dnp3 overview for aga gti security meeting in washington dce6a75c93b358
DESCRIPTION
DNP3 overviewProtocolTRANSCRIPT
-
05/21/9705/21/97 11
www.dnp.org
DNP3 ProtocolAGA/GTI SCADA Security Meeting August 19, 2002 / Washington, DC
Presented By: Mr. Jim Coats, PresidentTriangle MicroWorks, Inc.Raleigh, North Carolina
www.TriangleMicroWorks.com
-
05/21/9705/21/97 225
www.dnp.org
Agenda
Purpose of a Communication Protocol History of DNP3 Benefits of Industry Standard Protocols Overview of Protocol Features Whats Next for DNP3? Demonstration of Test Harness
-
05/21/9705/21/97 33
www.dnp.org
Credentials
Vice President of DNP3 Users Group Lead US member for IEC TC 57 WG 03 Past member of DNP3 Technical Committee Eight years experience developing/supporting products
for DNP3 through Triangle MicroWorks Source Code Libraries Test Harness OPC Server and Protocol Gateway
-
05/21/9705/21/97 44
www.dnp.org
Purpose of a Communication Protocol
Replicate database from one device to another
-
05/21/9705/21/97 55
www.dnp.org
Objectives of a Communication Protocol
Minimize protocol overhead to avoid extra cost of high bandwidth media
Ensure reliable data transfer (CRC or checksum) Provide necessary features such as time stamps or
freeze operations Provide data quality flags Since September 11th, prevent unauthorized use or
monitoring of data
-
05/21/9705/21/97 66
www.dnp.org
Report by Exception (RBE)
Protocols like Modbus transmit all the data each time a device is polled
RBE only transmits changes, so fewer data points
Timestamps allow creation of Sequence of Events (SOE) log on Master Station
RBE can be polled or unsolicited
-
05/21/9705/21/97 775
www.dnp.org
Agenda
Purpose of a Communication Protocol History of DNP3 Benefits of Industry Standard Protocols Overview of Protocol Features Whats Next for DNP3? Demonstration of Test Harness
-
05/21/9705/21/97 886
www.dnp.org
History of DNP3
Distributed Network Protocol Developed by GE (previously Harris, Westronics) Based on early parts of IEC 870-5 Turned over to Users Group in 1993 DNP and IEC 870-5-101 have been specified in IEEE P1379
Recommended Practice for Data Communications Between IntelligentElectronic Devices and Remote Terminal Unit
-
05/21/9705/21/97 99
www.dnp.org
Newton-Evans Research
1. DNP3 protocol is now the most popular protocol in use by global electric utilities.
2. Also the DNP LAN implementation led the way for planned use by both North American and international utilities.
Taken from The World Market for Substation Automation and Integration Programs in Electric Utilities: 2000-2004 August 2000
-
05/21/9705/21/97 1010
www.dnp.org
DNP Today
Vendor Products >100 vendors, +250 DNP products and services
Utilities/Industrials used by >300 utilities and industrials worldwide
Countries used in over 32 countries
Total Industry $250 Million / year of DNP products and services
Industries Electric, Oil & Gas, Water and Industrial
-
05/21/9705/21/97 1111
www.dnp.org
RelayRelayRelay
Master Station
Substation RTURS-232Serial
Phone Line
RelayEngineerTerminal
Modem
Modem
DNP3 Topology
-
05/21/9705/21/97 1212
www.dnp.org
DNP3 Users Group
Basic membership cost is $200 per year Members from:
Vendors - System Integrators Utilities - Software developers
Volunteers staff the following committees to manage the protocol:
Steering CommitteeSteering Committee
TechnicalCommittee
TechnicalCommittee
ConformanceCommitteeConformance
CommitteeMarketingCommittee
MarketingCommittee
LiaisonCommittee
LiaisonCommittee
-
05/21/9705/21/97 1313
www.dnp.org
DNP3 Technical Committee
Technical Committee Chairman: Andrew West, Invensys (Foxboro Australia) Secretary: Grant Gilchrist, GE Energy Systems
Meets via conference call once a month Meets in person once per year Daily interaction by Maillist Protocol evolution tracked by year
i.e. DNP3 2002
-
05/21/9705/21/97 1414
www.dnp.org
DNP3 Technical Committee
Technical Committee = Managed Evolution Define new features, then update documentation and
test procedures Clarify existing documentation when different
interpretations exist A Controlled Standard, avoids multiple Vendor
specific variations of the protocol
-
05/21/9705/21/97 15155
www.dnp.org
Agenda
Purpose of a Communication Protocol History of DNP3 Benefits of Industry Standard Protocols Overview of Protocol Features Whats Next for DNP3? Demonstration of Test Harness
-
05/21/9705/21/97 1616
www.dnp.org
