- Home
- Technical Products
Enterprise Cloud IT Solutions
Test Measurement
- Solutions
Enterprise Cloud IT Solutions
Test Measurement
- Resource Center
- About Us
EN
SAScrypt Suite: Wire-speed security according to IEC 62351-6/62351-9/61850
The SASCrypt IP suite is an invaluable tool for experiencing deep "hands-on" wire-speed encryption applied to real-time traffic. This technology is a step forward in meeting the challenge of securing OT traffic with extremely low latency and jitter-free solutions. It can be used to protect control-oriented real-time traffic (IEC 62351-6), Ethernet-based fieldbus* (Ethercat, Profinet, etc.) or TSN scheme traffic*.
*: The current version of the kit supports IEC 62351-6 level 2 messages (GOOSE and SMV).
SASCrypt IP is a VHDL-described IP core for FPGAs capable of bi-directional processing of data streams over Ethernet traffic. Encryption/decryption and authentication operations are applied to the selected traffic while the rest of the messages are transparently bypassed.A flexible AES-GCM engine is integrated in the IP with different implementation options depending on the required data throughput and resources.
The wire-speed IP knows the secure frame format defined for each protocol. The toolkit embeds the IP feature of IEC 62351-6, SASCrypt IP, which defines strict real-time traffic for substation automation systems and new smart grid sites. It protects, for example, GOOSE and SMV (Sample-Measured-Values) frames communicating with critical devices in these sites, such as merged units or IEDs.
The kit consists of two SMARTmpsoc bricks as shown below. Both boards are linked via a 1 GbE Ethernet link that communicates using both secure and non-secure traffic. Additional Ethernet links are used to monitor Ethernet traffic and integrate other devices such as external traffic generators.
The following diagram depicts the internal block diagram of the design implemented on each board. the PS section hosts a Linux system that communicates internally with the FPGA section (PL) via a standard Ethernet GMAC (GMAC0). The SASCrypt IP implemented in the PL part is attached to the GMAC and handles all the security by the hardware and transparently acts on the application running on the CPU. The IP is 1588-aware, so it runs transparent clock (TC) operations in order to apply the required timing corrections to ensure the nanosecond synchronization required by the new generation of fieldbuses (Profinet IRT, TSN, 1588-aware Ethernet, etc...).
The IP also communicates with the PS section through a dedicated AXI4 interface. A dedicated driver links the key management protocol to the IP's key registers. This security mechanism has been standardized in the electrical industry, for example, according to IEC 62351-9: "Network security key management for power system equipment". The protocol details the AKM and SKM processes as well as the PKI and KDC servers that need to process the device registrations in the grid and communicate the overlay key schemes defined for the sector. soC-e provides a complete stack of IEC 62351-9 supporting TPM ICs to automate the execution of AKM and SKM independently of the overlay nature of the network.
Order Information:
- Reference: SAScrypt Suite 10.8
- Included Materials: 2 SMARTmpsoc Modules, 2 SMART Carrier Boards, 2 Power Supplies, 4 SFP 10/100/1000Base-T Copper Cables, 2 USB Cables, 1 Ethernet Link Cable
For more information, please contact us at info@aiportek.com.
Keeping up with the times and innovating - Explore more potentials of TSN with Hongke
Time Sensitive Networking (TSN) is a new generation of network technology based on the evolution of the standard Ethernet architecture. It takes traditional Ethernet as the network foundation and provides a data link layer protocol specification for deterministic data transmission capability through mechanisms such as clock synchronization, data scheduling, and network configuration. Compared with traditional Ethernet, TSN can provide microsecond-level deterministic services, reduce the complexity of the entire communication network, and realize the convergence of information technology (IT) and operation technology (OT). With its precise clock synchronization, deterministic traffic scheduling, and intelligent and open operation and maintenance management framework, TSN can ensure the high-quality transmission of multiple business traffic in a common network, and it has both performance and cost advantages, and it is the development trend of the future network. This is the future trend of network development.
Currently, TSN technology has a high level of discussion in the automotive, industrial, rail transportation, and aerospace fields. As a non-vendor-bound real-time communication protocol, we believe that TSN technology has a good application prospect.
Welcome to contact us to explore and learn the integration of TSN technology with various industries, and actively promote more applications on the ground to jointly build a new world of intelligent interconnection.
