SecurityyQy Issues and Quality of Service in Real Time Wireless...
Transcript of SecurityyQy Issues and Quality of Service in Real Time Wireless...
Security Issues and Quality of Service in Security Issues and Quality of Service in y Q yy Q yReal Time Wireless PLC/SCADA Process Real Time Wireless PLC/SCADA Process
Control SystemsControl SystemsControl Systems Control Systems
Dr. Halit Eren & Dincer HatipogluDr. Halit Eren & Dincer HatipogluCurtin University of TechnologyCurtin University of Technology
(Perth (Perth –– Australia)Australia)
2/27/20082/27/2008 11
PRESENTATIONPRESENTATION
•• Current state of wireless sensor networksCurrent state of wireless sensor networks
•• Technological issues on the wireless sensor deployment Technological issues on the wireless sensor deployment in industrial applicationsin industrial applicationsin industrial applicationsin industrial applications
•• Security and management of large networksSecurity and management of large networks
•• Case studyCase study
•• ConclusionsConclusions
2/27/20082/27/2008 22
Definitions:Definitions:
•• Wireless sensor network (WSN)Wireless sensor network (WSN) is a computer is a computer network consisting of spatially distributed network consisting of spatially distributed g p yg p yautonomous devices using sensors to autonomous devices using sensors to cooperatively monitor physical or environmental cooperatively monitor physical or environmental conditions such as temperature sound vibration conditions such as temperature sound vibration conditions, such as temperature, sound, vibration, conditions, such as temperature, sound, vibration, motion or pollutants, at different locations. motion or pollutants, at different locations. (Wikipedia,2008).(Wikipedia,2008).
•• Quality of Service:Quality of Service: The ability of a network (including The ability of a network (including applications hosts and infrastructure devices) to deliverapplications hosts and infrastructure devices) to deliverapplications, hosts, and infrastructure devices) to deliver applications, hosts, and infrastructure devices) to deliver traffic with minimum delay and maximum availability.traffic with minimum delay and maximum availability.
2/27/20082/27/2008 33
There are a few types of wireless sensor networks:There are a few types of wireless sensor networks:–– Personal Area Networks (PANs)Personal Area Networks (PANs)
L l N k (LAN ) L l N k (LAN ) –– Local area Networks (LANs) Local area Networks (LANs) –– Mobile networks such as cellular networksMobile networks such as cellular networks–– Extended LANs and Metropolitan (MAN) networksExtended LANs and Metropolitan (MAN) networksExtended LANs and Metropolitan (MAN) networksExtended LANs and Metropolitan (MAN) networks–– Telemetry, ultraTelemetry, ultra--long distance, satellites, etc.long distance, satellites, etc.
4G
2007
2006 Standard UWB
UWB wireless
3GHigh rate and Switched WiFi
WiMax 802.16e
2005
2004
Bluetooth 2.0
Proprietary UWB
WiFi 802.11QoS, Security 2G
2.5G
WiMax 802.16a
WiMax 802.16d
2004
2003Bluetooth 1.1
ZigBee
WiFi 802.11a/b/g
1G
1.5G
2G
WiMax 802.16
WiMax 802.16c
WiMax 802.16a
2/27/20082/27/2008 44
2002
PAN LAN Cellular MAN
1G WiMax 802.16
S2
S1S3
S5
S9S3
S1
S4
S5S8
S9
S6
S7S2
S6 S9
S8
S7S8 S1
ENTEPRIZE NETWORK
Process Bus
PROCESSES
Sensor Bus
2/27/20082/27/2008 55
Concerns of the industryConcerns of the industry
•• SecuritySecurity is a major concern. Connecting a control is a major concern. Connecting a control system to web aggravates the concern. There have system to web aggravates the concern. There have been cases of attacks that impacted control been cases of attacks that impacted control been cases of attacks that impacted control been cases of attacks that impacted control systems. (Encryption, frequency hopping, coding, systems. (Encryption, frequency hopping, coding, etc.)etc.)
•• Robustness, reliability and safetyRobustness, reliability and safety are major are major concerns. Failure of control systems can not be concerns. Failure of control systems can not be yytolerable. tolerable.
