BSI PD IEC TR 62351-90-2:2018
$142.49
Power systems management and associated information exchange. Data and communications security – Deep packet inspection of encrypted communications
| Published By | Publication Date | Number of Pages |
| BSI | 2018 | 32 |
This part of IEC 62351, which is a technical report, addresses the need to perform Deep Packet Inspection (DPI) on communication channels secured by IEC 62351. The main focus is the illustration of the state-of-the art of DPI techniques that can be applied to the various kinds of channels, highlighting the possible security risks and implementation costs. Additional, beyond state-of-the-art proposals are also described in order to circumvent the main limits of existing solutions.
It is to be noted that some communications secured by IEC 62351 are not encrypted, but only add integrity and non-repudiation of the message – however they are mentioned here for the sake of completeness around IEC 62351 and DPI.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | undefined |
| 4 | CONTENTS |
| 6 | FOREWORD |
| 8 | INTRODUCTION |
| 9 | 1 Scope 2 Normative references |
| 10 | 3 Terms, definitions and abbreviated terms 3.1 Terms and definitions 3.2 Abbreviated terms 4 Overview |
| 11 | 5 Monitoring and auditing requirements 5.1 Use cases from utilities 5.2 Use cases from vendors |
| 12 | 5.3 A similar use case: Encrypted SIP Calls Recording 6 Overview of encrypted channels in IEC 62351 6.1 General 6.2 IEC 62351-3 6.3 IEC TS 62351-4 |
| 13 | 6.4 IEC TS 62351-6 7 DPI for encrypted communication techniques evaluation framework |
| 14 | 8 State of the art of ready techniques 8.1 General 8.2 Unencrypted TLS Figures Figure 1 – Unencrypted TLS sample architecture |
| 15 | 8.3 Private key sharing Figure 2 – Private Key sharing sample architecture |
| 16 | 9 State of the art of techniques that need adaptation 9.1 General 9.2 Proxy |
| 17 | Figure 3 – Proxy scenario sample architecture |
| 18 | 9.3 Advanced Middlebox (mcTLS) |
| 19 | Figure 4 – Advanced Middlebox sample architecture |
| 20 | 9.4 Secure session-key sharing Figure 5 – Secure session-key sharing sample architecture |
| 22 | 9.5 Delayed secure session-key sharing Figure 6 – Delayed secure session-sharing sample architecture |
| 23 | 9.6 Application-level mirroring |
| 24 | Figure 7 – Application-level mirroring sample architecture |
| 25 | 10 Additional proposals 10.1 Secure private-key sharing |
| 26 | 11 State of the art summary |
| 27 | Table 1 – State of the art summary |
| 28 | 12 Practical considerations for ready techniques 12.1 General 12.2 Unencrypted TLS 12.3 Private-key sharing 12.4 Recommendations to mitigate risks |
| 29 | 13 Future challenges |
| 30 | Bibliography |
