Security Issues and Quality of Service in Security Issues and Quality of Service in y Q yy Q yReal Time Wireless PLC/SCADA Process Real Time Wireless PLC/SCADA Process

Control SystemsControl SystemsControl Systems Control Systems

Dr. Halit Eren & Dincer HatipogluDr. Halit Eren & Dincer HatipogluCurtin University of TechnologyCurtin University of Technology

(Perth (Perth –– Australia)Australia)

2/27/20082/27/2008 11

PRESENTATIONPRESENTATION

•• Current state of wireless sensor networksCurrent state of wireless sensor networks

•• Technological issues on the wireless sensor deployment Technological issues on the wireless sensor deployment in industrial applicationsin industrial applicationsin industrial applicationsin industrial applications

•• Security and management of large networksSecurity and management of large networks

•• Case studyCase study

•• ConclusionsConclusions

2/27/20082/27/2008 22

Definitions:Definitions:

•• Wireless sensor network (WSN)Wireless sensor network (WSN) is a computer is a computer network consisting of spatially distributed network consisting of spatially distributed g p yg p yautonomous devices using sensors to autonomous devices using sensors to cooperatively monitor physical or environmental cooperatively monitor physical or environmental conditions such as temperature sound vibration conditions such as temperature sound vibration conditions, such as temperature, sound, vibration, conditions, such as temperature, sound, vibration, motion or pollutants, at different locations. motion or pollutants, at different locations. (Wikipedia,2008).(Wikipedia,2008).

•• Quality of Service:Quality of Service: The ability of a network (including The ability of a network (including applications hosts and infrastructure devices) to deliverapplications hosts and infrastructure devices) to deliverapplications, hosts, and infrastructure devices) to deliver applications, hosts, and infrastructure devices) to deliver traffic with minimum delay and maximum availability.traffic with minimum delay and maximum availability.

2/27/20082/27/2008 33

There are a few types of wireless sensor networks:There are a few types of wireless sensor networks:–– Personal Area Networks (PANs)Personal Area Networks (PANs)

L l N k (LAN ) L l N k (LAN ) –– Local area Networks (LANs) Local area Networks (LANs) –– Mobile networks such as cellular networksMobile networks such as cellular networks–– Extended LANs and Metropolitan (MAN) networksExtended LANs and Metropolitan (MAN) networksExtended LANs and Metropolitan (MAN) networksExtended LANs and Metropolitan (MAN) networks–– Telemetry, ultraTelemetry, ultra--long distance, satellites, etc.long distance, satellites, etc.

4G

2007

2006 Standard UWB

UWB wireless

3GHigh rate and Switched WiFi

WiMax 802.16e

2005

2004

Bluetooth 2.0

Proprietary UWB

WiFi 802.11QoS, Security 2G

2.5G

WiMax 802.16a

WiMax 802.16d

2004

2003Bluetooth 1.1

ZigBee

WiFi 802.11a/b/g

1G

1.5G

2G

WiMax 802.16

WiMax 802.16c

WiMax 802.16a

2/27/20082/27/2008 44

2002

PAN LAN Cellular MAN

1G WiMax 802.16

S2

S1S3

S5

S9S3

S1

S4

S5S8

S9

S6

S7S2

S6 S9

S8

S7S8 S1

ENTEPRIZE NETWORK

Process Bus

PROCESSES

Sensor Bus

2/27/20082/27/2008 55

Concerns of the industryConcerns of the industry

•• SecuritySecurity is a major concern. Connecting a control is a major concern. Connecting a control system to web aggravates the concern. There have system to web aggravates the concern. There have been cases of attacks that impacted control been cases of attacks that impacted control been cases of attacks that impacted control been cases of attacks that impacted control systems. (Encryption, frequency hopping, coding, systems. (Encryption, frequency hopping, coding, etc.)etc.)

•• Robustness, reliability and safetyRobustness, reliability and safety are major are major concerns. Failure of control systems can not be concerns. Failure of control systems can not be yytolerable. tolerable.