•• Industrial espionage and cyberIndustrial espionage and cyber terrorismterrorism•• Industrial espionage and cyberIndustrial espionage and cyber--terrorismterrorism
•• Level of Quality of serviceLevel of Quality of service
2/27/20082/27/2008 66
Q yQ y
PLCsPLCs
P bl L i C t ll (PLC ) t i lP bl L i C t ll (PLC ) t i l•• Programmable Logic Controllers (PLCs) are extensively Programmable Logic Controllers (PLCs) are extensively used and play important role in monitoring and used and play important role in monitoring and controlling operations.controlling operations.g pg p
•• Modern PLCs are use communications ports such as the Modern PLCs are use communications ports such as the RS232, RS485, usb, Ethernet. RS232, RS485, usb, Ethernet. , , ,, , ,
•• PLCs transfer realPLCs transfer real--time data to the system. time data to the system.
•• Programming of PLCs is easy and effective coupled with Programming of PLCs is easy and effective coupled with the SCADA systemsthe SCADA systemsthe SCADA systems. the SCADA systems.
•• Most PLC control systems are based on wiredMost PLC control systems are based on wired
2/27/20082/27/2008 77
Most PLC control systems are based on wired Most PLC control systems are based on wired communication networks. communication networks.
SCADASCADA
•• Supervisory Control and Data Acquisition (SCADA) is a Supervisory Control and Data Acquisition (SCADA) is a term adopted by the process control industry to describe term adopted by the process control industry to describe a collection of computers, sensors and other equipment a collection of computers, sensors and other equipment suitably interfaced in order to monitor and control suitably interfaced in order to monitor and control processes. processes.
•• Remote Terminal Units (RTUs) provide a Human Remote Terminal Units (RTUs) provide a Human Machine Interface (HMI) using Graphic User Interface Machine Interface (HMI) using Graphic User Interface (GUI) Operators at the central stations are familiar with(GUI) Operators at the central stations are familiar with(GUI). Operators, at the central stations are familiar with (GUI). Operators, at the central stations are familiar with HMI software for the display of information coming from HMI software for the display of information coming from the sensors and transducers and other field device and the sensors and transducers and other field device and they control of the process by using HMIthey control of the process by using HMIthey control of the process by using HMI.they control of the process by using HMI.
•• Data Storage is easy thus giving historical information Data Storage is easy thus giving historical information
2/27/20082/27/2008 88
about the performance of a particular sensor node about the performance of a particular sensor node
Case studyCase study
A i l t k ith 20 PLC/SCADA f d L lA i l t k ith 20 PLC/SCADA f d L l•• A wireless network with 20 PLC/SCADA formed a Local A wireless network with 20 PLC/SCADA formed a Local Area Network, LAN. Area Network, LAN.
•• The link between PLCs and SCADA is based on OMRON The link between PLCs and SCADA is based on OMRON Factory Intelligent Network Services (FINS) Gateway. Factory Intelligent Network Services (FINS) Gateway.
•• FinsGateway allows instructions from one network to FinsGateway allows instructions from one network to another regardless of the protocol used on the networkanother regardless of the protocol used on the networkanother, regardless of the protocol used on the network. another, regardless of the protocol used on the network.
•• FINS Commands are defined in the application level andFINS Commands are defined in the application level andFINS Commands are defined in the application level and FINS Commands are defined in the application level and do not depend on lower levels hence can be used across do not depend on lower levels hence can be used across a variety of networks and CPU buses, specifically with a variety of networks and CPU buses, specifically with Ethernet Controller Link and Host Link networks andEthernet Controller Link and Host Link networks and
2/27/20082/27/2008 99
Ethernet, Controller Link, and Host Link networks, and Ethernet, Controller Link, and Host Link networks, and between CPU Units and CPU Bus Units.between CPU Units and CPU Bus Units.
