Post on 29-Apr-2018
C-‐DAX is funded by the European Union's Seventh Framework Programme (FP7-‐ICT-‐2011-‐8) under grant agreement n° 318708
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids http://www.cdax.eu
Mario Paolone for the C-DAX Consortium IEEE Dynamic Measurements
Working Group July 28th, 2014
C-DAX Project § EC FP7-‐ICT-‐2011-‐8 call project
• C-‐DAX: Cyber-‐secure Data And Control Cloud for power grids
§ DuraQon: 01.10.2012 – 30.09.2015 § Total budget: 4.315.303 Euro § EU-‐funding: 2.931.000 Euro
§ C-‐DAX middleware • Enables smart grid applicaQons to
exchange informaQon • Implements informa/on-‐centric
networking (ICN) paradigm • Supports publish/subscribe
§ Targeted use cases • Real-‐/me state es/ma/on based on
PMU measurements • Future retail energy market (REM)
§ Project coordinaQon: Alcatel-‐Lucent § Project website: h[p://www.cdax.eu
§ Project partners
2 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Publish-Subscribe Basics
§ Basic idea • Decouple data produc/on and
consump/on in space, Qme, and synchronizaQon
• Improve scalability (compared to tradiQonal client-‐server)
§ Core components • Publisher client: produces data • Subscriber client: consumes data • Broker: stores and forwards data • Broker discovery service: tells publishers
and subscribers what broker to use
§ Basic interacQons • Broker discovery • Client join • Data disseminaQon
Publisher
Subscriber
Broker Pub/sub middleware Application
Join message Data
Broker discovery service
Broker
1
1
2
2
3
4
Subscriber Subscriber
4 4
3 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Example: Integrating Different Applications Using the Same Pub/Sub Middleware
§ Examples for topics • SCADA data from RTUs • PMU measurements
§ Benefit of decoupling publishers and subscribers • CommunicaQon partners do not need to know each other • Asynchronous communicaQon possible • FacilitaQng extensibility, management and configurability
4
Publ. A
Pub/sub middleware
Publ. B
Publ. C
Sub. D
Sub. E
Sub. F
Topic 1
Topic 2
Only interested in Topic 1
Only interested in Topic 2
Interested in Topic 1 and Topic 2
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
C-DAX Entities Explained En/ty Func/onality Plane
Client Produce or consume topic data; provides access for SG applicaQons to the C-‐DAX cloud (through an API)
Control & Data
Designated node (DN)
• Provide access for clients to the C-‐DAX cloud (first point of contact)
• DN for publisher (PubDN) and DN for subscriber (SubDN)
Control & data
Data broker (DB)
• Receive topic data from PubDNs and forward them to SubDNs
• Cache topic data
Data
Resolver (RS) Resolves topic names to DBs Control
Security server Provide security-‐related funcQonaliQes to the C-‐DAX cloud, including authenQcaQon, authorizaQon, and key distribuQon
Control
Monitoring / management system
• Gather, aggregate, and forward monitored informaQon in the C-‐DAX cloud
• Management of C-‐DAX network resources
Management
5 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Data Plane
C-DAX Architecture
Control Plane Resolver (RS)
Data Broker (DB)
Security Server
C-DAX Monitoring/ Management System Monitor
Control
C-DAX Communication Platform
Join Join Client
(Publisher) Client
(Subscriber)
Application data to be published
Application data to be consumed
Designated Node (DN)
Designated Node (DN)
6 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Configure
Three Communication Modes
§ Streaming-‐based • Publishers conQnuously send data to DB • Subscribers conQnuously receive data
from DB
§ Query-‐based • Subscriber sends query to message broker • DB returns data matching the query
§ Point-‐to-‐point • Publishers send data directly to
subscribers
§ CommunicaQon modes are set per topic to fit the requirements of the applicaQon, e.g., • Low latency for PMUs
7
Publisher
DB
Subscriber
Publisher Subscriber
DB
Subscriber
Query
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Resilience Concept
§ Topic data should be highly available • Data is stored on two nodes
§ Resilience of the infrastructure • Each system component is replicated
physically • Each criQcal communicaQon path is
divided into § A path during failure free operaQon § AlternaQve path(s) due to failures
§ Three resilience support levels:
8
C-DAX cloud
Subscriber Publisher
DN DN DB
DN DN DB
: Path during failure free operation : Alternative paths due to failures : Synchronization
Level Data loss (during failover)
Data delay (during failover)
Complexity
L1 Y N Low
L2 N Y Middle
L3 N N High
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Security Concept
§ General security requirements • Confiden/ality and integrity
§ End-‐to-‐end security, e.g., IEC 62351 • Availability
§ PrevenQon of a[acks, e.g., DoS a[acks, replay a[acks, spoofing
§ Security features of C-‐DAX • End-‐to-‐end security between C-‐DAX clients • Availability of C-‐DAX infrastructure • Scalable key management mechanism
§ C-‐DAX security raQonale • Strong authenQcaQon of clients and nodes
based on asymmetric cryptography • Symmetric or asymmetric cryptography for
topic data • Minimal trust in underlying infrastructure
§ Nodes do not have to trust each other inside C-‐DAX cloud
§ Clients do not have to trust C-‐DAX cloud for guaranteed end-‐to-‐end security
• Flexible match of security parameters to requirements of use cases, e.g., data rates, latency, confidenQality, integrity