•• Industrial espionage and cyberIndustrial espionage and cyber terrorismterrorism•• Industrial espionage and cyberIndustrial espionage and cyber--terrorismterrorism

•• Level of Quality of serviceLevel of Quality of service

2/27/20082/27/2008 66

Q yQ y

PLCsPLCs

P bl L i C t ll (PLC ) t i lP bl L i C t ll (PLC ) t i l•• Programmable Logic Controllers (PLCs) are extensively Programmable Logic Controllers (PLCs) are extensively used and play important role in monitoring and used and play important role in monitoring and controlling operations.controlling operations.g pg p

•• Modern PLCs are use communications ports such as the Modern PLCs are use communications ports such as the RS232, RS485, usb, Ethernet. RS232, RS485, usb, Ethernet. , , ,, , ,

•• PLCs transfer realPLCs transfer real--time data to the system. time data to the system.

•• Programming of PLCs is easy and effective coupled with Programming of PLCs is easy and effective coupled with the SCADA systemsthe SCADA systemsthe SCADA systems. the SCADA systems.

•• Most PLC control systems are based on wiredMost PLC control systems are based on wired

2/27/20082/27/2008 77

Most PLC control systems are based on wired Most PLC control systems are based on wired communication networks. communication networks.

SCADASCADA

•• Supervisory Control and Data Acquisition (SCADA) is a Supervisory Control and Data Acquisition (SCADA) is a term adopted by the process control industry to describe term adopted by the process control industry to describe a collection of computers, sensors and other equipment a collection of computers, sensors and other equipment suitably interfaced in order to monitor and control suitably interfaced in order to monitor and control processes. processes.

•• Remote Terminal Units (RTUs) provide a Human Remote Terminal Units (RTUs) provide a Human Machine Interface (HMI) using Graphic User Interface Machine Interface (HMI) using Graphic User Interface (GUI) Operators at the central stations are familiar with(GUI) Operators at the central stations are familiar with(GUI). Operators, at the central stations are familiar with (GUI). Operators, at the central stations are familiar with HMI software for the display of information coming from HMI software for the display of information coming from the sensors and transducers and other field device and the sensors and transducers and other field device and they control of the process by using HMIthey control of the process by using HMIthey control of the process by using HMI.they control of the process by using HMI.

•• Data Storage is easy thus giving historical information Data Storage is easy thus giving historical information

2/27/20082/27/2008 88

about the performance of a particular sensor node about the performance of a particular sensor node

Case studyCase study

A i l t k ith 20 PLC/SCADA f d L lA i l t k ith 20 PLC/SCADA f d L l•• A wireless network with 20 PLC/SCADA formed a Local A wireless network with 20 PLC/SCADA formed a Local Area Network, LAN. Area Network, LAN.

•• The link between PLCs and SCADA is based on OMRON The link between PLCs and SCADA is based on OMRON Factory Intelligent Network Services (FINS) Gateway. Factory Intelligent Network Services (FINS) Gateway.

•• FinsGateway allows instructions from one network to FinsGateway allows instructions from one network to another regardless of the protocol used on the networkanother regardless of the protocol used on the networkanother, regardless of the protocol used on the network. another, regardless of the protocol used on the network.

•• FINS Commands are defined in the application level andFINS Commands are defined in the application level andFINS Commands are defined in the application level and FINS Commands are defined in the application level and do not depend on lower levels hence can be used across do not depend on lower levels hence can be used across a variety of networks and CPU buses, specifically with a variety of networks and CPU buses, specifically with Ethernet Controller Link and Host Link networks andEthernet Controller Link and Host Link networks and

2/27/20082/27/2008 99

Ethernet, Controller Link, and Host Link networks, and Ethernet, Controller Link, and Host Link networks, and between CPU Units and CPU Bus Units.between CPU Units and CPU Bus Units.

System configurationSystem configuration

i d fi ii d fi i 20 d 20 CS20 d 20 CS•• Wired configuration:Wired configuration: 20 computers and 20 PLCS 20 computers and 20 PLCS communicate by Ethernetcommunicate by Ethernet

•• Any computer can access any PLCAny computer can access any PLCAny computer can access any PLCAny computer can access any PLC•• Computers communicate among themselves (but not PLCs)Computers communicate among themselves (but not PLCs)

•• Wireless configuration:Wireless configuration: Any computer can access anyAny computer can access any

2/27/20082/27/2008 1010

•• Wireless configuration:Wireless configuration: Any computer can access any Any computer can access any PLC wirelessly PLC wirelessly

Experimental procedureExperimental procedure

•• Communication system was based on IEEE 802.11 Communication system was based on IEEE 802.11 d d Wid d Wi FiFistandards Wistandards Wi--Fi. Fi.

•• The nodes were equipped with wireless Ethernet using The nodes were equipped with wireless Ethernet using

2/27/20082/27/2008 1111

q pp gq pp gRSRS--232 ports based on Cisco Airnet 1200.232 ports based on Cisco Airnet 1200.

•• PLC, SCADA and Wireless Network were integrated and PLC, SCADA and Wireless Network were integrated and ready to run the simulation of a Car Washing Process. ready to run the simulation of a Car Washing Process. The simulation could be operated by the PLC as well asThe simulation could be operated by the PLC as well asThe simulation could be operated by the PLC as well as The simulation could be operated by the PLC as well as from the control buttons on the HMI terminal. from the control buttons on the HMI terminal.

2/27/20082/27/2008 1212

ResultsResults

•• When the distance between the Access point and the When the distance between the Access point and the wireless client was 10m the signal strength was wireless client was 10m the signal strength was

2/27/20082/27/2008 1313

measured as 92% with the response time of 2ms.measured as 92% with the response time of 2ms.

•• When the distance between the Access point and the When the distance between the Access point and the ppwireless client was 50m the signal strength was wireless client was 50m the signal strength was measured as with an inconsistent the response time. It measured as with an inconsistent the response time. It was noted that after 600ms the connection droppedwas noted that after 600ms the connection dropped

2/27/20082/27/2008 1414

was noted that after 600ms the connection dropped was noted that after 600ms the connection dropped

•• When the connection has dropped out, the tags in the When the connection has dropped out, the tags in the output file did not match the tags results of the base file. output file did not match the tags results of the base file. p gp g

•• When the laptop was moved few meters towards the When the laptop was moved few meters towards the hh bl h dbl h dAccess Point, the connection was reAccess Point, the connection was re--established. established.

•• However after the reHowever after the re establishing connectivity theestablishing connectivity the•• However, after the reHowever, after the re--establishing connectivity the establishing connectivity the SCADA simulation did not run without reSCADA simulation did not run without re--initializing the initializing the FinsGateway services. When the error on the FinsGateway services. When the error on the FinsGateway was cleared the application restarted. FinsGateway was cleared the application restarted.

•• Restoring the FinsGateway services was about 30sRestoring the FinsGateway services was about 30s•• Restoring the FinsGateway services was about 30s, Restoring the FinsGateway services was about 30s, which may be unacceptable in industrial applications.which may be unacceptable in industrial applications.

2/27/20082/27/2008 1515

•• Recovery (selfRecovery (self--healing) of system is possible.healing) of system is possible.

ConclusionsConclusions

•• Wireless industrial systems exist but not common.Wireless industrial systems exist but not common.

•• Security, reliability, and network management Security, reliability, and network management present problems not only from communication present problems not only from communication point of view but from the complete system point of view but from the complete system po t o e but o t e co p ete systepo t o e but o t e co p ete systeintegration point of view.integration point of view.

•• Integration of the existing wireless technology with Integration of the existing wireless technology with •• Integration of the existing wireless technology with Integration of the existing wireless technology with industrial requirements requires custom design and industrial requirements requires custom design and more research.more research.

•• For successful applications of Wireless systems in process For successful applications of Wireless systems in process control application characteristics and limitations must be control application characteristics and limitations must be

2/27/20082/27/2008 1616

ppppdetermined carefully. determined carefully.