Proposta de integração segura de redes entre agentes de transmissão, aplicadas no sistema especial de potência N/NE/SE para mitigação de vulnerabilidades das mensagens GOOSE

Abstract

The present work aimed to propose a methodology for the secure integration of communication networks between transmission agents, applied to a Special Protection System (SPS), to mitigate vulnerabilities of GOOSE messages, using the IEC 61850 standard. The methodology combined documentary research and qualitative analysis of proposals from four suppliers, with the most adherent proposal to the established specifications being evaluated through Proof of Concept (PoC) tests, and whose results guided the methodology suggested in this work. The PoC test results validated the architecture that proposes SDN (Software-Defined Networking) switches to ensure security and performance in communication between different agents in the SPS. Four main tests were conducted: message filtering by MAC, Ethertype, and VLAN; bandwidth limitation; disabling physical and logical ports; and transmission time measurement. The results indicated that the solution meets security and performance requirements, keeping transmission times within acceptable limits established by the IEC 61850 standard. Despite the effectiveness of the chosen architecture, an opportunity for improvement in the encryption of GOOSE messages was identified. Recent studies revealed that the RSA algorithm, recommended by the IEC 62351 standard, does not meet the 3 ms latency requirements due to its high computational complexity. As an alternative, the adoption of the AES (Advanced Encryption Standard) algorithm with the CMAC (Cipher-based Message Authentication Code) technique was suggested, which demonstrates the ability to meet the time constraints of IEC 61850 with superior performance to RSA. In conclusion, the research significantly contributes to the advancement of cybersecurity and efficient communication in power transmission networks in a real SPS application, offering a practical and viable solution to mitigate vulnerabilities and ensure the integrity and authenticity of GOOSE messages in communication between different agents. The implementation of the proposed improvements can further strengthen the SPS communication infrastructure, ensuring optimized performance and secure and reliable operation.