9
Publisher DN DB … Subscriber
Encode AuthenQcate AuthenQcate Decode
SecServ Key distribuQon Key distribuQon
Data Data Data Data
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Domain B Domain A
Inter-Domain Concept
§ Companies • Define C-‐DAX domains • Want to exchange informaQon à Inter-‐domain concept necessary
§ C-‐DAX DN • Provides access for external subscribers to
C-‐DAX cloud • Only point of contact for external
subscribers • Triggers authenQcaQon and authorizaQon
of external clients • Manages external subscripQons • Forwards data from internal nodes to
external clients § External subscribers
• May re-‐publish received informaQon in own domain
§ Inter-‐domain security • DN hides domain’s network • Access from external domains only
allowed through DNs • SecServ of each domain manages
respecQve rights
C-DAX cloud
RS
SecServ
DB DN External subscriber
C-DAX cloud
: Security signaling : Publish/subscribe signaling : Publish/subscribe data transfer
10 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Comparison with Existing Pub/Sub Architectures
Architecture End-‐to-‐End Security
Resilience Message Persistence
Broker-‐based Communica/on
Mode
Direct Communica/on
Mode
C-‐DAX X X X X X
OMG DDS O X X -‐ X
JMS -‐ X X X -‐
NSQ -‐ O -‐ -‐ X
Data Turbine -‐ X X X -‐
ZeroMQ O O -‐ O X
11
X O -‐
: Supported : Partly supported : Not supported / unspecified
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Protocol Adaptation Layer
§ Problem • ExisQng smart grid protocols rely on
bidirecQonal one-‐to-‐one communicaQon, e.g., IEEE C37.118, IEC 61850
• C-‐DAX provides unidirecQonal many-‐to-‐many communicaQon
• C-‐DAX provides a unified pub/sub interface for communicaQon
§ SoluQon • Protocol adaptaQon layer translates
between smart grid protocols and C-‐DAX
§ Benefits for operators • Hardware and sopware compliant to
exisQng standards can be used with C-‐DAX with li[le configuraQon changes
• C-‐DAX can be transparent for legacy hardware and sopware
§ ImplementaQon • Protocol adaptaQon layer for IEEE C37.118
has been implemented and tested
12
PMU/Client/AdaptaQon Layer DN
IP
C37.118
TCP/UDP
C-‐DAX C37.118
IP
TCP/UDP
C-‐DAX
C37.118
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Prototype § Purpose
• ValidaQon of baseline communicaQon funcQonaliQes and basic failure management of C-‐DAX
• ValidaQon of security framework
• ValidaQon of IEEE C37.118 protocol adaptaQon layer
§ Environment • IEEE 34 Bus as power grid
topology • PMU measurement data
provided by EPFL • Virtual Wall network test bed
provided by iMinds • RTSE applicaQon by EPFL
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
13
RTSE LabView
PMU-Bus3 PubClient
PMU-Bus4 PubClient
PMU-Bus7 PubClient
PMU-Bus1 PubClient
PDC Adapter
SubClient
Base Station
Bus1 Bus3 Bus4 Bus7
LAN
Bus7Node Bus4Node Bus3Node
Security Server
Bus1Node
Monitor
Monitor
BaseStation Resolver
Virtual Wall
Laboratory validation
14
PMU PMU PMU PMU
PDC PDC
C-DAX cloud
Real-‐Qme state esQmaQon of the targeted
electrical network
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Real-‐Qme model of the electrical grid
Field Trial
§ Purpose • Deploy C-‐DAX sopware in an exisQng
distribuQon grid • Evaluate applicability of C-‐DAX under
realisQc condiQons • Show-‐case several smart grid applicaQons
using a common pub/sub middleware § Environment
• Distribu/on grid provided by Alliander including a solid and fast IP network
• PMUs provided by NaQonal Instruments • RTSE applicaQon by EPFL • C-‐DAX sopware
§ Time plan • Deployment of PMUs and C-‐DAX sopware:
late 2014 • Scheduled start of field trial: late 2014
§ Alliander’s MS Livelab
§ NaQonal Instruments’ PMU for MV level
15
Source: Alliander N.V.
Source: NaQonal Instruments Sweden
C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Example of latencies (computed)
16 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
CumulaQve distribuQon funcQon of end-‐to-‐end delay for 500kb/s PLC links. Adapted from [K.V. Katsaros, W.K. Chai, N. Wang, G. Pavlou, H. BonQus and M. Paolone, “InformaQon-‐centric networking for machine-‐to-‐machine data delivery: a case study in smart grid applicaQons,” IEEE Network Magazine, vol.28, no.3, pp.58,64, May-‐June 2014]
1. Plain PLC scenario (no opQcal fiber) 2. Hybrid, dmax = 1 (67 sink nodes); 3. Hybrid, dmax = 2 (41 sink nodes); 4. Hybrid, dmax = 3 (30 sink nodes); 5. OpQcal fiber.
Benefits and Features of the C-DAX Architecture
§ General benefits of pub/sub communicaQon § Flexibility and agility for integraQon of emerging smart grid applicaQons
§ Transparent exchange of informaQon § Scalability § Avoid repeated investment in ICT per applicaQon
www.cdax.eu
§ Unique C-‐DAX benefits • Support for inter-‐domain communicaQons
• Support for established smart grid protocols, e.g., IEC 61850, IEC 60870-‐5-‐104, IEEE C37.118
• CombinaQon of advanced features § Cyber-‐secure layer addressing authenQcaQon, privacy, and integrity in end-‐to-‐end fashion
§ Support for streaming, query and point-‐to-‐point communicaQon
§ Resilience • Flexible provisioning strategy
17 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids
Contact
www.cdax.eu
Thank you for your aQen/on! Ques/ons?
Mario Paolone Distributed Electrical Systems Laboratory Swiss Federal InsQtute of Technology of Lausanne Thank you.
18 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids