180 likes | 375 Views
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids. C-DAX Consortium. C-DAX Project. EC FP7-ICT-2011-8 call project C-DAX: Cyber-secure Data And Control Cloud for power grids Duration: 01.10.2012 – 30.09.2015 Total budget: 4.315.303 Euro EU-funding: 2.931.000 Euro
E N D
C-DAX:A Cyber-Secure Data and Control Cloud for Power Grids C-DAX Consortium
C-DAX Project • EC FP7-ICT-2011-8 call project • C-DAX: Cyber-secure Data And Control Cloud for power grids • Duration: 01.10.2012 – 30.09.2015 • Total budget: 4.315.303 Euro • EU-funding: 2.931.000 Euro • C-DAX middleware • Enables smart grid applications to exchange information securely • Implements information-centric networking (ICN) paradigm • Supports publish/subscribe across different administrative domains • Targeted use cases • Future retail energy market (REM) • Real-time state estimation based on PMU measurements • Project coordination: Alcatel-Lucent • Project website: http://www.cdax.eu • Project partners C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Targeted use case with PMU-PDC real-time app C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Publish-Subscribe Basics Publisher • Basic idea • Decouple data production and consumption in space, time, and synchronization • Improve scalability (compared to traditional client-server) • Core components • Publisher client: produces data • Subscriber client: consumes data • Broker: stores and forwards data • Broker discovery service: tells publishers and subscribers what broker to use • Basic interactions • Broker discovery • Client join • Data dissemination 1 3 2 Broker discovery service Broker Pub/sub middleware Application Broker 4 4 4 2 1 Join message Data Subscriber Subscriber Subscriber C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Example: Integrating Different Applications (Within the Same or Different Administrative Domains) Using the Same Pub/Sub Middleware • Examples for topics • SCADA data from RTUs • PMU measurements • Benefit of decoupling publishers and subscribers • Communication partners do not need to know each other • Asynchronous communication possible • Facilitating extensibility, management and configurability Pub/sub middleware Publ. A Publ. B Publ. C Sub. D Sub. E Sub. F Only interested in Topic 1 Topic 1 Topic 2 Only interested in Topic 2 Interested in Topic 1 and Topic 2 C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
C-DAX Entities Explained C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
C-DAX Architecture C-DAX Monitoring/ Management System Monitor C-DAX Communication Platform Control Control Plane Resolver (RS) Security Server Designated Node (DN) Data Broker (DB) Client (Publisher) Client (Subscriber) Join Join Configure SG application data to be published SG application data to be consumed Designated Node (DN) Data Plane C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Three Communication Modes • Streaming-based • Publishers continuously send data to DB • Subscribers continuously receive data from DB • Query-based • Subscriber sends query to message broker • DB returns data matching the query • Point-to-point • Publishers send data directly to subscribers • Communication modes are set per topic to fit the requirements of the application, e.g., • Low latency for PMUs • Improved scalability for retail energy markets Publisher Subscriber Publisher Subscriber Subscriber Query DB DB C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Resilience Concept • Topic data should be highly available • Data is stored on two nodes • Resilience of the infrastructure • Each system component is replicated physically • Each critical communication path is divided into • A path during failure free operation • Alternative path(s) due to failures • Three resilience support levels: C-DAX cloud Subscriber Publisher DB DB DN DN DN DN : Path during failure free operation : Alternative paths due to failures : Synchronization C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Security Concept • General security requirements • Confidentiality and integrity • End-to-end security, e.g., IEC 62351 • Availability • Prevention of attacks, e.g., DoS attacks, replay attacks, spoofing • Security features of C-DAX • End-to-end security between C-DAX clients • Availability of C-DAX infrastructure • Scalable key management mechanism • C-DAX security rationale • Strong authentication of clients and nodes based on asymmetric cryptography • Symmetric or asymmetric cryptography for topic data • Minimal trust in underlying infrastructure • Nodes do not have to trust each other inside C-DAX cloud • Clients do not have to trust C-DAX cloud for guaranteed end-to-end security • Flexible match of security parameters to requirements of use cases, e.g., data rates, latency, confidentiality, integrity Publisher Subscriber DN Key distribution Key distribution SecServ DB … Data Data Data Data Encode Decode Authenticate Authenticate C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Inter-Domain Concept Domain B Domain A C-DAX cloud • Companies • Define C-DAX domains • Want to exchange information Inter-domain concept necessary • C-DAX DN • Provides access for external subscribers to C-DAX cloud • Only point of contact for external subscribers • Triggers authentication and authorization of external clients • Manages external subscriptions • Forwards data from internal nodes to external clients • External subscribers • May re-publish received information in own domain • Inter-domain security • DN hides domain’s network • Access from external domains only allowed through DNs • SecServ of each domain manages respective rights C-DAX cloud RS SecServ Externalsubscriber DB DN : Security signaling : Publish/subscribe signaling : Publish/subscribe data transfer C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Comparison with Existing Pub/Sub Architectures X O - : Supported : Partly supported : Not supported / unspecified C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Protocol Adaptation Layer • Problem • Existing smart grid protocols rely on bidirectional one-to-one communication, e.g., IEEE C37.118, IEC 61850 • C-DAX provides unidirectional many-to-many communication • C-DAX provides a unified pub/sub interface for communication • Solution • Protocol adaptation layer translates between smart grid protocols and C-DAX • Benefits for operators • Hardware and software compliant to existing standards can be used with C-DAX with little configuration changes • C-DAX can be transparent for legacy hardware and software • Implementation • Protocol adaptation layer for IEEE C37.118 has been implemented and tested C37.118 PMU/Client/Adaptation Layer DN C-DAX TCP/UDP IP C37.118 C37.118 C-DAX TCP/UDP IP C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Prototype Virtual Wall • Purpose • Validation of baseline communication functionalities and basic failure management of C-DAX • Validation of security framework • Validation of IEEE C37.118 protocol adaptation layer • Environment • IEEE 34 Bus as power grid topology • PMU measurement data provided by EPFL • Virtual Wall network test bed provided by iMinds • RTSE application by EPFL Bus1Node Monitor Security Server BaseStation Bus3Node Bus7Node Resolver Bus4Node Bus1 Bus3 Bus4 Bus7 LAN Base Station Monitor PMU-Bus1 PubClient PMU-Bus7 PubClient PMU-Bus4 PubClient PMU-Bus3 PubClient RTSE LabView PDC Adapter SubClient C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Laboratory validation Real-time state estimation of the targeted electrical network PDC PDC C-DAX cloud PMU PMU PMU PMU Real-time model of the electrical grid C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Field Trial • Purpose • Deploy C-DAX software in an existing distribution grid • Evaluate applicability of C-DAX under realistic conditions • Show-case several smart grid applications using a common pub/sub middleware • Environment • Distribution grid provided by Alliander including a solid and fast IP network • PMUs provided by National Instruments • RTSE application by EPFL • C-DAX software • Time plan • Deployment of PMUs and C-DAX software: late 2014 • Scheduled start of field trial: late 2014 • Alliander’s MS Livelab • National Instruments’ PMU for MV level Source: Alliander N.V. Source: National Instruments Sweden C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Benefits and Features of the C-DAX Architecture • General benefits of pub/sub communication • Flexibility and agility for integration of emerging smart grid applications • Transparent exchange of information • Scalability • Avoid repeated investment in ICT per application www.cdax.eu • Unique C-DAX benefits • Support for inter-domain communications • Support for established smart grid protocols, e.g., IEC 61850, IEC 60870-5-104, IEEE C37.118 • Combination of advanced features • Cyber-secure layer addressing authentication, privacy, and integrity in end-to-end fashion • Support for streaming, query and point-to-point communication • Resilience • Flexible provisioningstrategy C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids
Contact www.cdax.eu Thank you for your attention! Questions? PLEASE FILL IN CONTACT INFORMATION BEFORE PUBLIC DISSEMINATION. Thank you. C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids