c-dax: a cyber-secure data and control cloud for power · pdf filec-dax: a cyber-secure data...
TRANSCRIPT
C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT-2011-8) under grant agreement n° 318708
C-DAX:A Cyber-Secure Data and Control Cloud for Power Grids
Matthias StrobbeiMinds – Ghent University
C-DAX Project
European Commission FP7-ICT-2011-8 call project
• C-DAX: Cyber-secure Data And Control Cloud for power grids
Duration: 01.10.2012 – 19.02.2016 Total budget: 4.315.303 Euro EU-funding: 2.931.000 Euro
Project coordination: iMinds Project website: http://www.cdax.eu
Project partners
C-DAX: A Cyber-Secure Data and Control Cloud , IEEE Symposium, 24 March 2016 2
Context & Cause
Transition to Active Distribution Networks• Multiple actors• Intermittent production patterns• New loads: e.g. EVs• Dynamic load patterns: e.g. caused by demand response services
Need for:• Better protection, monitoring & control in distribution grids• Support of large numbers smart grid applications with diverse
requirements• Efficient & secure communication platforms to transfer the generated data
C-DAX delivers:• Communication middleware based on Information Centric Networking• Real-Time State Estimation of distribution grids using PMUs
Smart Grid Communication patterns
Smart grid applications require support for diverse communicationmodels:
• 1-to-1: e.g. control messages for specific assets• 1-to-M: e.g. energy offers in demand response schemes• M-to-1: e.g. energy consumption reports in demand response or smart
metering• M-to-N: e.g. multiple charging offers from different charging stations to
multiple EVs• Anycast communication: e.g. receiving an offer for voltage regulation by
any suitable subset of EVs located in a certain area • Asynchronous communication: e.g. EVs can only retrieve/deliver data while
connected to the network
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 5
Information centric networks Point-to-point networks
• Producer of information “pushes” data to predefined consumers via explicit point-to-point connections
ICN paradigm• Consumers “pull” or “subscribe to” the data they need regardless of who
produced the information, or when, or where it is stored• Data is collected in “topics”
Advantages:• Inherent security as network and physical locations of hosts are not
exposed (publish – subscribe communication)• Overlay network takes care of managing the connections, optimal
placement of the data within the cloud, resilience• ICN allows in-network management and processing of information, e.g., in-
network caching of frequently used data, aggregation, filtering, rateadaptation, optimal traffic management based on underlyingcommunication infrastructure
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 6
Topic-based Communication
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 8
Publisher A
Pub/sub middleware
Publisher B
Publisher C
Subscriber 1
Subscriber 2
Subscriber 3
Topic 1
Topic 2
Benefits of decoupling publishers and subscribers• Communication partners do not need to know each other• Asynchronous communication possible• Facilitating extensibility, management and configurability
Data Plane
C-DAX Architecture
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 10
Control Plane Resolver(RS)
Data Broker (DB)
Security Server
C-DAX Monitoring/ Management System
Monitor
Control
C-DAX CommunicationPlatform
JoinJoinClient
(Publisher)Client
(Subscriber)
SG applicationdata to be published
SG applicationdata to be consumed
Designated Node (DN)
Designated Node (DN)
Configure
Three Communication Modes
Streaming-based• Publishers continuously send data to DB• Subscribers continuously receive data
from DB
Query-based• Subscriber sends query to message broker• DB returns data matching the query
Point-to-point• Publishers send data directly to
subscribers
Communication modes are set per topic to fit the requirements of the application.
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 11
Publisher
DB
Subscriber
Publisher Subscriber
DB
Subscriber
Query
Resilience Concept
Topic data should be highly available• Data is stored on two nodes
Resilience of the infrastructure • Each system component is replicated
physically• Each critical communication path is
divided into A path during failure free operation Alternative path(s) due to failures
Three resilience support levels:
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 12
C-DAX cloud
SubscriberPublisher
DN DNDB
DN DNDB
: Path during failure free operation: Alternative paths due to failures: Synchronization
Level Data loss(during
failover)
Data delay(during
failover)
Complexity
L1 Y N Low
L2 N Y Middle
L3 N N High
Security Concept
General security requirements• Confidentiality and integrity
End-to-end security, e.g., IEC 62351• Availability
Prevention of attacks, e.g., DoS attacks, replay attacks, spoofing
Security features of C-DAX• End-to-end security between C-DAX clients• Availability of C-DAX infrastructure• Scalable key management mechanism
C-DAX security rationale• Strong authentication of clients and nodes
based on asymmetric cryptography• Symmetric or asymmetric cryptography for
topic data• Minimal trust in underlying infrastructure
Nodes do not have to trust each other inside C-DAX cloud
Clients do not have to trust C-DAX cloud for guaranteed end-to-end security
• Flexible match of security parameters to requirements of use cases, e.g., data rates, latency, confidentiality, integrity
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 13
Publisher DN DB Subscriber
Encode Authenticate Authenticate Decode
SecServKey distributionKey distribution
Data Data Data Data
Support for existing smart grid protocols
Problem• Existing smart grid protocols rely on
bidirectional one-to-one communication, e.g., IEEE C37.118, IEC 61850
• C-DAX provides unidirectional many-to-many communication
• C-DAX provides a unified pub/sub interface for communication
Solution• Protocol adaptation layer translates
between smart grid protocols and C-DAX
Benefits for operators• Hardware and software compliant to
existing standards can be used with C-DAX with little configuration changes
• C-DAX can be transparent for legacy hardware and software
Implementation• Protocol adaptation layer for IEEE C37.118
has been implemented and tested
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 14
PMU/Client/Adaptation Layer DN
IP
C37.118
TCP/UDP
C-DAXC37.118
IP
TCP/UDP
C-DAX
C37.118
Domain BDomain A
Inter-Domain Concept
Companies• Define C-DAX domains• Want to exchange information Inter-domain concept necessary
C-DAX DN• Provides access for external subscribers to
C-DAX cloud• Only point of contact for external
subscribers• Triggers authentication and authorization
of external clients• Manages external subscriptions• Forwards data from internal nodes to
external clients External subscribers
• May re-publish received information in own domain
Inter-domain security• DN hides domain’s network• Access from external domains only
allowed through DNs• SecServ of each domain manages
respective rights
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 15
C-DAX cloud
RS
SecServ
DB DN Externalsubscriber
C-DAX cloud
: Security signaling: Publish/subscribe signaling: Publish/subscribe data transfer
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 16
Comparison with Existing Pub/Sub Architectures
Interesting functions thatcould be ported/re-used:• Security• Dual communication mode• Adapter concept
Real-time state estimation in distribution networks using PMUs
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 17
Real-time state estimation in distribution networks using PMUs
Need for better observability of the grid to assure stability, power quality, voltage regulation, etc.
Can be accomplished by installing Phasor Measurement Units (PMUs) for regional/local area measurement, protection and
control
C-DAX platform needs to support the stringent latencyrequirements
C-DAX: A Cyber-Secure Data and Control Cloud 18
Real-time state-estimation (RTSE) of ADNs
Monitoring
Control
Protection
State estimation
Network in normal operation:• Congestion management• Optimal V/P control• Optimal dispatch of DER
Network in emergency conditions:• Islanding detection• Fault identification• Fault location
C-DAX: A Cyber-Secure Data and Control Cloud 19
Field Trial Purpose
• Deploy and validate C-DAX in a MV distribution grid under realistic conditions• Identify power system applications that can run on top of LTE network • Demonstrate that C-DAX + RTSE can help DNOs to better manage their grid
C-DAX: A Cyber-Secure Data and Control Cloud , SUNSEED Workshop 25 March 2015 20
Selected applications• Real-time state estimation• PQ measurements
Field-trial characteristics:• Owner: Alliander• Size: 18 buses (area of 12 km2)• Nominal voltage: 10 kV (phase-to-
phase)• Installed monitoring devices:
10 PMUs (EPFL) and 1 PQ meter (NI)• Adopted telecom: commercial LTE
network (Vodafone)
Field trial setup: BML 2.10 feeder (Arnhem, NL)
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 21
Field trial setup: Electrical substations
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 22
OS Bemmel: Primary substation
Tuindorp:Secondary Substation(urban area)
Phasor Measurement Units – The EPFL PMU
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 25
- First PMU worldwide specifically designed for ADN operating conditions- Rugged and compact NI-compactRIO enclosure to fit in reduced spaces- First worldwide FPGA-based PMU (high speed and determinism)- Equipped with a ±100 ns (max error) stationary GPS module- Metrologically characterized at Swiss Federal Institute of Metrology (METAS)
- Steady state accuracy: 10 ppm (independently of harmonic distortion)- Measurement reporting latency: 37 ms- Reporting rates: 10-20-50-100-200 fps- IEEE Std. C37.118 class-P compliant
Substation setup
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 28
Industrial-grade 4G router
compactRIO-based PMU
0.1 class sensors (Altea)
Field trial setup: Alliander data center
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 29
LTE Backbone
PDC Firewall
PDC, RTSE
C-DAX
C37.118
8 co
rexe
on/ r
ed h
at
Alliander LivelabData & Control center
Field trial setup: Alliander data center
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 30
LTE Backbone
PDC Firewall
PDC, RTSE
C-DAX
C37.118
8 co
rexe
on/ r
ed h
at
Alliander LivelabData & Control center
SecServ
RDSRS
MonSys
MgmSys
Prim DB Sec DB
DN DN
C-DAX Core
C-DAX
Synchrophasor data latencies (4G network) (1)
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 31
Synchrophasor data latencies (4G network) (2)
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 32
Mean Std Dev Max Min Data Loss (%)70.9 ms 8.1 ms 770.5 ms 49.2 ms 0.0053
Synchrophasor data latencies (4G network) (3)
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 33
Synchrophasor data jitter (4G network)
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 34
Synchrophasor data latencies (w/ & w/o C-DAX)
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 35
Real-time State Estimation (RTSE)
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 38
Definition:“Process of estimating the network state (i.e., phase-to-ground node voltages) with an extremely high refresh rate (typically of several tens of frames per second) enabled by the use of synchrophasor measurements.”
Related applications: Soft-real-time: Optimal V/P control, Congestion management, etc. Hard real-time: Fault detection and locationAdopted method: “Discrete Kalman Filter with online assessment of the model error covariance
matrix”
Estimated vs. measured voltage profiles
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 39
Conclusions
One communication platform for heterogeneous applications which is resilient, secure, scalable and flexible and supports legacy protocols
The C-DAX field-trial is unique in the world in that it is the first time that a PMU-based RTSE is deployed in a DNO’s live operated MV distribution feeder, over a public LTE communication network
The higher accuracies and refresh rates of the proposed PMU-based RTSE system has demonstrated to considerably improve the quality of service provided by a DNO by supporting a considerable amount of existing power-system applications
C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids 41
Contact
www.cdax.eu
Thank you for your attention!Questions?
Matthias [email protected]
Thank you.
C-DAX: A Cyber-Secure Data and Control Cloud , SUNSEED Workshop 25 March 2015 42