dnp3 overview for aga gti security meeting in washington dc · 05/21/97 21 7 core specification...
TRANSCRIPT
05/21/9705/21/97 11
www.dnp.org
DNP3 ProtocolAGA/GTI SCADA Security Meeting August 19, 2002 / Washington, DC
Presented By: Mr. Jim Coats, PresidentTriangle MicroWorks, Inc.Raleigh, North Carolina
www.TriangleMicroWorks.com
05/21/9705/21/97 225
www.dnp.org
Agenda
Purpose of a Communication ProtocolHistory of DNP3Benefits of Industry Standard ProtocolsOverview of Protocol FeaturesWhat’s Next for DNP3?Demonstration of Test Harness
05/21/9705/21/97 33
www.dnp.org
Credentials
Vice President of DNP3 Users GroupLead US member for IEC TC 57 WG 03Past member of DNP3 Technical CommitteeEight years experience developing/supporting products for DNP3 through Triangle MicroWorks
Source Code LibrariesTest HarnessOPC Server and Protocol Gateway
05/21/9705/21/97 44
www.dnp.org
Purpose of a Communication Protocol
Replicate database from one device to another
05/21/9705/21/97 55
www.dnp.org
Objectives of a Communication Protocol
Minimize protocol overhead to avoid extra cost of high bandwidth mediaEnsure reliable data transfer (CRC or checksum)Provide necessary features such as time stamps or freeze operationsProvide data quality flagsSince September 11th, prevent unauthorized use or monitoring of data
05/21/9705/21/97 66
www.dnp.org
Report by Exception (RBE)
Protocols like Modbus transmit all the data each time a device is polledRBE only transmits changes, so fewer data pointsTimestamps allow creation of Sequence of Events (SOE) log on Master StationRBE can be polled or unsolicited
05/21/9705/21/97 775
www.dnp.org
Agenda
Purpose of a Communication ProtocolHistory of DNP3Benefits of Industry Standard ProtocolsOverview of Protocol FeaturesWhat’s Next for DNP3?Demonstration of Test Harness
05/21/9705/21/97 886
www.dnp.org
History of DNP3
Distributed Network ProtocolDeveloped by GE (previously Harris, Westronics)Based on early parts of IEC 870-5Turned over to Users Group in 1993DNP and IEC 870-5-101 have been specified in IEEE P1379Recommended Practice for Data Communications Between Intelligent
Electronic Devices and Remote Terminal Unit
05/21/9705/21/97 99
www.dnp.org
Newton-Evans Research
1. DNP3 protocol is now the most popular protocol in use by global electric utilities.
2. Also the DNP LAN implementation led the way for planned use by both North American and international utilities.
Taken from “The World Market for Substation Automation and Integration Programs in Electric Utilities: 2000-2004” August 2000
05/21/9705/21/97 1010
www.dnp.org
DNP Today
Vendor Products>100 vendors, +250 DNP products and services
Utilities/Industrialsused by >300 utilities and industrials worldwide
Countriesused in over 32 countries
Total Industry$250 Million / year of DNP products and services
IndustriesElectric, Oil & Gas, Water and Industrial
05/21/9705/21/97 1111
www.dnp.org
RelayRelayRelay
Master Station
Substation RTURS-232Serial
Phone Line
RelayEngineerTerminal
Modem
Modem
DNP3 Topology
05/21/9705/21/97 1212
www.dnp.org
DNP3 Users Group
Basic membership cost is $200 per year Members from:
Vendors - System IntegratorsUtilities - Software developers
Volunteers staff the following committees to manage the protocol:
Steering CommitteeSteering Committee
TechnicalCommittee
TechnicalCommittee
ConformanceCommitteeConformance
CommitteeMarketingCommittee
MarketingCommittee
LiaisonCommittee
LiaisonCommittee
05/21/9705/21/97 1313
www.dnp.org
DNP3 Technical Committee
Technical CommitteeChairman: Andrew West, Invensys (Foxboro Australia)Secretary: Grant Gilchrist, GE Energy Systems
Meets via conference call once a monthMeets in person once per yearDaily interaction by MaillistProtocol evolution tracked by yeari.e. DNP3 2002
05/21/9705/21/97 1414
www.dnp.org
DNP3 Technical Committee
Technical Committee = Managed EvolutionDefine new features, then update documentation and test proceduresClarify existing documentation when different interpretations existA Controlled Standard, avoids multiple Vendor specific variations of the protocol
05/21/9705/21/97 15155
www.dnp.org
Agenda
Purpose of a Communication ProtocolHistory of DNP3Benefits of Industry Standard ProtocolsOverview of Protocol FeaturesWhat’s Next for DNP3?Demonstration of Test Harness
05/21/9705/21/97 1616
www.dnp.org
Utility Benefits
Select products based on performance, not protocolReduced training costs to learn only one protocol.Greater availability of support servicesAble to participate directly in evolution of protocol via participation in User GroupEvolving to continue to meet market needs
05/21/9705/21/97 1717
www.dnp.org
Vendor Benefits
Avoid NRE charges to add/update new protocols for each new projectWell documented, “proven” protocolParticipate in development of common protocol instead of company protocolLarge Utility Client Base Greater availability of 3rd party support services and Test Tools
05/21/9705/21/97 1818
www.dnp.org
Ensure Interoperability
DNP3 UGTechnical Committee DNP3 Conformance
Test Procedures
Independent ConformanceTesting Company
Certificate ofConformance
ProductsEquipment
Vendor
Utility ** The Utility will specify in all RFQs that a Certificate of Conformance is required
05/21/9705/21/97 1919
www.dnp.org
Interoperability Documents
The following documents are used to interface DNP3 Devices:
DNP3 Device Profile Document DNP3 Implementation Table DNP3 Points List
05/21/9705/21/97 20205
www.dnp.org
Agenda
Purpose of a Communication ProtocolHistory of DNP3Benefits of Industry Standard ProtocolsOverview of Protocol FeaturesWhat’s Next for DNP3?Demonstration of Test Harness
05/21/9705/21/97 21217
www.dnp.org
Core Specification Documents
DNP V3.0 Basic 4 Document SetDNP V3.0 Data Link LayerDNP V3.0 Transport FunctionsDNP V3.0 Application Layer SpecificationDNP V3.0 Data Object Library
DNP V3.0 Subset Definitions Document (Level 1, 2, & 3)Conformance Test ProceduresTechnical Bulletins
All of these documents are available for download by DNP User Group members from the DNP web site.
05/21/9705/21/97 222210
www.dnp.org
OSI 7-Layer Model Compliance
DNP3 uses a simplified 3 layer version of the OSI 7 Layer model called EPA (Enhanced Performance Architecture)
7 - Application6 - Presentation5 - Session4 -Transport3 - Network2 - Link1 - Physical
DNP adds a Transport layer to permit messages larger than a data link frame
05/21/9705/21/97 232311
•Receive goes up the stack, transmit goes down the stack.•Size of data transmitted/received may fit into one data link frame. So do not require multi-frame fragments or multi-fragment messages.•A single DNP application function is usually sent as a single application layer message, which can consist of many data link frames.
www.dnp.org
Application message = unlimited size
Transport fragment = 2048 bytes (max)
Data Link frame = 292 bytes (max)
Physical byte = 8 bits
DNP Message Buildup
05/21/9705/21/97 242414
www.dnp.org
“Balanced” Link Layer
Master SlaveRequest Message
Response Message
(User Data, Confirm Expected)
(Acknowledgment)
[P]
[P] = Primary Frame[S] = Secondary Frame
[S]
(User Data, Confirm Expected)
(Acknowledgment)
[P]
[S]
05/21/9705/21/97 252515
www.dnp.org
“Balanced” Link Layer
At the link layer, all devices are equal
Collision avoidance by one of the following:Full duplex point to point connection (RS232 or four wire RS485)
Designated master polls rest of slaves on network
Physical layer (CSMA/CD)
05/21/9705/21/97 262618
www.dnp.org
Device Addressing
DNP3 Link contains both Source and Destination address
Both are always 16 bits
Application layer does not contain address
The provision of a source and destination address simplifies message routing in certain network topologies.A DNP link address is a device’s logical address. A single physical device is permitted to respond to multiple addresses (contain multiple logical devices). Each device will appear to the master as a completely separate device.
05/21/9705/21/97 272722
www.dnp.org
Application Layer Features:
Time SynchronizationTime-stamped eventsFreeze/Clear CountersSelect before operatePolled report by exceptionUnsolicited ResponsesData groups/classes
05/21/9705/21/97 282821
www.dnp.org
Application Layer
05/21/9705/21/97 292926
Master/Slave Network - Slaves do not speak unless spoken toMAC = Media Access Control - CSMA/CD
Polled Static - Class 0 or specific data request message sent to each device
Polled Report by Exception - Class 1, 2, 3 request message sent to each device with occasional integrity (class 0) data poll.
Unsolicited Report by Exception - most communication is unsolicited, but the Master occasionally sends integrity polls for class 0 Data to verify its’ database.
