A study of the applicability of software-defined networking in industrial networks

173 p.Las redes industriales interconectan sensores y actuadores para llevar a cabo funciones de monitorización, control y protección en diferentes entornos, tales como sistemas de transporte o sistemas de automatización industrial. Estos sistemas ciberfísicos generalmente están soportados por múltiples redes de datos, ya sean cableadas o inalámbricas, a las cuales demandan nuevas prestaciones, de forma que el control y gestión de tales redes deben estar acoplados a las condiciones del propio sistema industrial. De este modo, aparecen requisitos relacionados con la flexibilidad, mantenibilidad y adaptabilidad, al mismo tiempo que las restricciones de calidad de servicio no se vean afectadas. Sin embargo, las estrategias de control de red tradicionales generalmente no se adaptan eficientemente a entornos cada vez más dinámicos y heterogéneos.Tras definir un conjunto de requerimientos de red y analizar las limitaciones de las soluciones actuales, se deduce que un control provisto independientemente de los propios dispositivos de red añadiría flexibilidad a dichas redes. Por consiguiente, la presente tesis explora la aplicabilidad de las redes definidas por software (Software-Defined Networking, SDN) en sistemas de automatización industrial. Para llevar a cabo este enfoque, se ha tomado como caso de estudio las redes de automatización basadas en el estándar IEC 61850, el cual es ampliamente usado en el diseño de las redes de comunicaciones en sistemas de distribución de energía, tales como las subestaciones eléctricas. El estándar IEC 61850 define diferentes servicios y protocolos con altos requisitos en terminos de latencia y disponibilidad de la red, los cuales han de ser satisfechos mediante técnicas de ingeniería de tráfico. Como resultado, aprovechando la flexibilidad y programabilidad ofrecidas por las redes definidas por software, en esta tesis se propone una arquitectura de control basada en el protocolo OpenFlow que, incluyendo tecnologías de gestión y monitorización de red, permite establecer políticas de tráfico acorde a su prioridad y al estado de la red.Además, las subestaciones eléctricas son un ejemplo representativo de infraestructura crítica, que son aquellas en las que un fallo puede resultar en graves pérdidas económicas, daños físicos y materiales. De esta forma, tales sistemas deben ser extremadamente seguros y robustos, por lo que es conveniente la implementación de topologías redundantes que ofrezcan un tiempo de reacción ante fallos mínimo. Con tal objetivo, el estándar IEC 62439-3 define los protocolos Parallel Redundancy Protocol (PRP) y High-availability Seamless Redundancy (HSR), los cuales garantizan un tiempo de recuperación nulo en caso de fallo mediante la redundancia activa de datos en redes Ethernet. Sin embargo, la gestión de redes basadas en PRP y HSR es estática e inflexible, lo que, añadido a la reducción de ancho de banda debida la duplicación de datos, hace difícil un control eficiente de los recursos disponibles. En dicho sentido, esta tesis propone control de la redundancia basado en el paradigma SDN para un aprovechamiento eficiente de topologías malladas, al mismo tiempo que se garantiza la disponibilidad de las aplicaciones de control y monitorización. En particular, se discute cómo el protocolo OpenFlow permite a un controlador externo configurar múltiples caminos redundantes entre dispositivos con varias interfaces de red, así como en entornos inalámbricos. De esta forma, los servicios críticos pueden protegerse en situaciones de interferencia y movilidad.La evaluación de la idoneidad de las soluciones propuestas ha sido llevada a cabo, principalmente, mediante la emulación de diferentes topologías y tipos de tráfico. Igualmente, se ha estudiado analítica y experimentalmente cómo afecta a la latencia el poder reducir el número de saltos en las comunicaciones con respecto al uso de un árbol de expansión, así como balancear la carga en una red de nivel 2. Además, se ha realizado un análisis de la mejora de la eficiencia en el uso de los recursos de red y la robustez alcanzada con la combinación de los protocolos PRP y HSR con un control llevado a cabo mediante OpenFlow. Estos resultados muestran que el modelo SDN podría mejorar significativamente las prestaciones de una red industrial de misión crítica

Automation, Protection and Control of Substation Based on IEC 61850

Reliability of power system protection system has been a key issue in the substation operation due to the use of multi-vendor equipment of proprietary features, environmental issues, and complex fault diagnosis. Failure to address these issues could have a significant effect on the performance of the entire electricity grid. With the introduction of IEC 61850 standard, substation automation system (SAS) has significantly altered the scenario in utilities and industries as indicated in this thesis

Techniques for Reducing Redundant Unicast Traffic in HSR Networks

High-availability seamless redundancy (HSR) is a seamless redundancy protocol for Ethernet networks. HSR provides seamless communication with fault tolerance based on the duplication of every unicast frame sent in a ring topology. HSR is very useful for mission- and time-critical systems such as substation automation systems (SASs). However, the main drawback of HSR is to generate excessively redundant network traffic in HSR networks. This drawback would unnecessarily waste network bandwidth and hence could degrade network performance in HSR networks. Several traffic reduction techniques for HSR networks have been proposed to improve the network performance in the networks. These techniques can be classified into two main groups: traffic filtering-based and dual paths-based techniques. In this chapter, we provide a description and comparison of these HSR traffic reduction techniques. This chapter describes these traffic reduction techniques and compares their network performance. The operations, advantages, and disadvantages of these techniques are investigated and summarized

A Dynamic Linear Hashing Method for Redundancy Management in Train Ethernet Consist Network

Massive transportation systems like trains are considered critical systems because they use the communication network to control essential subsystems on board. Critical system requires zero recovery time when a failure occurs in a communication network. The newly published IEC62439-3 defines the high-availability seamless redundancy protocol, which fulfills this requirement and ensures no frame loss in the presence of an error. This paper adopts these for train Ethernet consist network. The challenge is management of the circulating frames, capable of dealing with real-time processing requirements, fast switching times, high throughout, and deterministic behavior. The main contribution of this paper is the in-depth analysis it makes of network parameters imposed by the application of the protocols to train control and monitoring system (TCMS) and the redundant circulating frames discarding method based on a dynamic linear hashing, using the fastest method in order to resolve all the issues that are dealt with

Communications for smart grid substation monitoring using WIMAX protocol

The SMARTGRID is a general term for a series of infrastructural changes applied to the electric transmission and distribution systems. By using the latest communication and computing technology, additional options such as Condition Monitoring can now be implemented to further improve and optimise complex electricity supply grid operation. Lifecycle optimisation of high voltage assets and other system components in the utility provide a case in point. Today Utility experts agree that application of scheduled maintenance is not the effective use of resources. To reduce maintenance expenses and unnecessary outages and repairs of equipment due to scheduled maintenance, utilities are adopting condition based approaches. Real time online monitoring of substation parameters can be achieved by retrofitting the existing substation with SMARTGRID technology. The IEC 61850 is a common protocol meant for Substation Automation Systems, designed for the purpose of establishing interoperability, one that all manufacturers of all different assets must comply with. This thesis advocates the estimation of bandwidth required for monitoring a substation after retrofitting the existing substation with smart communication technologies. This includes establishing a latest wireless communication infrastructure from the substation to the control centre and evaluating the performance modelling and simulating the physical layer of communication technologies such as WIMAX (IEEE802.16) and MICROWAVE point to point using MATLAB SIMULINK and RADIO mobile online simulation software. Also, link budget of the satellite communication for the same application is calculated. Satellite communication in this case is considered as a redundant or back up technology to ensure that the communication between entities is continuous. On performing the simulation on different environments the results prove that the selected protocols are best suited for condition monitoring. The measured Latency could be the best approximated value which complies with the current objective. However the white noise that exists in the substation has significant hazard with respect to the security of the wireless network. To compensate this constraint whole substation is hard wired by means of plastic fibre optics and the data sent to the base station located near the substation

Classifying resilience approaches for protecting smart grids against cyber threats

Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. Funding for open access charge: Universidad de Málaga / CBUA

S3N - Smart Solution for Substation Networks, an architecture for the management of communication networks in power substations

ABSTRACT: Today, the communications network has become an essential element to the operation of any type of organization or infrastructure, such is the case of the electrical power substations. Such networks in particular, demand high levels of availability and reliability, as the substation is a key element in the chain of energy generation and distribution. However, although recent network modernization introduced new features that allow optimizing the operation of the substation, the variety of devices present in such environment (Intelligent Electronic Devices (IEDs), Merging Units (MUs), Network Switches, IEEE 1588 Master Clock) and the huge set of application-level protocols (Sampled Measured Values (SV), Generic Object Oriented Substation Event (GOOSE), Manufacturing Message Specification protocol (MMS), Precision Time Protocol (PTP), among others), increase the management complexity. Nevertheless, in recent years, data networks have been permeated by two major trends aiming to facilitate the administration of complex networks: Software Defined Networking (SDN) and virtualizationtechnologies, which make the network management more flexible and enable the rapid development and deployment of network services. This thesis proposes a set of contributions to solve the research challenges around of the current operation of a power substation communication network that have not been tackled by the research community. To do that, it performs a comprehensive review of the appropriation of SDN as an enabler in the management and operation of the power substations communication networks. The first research challenge we identified in this work is that, to the best of our knowledge, there are not research works proposing a complete architecture for the management of the communications networks of the power substation; also existing works do not introduce the virtualization technologies as an enabler in this environment. They only present how the application of SDN concepts may improve the performance of different communication tasks in power substations. This thesis introduces a novel architecture called Smart Solution for Substation Networks (S3N), which presents a different way to represent the interaction among all elements involved in the operation of the power substation, taking the communications network as the central point and the SDN paradigm as a key element of its formulation. The second challenge found in this work is that there is no unique criterion to define the structure of the network topology since, in every power substation, the end user implements their own topologies or the topology suggested by a vendor. In this context, this thesis presents a methodology to specify and characterize a reliable topology that vii guarantees fault-tolerance, according to the guidelines described in the architecture S3N. In addition, this thesis presents alternative SDN solutions for loops-based topologies in the proposed network topology which would be technically unfeasible using common network protocols. These solutions include algorithms to solve problems related to the broadcast and multicast traffic management. Also, we discovered that, although the communication networks of modern electrical substations provide major benefits, various research articles have evidenced several vulnerabilities related to the operation protocols in this critical infrastructure. This thesis, in order to improve the security, presents two strategies to detect intrusions and one SDN approach to mitigate attacks in the reconnaissance phase. Finally, all these contributions would not be enough to guarantee a reliable operation without mechanisms to bring traffic differentiation and provisioning. This thesis makes the best out of the architecture proposed to deploy Quality of Service (QoS) inside power substation communication networks, under the SDN paradigm

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo