBC-128. The value is 16 octets. + + o AES-CBC-256. The value is 32 octets. + + o AES-GCM-128. The value is 20 octets. The first 16 octets are the + 128-bit AES key, and the remaining four octets are used as the + salt value in the nonce. + + o AES-GCM-256. The value is 36 octets. The first 32 octets are the + 256-bit AES key, and the remaining four octets are used as the + salt value in the nonce. + +3. Security Considerations + + GDOI is a Security Association (SA) management protocol for groups of + senders and receivers. This protocol performs authentication of + communicating protocol participants (Group Member, Group Controller/ + Key Server). GDOI provides confidentiality of key management + messages, and it provides source authentication of those messages. + GDOI includes defenses against man-in-middle, connection-hijacking, + replay, reflection, and denial-of-service (DOS) attacks on unsecured + networks. GDOI assumes that the network is not secure and may be + under the complete control of an attacker. The Security + Considerations described in RFC 6407 are relevant to the distribution + of GOOSE and sampled values policy as defined in this memo. + + Message Authentication is an optional property for IEC 62351 Security + Services; however, when encryption is used, authentication MUST also + be provided by using an authenticated encryption algorithm such as + AES-GCM-128 or by using a specific authentication algorithm such as + HMAC-SHA-256. Setting the authentication algorithm to NONE but + setting the confidentiality algorithm to an algorithm that does not + + + + +Weis, et al. Standards Track [Page 12] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + include authentication (i.e., is marked with an N in the + "Authenticated Encryption" column of the "IEC 62351-9 Confidentiality + Values" registry) is not safe and MUST NOT be done. + + When Message Authentication is used, a common practice is to truncate + the output of a MAC and include some of the bits in the integrity + protection field of the data security transform. Current guidance in + [RFC2104] is to truncate no less than half of the length of the hash + output. The authentication algorithm HMAC-SHA256-128 defined in this + memo truncates the output to exactly half of the output, which + follows this guidance. + + Confidentiality is an optional security property for IEC 62351 + Security Services. Confidentiality Algorithm IDs SHOULD be included + in the IEC 61850 SA TEK payload if the IEC 61850 messages are + expected to traverse public network links and are not protected by + another level of encryption (e.g., an encrypted Virtual Private + Network). Current cryptographic advice indicates that the use of + AES-CBC-128 for confidentiality is sufficient for the foreseeable + future [SP.800-131A], but some security policies may require the use + of AES-CBC-256. + + IEC 62351 Security Services describe a variety of policy choices for + protecting network traffic, including the option of specifying no + protection at all. This is enabled with the use of NONE as an + authentication algorithm and/or confidentiality algorithm. The + following guidance is given regarding the use of NONE. + + o Setting both the authentication algorithm and confidentiality + algorithm to NONE is possible but NOT RECOMMENDED. Setting such a + policy is sometimes necessary during a migration period, when + traffic is being protected incrementally and some traffic has not + yet been scheduled for protection. Alternatively, site security + policy for some packet flows requires inspection of packet data on + the private network followed by network-layer encryption before + delivery to a public network. + + o Setting the confidentiality algorithm to NONE but setting the + authentication algorithm to a MAC can be an acceptable policy in + the following conditions: the disclosed information in the data + packets is comprised of raw data values and the disclosure of the + data files is believed to be of no more value to an observer than + traffic analysis on the frequency and size of packets protected + for confidentiality. Alternatively, site security policy for some + packet flows requires inspection of packet data on the private + network followed by network-layer encryption before