Quiescent Operation - master never polls slave
Last two modes are useful when communication medium is dial-up modem.
www.dnp.org
Means of Retrieving Data
Master/Slave Network
Polled Static
Polled Report by Exception
Point to Point (or MAC)
Unsolicited Report by Exception
Quiescent Operation
05/21/9705/21/97 3030
www.dnp.org
DNP3 LAN-WAN Features
Puts entire DNP3 Stack on top of TCP/IPBecame part of Standard in Nov 1998Makes use of widely available and inexpensive third-party productsSpecification also allows for use of UDP (connectionless) service
05/21/9705/21/97 31315
www.dnp.org
Agenda
Purpose of a Communication ProtocolHistory of DNP3Benefits of Industry Standard ProtocolsOverview of Protocol FeaturesWhat’s Next for DNP3?Demonstration of Test Harness
05/21/9705/21/97 3232
www.dnp.org
What’s Next for DNP3?
Major revision to DNP3 Basic 4 Document setAddress Security IssuesDNP3 Master Conformance Test ProceduresDouble-Bit StatusOutput Event ObjectsSelf Description
XML file approachDefine new protocol functionality
05/21/9705/21/97 3333
www.dnp.org
Security in DNP3
Threat until recently was noise on the wireCRC bytes were actually called “Security” bytes in many protocol analyzersMost security provided by Physical isolation of network and lack of common knowledge about systemsSince moving toward more network solutions, security has now become a priority
05/21/9705/21/97 3434
www.dnp.org
DNP3 User Group Plan for Security
Form a Working Group within the DNP3 Technical CommitteeWill hire consultant to write Technical Bulletins Discussion so far has been on 2 solutions:
Encryption/decryption device placed at each end of the wireSecurity Enhancements directly in the protocol
05/21/9705/21/97 3535
www.dnp.org
Self Description Using XML
XML is an excellent standard that is naturally suited for these types of applicationsPrimary benefit is “Plug & Play”, for faster and more accurate device install or replacement One data file contains information normally found in the DNP3 interoperability documents:
Device Profile DocumentImplementation TablePoints List, including scaling and units information
DNP3 Solution will build on existing models developed by IEC TC 57 Working Group 14 and/or UCA2Online or offline transfer of XML file to DNP3 Master
05/21/9705/21/97 3636
www.dnp.org
Offline Option
DNP3 IED
DNP3 Master DNP3 Slave
DNP3Communicatons
DNP3 XMLDeviceProfile
05/21/9705/21/97 3737
www.dnp.org
Benefits of using XML Files Offline
Can be applied to existing devices placed in operation years agoDoes not interfere with real time communicationsGood for small devices that may not support DNP3 file transferRequires no changes to DNP3 Embedded code All XML files can be stored in centralized network location
05/21/9705/21/97 3838
www.dnp.org
Online Option
IED ConfigSoftware
DNP3 Master
DNP3 SlaveDNP3
Communicatons
DNP3 XMLDevice Profile
DNP3 File Transfer during first startup sequence
DNP3 XMLDevice Profile
Transfer to deviceduring configuration
05/21/9705/21/97 3939
www.dnp.org
Benefits of using XML Files Online
XML file is contained in device, always know where to find itRequires no changes to DNP3 Embedded code if already supports File TransferNominal affect on real time communicationsIED only transferring a file, does not need to know details of file or XMLCan evolve without affecting Embedded code
05/21/9705/21/97 40405
www.dnp.org
Agenda
Purpose of a Communication ProtocolHistory of DNP3Benefits of Industry Standard ProtocolsOverview of Protocol FeaturesWhat’s Next for DNP3?Demonstration of Test Harness
05/21/9705/21/97 4141
Test Harness Demonstration
Manual CommandsPeriodic CommandsToggle binary input to create unsolicited responseTCL/TK Script for conformance testing
A full 21-day evaluation of the Test Harness may be downloaded from www.TriangleMicroWorks.com/downloads.htm.
05/21/9705/21/97 424229
www.dnp.org
Summary
DNP3 is:Well established in the Electrical Utiltiy IndustryHas an active users group that is eager to enhance the protocol to meet new requirements
05/21/9705/21/97 434330
www.dnp.org
DNP3 Users Group Web site
All protocol documentation and meeting minutes posted on web siteList of equipment supporting the protocolJoin DNP3 maillistNext General meeting - February 2003 in Las Vegas
www.DNP.org
05/21/9705/21/97 444430
www.dnp.org
More Information on DNP3
IEEE P1379 - www.ieee.org
SCADA Mailing List -
www.iinet.net.au/~ianw
Contact me, Jim Coats at:[email protected]
www.TriangleMicroWorks.com(919) 870-6615