Presentation is loading. Please wait.

Presentation is loading. Please wait.

EC312 CANopen mbed Intrusion E. Zivi April 26, 2015

Published byRebecca Hodges Modified over 9 years ago

Similar presentations

Presentation on theme: "EC312 CANopen mbed Intrusion E. Zivi April 26, 2015"— Presentation transcript:

1 EC312 CANopen mbed Intrusion E. Zivi April 26, 2015
References: A CAN Physical Layer Discussion Microchip Application Note AN00228a Controller Area Network (CAN) Implementation Guide Analog Devices Application Note AN-1123 Controller Area Network, CANPRES Version 2.0 , Siemens Microelectronics, Inc., October 98 CAN physical layer ref: Controller Area Network Physical Layer Requirements, TI SLLA270–January 2008 CAN Tutorial, CANopen Introduction, ref: Embedded Networking with CAN and CANopen, by Pfeiffer, Ayre and Keydel CANopen Implementation: Applications to Industrial Networks, by Farsi and Barbosa CAN in Automation,

2 Recall CAN & ISO/OSI Reference Model

3 CAN in Automation (CiA) CANopen & ISO / OSI Reference Models
CiA 301 CANopen Application Layer & Communication Profile CiA 302 CANopen Framework for CANopen Managers & Programmable Devices CiA 4xx Device Profiles CiA 401 Generic I/O Profile CiA 402 Motion Control Profile IEC Programmable Devices Profile Application Not Implemented by CAN or CANopen ISO CAN Data Link Layer ISO CAN Physical Layer High level CAN Protocols implement Application layer and skip the four intervening layers

4 CANopen Device Model All node, network, configuration and process data is stored in the object dictionary in pre-defined locations

5 CAN Lab #4 Functional Block Diagram

6 mbed CAN Transceiver Circuit

7 CAN Physical Vulnerabilities
Damage to CAN physical network termination, signal integrity or continuity can bring down network. Short circuits will kill the network (MIL-STD-1553 avoids this by using coupling transformers) Nodes must stay bit synchronized; one node with the wrong bit rate will kill the system.

8 CAN Logical Link Vulnerabilities
Any node can assert an error condition at any time Highest priority messages can prevent lower priority messages At the CAN Logical Link layers, there are no rules regarding how nodes should interact All nodes are assumed to conform to the specified rules.

9 CANopen Vulnerabilities
It is assumed that all nodes conform to the CANopen rules and conventions. Since CANopen specifies an upper level protocol based on CAN, any CAN node (such as the mbed) can abuse the CANopen rules. There are no CANopen “hall monitors” to “police” the system. Systems integration engineers should ensure that all nodes are compliant with the CANopen standards. (There are standard compliance tests). All nodes are assumed to conform to the CANopen network management specified rules.

10 Mbed Intrusion Lab mbed controls motor, CANopen Magic monitors experiment. mbed intercepts CANopen messages and immediately sends false messages. Duty cycle command reversed (25% becomes 75%) Motor speed data reversed (fast reported as slow) Mbed implements PI feedback control over CAN network. CANopen Magic sends motor speed commands to mbed.

11 mbed_Maxon_steps.cpp Code Snippets
mbed CAN Initialization: can1.frequency(500000);  // set CAN bit rate to 500kbps msg_tx.len = 8;  // set data packet length (8 is default) msg_tx.type = CANData;  // CAN data messages (default) msg_tx.format = CANStandard; // CAN 11 bit message ID ) // PWM duty cycle command to MicroMod msg_tx.id = NODE_micromod+RPDO_2;  mbed CAN Message Transmission: // Send PWM duty cycle sequence as MicroMod RPDO 2 . . . if (can1.write(msg_tx)) // send CAN PWM command to MicroMod    led3 = 0;  // clear transient CAN write error indicator else {    led3 = 1;  // set transient CAN write error indicator    led4 = 1;  // set sticky CAN write error indicator }

12 mbed_in_the_middle.cpp Code Snippets
if(can1.read(msg_rx)) // watch for transmitted msg // MicroMod RPDO 2 PWM duty cycle command? if (msg_rx.id == NODE_micromod+RPDO_2) { // reverse duty cycle msg_rx.data[0] = 0xff-msg_rx.data[0]; if (!can1.write(msg_rx)) // send reversed cmd // MicroMod TPDO 3 tachometer motor speed? } else if (msg_rx.id == NODE_micromod+TPDO_3) { bad_tach = Ain4_max-(msg_rx.data[0] +256*msg_rx.data[1]); if (bad_tach < 0) bad_tach = 0; // lower bound msg_rx.data[0] = 0xff&bad_tach; // load LSB msg_rx.data[1] = bad_tach>>8; // load MSB if (!can1.write(msg_rx)) // send reversed speed . . .

13 mbed_Maxon_PI.cpp Code Snippets
// Configure interrupt for RPDO2 transmission to MicroMod ticker.attach(PI_controller,DELTA_T); // send every DELTA_T void PI_controller() { // calculate & send PI command U = (K*Omega_error+KI*I_error); DUTY = (int)(U*1023.0/5.0); // MicroMod 8-bit duty cycle if (DUTY > 0x00FF) // check upper bound DUTY = 0x00FF; // if necessary, bound else if (DUTY < 0) // check lower bound DUTY = 0; // if necessary, bound else // Calculate integral error if control is not limited I_error = I_error + Omega_error*DELTA_T; // Construct and send RPDO2 MicroMod PWM command msg_tx_MM.data[0] = (char)(DUTY&0xFF); // unsigned 8-bit if(can1.write(msg_tx_MM)) { // send to MicroMod . . .

14 CANopen Magic Sample Trace Windows Part 1:
All CAN Messages: Only Process Data Objects (PDOs) CAN Messages:

15 CANopen Magic Sample Trace Windows Par 2:
MicroMod Node 2 TPDO 3 (Ain4 – Ain7) Messages Only: Mbed Node 3 TPDO 1 CAN Messages to CANopen Magic only:

16 Lab #4 CANopen Magic Graphical User Interface
New Closed Loop Motor Speed Command CAN Messages Performance Expiated Process Data Visual Display New mbed TPDO 1 Trace Window: Messages to CANopen Magic

17 CAN Lab #4 Functional Block Diagram

Download ppt "EC312 CANopen mbed Intrusion E. Zivi April 26, 2015"

Similar presentations

Software setup with PL7 and Sycon V2.8

Software setup with PL7 and Sycon V2.8
Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
Protocol Configuration in Horner OCS

Protocol Configuration in Horner OCS
Overview  CANopen is a CAN-based higher layer protocol. It was developed as a standardized embedded network with highly flexible configuration capabilities.

Overview  CANopen is a CAN-based higher layer protocol. It was developed as a standardized embedded network with highly flexible configuration capabilities.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
© N. Ganesan, Ph.D., All rights reserved. Chapter ISO-OSI Reference Model and IEEE Standards.

© N. Ganesan, Ph.D., All rights reserved. Chapter ISO-OSI Reference Model and IEEE Standards.
CAL (CAN Application Layer) and CANopen J. Novák Czech Technical University in Prague Faculty of Electrical Engineering Department of Measurement.

CAL (CAN Application Layer) and CANopen J. Novák Czech Technical University in Prague Faculty of Electrical Engineering Department of Measurement.
COMT 625 1 Performance of Data Communications Protocols General Protocol Concepts.

COMT Performance of Data Communications Protocols General Protocol Concepts.
CompTIA Network+ Chapter 2

CompTIA Network+ Chapter 2
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
Slide 1 Industrial Automation - Customer View - Training PhW - CANopen_en 02/ 2002 CANopen QUIZ CANopen QUIZ.

Slide 1 Industrial Automation - Customer View - Training PhW - CANopen_en 02/ 2002 CANopen QUIZ CANopen QUIZ.
Intro to Controller Area Networks (CAN) Part 2 of 2, E. Zivi, April 1, 2015 References: 1.A CAN Physical Layer Discussion Microchip Application Note AN00228a.

Intro to Controller Area Networks (CAN) Part 2 of 2, E. Zivi, April 1, 2015 References: 1.A CAN Physical Layer Discussion Microchip Application Note AN00228a.
Chapter 4 : TCP/IP and OSI Business Data Communications, 4e.

Chapter 4 : TCP/IP and OSI Business Data Communications, 4e.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.
Circuit Switching (a) Circuit switching. (b) Packet switching.

Circuit Switching (a) Circuit switching. (b) Packet switching.
Open System Interconnection (OSI) Model

Open System Interconnection (OSI) Model
Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.

Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.
Chapter 2 Network Models.

Chapter 2 Network Models.
Intro to CANopen Networks E. Zivi Nov 6, 2014 References: 1.A CAN Physical Layer Discussion Microchip Application Note AN00228a 2.Controller Area Network.

Intro to CANopen Networks E. Zivi Nov 6, 2014 References: 1.A CAN Physical Layer Discussion Microchip Application Note AN00228a 2.Controller Area Network.

Similar presentations

Ads by Google