{"id":357,"date":"2023-07-20T12:05:43","date_gmt":"2023-07-20T16:05:43","guid":{"rendered":"https:\/\/mooney.gatech.edu\/security\/?page_id=357"},"modified":"2024-02-12T01:38:21","modified_gmt":"2024-02-12T06:38:21","slug":"implementation","status":"publish","type":"page","link":"https:\/\/mooney.gatech.edu\/security\/gridtrust\/implementation\/","title":{"rendered":"Implementing GridTrust"},"content":{"rendered":"\r\n<h1><span style=\"font-size: 24pt;\">Implementing GridTrust<\/span><\/h1>\r\n<figure id=\"attachment_373\" aria-describedby=\"caption-attachment-373\" style=\"width: 4231px\" class=\"wp-caption alignnone\"><a href=\"http:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-373 size-full\" src=\"http:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation.png\" alt=\"\" width=\"4231\" height=\"1847\" srcset=\"https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation.png 4231w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation-300x131.png 300w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation-1024x447.png 1024w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation-768x335.png 768w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation-1536x671.png 1536w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation-2048x894.png 2048w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/a><figcaption id=\"caption-attachment-373\" class=\"wp-caption-text\">Figure 1. Generic Framework for GridTrust<\/figcaption><\/figure>\r\n\r\n\r\n\r\n<p>Shown in Figure 1 is an example of how GridTrust may be utilized in a network involving a Vendor and a Utility. The Vendor or (more likely) Utility will provide update files to various devices as required. GridTrust compromises (1) Interfacing Devices which provide protection to existing devices, and (2) Native Devices which provide protection integrated with the production of a new device. In the standard operation, all GridTrust devices are supplied with public keys for both the Vendor and the Utility. When the Vendor produces a software update, the Vendor signs the update binary with their private key and supplies the source code, binary, and signature to the Utility. The Utility then separately approves the source code, (optionally) compiles the source code, and signs the binary with the Utility&#8217;s private key. When an update occurs, the devices are supplied with the update binary and the signatures from both the Vendor and the Utility.<\/p>\r\n\r\n\r\n\r\n<figure id=\"attachment_374\" aria-describedby=\"caption-attachment-374\" style=\"width: 4131px\" class=\"wp-caption alignnone\"><a href=\"http:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-374 size-full\" src=\"http:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2.png\" alt=\"\" width=\"4131\" height=\"1848\" srcset=\"https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2.png 4131w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2-300x134.png 300w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2-1024x458.png 1024w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2-768x344.png 768w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2-1536x687.png 1536w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_implementation2-2048x916.png 2048w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/a><figcaption id=\"caption-attachment-374\" class=\"wp-caption-text\">Figure 2: Example GridTrust Implementation<\/figcaption><\/figure>\r\n<p>&nbsp;<\/p>\r\n<p>Shown in Figure 2 is a small example of how GridTrust may be employed at a Utility. The GridTrust server is integrated with the Utility&#8217;s network operation center. A GridTrust Native Device is located in a substation equipment shed, providing update authentication for a temperature sensor. A GridTrust Interfacing Device is located in the substation yard providing update authentication for a legacy power protection relay connected to a high-voltage power distribution circuit breaker.<\/p>\r\n<p>When performing an update, the files can be either supplied remotely via the GridTrust server, or supplied locally via an SSH session through the worker laptop. Both scenarios require final update approval by the GridTrust Server.<\/p>\r\n<p>The following links discuss how each component of the GridTrust example in Figure 2 is accomplished:<\/p>\r\n<p><a href=\"https:\/\/github.com\/huttokd\/GridTrust\">Github<\/a><\/p>\r\n<p><a href=\"https:\/\/mooney.gatech.edu\/security\/gridtrust\/server\/\">GridTrust Server Setup<\/a><\/p>\r\n<p><a href=\"https:\/\/mooney.gatech.edu\/security\/gridtrust\/native\">GridTrust Native Device Setup<\/a><\/p>\r\n<p><a href=\"https:\/\/mooney.gatech.edu\/security\/gridtrust\/interfacing\/\">GridTrust Interfacing Device Setup<\/a><\/p>\r\n<p><a href=\"https:\/\/mooney.gatech.edu\/security\/gridtrust\/puf\/\">GridTrust PUF Setup<\/a><\/p>\r\n<p><a href=\"https:\/\/mooney.gatech.edu\/security\/gridtrust\/running\/\">Running GridTrust<\/a><\/p>\r\n<p><strong>Note: <\/strong>We do not discuss how to set up routers \/ switches. It is assumed the server, native device, and interface device have been assigned IPv4 addresses and are on the same network.<\/p>\r\n\r\n\r\n","protected":false},"excerpt":{"rendered":"<p>Implementing GridTrust Shown in Figure 1 is an example of how GridTrust may be utilized in a network involving a Vendor and a Utility. The Vendor or (more likely) Utility will provide update files to various devices as required. GridTrust compromises (1) Interfacing Devices which provide protection to existing devices, and (2) Native Devices which &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/mooney.gatech.edu\/security\/gridtrust\/implementation\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Implementing GridTrust&#8221;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"parent":351,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"folder":[12],"class_list":["post-357","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/comments?post=357"}],"version-history":[{"count":17,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/357\/revisions"}],"predecessor-version":[{"id":558,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/357\/revisions\/558"}],"up":[{"embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/351"}],"wp:attachment":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/media?parent=357"}],"wp:term":[{"taxonomy":"folder","embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/folder?post=357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}