Utility Benefits
Select products based on performance, not protocol Reduced training costs to learn only one protocol. Greater availability of support services Able to participate directly in evolution of protocol via
participation in User Group Evolving to continue to meet market needs
-
05/21/9705/21/97 1717
www.dnp.org
Vendor Benefits
Avoid NRE charges to add/update new protocols for each new project
Well documented, proven protocol Participate in development of common
protocol instead of company protocol Large Utility Client Base Greater availability of 3rd party support
services and Test Tools
-
05/21/9705/21/97 1818
www.dnp.org
Ensure Interoperability
DNP3 UGTechnical Committee DNP3 Conformance
Test Procedures
Independent ConformanceTesting Company
Certificate ofConformance
ProductsEquipment
Vendor
Utility ** The Utility will specify in all RFQs that a Certificate of Conformance is required
-
05/21/9705/21/97 1919
www.dnp.org
Interoperability Documents
The following documents are used to interface DNP3 Devices: DNP3 Device Profile Document DNP3 Implementation Table DNP3 Points List
-
05/21/9705/21/97 20205
www.dnp.org
Agenda
Purpose of a Communication Protocol History of DNP3 Benefits of Industry Standard Protocols Overview of Protocol Features Whats Next for DNP3? Demonstration of Test Harness
-
05/21/9705/21/97 21217
www.dnp.org
Core Specification Documents
DNP V3.0 Basic 4 Document Set DNP V3.0 Data Link Layer DNP V3.0 Transport Functions DNP V3.0 Application Layer Specification DNP V3.0 Data Object Library
DNP V3.0 Subset Definitions Document (Level 1, 2, & 3)
Conformance Test Procedures Technical Bulletins
All of these documents are available for download by DNP User Group members from the DNP web site.
-
05/21/9705/21/97 222210
www.dnp.org
OSI 7-Layer Model Compliance
DNP3 uses a simplified 3 layer version of the OSI 7 Layer model called EPA (Enhanced Performance Architecture)
7 - Application6 - Presentation5 - Session4 -Transport3 - Network2 - Link1 - Physical
DNP adds a Transport layer to permit messages larger than a data link frame
-
05/21/9705/21/97 232311
Receive goes up the stack, transmit goes down the stack.Size of data transmitted/received may fit into one data link frame. So do not require multi-frame fragments or multi-fragment messages.A single DNP application function is usually sent as a single application layer message, which can consist of many data link frames.
www.dnp.org
Application message = unlimited size
Transport fragment = 2048 bytes (max)
Data Link frame = 292 bytes (max)
Physical byte = 8 bits
DNP Message Buildup
-
05/21/9705/21/97 242414
www.dnp.org
Balanced Link Layer
Master SlaveRequest Message
Response Message
(User Data, Confirm Expected)
(Acknowledgment)
[P]
[P] = Primary Frame[S] = Secondary Frame
[S]
(User Data, Confirm Expected)
(Acknowledgment)
[P]
[S]
-
05/21/9705/21/97 252515
www.dnp.org
Balanced Link Layer
At the link layer, all devices are equal
Collision avoidance by one of the following: Full duplex point to point connection (RS232 or four wire
RS485)
Designated master polls rest of slaves on network Physical layer (CSMA/CD)
-
05/21/9705/21/97 262618
www.dnp.org
Device Addressing
DNP3 Link contains both Source and Destination address
Both are always 16 bits
Application layer does not contain address
The provision of a source and destination address simplifies message routing in certain network topologies.A DNP link address is a devices logical address. A single physical device is permitted to respond to multiple addresses (contain multiple logical devices). Each device will appear to the master as a completely separate device.
-
05/21/9705/21/97 272722
www.dnp.org
Application Layer Features:
Time Synchronization Time-stamped events Freeze/Clear Counters Select before operate Polled report by exception Unsolicited Responses Data groups/classes
-
05/21/9705/21/97 282821
www.dnp.org
Application Layer
-
05/21/9705/21/97 292926
Master/Slave Network - Slaves do not speak unless spoken toMAC = Media Access Control - CSMA/CD
Polled Static - Class 0 or specific data request message sent to each device
Polled Report by Exception - Class 1, 2, 3 request message sent to each device with occasional integrity (class 0) data poll.
Unsolicited Report by Exception - most communication is unsolicited, but the Master occasionally sends integrity polls for class 0 Data to verify its database.