System configurationSystem configuration
i d fi ii d fi i 20 d 20 CS20 d 20 CS•• Wired configuration:Wired configuration: 20 computers and 20 PLCS 20 computers and 20 PLCS communicate by Ethernetcommunicate by Ethernet
•• Any computer can access any PLCAny computer can access any PLCAny computer can access any PLCAny computer can access any PLC•• Computers communicate among themselves (but not PLCs)Computers communicate among themselves (but not PLCs)
•• Wireless configuration:Wireless configuration: Any computer can access anyAny computer can access any
2/27/20082/27/2008 1010
•• Wireless configuration:Wireless configuration: Any computer can access any Any computer can access any PLC wirelessly PLC wirelessly
Experimental procedureExperimental procedure
•• Communication system was based on IEEE 802.11 Communication system was based on IEEE 802.11 d d Wid d Wi FiFistandards Wistandards Wi--Fi. Fi.
•• The nodes were equipped with wireless Ethernet using The nodes were equipped with wireless Ethernet using
2/27/20082/27/2008 1111
q pp gq pp gRSRS--232 ports based on Cisco Airnet 1200.232 ports based on Cisco Airnet 1200.
•• PLC, SCADA and Wireless Network were integrated and PLC, SCADA and Wireless Network were integrated and ready to run the simulation of a Car Washing Process. ready to run the simulation of a Car Washing Process. The simulation could be operated by the PLC as well asThe simulation could be operated by the PLC as well asThe simulation could be operated by the PLC as well as The simulation could be operated by the PLC as well as from the control buttons on the HMI terminal. from the control buttons on the HMI terminal.
2/27/20082/27/2008 1212
ResultsResults
•• When the distance between the Access point and the When the distance between the Access point and the wireless client was 10m the signal strength was wireless client was 10m the signal strength was
2/27/20082/27/2008 1313
measured as 92% with the response time of 2ms.measured as 92% with the response time of 2ms.
•• When the distance between the Access point and the When the distance between the Access point and the ppwireless client was 50m the signal strength was wireless client was 50m the signal strength was measured as with an inconsistent the response time. It measured as with an inconsistent the response time. It was noted that after 600ms the connection droppedwas noted that after 600ms the connection dropped
2/27/20082/27/2008 1414
was noted that after 600ms the connection dropped was noted that after 600ms the connection dropped
•• When the connection has dropped out, the tags in the When the connection has dropped out, the tags in the output file did not match the tags results of the base file. output file did not match the tags results of the base file. p gp g
•• When the laptop was moved few meters towards the When the laptop was moved few meters towards the hh bl h dbl h dAccess Point, the connection was reAccess Point, the connection was re--established. established.
•• However after the reHowever after the re establishing connectivity theestablishing connectivity the•• However, after the reHowever, after the re--establishing connectivity the establishing connectivity the SCADA simulation did not run without reSCADA simulation did not run without re--initializing the initializing the FinsGateway services. When the error on the FinsGateway services. When the error on the FinsGateway was cleared the application restarted. FinsGateway was cleared the application restarted.
•• Restoring the FinsGateway services was about 30sRestoring the FinsGateway services was about 30s•• Restoring the FinsGateway services was about 30s, Restoring the FinsGateway services was about 30s, which may be unacceptable in industrial applications.which may be unacceptable in industrial applications.
2/27/20082/27/2008 1515
•• Recovery (selfRecovery (self--healing) of system is possible.healing) of system is possible.
ConclusionsConclusions
•• Wireless industrial systems exist but not common.Wireless industrial systems exist but not common.
•• Security, reliability, and network management Security, reliability, and network management present problems not only from communication present problems not only from communication point of view but from the complete system point of view but from the complete system po t o e but o t e co p ete systepo t o e but o t e co p ete systeintegration point of view.integration point of view.
•• Integration of the existing wireless technology with Integration of the existing wireless technology with •• Integration of the existing wireless technology with Integration of the existing wireless technology with industrial requirements requires custom design and industrial requirements requires custom design and more research.more research.
•• For successful applications of Wireless systems in process For successful applications of Wireless systems in process control application characteristics and limitations must be control application characteristics and limitations must be
2/27/20082/27/2008 1616
ppppdetermined carefully. determined carefully.