This part of IEC 62351, which is a technical report, addresses the need to perform Deep Packet Inspection (DPI) on communication channels secured by IEC 62351. The main focus is the illustration of the state-of-the art of DPI techniques that can be applied to the various kinds of channels, highlighting the possible security risks and implementation costs. Additional, beyond state-of-the-art proposals are also described in order to circumvent the main limits of existing solutions.<\/p>\n
It is to be noted that some communications secured by IEC 62351 are not encrypted, but only add integrity and non-repudiation of the message \u2013 however they are mentioned here for the sake of completeness around IEC 62351 and DPI.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | CONTENTS <\/td>\n<\/tr>\n | ||||||
| 6<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 3 Terms, definitions and abbreviated terms 3.1 Terms and definitions 3.2 Abbreviated terms 4 Overview <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 5 Monitoring and auditing requirements 5.1 Use cases from utilities 5.2 Use cases from vendors <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 5.3 A similar use case: Encrypted SIP Calls Recording 6 Overview of encrypted channels in IEC 62351 6.1 General 6.2 IEC 62351-3 6.3 IEC TS 62351-4 <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 6.4 IEC TS 62351-6 7 DPI for encrypted communication techniques evaluation framework <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 8 State of the art of ready techniques 8.1 General 8.2 Unencrypted TLS Figures Figure 1 \u2013 Unencrypted TLS sample architecture <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 8.3 Private key sharing Figure 2 \u2013 Private Key sharing sample architecture <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 9 State of the art of techniques that need adaptation 9.1 General 9.2 Proxy <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | Figure 3 \u2013 Proxy scenario sample architecture <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 9.3 Advanced Middlebox (mcTLS) <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | Figure 4 \u2013 Advanced Middlebox sample architecture <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 9.4 Secure session-key sharing Figure 5 \u2013 Secure session-key sharing sample architecture <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 9.5 Delayed secure session-key sharing Figure 6 \u2013 Delayed secure session-sharing sample architecture <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 9.6 Application-level mirroring <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | Figure 7 \u2013 Application-level mirroring sample architecture <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 10 Additional proposals 10.1 Secure private-key sharing <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 11 State of the art summary <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | Table 1 \u2013 State of the art summary <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 12 Practical considerations for ready techniques 12.1 General 12.2 Unencrypted TLS 12.3 Private-key sharing 12.4 Recommendations to mitigate risks <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 13 Future challenges <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Power systems management and associated information exchange. Data and communications security – Deep packet inspection of encrypted communications<\/b><\/p>\n |