C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids · A Cyber-Secure Data and Control...

C-‐DAX is funded by the European Union's Seventh Framework Programme (FP7-‐ICT-‐2011-‐8) under grant agreement n° 318708

C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids http://www.cdax.eu

Mario Paolone for the C-DAX Consortium IEEE Dynamic Measurements

Working Group July 28th, 2014

C-DAX Project §  EC FP7-‐ICT-‐2011-‐8 call project

•  C-‐DAX: Cyber-‐secure Data And Control Cloud for power grids

§  DuraQon: 01.10.2012 – 30.09.2015 §  Total budget: 4.315.303 Euro §  EU-‐funding: 2.931.000 Euro

§  C-‐DAX middleware •  Enables smart grid applicaQons to

exchange informaQon •  Implements informa/on-‐centric

networking (ICN) paradigm •  Supports publish/subscribe

§  Targeted use cases •  Real-‐/me state es/ma/on based on

PMU measurements •  Future retail energy market (REM)

§  Project coordinaQon: Alcatel-‐Lucent §  Project website: h[p://www.cdax.eu

§  Project partners

2 C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids

Publish-Subscribe Basics

§  Basic idea •  Decouple data produc/on and

consump/on in space, Qme, and synchronizaQon

•  Improve scalability (compared to tradiQonal client-‐server)

§  Core components •  Publisher client: produces data •  Subscriber client: consumes data •  Broker: stores and forwards data •  Broker discovery service: tells publishers

and subscribers what broker to use

§  Basic interacQons •  Broker discovery •  Client join •  Data disseminaQon

Publisher

Subscriber

Broker Pub/sub middleware Application

Join message Data

Broker discovery service

Broker

1

1

2

2

3

4

Subscriber Subscriber

4 4


Example: Integrating Different Applications Using the Same Pub/Sub Middleware

§  Examples for topics •  SCADA data from RTUs •  PMU measurements

§  Benefit of decoupling publishers and subscribers •  CommunicaQon partners do not need to know each other •  Asynchronous communicaQon possible •  FacilitaQng extensibility, management and configurability

4

Publ. A

Pub/sub middleware

Publ. B

Publ. C

Sub. D

Sub. E

Sub. F

Topic 1

Topic 2

Only interested in Topic 1

Only interested in Topic 2

Interested in Topic 1 and Topic 2

C-‐DAX: A Cyber-‐Secure Data and Control Cloud for Power Grids

C-DAX Entities Explained En/ty Func/onality Plane

Client Produce or consume topic data; provides access for SG applicaQons to the C-‐DAX cloud (through an API)

Control & Data

Designated node (DN)

•  Provide access for clients to the C-‐DAX cloud (first point of contact)

•  DN for publisher (PubDN) and DN for subscriber (SubDN)

Control & data

Data broker (DB)

•  Receive topic data from PubDNs and forward them to SubDNs

•  Cache topic data

Data

Resolver (RS) Resolves topic names to DBs Control

Security server Provide security-‐related funcQonaliQes to the C-‐DAX cloud, including authenQcaQon, authorizaQon, and key distribuQon

Control

Monitoring / management system

•  Gather, aggregate, and forward monitored informaQon in the C-‐DAX cloud

•  Management of C-‐DAX network resources

Management


Data Plane

C-DAX Architecture

Control Plane Resolver (RS)

Data Broker (DB)

Security Server

C-DAX Monitoring/ Management System Monitor

Control

C-DAX Communication Platform

Join Join Client

(Publisher) Client

(Subscriber)

Application data to be published

Application data to be consumed

Designated Node (DN)

Designated Node (DN)


Configure

Three Communication Modes

§  Streaming-‐based •  Publishers conQnuously send data to DB •  Subscribers conQnuously receive data

from DB

§  Query-‐based •  Subscriber sends query to message broker •  DB returns data matching the query

§  Point-‐to-‐point •  Publishers send data directly to

subscribers

§  CommunicaQon modes are set per topic to fit the requirements of the applicaQon, e.g., •  Low latency for PMUs

7

Publisher

DB

Subscriber

Publisher Subscriber

DB

Subscriber

Query


Resilience Concept

§  Topic data should be highly available •  Data is stored on two nodes

§  Resilience of the infrastructure •  Each system component is replicated

physically •  Each criQcal communicaQon path is

divided into §  A path during failure free operaQon §  AlternaQve path(s) due to failures

§  Three resilience support levels:

8

C-DAX cloud

Subscriber Publisher

DN DN DB

DN DN DB

: Path during failure free operation : Alternative paths due to failures : Synchronization

Level Data loss (during failover)

Data delay (during failover)

Complexity

L1 Y N Low

L2 N Y Middle

L3 N N High


Security Concept

§  General security requirements •  Confiden/ality and integrity

§  End-‐to-‐end security, e.g., IEC 62351 •  Availability

§  PrevenQon of a[acks, e.g., DoS a[acks, replay a[acks, spoofing

§  Security features of C-‐DAX •  End-‐to-‐end security between C-‐DAX clients •  Availability of C-‐DAX infrastructure •  Scalable key management mechanism

§  C-‐DAX security raQonale •  Strong authenQcaQon of clients and nodes

based on asymmetric cryptography •  Symmetric or asymmetric cryptography for

topic data •  Minimal trust in underlying infrastructure

§  Nodes do not have to trust each other inside C-‐DAX cloud

§  Clients do not have to trust C-‐DAX cloud for guaranteed end-‐to-‐end security

•  Flexible match of security parameters to requirements of use cases, e.g., data rates, latency, confidenQality, integrity

9

Publisher DN DB … Subscriber

Encode AuthenQcate AuthenQcate Decode

SecServ Key distribuQon Key distribuQon

Data Data Data Data


Domain B Domain A

Inter-Domain Concept

§  Companies •  Define C-‐DAX domains •  Want to exchange informaQon à Inter-‐domain concept necessary

§  C-‐DAX DN •  Provides access for external subscribers to

C-‐DAX cloud •  Only point of contact for external

subscribers •  Triggers authenQcaQon and authorizaQon

of external clients •  Manages external subscripQons •  Forwards data from internal nodes to

external clients §  External subscribers

•  May re-‐publish received informaQon in own domain

§  Inter-‐domain security •  DN hides domain’s network •  Access from external domains only

allowed through DNs •  SecServ of each domain manages

respecQve rights

C-DAX cloud

RS

SecServ

DB DN External subscriber

C-DAX cloud

: Security signaling : Publish/subscribe signaling : Publish/subscribe data transfer


Comparison with Existing Pub/Sub Architectures

Architecture End-‐to-‐End Security

Resilience Message Persistence

Broker-‐based Communica/on

Mode

Direct Communica/on

Mode

C-‐DAX X X X X X

OMG DDS O X X -‐ X

JMS -‐ X X X -‐

NSQ -‐ O -‐ -‐ X

Data Turbine -‐ X X X -‐

ZeroMQ O O -‐ O X

11

X O -‐

: Supported : Partly supported : Not supported / unspecified


Protocol Adaptation Layer

§  Problem •  ExisQng smart grid protocols rely on

bidirecQonal one-‐to-‐one communicaQon, e.g., IEEE C37.118, IEC 61850

•  C-‐DAX provides unidirecQonal many-‐to-‐many communicaQon

•  C-‐DAX provides a unified pub/sub interface for communicaQon

§  SoluQon •  Protocol adaptaQon layer translates

between smart grid protocols and C-‐DAX

§  Benefits for operators •  Hardware and sopware compliant to

exisQng standards can be used with C-‐DAX with li[le configuraQon changes

•  C-‐DAX can be transparent for legacy hardware and sopware

§  ImplementaQon •  Protocol adaptaQon layer for IEEE C37.118

has been implemented and tested

12

PMU/Client/AdaptaQon Layer DN

IP

C37.118

TCP/UDP

C-‐DAX C37.118

IP

TCP/UDP

C-‐DAX

C37.118


Prototype §  Purpose

•  ValidaQon of baseline communicaQon funcQonaliQes and basic failure management of C-‐DAX

•  ValidaQon of security framework

•  ValidaQon of IEEE C37.118 protocol adaptaQon layer

§  Environment •  IEEE 34 Bus as power grid

topology •  PMU measurement data

provided by EPFL •  Virtual Wall network test bed

provided by iMinds •  RTSE applicaQon by EPFL


13

RTSE LabView

PMU-Bus3 PubClient

PMU-Bus4 PubClient

PMU-Bus7 PubClient

PMU-Bus1 PubClient

PDC Adapter

SubClient

Base Station

Bus1 Bus3 Bus4 Bus7

LAN

Bus7Node Bus4Node Bus3Node

Security Server

Bus1Node

Monitor

Monitor

BaseStation Resolver

Virtual Wall

Laboratory validation

14

PMU PMU PMU PMU

PDC PDC

C-DAX cloud

Real-‐Qme state esQmaQon of the targeted

electrical network


Real-‐Qme model of the electrical grid

Field Trial

§  Purpose •  Deploy C-‐DAX sopware in an exisQng

distribuQon grid •  Evaluate applicability of C-‐DAX under

realisQc condiQons •  Show-‐case several smart grid applicaQons

using a common pub/sub middleware §  Environment

•  Distribu/on grid provided by Alliander including a solid and fast IP network

•  PMUs provided by NaQonal Instruments •  RTSE applicaQon by EPFL •  C-‐DAX sopware

§  Time plan •  Deployment of PMUs and C-‐DAX sopware:

late 2014 •  Scheduled start of field trial: late 2014

§  Alliander’s MS Livelab

§  NaQonal Instruments’ PMU for MV level

15

Source: Alliander N.V.

Source: NaQonal Instruments Sweden


Example of latencies (computed)


CumulaQve distribuQon funcQon of end-‐to-‐end delay for 500kb/s PLC links. Adapted from [K.V. Katsaros, W.K. Chai, N. Wang, G. Pavlou, H. BonQus and M. Paolone, “InformaQon-‐centric networking for machine-‐to-‐machine data delivery: a case study in smart grid applicaQons,” IEEE Network Magazine, vol.28, no.3, pp.58,64, May-‐June 2014]

1. Plain PLC scenario (no opQcal fiber) 2. Hybrid, dmax = 1 (67 sink nodes); 3. Hybrid, dmax = 2 (41 sink nodes); 4. Hybrid, dmax = 3 (30 sink nodes); 5. OpQcal fiber.

Benefits and Features of the C-DAX Architecture

§  General benefits of pub/sub communicaQon §  Flexibility and agility for integraQon of emerging smart grid applicaQons

§  Transparent exchange of informaQon §  Scalability §  Avoid repeated investment in ICT per applicaQon

www.cdax.eu

§  Unique C-‐DAX benefits •  Support for inter-‐domain communicaQons

•  Support for established smart grid protocols, e.g., IEC 61850, IEC 60870-‐5-‐104, IEEE C37.118

•  CombinaQon of advanced features §  Cyber-‐secure layer addressing authenQcaQon, privacy, and integrity in end-‐to-‐end fashion

§  Support for streaming, query and point-‐to-‐point communicaQon

§  Resilience •  Flexible provisioning strategy


Contact

www.cdax.eu

Thank you for your aQen/on! Ques/ons?

Mario Paolone Distributed Electrical Systems Laboratory Swiss Federal InsQtute of Technology of Lausanne Thank you.


C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids · A Cyber-Secure Data and Control...

Documents

Transcript of C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids · A Cyber-Secure Data and Control...