delivery to a + public network. + + + + +Weis, et al. Standards Track [Page 13] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + o Setting the authentication algorithm to NONE but setting the + confidentiality algorithm to an algorithm that does not include + authentication is not safe and MUST NOT be done. + +4. IANA Considerations + + The "Group Domain of Interpretation (GDOI) Payloads" registry + [GDOI-REG] has been updated as described below. The terms "Expert + Review", "Reserved", and "Private Use" are used as defined in + [RFC5226]. + + o GDOI_PROTO_IEC_61850 (value 3) has been added to the "SA TEK + Payload Values - Protocol-ID" registry. + + o A new "IEC 62351-9 Authentication Values" registry has been + created. This registry defines Auth Alg values. Initial values + for the registry are given below; future assignments are to be + made through "Expert Review" [RFC5226]. + + Name Value + ---- ----- + Reserved 0 + NONE 1 + HMAC-SHA256-128 2 + HMAC-SHA256 3 + AES-GMAC-128 4 + AES-GMAC-256 5 + Unassigned 6-61439 + Reserved for Private Use 61440-65535 + + o A new "IEC 62351-9 Confidentiality Values" registry has been + created. This registry defines Enc Alg values. Initial values + for the registry are given below; future assignments are to be + made through "Expert Review" [RFC5226]. + + Name Value Authenticated Encryption + ---- ----- ------------------------ + Reserved 0 + NONE 1 + AES-CBC-128 2 N + AES-CBC-256 3 N + AES-GCM-128 4 Y + AES-GCM-256 5 Y + Unassigned 6-61439 + Reserved for Private Use 61440-65535 + + + + + + +Weis, et al. Standards Track [Page 14] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + o A new "GDOI SA TEK Attributes" registry has been created. This + registry defines SA TEK attributes. Initial values for the + registry are given below; future assignments are to be made + through "Expert Review" [RFC5226]. In the table, attributes that + are defined as Type/Value (TV) are marked as Basic (B); attributes + that are defined as Type/Length/Value (TLV) are marked as Variable + (V). + + Attribute Value Type + --------- ----- ---- + Reserved 0 + SA_ATD 1 V + SA_KDA 2 B + Unassigned 3-28671 + Reserved for Private Use 28672-32767 + + o A new "ID Types" registry has been created for the Identification + Payload when the DOI is GDOI. This registry is taken from the + "IPSEC Identification Type" registry for the IPsec DOI + [IPSEC-DOI-REG]. Values 1-12 are defined identically to the + equivalent values in the "IPSEC Identification Type" registry. + Value 13 (ID_OID) is defined in this memo. Initial values for the + registry are given below; future assignments are to be made + through "Expert Review" [RFC5226]. + + Name Value + ---- ----- + Reserved 0 + ID_IPV4_ADDR 1 + ID_FQDN 2 + ID_USER_FQDN 3 + ID_IPV4_ADDR_SUBNET 4 + ID_IPV6_ADDR 5 + ID_IPV6_ADDR_SUBNET 6 + ID_IPV4_ADDR_RANGE 7 + ID_IPV6_ADDR_RANGE 8 + ID_DER_ASN1_DN 9 + ID_DER_ASN1_GN 10 + ID_KEY_ID 11 + ID_LIST 12 + ID_OID 13 + Unassigned 14-61439 + Reserved for Private Use 61440-65535 + + + + + + + + +Weis, et al. Standards Track [Page 15] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +5. References + +5.1. Normative References + + [IEC-62351-9] + International Electrotechnical Commission, "Power systems + management and associated information exchange - Data and + communications security - Part 9: Cyber security key + management for power system equipment", IEC 62351-9:2017, + May 2017. + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + <http://www.rfc-editor.org/info/rfc2119>. + + [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an + IANA Considerations Section in RFCs", BCP 26, RFC 5226, + DOI 10.17487/RFC5226, May 2008, + <http://www.rfc-editor.org/info/rfc5226>. + + [RFC6407] Weis, B., Rowles, S., and T. Hardjono, "The Group Domain + of Interpretation", RFC 6407, DOI 10.17487/RFC6407, + October 2011, <http://www.rfc-editor.org/info/rfc6407>. + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, <http://www.rfc-editor.org/info/rfc8174>. + +5.2. Informative References + + [FIPS180-4] + National Institute of Standards and Technology, "Secure + Hash Standard", FIPS PUB 180-4, + DOI 10.6028/NIST.FIPS.180-4, August 2015, + <http://nvlpubs.nist.gov/nistpubs/FIPS/ + NIST.FIPS.180-4.pdf>. + + [FIPS197] National Institute