C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids

Slides:



Advertisements
Similar presentations
OneM2M Technical Requirements - Driven by EU BUTLER and IEEE PAC - Group Name: WG1 (REQ) Source: Friedbert Berens, FBConsulting Sarl,
Advertisements

Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.
ACTS Programme M obile I ntelligent A gents for M anaging the Information I nfrastructure ACTS Programme AC338.
C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT ) under grant agreement n° C-DAX: A Cyber-Secure Data and Control.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
COPYRIGHT © 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Marcel Mampaey, C-DAX Project Coordinator November 8 th, 2012 Cyber-secure Data And Control Cloud.
August 8, 2015ECI Confidential. AccessWave Smart Grid Market Trends& Applications Matthias Nass VP Field Marketing EMEA.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.
IP-Based Emergency Applications and Services for Next Generation Networks PEACE Presented by Suji Gunaratne PhD.
Cloud Computing 1. Outline  Introduction  Evolution  Cloud architecture  Map reduce operation  Platform 2.
Client Server Technologies Middleware Technologies Ganesh Panchanathan Alex Verstak.
DOCUMENT #:GSC15-PLEN-53 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.11 CONTACT(S):Emmanuel Darmois, Board Member Marylin Arndt, TC M2M chair Smart.
Integration Broker PeopleTools Integration Broker Steps –Introduction & terminologies –Application Server PUB/SUB services (Application Server)
C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT ) under grant agreement n° An information-centric approach for.
TESTBED FOR FUTURE INTERNET SERVICES TEFIS at the EU-Canada Future Internet Workshop, March Annika Sällström – Botnia Living Lab at Centre for.
The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE Interface to the network and Devices Chapter.
C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT ) under grant agreement n° Real time grid monitoring and control.
March 2004 At A Glance NASA’s GSFC GMSEC architecture provides a scalable, extensible ground and flight system approach for future missions. Benefits Simplifies.
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.
AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.
Deploying Highly Available SAP in the Cloud
Appendix B Advanced Topics in Exchange Server 2010.
XtreemOS IP project is funded by the European Commission under contract IST-FP Scientific coordinator Christine Morin, INRIA Presented by Ana.
Distributed Systems Architectures Chapter 12. Objectives  To explain the advantages and disadvantages of different distributed systems architectures.
IP Security
Eric Peirano, Ph.D., TECHNOFI, COO
Chapter 1 Characterization of Distributed Systems
IPSecurity.
Eric Peirano, Ph.D., TECHNOFI, COO
Resource subscription using DDS in oneM2M
Roles and Boundaries – 1/2
Distributed Mobility Management for Future 5G Networks : Overview and Analysis of Existing Approaches IEEE Wireless Communications January 2015 F. Giust,
University of Maryland College Park
Slicer: Auto-Sharding for Datacenter Applications
Possible options of using DDS in oneM2M
Information Collection and Presentation Enriched by Remote Sensor Data
SECURING NETWORK TRAFFIC WITH IPSEC
Securing the Network Perimeter with ISA 2004
5G: What Architecture to Serve Vertical Industries?
A Framework for Object-Based Event Composition in Distributed Systems
An ETP Studentship with University of Strathclyde and TNO (NL)
Peer-to-peer networking
Module 8: Securing Network Traffic by Using IPSec and Certificates
NOBEL GRID & WISEGRID projects - Clean energy for All
GRID COMPUTING PRESENTED BY : Richa Chaudhary.
#01 Client/Server Computing
Management of Virtual Execution Environments 3 June 2008
Chapter 1: WAN Concepts Connecting Networks
Cloud Testing Shilpi Chugh.
Sukumara T, Janne S, Kishan SG, Harish G, Eashwar / Presented to CIGRE Colloquium, Mysore, Cyber Security - Secure communication design for.
Mobile Agents.
Specialized Cloud Mechanisms
IS4680 Security Auditing for Compliance
Architectures of distributed systems Fundamental Models
Chapter 17: Client/Server Computing
Module 8: Securing Network Traffic by Using IPSec and Certificates
Cloud-Enabling Technology
Introduction to Network Security
The Anatomy and The Physiology of the Grid
Cyber Security of SCADA Systems Remote Terminal Units (RTU)
Architectures of distributed systems Fundamental Models
Windows Azure Hybrid Architectures and Patterns
TELE3119: Trusted Networks Week 10
Topic 12: Virtual Private Networks
#01 Client/Server Computing
Presentation transcript:

C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids Michael Menth

C-DAX Project EC FP7-ICT-2011-8 call project C-DAX: Cyber-secure Data And Control Cloud for power grids Duration: 2012-10-01 –2015-09-30 Total budget: 4,315,303 Euro EU-funding: 2,931,000 Euro C-DAX middleware Enables smart grid applications to exchange information securely Implements information-centric networking (ICN) paradigm Supports publish/subscribe across different administrative domains Project coordination: iMinds Project website: http://www.cdax.eu Project partners SCADA: Supervisory control and data acquisition M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Smart Grid Context Multiple applications Multiple actors Energy Data Services Nederland E-Mobility Service Provider Produce EV charging data Consume EV charging data Consume smart meter data Produce smart meter data Consume monitoring data Produce monitoring data Multiple applications Multiple actors Multitude of communicating devices Limited human intervention High configuration / management complexity M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Use Cases PMU-based real-time state estimation, MV Smart charging Consume smart meter data Publish smart meter data Smart meter topic Use Cases Publish EV charging data Consume EV charging data EV charging topic Consume monitoring data Monitoring topic Publish monitoring data Energy Data Services Nederland E-Mobility Service Provider PMU-based real-time state estimation, MV Smart charging Future retail energy market (REM) Telecontrol (SCADA) M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

One Platform, Multiple Applications Publ. A Sub. D Pub/sub middleware Publ. B Topic 1 Only interested in Topic 1 Sub. E Publ. C Topic 2 Only interested in Topic 2 Examples for topics SCADA data from remote terminal units (RTUs) Phasor measurement unit (PMU) measurements Benefit of decoupling publishers and subscribers Communication partners do not need to know each other Asynchronous communication possible Facilitating extensibility, management and configurability SCADA: RTU: Remote Terminal Units PMU: Phasor Measurement Units Sub. F Interested in Topic 1 and Topic 2 M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

