AMI Network-based Load Control Services Security & Protocol Considerations

Transcription

1 February 2, 2006 AMI Network-based Load Control Services Security & Protocol Considerations 2005 OpenAMI

2 RAND Corporation s Vision of the 2004 Home Computer thank goodness for standards!!! Source: Popular Mechanics, OpenAMI Slide 2

3 AMI Network-based Load Control Services Security Considerations Trust Federation between AMI Network and Foreign Networks Mutual Authentication between AMI Network and Foreign Network Devices & Systems Common AMI Service Definitions, Authorizations and Privileges AMI Secure Service Delivery Capabilities 2005 OpenAMI Slide 3

4 NERC Security Standards CIP-002 through CIP-009 NERC Standards CIP-002 through CIP-009 provide a cyber security framework for protection of Critical Cyber Assets to ensure reliable operation of the Bulk Electric System CIP-002-1: Cyber Security Critical Cyber Assets R1. Critical Assets R Systems, equipment and facilities critical to automatic load shedding under control of a common system capable of shedding 300 MW or more CIP-005-1: Cyber Security Electronic Security standard requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter R1 Electronic Security Perimeter & Access Points R1.1. Access points to the Electronic Security Perimeter(s) shall include any externally connected communication end point (for example, dial-up modems) terminating at any device within the Electronic Security Perimeter(s) R2. Electronic Access Controls the Responsible Entity shall implement the organizational, technical, and procedural controls to permit or deny electronic access at all electronic access points to the Electronic Security Perimeter(s) 2005 OpenAMI Slide 4

5 AMI Network-based Load Control Services Many Protocols to Consider ANSI C x Utility Industry End Device Data Tables ANSI C12.22 Protocol Specification for Interfacing to Data Communication Networks IEC 61850, & Common Information Model (CIM) ASHRAE BACnet Data Communication Protocol for Building Automation & Control Networks ZigBee Alliance Z-Wave Alliance Broadband Wireless IEEE , & others OpenAMI Slide 5

6 ANSI C x Revision to ANSI C Specification The C x Standard provides a common data structure for use in transferring data to and from utility end devices, typically meters (electric, water & gas) The C x Data Structure is defined as sets of Tables Data Table Sets are grouped together into segments called Decades Each decade pertains to a particular feature set and data type such as Registers for Measured Values, Load Profile It is anticipated that the set of Standard Tables will grow to meet the need for common implementations of expanded functionality (C x introduces 8 new decades, and 4 new tables for existing decades) Manufacturer Tables are those data structures specified by individual end device vendors, used to allow introduction of new innovations or to provide customer requested data structures Meter Data is transferred by reading from or writing to a particular table or portion of a data table The effective transport of table structures is dependent only on the presence of basic read and write services it is left to the implementers of specific protocol stacks to select the read and write services to be included Note: Decade Numbering method modified Decade , 110 now Decade 1 10, 11, OpenAMI Slide 6

7 ANSI C x New Table Definition Language (TDL) The ANSI C12.19 Data Table Syntax or Table Definition Language (TDL) is expressed using the extended Bakus Naur Format (BNF) definitions, as described below: The syntax is a merge between the traditional Bakus Naur Format and XML simple BNF Extensible Markup Language (XML) 1.0, Second Edition There are addition extensions that facilitate the binding of production rules needed for the definition of the published pseudo PASCAL text (Section 9.0 Tables) and the machine readable XML based TDL The syntax also provides definitions for constraints on binary transmission and interpretation of types The files C1219TDL-1997.xml 1997.xml and C x.xml 200x.xml define the standard data table syntax and meta-data using XML notation These files are based directly on the extended BNF syntax described in Section 5.0 Syntax 2005 OpenAMI Slide 7

8 ANSI C x New Load Control and Pricing Tables Load Control and Pricing Tables load control operation, supports up to 255 control points through one of the following methods: Direct Load Control: a command is sent directly to the end device across a communication link to modify the state of one or multiple control points Schedule: the end device is programmed to modify the state of one or multiple control points at specific dates, recurring dates, period of the week or event detection Condition: the end device is programmed to modify the state of one or multiple control points based on the magnitudes of metered quantities, price level (active tier), time of the day, period of the year or any other condition that can be construct by a Single Line Math expression Prepayment: the end device is programmed to modify the state of one or multiple control points based on a remaining credit Prepayment method of load control is used to set credit limits for pre-warning, warning and turn off directive Includes all parameters necessary to directly bill the customer, which includes taxes, daily fix charges, rate of measured quantities and this base on the current season, tier and type of quantity Procedure Initiate Table load control and prepayment procedures: DIRECT_LOAD_CONTROL procedure provides direct load control over a communication link Level (0-100), Duration (hh:mm:ss), Randomization Period (minutes) MODIFY_CREDIT procedure modifies REMAINING_CREDIT as defined in Prepayment Status 2005 OpenAMI Slide 8

9 ANSI C12.22 Draft Interfacing Data Communication Networks Specification The C12.22 Application Layer Protocol provides a minimal set of services and data structures required to support networked C12.19 end devices (meters) for purposes of: Configuration Programming Monitoring & Information Retrieval The application layer protocol is composed of the following four nested components: ANSI C12.19 End Device Table data structure Protocol Specification for Advanced Metering (PSEM) Extended Protocol Specification for Advanced Metering (EPSEM) ACSE association control as defined by IEC 8650, and represented in BNF notation The data structures transported by the C12.22 Application Protocol are defined in the C12.19TDL-1997.xml and C x.xml standard specification files Note: The ACSE Association Control component is used by the ACSE-based implementation of the ANSI C12.22 Specification 2005 OpenAMI Slide 9

10 ANSI C12.22 Application Level Protocol Protocol Specification For Electric Metering (PSEM) The draft standard modifies and extends the C12.18 specification s PSEM application services Each service description consists of a request and a response Each of these requests and responses is described C12.22 Section Note: The new ANSI C12.22 PSEM Services (**) are used by the ACSE-based implementation of the ANSI C12.22 Specification 2005 OpenAMI Slide 10

11 ANSI C12.22 Application Level Protocol Extended Protocol Specification For Electric Metering (EPSEM) The draft specification defines the new EPSEM application services structure Enables transportation of multiple requests and responses, and provides It also provides response control and C12.19 device class 2005 OpenAMI Slide 11

12 ANSI C12.22 Application Level Protocol ISO Association Control Service Element (ACSE-based) Implementations ISO ACSE is an application layer protocol to establish and release an application-association between two application entities, and to determine the application context of that association The current draft of the C12.22 Specification is based on an ACSE-model model, where the protocol relies on the application layer <acse-pdu> to convey association & security parameters: application context <application-context-element> application process titles of called and calling process <called-aptitle-element> & <calling-aptitle> authentication information <mechanism-name-element> & <authentication-value-element> The application layer <acse-pdu> is also responsible for: ACSE Packet Segmentation and Reassembly C12.22 Device Addressing ACSE Packet Processing or Forwarding (routing) Note: The encoding ACSE is based on ISO , within the C12.22 specification it is represented using a BNF notation 2005 OpenAMI Slide 12

13 ANSI C12.22 Application Level Protocol IETF Internet Protocol Networking-based Implementations Another approach would be to utilize native internet protocols and a technologies to provide required network and application layer services Using an internet protocol-based implementation of the C12.22 Specification, the application layer components would rely upon IP protocols for networking, quality of service & security: IPv6 Addressing (stateless 128-bit based addressing) Packet Integrity (i.e., source node controls maximum packet size, no fragmentation) Security (integrated IPSec) Quality of Service (priority-based routing flags) Routing (OSPF, BGP) User Datagram Protocol (UDP) for packet transmission Kerberos & PKI for identity services (authentication & authorization) Internet Key Exchange (IKE) for public & symmetric key exchange services Kerberized Internet Negotiation of Keys (KINK) for symmetric key exchange services Domain Name System (DNS) for name resolution and service advertisement services 2005 OpenAMI Slide 13

14 IEC CIM & Schema Interval-based Price Signal 2005 OpenAMI Slide 14

15 IEC CIM & Schema Power Outage 2005 OpenAMI Slide 15

16 ASHRAE BACnet Data Communication Protocol for Building Automation & Control Networks ASHRAE Standard draft 12.X Load Control Object Type The Load Control object type defines an object whose properties represent the externally visible characteristics of a mechanism for controlling load requirements in a BACnet device a BACnet device can use a Load Control object to allow external control over the shedding of a load that it controls a BACnet client (controller) can request that the Load Control object o shed a portion of its load for a specified time by writing to the four properties: Requested_Shed_Level, Start_Time, Shed_Duration and Duty_Window Compliance with a client s load shed request may be affected by other factors, such as definition of the baseline usage, synchronization of time between the client and device containing the Load Control object, and any intrinsic device limits on shed amounts While the Load Control object is designed to allow independent operation, it is possible that there will exist within a building (or even within a device) a hierarchy of Load Control objects Where large loads are concerned, it is expected that the master Load Control object will employ sequencing to distribute the startup and shutdown of managed loads When the load control master is used in a gateway to a non-bacnet load control client, such as a utility company, the gateway shall accept and process any start randomization commands, and accordingly distribute the initiation of load control requests to its subordinate Load Control objects 2005 OpenAMI Slide 16

17 ZigBee Alliance Automation & Control Protocol for IEEE Wireless Networks ZigBee is a low-cost, low power, two-way, way, wireless communications protocol For consumer electronics, home and building automation, industrial controls, PC peripherals, medical sensor applications, toys and games The ZigBee stack architecture is made up of a set of blocks called layers Each layer performs a specific set of services for the layer above: a data entity provides a data transmission service and a management entity provides all other services Each service entity exposes an interface to the upper layer through a service access point (SAP), and each SAP supports a number of service primitives to achieve the required functionality Per website: 130+ participants 44+ companies implementing Source: ZigBee Specification, Document r00, Version OpenAMI Slide 17

18 Z-Wave Alliance Reliable Wireless Communication for Low Cost Control Networks Z-Wave is a low-cost, low power, two-way, way, wireless communications protocol The protocol consist of 4 layers MAC layer that controls the RF media Transfer Layer that controls the transmitting and receiving of frames Routing Layer that controls the routing of frames in the network Application layer controls the payload in the transmitted and received frames The Z-Wave protocol has 2 basic kinds of devices controlling devices & slave nodes Controlling devices initiate control commands and sends out the commands to other nodes Slave nodes are the nodes that reply on and execute the commands Per website: 125+ companies implementing Source: Z-Wave Protocol Overview, Document , Version OpenAMI Slide 18

19 IEEE , and Wireless Broadband Communications Standards Source: Understanding Wi-Fi and WiMAX as Metro-Access Solutions, Intel, OpenAMI Slide 19

20 Conclusions A common AMI Services Interface Definition specification is required Authenticated Connections Support for Identity & Key Management Standards certified by NIST AMI System & Device Identity Recovery after a Power Outage Authorized Access Controls & Privileges AMI Service levels & privileges defined by Utility, may be granted during authentication Common Network Naming & Addressing Needs to scale from a thousands to millions of devices, and customers Common Energy Services & Control XML Schema and Message Structures Harmonization of IEC, DNP, ANSI, BACnet, ZigBee, Z-Wave, others... AMI Network requirements should dictate AMI Services Interface Definition requirements 2005 OpenAMI Slide 20