In profiles including TCP/IP, messages to be transmitted are queued at Data Link Level and several message, because of the connection window, can be sent continuously over the network without expecting the immediate acknowledge for each of them. Moreover, a single TCP/IP frame can encase multiple IEC 104 frames sent in sequence.
During normal communication operations, the Session Key Change is performed on regular basis. When the Controlling Station sends a Session Key Status Request the Session Key could be still valid (from the previous Session Key Change). This case is not covered in Table 32.
After sending a Session Key Status Request, the Controlling Station may receive several Aggressive Mode Requests before the reception of the Session Key Status message because the Controlled Station may have sent several Aggressive Mode Requests before the reception of the Session Key Status Request. The Controlling Station discards those Aggressive Mode Requests and their information are lost
Proposal
The Controlling Station, after sending a Session Key Status Request to the Controlled Station, shall consider the Session Key still valid until it receives a Session Key Status from the Controlled Station.
The Controlling Station shall invalidate the Session Key upon receiving the Session Key Status from the Controlled Station or if the Reply Timeout expires.
The Controlling Station shall accept and process all Non Critical ASDUs and Aggressive Mode Request ASDUs sent by the Controlled Station while the Session Key is still valid.
Upon receiving the Session Key Status Request from the Controlling Station, the Controlled Station shall stop sending Non Critical ASDUs and Aggressive Mode Request ASDUs and shall send a Session Key Status to the Controlling Station, starting the Session Key change management with the Controlling Station.
The Controlled Station resumes sending Non Critical ASDUs and Aggressive Mode Request ASDUs to the Controlling Station when the Session Key change management with the Controlling Station is successfully terminated
Discussion
Created
Status
The technical change in an improvement and does not affect backward compatibility
02 Dec 22
Conformance Test Preparation
The technical change proposed has been verified is valid.
02 Dec 22
Analysis Of Compatibility
Implementaion is technically implemented. To be Verified.
02 Dec 22
Verify Draft Implementation
Change required (see attached document)
02 Dec 22
Drafting Implementation
The solution will need to be the following paragraphs, applied to IEC 62351-5.
• After sending a Session Key Status Request or a Session Key Change to the Controlled Station, the Controlling Station shall consider the current Session Key still valid unless otherwise indicated in the subsequent Session Key Status response received from the Controlled Station.
• Upon receiving the Session Key Status Request from the Controlling Station, the Controlled Station shall immediately send the Session Key Status. If the Session Keys are still valid, it may continue to send Aggressive Mode Requests and Non-critical ASDUs to the Controlling station. If the Session Keys are not valid, the controlled station can send Non-critical ASDUs but not Aggressive Mode Request ASDUs
• The Controlled Station shall invalidate the current Session Key (and shall start using the new session key) upon receiving a valid Session Key Change from the Controlling Station, but not before.
• The Controlling Station shall accept and process all Non-Critical ASDUs and Aggressive Mode Request ASDUs sent by the Controlled Station while the Session Key is still valid. This will require a change to the state machine.
02 Dec 22
Discussion (red)
This is a technical issue that could lead in losing informations sent by the controlled station when the controlling station initiates the Session Key Change