C-DAX Communication Platform C-DAX cloud Security Server (SecServ) C-DAX Monitoring/ Management System Monitor Control Resolver Client (Publisher) Client (Subscriber) SG application data to be published data to be consumed Designated Node (DN) Data Broker (DB) Designated Node (DN) : Control plane communication : Data plane communication M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Resilience Support Levels: Overview Topic data should be highly available Data is stored on two nodes Resilience of the infrastructure Each system component is replicated physically Each critical communication path is divided into A path during failure free operation Alternative path(s) due to failures Four resilience support levels: Level Data loss (during failover) Data delay Complexity L0 Y Low L1 N L2 Middle L3 High : Path during failure free operation : Alternative paths due to failures : Synchronization C-DAX cloud DN DB DN Subscriber Publisher DN DB DN Michael Hoefling, Florian Heimgaertner, Michael Menth, Konstantinos V. Katsaros, Paolo Romano, Lorenzo Zanni, and George Kamel: Enabling Resilient Smart Grid Communication over the Information-Centric C-DAX Middleware, in Proceedings of the ITG/GI International Conference on Networked Systems (NetSys 2015), March 2015, Cottbus, Germany M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Security Enhancements General Security Requirements Confidentiality and integrity End-to-end security, e.g., IEC 62351 Availability Prevention of attacks, e.g., DoS attacks, replay attacks, spoofing C-DAX Security Rationale Strong authentication of clients and nodes based on asymmetric cryptography Asymmetric cryptography for C-DAX control Symmetric cryptography for topic data Minimal trust in underlying infrastructure Nodes do not have to trust each other inside C-DAX cloud Clients do not have to trust C-DAX cloud for guaranteed end-to-end security Flexible match of security parameters to requirements of use cases, e.g., data rates, latency, confidentiality, integrity Security Features of C-DAX End-to-end confidentiality and integrity between C-DAX clients Availability of C-DAX infrastructure through resilience and limited exposure through DNs Scalable key management mechanism IEC 62351: Sicherheitsstandard für SCADA (IEC 60870-5, IEC 61850) Was ist guaranteed end-to-end security? = confidential Florian Heimgaertner, Michael Hoefling, Barbara Vieira, Erik Poll, and Michael Menth: A Security Architecture for the Publish/Subscribe C-DAX Middleware, in Proceedings of the IEEE International Workshop on Security and Privacy for Internet of Things and Cyber-Physical Systems (IoT/CPS-Security 2015) collocated with the IEEE International Conference on Communications (ICC 2015), June 2015, London, UK M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Interworking with IEEE/IEC Protocols Problem Existing smart grid protocols rely on bidirectional one-to-one communication, e.g., IEEE C37.118, IEC 61850 C-DAX provides unidirectional many-to-many communication Solution Protocol adaptation layer translates between smart grid protocols and C-DAX C-DAX becomes compatible with existing standards Benefits for Operators Hardware and software compliant to existing standards can be used with C-DAX with little configuration changes PMU/Client/Adaptation Layer DN IP C37.118 TCP/UDP C-DAX Proof-of-Concept Implementation Protocol adaptation layer for IEEE C37.118 has been implemented and tested Will be used in the field trial PDC: Phasor Data Concentrators Michael Hoefling, Florian Heimgaertner, Daniel Fuchs, Michael Menth, Paolo Romano, Teklemariam Tesfay, Mario Paolone, Jimmie Adolph, and Vidar Gronas: Integration of IEEE C37.118 and Publish/Subscribe Communication, in Proceedings of the IEEE International Conference on Communications (ICC 2015), June 2015, London, UK M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Transparent IP-Tunneling Mode Motivation Support legacy protocols in C-DAX Avoid implementation effort for application specific adapter clients Re-use C-DAX communication and security infrastructure Solution Map point-to-point communication to topic-based communication One topic per tunnel direction Encapsulate IP packets into C-DAX messages Proof-of-Concept Implementation Transparent IP-tunneling adapter Uses virtual network interfaces (Linux tun/tap interface) IP packets are handled by user-space application (C-DAX client and tunnel adapter) C-DAX cloud 10.0.0.1 10.0.0.2 Tunnel-adapter Topic tun_west Topic tun_east C-DAX client Legacy application M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Field Trial Purpose Deploy C-DAX software in an existing distribution grid Evaluate applicability of C-DAX under realistic conditions Show-case several smart grid applications using a common pub/sub middleware Environment MV feeder provided by Alliander Leased IP network PMUs provided by National Instruments RTSE application by EPFL PQ application by National Instruments C-DAX software Time plan Deployment of PMUs and C-DAX software: Q3 2015 Scheduled start of field trial: Q3 2015 PMU installation at secondary substation of Alliander Alliander’s MS Livelab National Instruments’ PMU for MV level Source: Alliander N.V. Source: Alliander N.V. PQ: Power Quality (=Messmethode) Aus dieser Folie geht zu wenig über den field trial hervor. Was wird eigentlich implementiert? Was macht der use case? Kann man das aufmalen? Source: National Instruments Sweden M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Contact Prof. Dr. habil. Michael Menth Full professor (Principal investigator for the University of Tuebingen within C-DAX) University of Tuebingen Chair of Communication Networks Sand 13, 72076 Tuebingen, Germany Telephone: +49-(0)7071/29-70505 E-Mail: menth@uni-tuebingen.de http://kn.inf.uni-tuebingen.de/staff/menth Dipl.-Inform. Michael Hoefling, M.Sc. Researcher, PhD student (Work package leader for work package “Validation and Performance Evaluation”) University of Tuebingen Chair of Communication Networks Sand 13, 72076 Tuebingen, Germany Telephone: +49-(0)7071/29-70507 E-Mail: hoefling@uni-tuebingen.de http://kn.inf.uni-tuebingen.de/staff/hoefling www.cdax.eu M. Menth: "C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids", ICNRG@IETF93, 2015

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.