Search
Free Trial

SASCrypt - IEC 61850/62351

Substation automation system password IP core

The IEC 61850/62351 Substation Automation System Crypt (SAS Crypt) IP core secures the strict real-time traffic used in substation automation systems and new smart grid sites. For example, it protects GOOSE and Sample Measurement Value (SMV) frames, which are used to communicate with critical devices in these venues, such as merged units or IEDs. The IP implements the new IEC 62351-6 standard, which ensures interoperability and allows both IEC 61850 protected and unprotected traffic in the same network. The standard defines the encryption and authentication mechanisms that will be applied to Layer 2 IEC 61850 frames. This low-latency IP energy is capable of encrypting, decrypting and authenticating GOOSE or SMV at wire speed.

 

A very important topic in the scope of IEC 62351 is key management and distribution for protection. The SAS Crypt IP Core allows different solutions for introducing security keys into devices. Since it is a static method of introducing keys into the IP, a fully automated solution for secure key management is defined in IEC 62351-9: “Cybersecurity key management for power system equipment”.

 

The SAS Crypt IP Core integrates a proprietary low-latency encryption cipher optimized specifically for this task. The cryptographic module delivers the required performance with optimal resource utilization and introduces a latency of a few microseconds. In practice, SAS Crypt IP allows the trade-off between the supported data throughput and the FPGA resources required for implementation to be modified at synthesis time.

 

The most relevant configurable parameters that allow optimization to be achieved are:

  • Types of IEC 61850 messages that must be secured
  • Multiplication delay used in passwords
  • Multiplication engine used in passwords
  • Implementation of key storage and management logic for up to 100 different IEC 61850 data sets

In addition to the protection features, the SASCrypt IP core supports the IEEE 1588 V2 One-Step Transparent Clock Peering (P2P) feature. This feature allows compensating for the dwell time of PTP frames as well as the latency of each link.

 

The SASCrypt IP core is used in conjunction with the SoC-e MES IP core as well as the HSR-PRP switch IP to combine security to introduce Ethernet switching functionality in the device.

Contact Hongke

SASCrypt IP is designed to be seamlessly integrated into your FPGA design by utilizing the new Xilinx Vivado tool, which allows the IP parameters to be configured in an easy way using the IP core in a graphical user interface.

Key features of the SASCrypt IP core

  • Level 2 IEC61850 GOOSE and SMV (Sample Measurement Value) Encryption, Decryption and Validation
  • High performance AES-GCM engine
  • Microsecond delay
  • Flexible customization:
    IEC 61850 message types that must be protected
    ⚪ Multiplication Delay (Time Optimization)
    ⚪ Multiplication engine (resource utilization)
    ⚪ Key storage and management logic for up to 100 different data sets

connector

  • Full-duplex 10/100/1000 Mbps Ethernet interface
  • Half-duplex 10/100 Mbps Ethernet interface
  • MII/RMII/GMII/RGMII/SGMII/QSGMII Physical Layer Device (PHY) Interface
  • 1000 Mbps AXI-Stream interface
  • Copper and fiber media interfaces: 10/100/1000Base-T, 100Base-FX, 1000Base-X

Configuration

  • MDIO, UART, AXI4-Lite Management Interface
  • Driver included with IP core purchase (*)

Time Synchronization

  • IEEE 1588v2 stateless transparent clock function (P2P-Layer 2/E2E-Layer 2)
  • Default, Power Utility Profile IEC 61850-9-3
  • Compatible with SoC-e IEEE 1588 IP core (1588Tiny, PTB-PreciseTimeBasic)

Reference Design Supported Boards

  • SoC-e SMARTzynq Brick (recommended)
  • SoC-e SMARTmpsoc Brick (recommended)

Xilinx FPGA family support

    The following Xilinx FPGA families support SASCrypt IP:

  • Series 6 (Spartan, Virtex)
  • Series 7 (Zynq, Spartan, Artix, Kintex, Virtex)
  • Ultrascale (Kintex, Virtex)
  • Ultrascale + (Zynq MPSoC, Kintex, Virtex)

Keeping up with the times and innovating - Explore more potentials of TSN with Hongke

Time Sensitive Networking (TSN) is a new generation of network technology based on the evolution of the standard Ethernet architecture. It takes traditional Ethernet as the network foundation and provides a data link layer protocol specification for deterministic data transmission capability through mechanisms such as clock synchronization, data scheduling, and network configuration. Compared with traditional Ethernet, TSN can provide microsecond-level deterministic services, reduce the complexity of the entire communication network, and realize the convergence of information technology (IT) and operation technology (OT). With its precise clock synchronization, deterministic traffic scheduling, and intelligent and open operation and maintenance management framework, TSN can ensure the high-quality transmission of multiple business traffic in a common network, and it has both performance and cost advantages, and it is the development trend of the future network. This is the future trend of network development.

Currently, TSN technology has a high level of discussion in the automotive, industrial, rail transportation, and aerospace fields. As a non-vendor-bound real-time communication protocol, we believe that TSN technology has a good application prospect.

Welcome to contact us to explore and learn the integration of TSN technology with various industries, and actively promote more applications on the ground to jointly build a new world of intelligent interconnection.

Contact Hongke
close menu icon

Contact Hongke to help you solve your problems.

Let's have a chat