IEC 62351-6:2020 pdf download-Power systems management and associated information exchange – Data and communication security – Part 6: Security for IEC 61850.
6 Multicast Association Protocols 6.1 General IEC 61 850-8-1 and IEC 61 850-9-2 specify two different application protocols that utilize the IEC 61 850 Multicast Association model. These are GSE (e.g. GOOSE) and Multicast Sampled Values. These application protocols are mapped over two different T-Profile mappings. The T-Profiles specified provide a Layer 2 and a Routable mapping of the application protocol. The combination of the A-Profiles and T-Profiles are commonly referred to as as Layer 2 or Routable (e.g. Layer 2 GOOSE or Routable GOOSE). This document specifies security behaviours that are common regardless of the T-Profile and specific security protocol extensions for the Layer 2 T-Profiles. This clause specifies the expected behaviours for replay protection for both GOOSE and Multicast Sampled Values regardless of the T-Profile utilized. 6.2 Replay Protection Replay protection can be implemented for GOOSE and Sampled Value A-Profiles with or without security extensions. The replay protection algorithms specified in the following clauses are for subscribers claiming conformance to this part and therefore replay protection is to be implemented regardless if the published GOOSE or Sampled Value APDU has security. The replay protection algorithm is implemented by the subscriber 6.2.1 GOOSE replay protection 6.2.1 .1 General The normal GOOSE subscriber state machine in IEC 61 850-8-1 does not detail how to transition out-of-order state numbers (stNum) or sequence numbers (sqNum) should be received. Implementations claiming conformance to this standard shall implement the state machine shown in Figure 2. Additional security and replay checks may be implemented. For this clause, the Application is defined as the GOOSE Subscriber function and not the actual process that utilizes GOOSEData (per IEC 61 850-7-2) in order to perform protection, etc.