Electronic Thesis and Dissertation Repository


Master of Engineering Science


Electrical and Computer Engineering


Dr. Jagath Samarabandu

2nd Supervisor

Dr. Tarlochan Sidhu

Joint Supervisor


As the grid becomes highly interconnected, power protection, control, and monitoring in transmission and distribution substations are increasingly relying on digital controls and digital communication. Rapid penetrations of communication into power grid, and growing concerns about cyber security have attracted significant attention towards smart grid cyber security. Cyber security in the smart grid must be carefully designed to meet power system operation’s functional and reliability requirements.

This thesis discusses issues related to the security of power system communication and their counter measures. It focuses on development of security mechanisms for secure substation communication, and analyzes the impact of security overhead on communication performance. We analyze IPSec as a security protocol on a substation gateway, and propose a secure substation gateway solution. Since security gateway solution does not provide sufficient security against an inside attacker, providing cyber security for each critical IED independently is required. Due to computational constraints, Intelligent Electronic Devices (IEDs) do not have cyber security measures implemented in them. Hence, we propose a security device that provides required cyber-security for an IED. Security device has a bump-in-the-wire IPSec implementation. We examine IPSec tunnel configurations with di erent encryption and authentication algorithms to identify the proper IPSec tunnel configuration for the security device at IED level.

Among IEC 61850 messages Sampled Value (SV) and General Object Oriented Substation Event (GOOSE) messages are critical for secure operation, and have very stringent performance requirements. We propose an authentication mechanism for GOOSE messages, that provides message authentication and integrity. We examine performance results of shared-key Hash-based Message Authentication Code (MAC), and argue its competency as an authentication algorithm for GOOSE packet transmission. We analyze GOOSE packet structure, and evaluate performance impact on authenticating only APDU (Application Protocol Data Unit) of the GOOSE packet.