IEC 61850 traffic at ANSI 87T differential protection attacks

DOI

During GNSS attacks on a time server in an electrical substation, the time service is affected and, accordingly, time-critical protection functions can misoperate. In our threat model, these trips are maliciously triggered via time synchronization attacks (using the so-called two-clock GNSS attack). These data show how IEC 61850 Sampled Values, IEEE 1588 Precision Time Protocol, and GOOSE traffic behave under these attacks, with GOOSE messages proving the misoperation of the differential protection IED. This is the complementary dataset for the paper: "Malicious GNSS Spoofing Causing False Trips in IEC 61850 Multivendor Substations" by Fruböse et al. (2026).

This work was funded by the Topic Engineering Secure Systems of the Helmholtz Association (HGF) (POF IV, LK 01, 46.23.02) and supported by KASTEL Security Research Labs, Karlsruhe.

Payload which discloses vendor information is replaced.

Identifier
DOI https://doi.org/10.35097/prcfrppz0c1f1e28
Metadata Access https://www.radar-service.eu/oai/OAIHandler?verb=GetRecord&metadataPrefix=datacite&identifier=10.35097/prcfrppz0c1f1e28
Provenance
Creator Fruböse, Clemens ORCID logo
Publisher Fruböse, Clemens
Contributor RADAR
Publication Year 2026
Funding Reference Karlsruhe Institute of Technology https://ror.org/04t3en479 ROR
Rights Open Access; Creative Commons Attribution Non Commercial 4.0 International; info:eu-repo/semantics/openAccess; https://creativecommons.org/licenses/by-nc/4.0/legalcode
OpenAccess true
Representation
Resource Type network capture of IEC 61850 Sampled Values, Precision Time Protocol and GOOSE messages; Dataset
Format application/x-tar
Size 43,4 GB
Discipline Other
Temporal Coverage 2025-2026