SASCrypt - Substation Automation Systems Crytographic Core

 
SASCrypt I/O Diagram

Overview

The Substation Automation Systems Cryptographic (SASCrypt) IP Core secures the strict real-time traffic used in the Substation Automation Systems and in new Smart Grid premises. As an example, it protects GOOSE and Sample-Measured-Values (SMV) frames used to communicate critical equipment within these premises like Merging Units or IEDs. This IP implements the new IEC 62351-6 standard that ensures interoperability and allows coexisting IEC 61850 protected and non protected traffic in the same network. This standard defines the encryption and authentication mechanisms that shall be applied to Layer 2 IEC 61850 frames. This low-latency IP Core is capable of encrypting, decrypting and authenticating GOOSE or SMV at wire-speed.

A very important topic in the scope of IEC 62351 is the keys management and distribution used for the protection. SASCrypt IP Core allows different schemes for security keys introduction into the equipment. Since an static way to introduce the keys into the IP, until a fully automated solution for security key management as defined in IEC 62351-9: “Cyber security Key management for Power System Equipment”.

The SASCrypt IP Core integrates a proprietary low-latency cryptographic cipher specifically optimized for this task. This cipher module provides the required performance with an optimum resource utilization and introducing a delay of few microseconds. Indeed, SASCrypt IP allows modifying at synthesis time the trade-off between the supported data throughput and the required FPGA resources for the implementation.

The most relevant configurable parameters that allow an optimized implementation are:

  • The type of IEC 61850 messages that must be secure
  • The multiplication latency applied in the cipher
  • The multiplication engine used in the cipher
  • The implementation scheme used for key storage and management logic for up to 100 different IEC 61850 datasets

In addition to the protection functionality, the SASCrypt IP Core also supports IEEE 1588 V2 One Step Transparante Clock Peer-to-Peer (P2P) functionality. This feature allows compensating the residence time of PTP frames as well as the delay of each link.

SASCrypt can be used in combination with the SoC-e MES IP Core as well as the HSR-PRP Switch IP core to introduce Ethernet switching capabilities in the equipment combined with teh security.

Key Features

  • Layer 2 IEC61850 GOOSE and SMV (Sampled Measured Values) encryption, decryption, and authentication
  • High performance AEC-GCM engine
  • Microsecond range delay
  • Flexible customization:
    • Type of IEC 61850 messages that must be securized
    • Multiplication Latency (Resource usage)
    • Multiplication Engine (Timing optimization)
    • Key storage and management logic for up to 100 different datasets

Interfaces

  • Full-duplex 10/100/1000 Mbps Ethernet Interfaces
  • Half-duplex 10/100 Mbps Ethernet Interfaces
  • MII/RMII/GMII/SGMII/QSGMII Physical Layer device (PHY) interfaces
  • 1000 Mbps AXI-Stream interfaces
  • Copper and Fiber optic media interfaces: 10/100/1000Base-T, 100Base-FX, 1000Base-X

Time Synchronization

  • IEEE 1588v2 Stateless Transparent Clock functionality (P2P-Layer2/E2E-Layer 2)
  • Default, Power utility Profiles IEC 61850-9-3
  • Compatible with SoC-e IEEE 1588 IP Cores (1588Tiny, PreciseTimeBasic)

Configuration

  • MDIO, UART, AXI4-Lite management interfaces
  • Drivers are provided with IP Core purchase.

    Supported FPGAs

    • 6-Series (Spartan, Virtex)
    • 7-Series (Zynq, Spartan, Artix, Kintex, Virtex)
    • Ultrascale (Kintex, Virtex)
    • Ultrascale+ (Zynq MPSoC, Kintex, Virtex)

    Embedded Development Suite

    A hardware development platform is available. Latest documentation, design support files, reference design source files and tools are available for download free of charge.

    * Device supported by the free Xilinx Vivado WebPACK tool.

    Pricing, Availability and Ordering

    • Concurrent EDA is the US Distributor for SoC-e.
    • Currently Available to US customers only.
    • Please email Ray at This email address is being protected from spambots. You need JavaScript enabled to view it. with questions / quotes / orders.