of Standards and Technology, "Advanced + Encryption Standard (AES)", FIPS PUB 197, November 2001, + <http://csrc.nist.gov/publications/fips/fips197/ + fips-197.pdf>. + + [GDOI-REG] + IANA, "Group Domain of Interpretation (GDOI) Payloads", + <http://www.iana.org/assignments/gdoi-payloads>. + + + + + +Weis, et al. Standards Track [Page 16] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + [IEC-61850-8-1] + International Electrotechnical Commission, "Communication + networks and systems for power utility automation - Part + 8-1: Specific communication service mapping (SCSM) - + Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC + 8802-3", IEC 61850-8-1, June 2011. + + [IEC-61850-9-2] + International Electrotechnical Commission, "Communication + networks and systems for power utility automation - Part + 9-2: Specific communication service mapping (SCSM) - + Sampled values over ISO/IEC 8802-3", IEC 61850-2, + September 2011. + + [IEC-62351-6] + International Electrotechnical Commission, "Power systems + management and associated information exchange - Data and + communications security - Part 6: Security for IEC 61850", + IEC 62351-6, June 2007. + + [IEC-TR-61850-90-5] + International Electrotechnical Commission, "Communication + networks and systems for power utility automation - Part + 90-5: Use of IEC 61850 to transmit synchrophasor + information according to IEEE C37.118", IEC TR 62351-90-5, + May 2012. + + [IPSEC-DOI-REG] + IANA, "'Magic Numbers' for ISAKMP Protocol", + <http://www.iana.org/assignments/isakmp-registry>. + + [ITU-T-X.683] + International Telecommunications Union, "Information + technology - Abstract Syntax Notation One (ASN.1): + Parameterization of ASN.1 specifications", + ITU-T Recommendation X.683, August 2015, + <https://www.itu.int/rec/T-REC-X.683-201508-I/en>. + + [ITU-T-X.690] + International Telecommunications Union, "Information + technology - ASN.1 encoding rules: Specification of Basic + Encoding Rules (BER), Canonical Encoding Rules (CER) and + Distinguished Encoding Rules (DER)", ITU-T Recommendation + X.690, August 2015, + <https://www.itu.int/rec/T-REC-X.690-201508-I/en>. + + + + + + +Weis, et al. Standards Track [Page 17] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- + Hashing for Message Authentication", RFC 2104, + DOI 10.17487/RFC2104, February 1997, + <http://www.rfc-editor.org/info/rfc2104>. + + [SP.800-131A] + Barker, E. and A. Roginsky, "Transitions: Recommendation + for Transitioning the Use of Cryptographic Algorithms and + Key Lengths", NIST Special Publication 800-131A, + DOI 10.6028/NIST.SP.800-131Ar1, November 2015, + <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/ + NIST.SP.800-131Ar1.pdf>. + + [SP.800-38A] + Dworkin, M., "Recommendation for Block Cipher Modes of + Operation: Methods and Techniques", NIST Special + Publication 800-38A, DOI 10.6028/NIST.SP.800-38A, December + 2001, <http://nvlpubs.nist.gov/nistpubs/Legacy/SP/ + nistspecialpublication800-38a.pdf>. + + [SP.800-38D] + Dworkin, M., "Recommendation for Block Cipher Modes of + Operation: Galois/Counter Mode (GCM) and GMAC", NIST + Special Publication 800-38D, DOI 10.6028/NIST.SP.800-38D, + November 2007, + <http://nvlpubs.nist.gov/nistpubs/Legacy/SP/ + nistspecialpublication800-38d.pdf>. + + + + + + + + + + + + + + + + + + + + + + + + +Weis, et al. Standards Track [Page 18] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +Appendix A. Example ID, SA TEK, and KD Payloads for IEC 61850 + + An Intelligent Electronic Device (IED) begins a GROUPKEY-PULL + exchange and requests keys and security policy for + 61850_UDP_ADDR_GOOSE (OID = 1.2.840.10070.61850.8.1.2 as defined in + [IEC-61850-9-2]) and IP multicast address 233.252.0.1 encoded as + specified in [IEC-61850-9-2]. + + OID and OID-Specific Payload protocol fields are variable-length + fields. To improve readability, their representations in Figures 7 + and 8 are "compressed", as indicated by a trailing "~" for these + fields. Implementations should be aware that because these fields + are variably sized, some payload fields may not be conveniently + aligned on an even octet. + + Note: The actual DER for the OID-Specific Payload field is defined in + [IEC-62351-6]. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! ID Type=13 ! DOI-Specific ID Data = 0 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID Len=13 ! OID=<06 0B 2A 86 48 CE 56 83 E3 1A 08 01 02> ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID-Specific Payload Len ! OID SP=<DER for 233.252.0.1> ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 7: Sample Identification Payload + + The Key Server responds with the following SA TEK payload including + two GDOI_PROTO_IEC_61850 Protocol-Specific TEK payloads in the second + GROUPKEY-PULL message. The first one is to be activated immediately + and has a lifetime of 3600 seconds (0x0E10) remaining. The second + has a lifetime of 12 hours (0xA8C0) and should be activated in 3300 + seconds (0x0CE4), which gives a 5-minute (300-second) overlap of the + two SAs. + + + + + + + + + + + + +Weis, et al. Standards Track [Page 19] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! DOI = 2 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Situation = 0 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SA Attr NP=16 (SA TEK) ! RESERVED2 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! NP=16 (SA TEK)! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Prot-ID=3 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID Len=13 ! OID=<06 0B 2A 86 48 CE 56 83 E3 1A 08 01 02> ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID-Specific Payload Len !OID SP=<DER for 233.252.0.1> ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI=1 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! AuthAlg=1 (HMAC-SHA256-128) ! EncAlg=2 (AES-CBC-128) ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Remaining Lifetime=0x0E01 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SA Attr NP=16 (SA TEK) ! RESERVED2 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! NP=0 ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Prot-ID=3 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID Len=13 ! OID=<06 0B 2A 86 48 CE 56 83 E3 1A 08 01 02> ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! OID-Specific Payload Len !OID SP=<DER for 233.252.0.1> ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI=2 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! AuthAlg=0 (NONE) ! EncAlg=4 (AES-GCM-128) ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Remaining Lifetime=0xA8C0 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Type=1 (SA_ATD) ! Length=4 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Value=0x0CE4 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 8: Sample IEC 61850 SA Payload + + + + +Weis, et al. Standards Track [Page 20] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + The IED acknowledges that it is capable and willing to use this + policy in the third GROUPKEY-PULL message. In response, the KS sends + a KD payload to the requesting IED. This concludes the GROUPKEY-PULL + exchange. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Weis, et al. Standards Track [Page 21] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! Number of Key Packets=2 ! RESERVED2 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! KD Type=1 ! RESERVED ! Key Packet Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI Size=4 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI=1 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! TYPE=TEK_INTEGRITY_KEY (2) ! LENGTH=32 (256-bit key) ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! ! + ! ! + ! ! + ! HMAC-SHA256 Key ! + ! ! + ! ! + ! ! + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! TYPE=TEK_ALGORITHM_KEY (1) ! LENGTH=16 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! ! + ! AES-CBC-128 Key ! + ! ! + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! KD Type=1 ! RESERVED ! Key Packet Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI Size=4 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! SPI=2 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! TYPE=TEK_ALGORITHM_KEY (1) ! LENGTH=20 ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + ! ! + ! AES-GCM-128 Key & Salt ! + ! ! + ! ! + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-! + + Figure 9: Sample KD Payload + + + + +Weis, et al. Standards Track [Page 22] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +Appendix B. Implementation Considerations + + Several topics have been suggested