Quiescent Operation - master never polls slaveLast two modes are useful when communication medium is dial-up modem.
www.dnp.org
Means of Retrieving Data
Master/Slave Network
Polled Static
Polled Report by Exception
Point to Point (or MAC)
Unsolicited Report by Exception
Quiescent Operation
-
05/21/9705/21/97 3030
www.dnp.org
DNP3 LAN-WAN Features
Puts entire DNP3 Stack on top of TCP/IP Became part of Standard in Nov 1998 Makes use of widely available and
inexpensive third-party products Specification also allows for use of UDP
(connectionless) service
-
05/21/9705/21/97 31315
www.dnp.org
Agenda
Purpose of a Communication Protocol History of DNP3 Benefits of Industry Standard Protocols Overview of Protocol Features Whats Next for DNP3? Demonstration of Test Harness
-
05/21/9705/21/97 3232
www.dnp.org
Whats Next for DNP3?
Major revision to DNP3 Basic 4 Document set Address Security Issues DNP3 Master Conformance Test Procedures Double-Bit Status Output Event Objects Self Description
XML file approach Define new protocol functionality
-
05/21/9705/21/97 3333
www.dnp.org
Security in DNP3
Threat until recently was noise on the wire CRC bytes were actually called Security bytes in
many protocol analyzers Most security provided by Physical isolation of
network and lack of common knowledge about systems
Since moving toward more network solutions, security has now become a priority
-
05/21/9705/21/97 3434
www.dnp.org
DNP3 User Group Plan for Security
Form a Working Group within the DNP3 Technical Committee
Will hire consultant to write Technical Bulletins Discussion so far has been on 2 solutions:
Encryption/decryption device placed at each end of the wire Security Enhancements directly in the protocol
-
05/21/9705/21/97 3535
www.dnp.org
Self Description Using XML
XML is an excellent standard that is naturally suited for these types of applications
Primary benefit is Plug & Play, for faster and more accurate device install or replacement
One data file contains information normally found in the DNP3 interoperability documents: Device Profile Document Implementation Table Points List, including scaling and units information
DNP3 Solution will build on existing models developed by IEC TC 57 Working Group 14 and/or UCA2
Online or offline transfer of XML file to DNP3 Master
-
05/21/9705/21/97 3636
www.dnp.org
Offline Option
DNP3 IED
DNP3 Master DNP3 Slave
DNP3Communicatons
DNP3 XMLDeviceProfile
-
05/21/9705/21/97 3737
www.dnp.org
Benefits of using XML Files Offline
Can be applied to existing devices placed in operation years ago
Does not interfere with real time communications Good for small devices that may not support DNP3 file
transfer Requires no changes to DNP3 Embedded code All XML files can be stored in centralized network
location
-
05/21/9705/21/97 3838
www.dnp.org
Online Option
IED ConfigSoftware
DNP3 Master
DNP3 SlaveDNP3
Communicatons
DNP3 XMLDevice Profile
DNP3 File Transfer during first startup sequence
DNP3 XMLDevice Profile
Transfer to deviceduring configuration
-
05/21/9705/21/97 3939
www.dnp.org
Benefits of using XML Files Online
XML file is contained in device, always know where to find it
Requires no changes to DNP3 Embedded code if already supports File Transfer
Nominal affect on real time communications IED only transferring a file, does not need to know
details of file or XML Can evolve without affecting Embedded code
-
05/21/9705/21/97 40405
www.dnp.org
Agenda
Purpose of a Communication Protocol History of DNP3 Benefits of Industry Standard Protocols Overview of Protocol Features Whats Next for DNP3? Demonstration of Test Harness
-
05/21/9705/21/97 4141
Test Harness Demonstration
cManual CommandscPeriodic CommandscToggle binary input to create unsolicited
responsecTCL/TK Script for conformance testing
A full 21-day evaluation of the Test Harness may be downloaded from www.TriangleMicroWorks.com/downloads.htm.
-
05/21/9705/21/97 424229
www.dnp.org
Summary
DNP3 is: Well established in the Electrical Utiltiy Industry Has an active users group that is eager to
enhance the protocol to meet new requirements
-
05/21/9705/21/97 434330
www.dnp.org
DNP3 Users Group Web site
All protocol documentation and meeting minutes posted on web site
List of equipment supporting the protocol Join DNP3 maillist Next General meeting - February 2003 in
Las Vegas
www.DNP.org
-
05/21/9705/21/97 444430
www.dnp.org
More Information on DNP3
IEEE P1379 - www.ieee.org
SCADA Mailing List -
www.iinet.net.au/~ianw
Contact me, Jim Coats at:[email protected]
www.TriangleMicroWorks.com(919) 870-6615