Limitations of IEC62351-3's public key management. / Wright, James; Wolthusen, Stephen.

2016 IEEE 24th International Conference on Network Protocols (ICNP). IEEE Press, 2016. p. 1-6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution




The ISO/IEC 62351 standard provides a set of security controls and protocols for communications in smart grids based on the ISO/IEC 60870, 61850, and DNP3 standards. It offers the protection goals of confidentiality, integrity, and authentication. In this paper we perform a systematic study of the ISO/IEC 62351-3 standard regarding the use of public key infrastructure in smart grid communication. We show that the standard at present does not align with the quality of service requirements for performance and interoperability in the ISO/IEC 61850 standard and thereby may jeopardise effective operations. We demonstrate that it is possible to claim conformance with the ISO/IEC 62351-3 standard but be vulnerable to denial of service attacks arising from insufficiently specified behaviour for public key certificate validation and revocation. Further issues can give rise to downgrade attacks against cipher suites and protocols used, allowing a man-in-the-middle attacks contrary to the standard's claims.
Original languageEnglish
Title of host publication2016 IEEE 24th International Conference on Network Protocols (ICNP)
PublisherIEEE Press
Number of pages6
ISBN (Electronic)978-1-5090-3281-5
Publication statusPublished - 19 Dec 2016
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 28297027