as useful for implementers. + +B.1. DER Length Fields + + The ID and SA TEK payloads defined in this memo include explicit + lengths for fields formatted as DER. This includes the OID Length + and OID-Specific Payload Length fields shown in Figures 2 and 4. + Strictly speaking, these lengths are redundant since the length of + the DER value is also encoded within the DER fields. It would be + possible to determine the lengths of the fields from those encoded + values. However, many implementations will find the explicit length + fields convenient when constructing and sanity checking the GDOI + messages including these payloads. Implementations will thus be + spared from manipulating the DER itself when performing activities + that do not otherwise require parsing in order to obtain values + therein. + +B.2. Groups with Multiple Senders + + GCKS policy may specify more than one protected type of IEC 61850 + message within a GDOI group. This is represented within a GDOI SA + Payload by the presence of an SA TEK payload for each multicast group + that is protected as part of group policy. The OID contained in each + of the SA TEK payloads may be identical, but the value of each OID- + Specific Payload would be unique. Typically, the OID-Specific + payload defines a destination address, and there is typically a + single sender to that destination address. + +Appendix C. Data Attribute Format + + Data attributes attached to an SA TEK following the data attribute + format are described in this section. Data attributes can be in + Type/Value (TV) format (useful when a value is defined to be less + than two octets in size) or in Type/Length/Value (TLV) form. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + !A! Attribute Type ! AF=0 Attribute Length ! + !F! ! AF=1 Attribute Value ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + . AF=0 Attribute Value . + . AF=1 Not Transmitted . + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 10: Data Attributes + + + +Weis, et al. Standards Track [Page 23] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + + The Data Attributes fields are defined as follows: + + o Attribute Type (2 octets) -- Unique identifier for each type of + attribute. These attributes are defined as part of the DOI- + specific information. The most significant bit, or Attribute + Format (AF), indicates whether the data attributes follow the + Type/Length/Value (TLV) format or a shortened Type/Value (TV) + format. If the AF bit is a zero (0), then the data attributes are + of the Type/Length/Value (TLV) form. If the AF bit is a one (1), + then the data attributes are of the Type/Value form. + + o Attribute Length (2 octets) -- Length in octets of the Attribute + Value. When the AF bit is a one (1), the Attribute Value is only + 2 octets, and the Attribute Length field is not present. + + o Attribute Value (variable length) -- Value of the attribute + associated with the DOI-specific Attribute Type. If the AF bit is + a zero (0), this field has a variable length defined by the + Attribute Length field. If the AF bit is a one (1), the Attribute + Value has a length of 2 octets. + +Acknowledgements + + The authors thank Sean Turner, Steffen Fries, Yoav Nir, Vincent Roca, + Dennis Bourget, and David Boose for their thoughtful reviews, each of + which resulted in substantial improvements to this memo. Joe Salowey + provided valuable guidance as document shepherd during the + publication process. The authors are indebted to Kathleen Moriarty + for her agreement to sponsor the publication of the document. + + + + + + + + + + + + + + + + + + + + + + +Weis, et al. Standards Track [Page 24] + +RFC 8052 GDOI Support for IEC 62351 June 2017 + + +Authors' Addresses + + Brian Weis + Cisco Systems + 170 W. Tasman Drive + San Jose, California 95134-1706 + United States of America + + Phone: +1 408 526 4796 + Email: bew@cisco.com + + + Maik Seewald + Cisco Systems + Am Soeldnermoos 17 + D-85399 Hallbergmoos + Germany + + Phone: +49 619 6773 9655 + Email: maseewal@cisco.com + + + Herb Falk + SISCO + 6605 19-1/2 Mile Road + Sterling Heights, MI 48314 + United States of America + + Phone: +1 586 254 0020 x105 + Email: herb@sisconet.com + + + + + + + + + + + + + + + + + + + + + +Weis, et al. Standards Track [Page 25] + |