Certificate Based Authentication Mechanism for PMU Communication Networks Based on IEC 61850-90-5

Abstract

Smart grids are becoming increasingly popular thanks to their ability to operate with higher precision and smaller margins. Dynamic operation control in smart grids can be achieved with phasor measurement unit (PMU) based wide area monitoring and control systems. The data communication requirements for the PMU based applications are well addressed in the IEEE C37.118.2 and IEC 61850-90-5 standards. Due to the higher probability of cyberattacks and the scale of their impact, data security is a critical requirement in PMU communication networks. The IEC 61850-90-5 communication standard addresses this security concern and proposes the HMAC (hash based message authentication code) with key distribution center (KDC) scheme for achieving information authentication and integrity. However, these IEC 61850-90-5 security recommendations do not consider the mechanism for attacks such as man-in-the-middle (MITM) attacks during KDC key exchanges. MITM attacks can be easily implemented and may have a large impact on the grid operation. This paper proposed an explicit certificate-based authentication mechanism to mitigate MITM attacks in PMU communication networks. The proposed certificate-based authentication mechanisms were implemented in real-time using Python-based terminals to observe their performance with different signature algorithms.