There have been several cyber-attacks targeted at power generation and distribution facilities in the last decade all over the world. To address these events, the security standard IEC 62351 was published to protect IEC 61850 communications in SAS. Shortly, the analysis carried out by the research and industrial community of the security mechanisms defined in IEC 62351 standard was published. Results show that the protection of the communications for control, supervision, and transmission of measured sampled current and voltage values among IEDs is a challenge that needs to be solved. These types of communications make use of GOOSE and SV messages with stringent timing requisites. Thus, protection of these types of communications in SAS supposes a priority to guarantee proper behavior of power generation and distribution facilities.

This thesis aims to propose a solution to protect IEC 61850 GOOSE and SV messages without compromising their stringent timing requirements and suitable for its usage in SAS. This challenge is carried out through the definition of a digital and modular architecture that, making use of hardware acceleration of cryptographic processes, can provide integrity, authenticity, and confidentiality to the communications with stringent timing requirements in SAS. First, a detailed analysis of the current state of the art in communication and cybersecurity technologies for substations will be carried out. Specifically, the problems to protect communications based on GOOSE and SV messages will be discussed. Next, current solutions to protect these types of communications will be studied, showing that there is not any solution in the literature able to fulfill this task. Secondly, as the solution to the problem presented, a flexible and adaptable hardware architecture will be proposed. Furthermore, as an enabling element, an IP AES-GCM with low latency, high processing power, and configurable to select the balance between area usage of the System-on-Programmable-Chip (SoPC) and the performance provided will be presented. Finally, the proposed architecture will be validated in the laboratory employing simulation techniques and specific tests over real hardware. Results will be compared with the latest solutions available in the literature. Additionally, the viability to implement the proposed solution in SAS will be analyzed.