Intelligent Electronic Devices (IEDs) are vital components in modern electrical substations, collectively responsible for monitoring electrical parameters and performing protective functions. As a result, ensuring the integrity of IEDs is an essential criteria. While standards like IEC 61850 and IEC 60870-5-104 establish cyber-security protocols for secure information exchange in IED-based power systems, the physical integrity of IEDs is often overlooked, leading to a rise in counterfeit and tainted electronic products. This paper proposes a physical unclonable function (PUF)-based device (IEDPUF probe) capable of extracting unique hardware signatures from commercial IEDs. These signatures can serve as identifiers, facilitating the authentication and protection of IEDs against counterfeiting. The paper presents the complete hardware architecture of the IEDPUF probe, along with algorithms for signature extraction and authentication. The process involves the central computer system (CCS) initiating IED authentication requests by sending random challenges to the IEDPUF probe. Based on the challenges, the IEDPUF probe generates responses, which are then verified by the CCS to authenticate the IED. Additionally, a two-way authentication technique is employed to ensure that only verified requests are granted access for signature extraction. Experimental results confirm the efficacy of the proposed IEDPUF probe. The results demonstrate its ability to provide real-time responses possessing randomness while uniquely identifying the IED under investigation. The proposed IEDPUF probe offers a simple, cost-effective, accurate solution with minimal storage requirements, enhancing the authenticity and integrity of IEDs within electrical substations

翻译：智能电子设备（IED）是现代变电站的关键组件，共同负责监测电气参数并执行保护功能。因此，确保IED的完整性是一个必要标准。尽管IEC 61850和IEC 60870-5-104等标准为基于IED的电力系统中的信息安全交换制定了网络安全协议，但IED的物理完整性常被忽视，导致假冒和污染的电子产品日益增多。本文提出了一种基于物理不可克隆函数（PUF）的装置（IEDPUF探针），能够从商用IED中提取独特的硬件签名。这些签名可作为标识符，有助于对IED进行认证和防伪保护。本文展示了IEDPUF探针的完整硬件架构，以及签名提取和认证的算法。该过程包括中央计算机系统（CCS）通过向IEDPUF探针发送随机挑战来发起IED认证请求。基于这些挑战，IEDPUF探针生成响应，随后由CCS验证以认证IED。此外，采用双向认证技术确保只有经过验证的请求才能被授予签名提取权限。实验结果证实了所提出的IEDPUF探针的有效性。结果表明，它能够提供具有随机性的实时响应，同时唯一识别被检测的IED。所提出的IEDPUF探针提供了一种简单、经济高效、精确的解决方案，且存储需求极低，增强了变电站内IED的真实性和完整性。