Performance Evaluation and analysis of IEC 62351-6 Probabilistic Signature Scheme for Securing GOOSE Messages

Cyber security is a growing concern in power systems. To achieve security requirements such as authentication and integrity for Generic Object-Oriented Substation Event (GOOSE) messages, IEC 62351-6 standard recommends using digital signatures. Furthermore, it explicitly specifies to use RSASSA-PSS (Probabilistic Signature Scheme) digital signature algorithm based on RFC 3447. Power systems run in real-time and implemented cybersecurity measures have to strictly meet timing requirements. Therefore, it is very important to study performances of such methods and contrast them with the timing requirements stipulated by grid operations, e.g. power system protection enforces a maximum delay of 3 msec. In this fashion, it can be analyzed whether a recommended cyber security mechanism is fit for use in power systems. In previous works, only RSA digital signatures were studied and its performance evaluation in terms of computational times for securing GOOSE messages have been studied. This paper analyses the timing performance of RSASSA-PSS digital signature algorithm for securing the GOOSE messages. This is important to assess its feasibility for IEC 61850-based networks as specified by the IEC 62351-6 standard. RSASSA-PSS digital signature algorithm is implemented in Python and verification times are calculated. The results show that RSASSA-PKCS1-v1_5 1024 key digital signatures provide improved performance compared to other RSA digital signature schemes. That being said, none of the algorithms is fast enough to be implemented for time-critical operations such as protection coordination.