|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Medium voltage substation automation using control system COM600 and standard IEC61850
Havelka, Tomáš ; Štaffa, Jan (referee) ; Háze, Jiří (advisor)
This work deals with problematic of standard IEC61850, mainly with chapter IEC 61850-9-2 LE which is commonly known as Process bus communication. There are described advanced tools of the control system COM600 with detail description of their configuration in this work. It also deals with configuration of IEC 61850-9-2 LE with Relion family protection relays and its implementation to the control system COM600. The main aim of this work is focused on configuration of IEC 61850-9-2 standard with protection relays, configuration and detail description of COM600 advanced tools, description of Logic processor, further custom design and appliaction configuration global reset of Logic procesor in control system COM600.
|
|
|
IEC 61850 simulation environment
Rusz, Lukáš ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
The work deals with communication protocols of the IEC 61850 standard. The protocols GOOSE (Generic Object Oriented Substation Events), SMV (Sampled Measured Values) and MMS (Manufacturing Message Specification) are described. The protocols are used to create a simulation network, which is described in this work. The simulation network is created in the OMNeT ++, program installed in the Ubuntu virtual environment.
|
|
|
IEC 61850 industrial communication simulator
Srp, Jakub ; Pospíšil, Ondřej (referee) ; Blažek, Petr (advisor)
This thesis is focused on IEC 61850 communication protocols SMV, GOOSE and MMS and their implementation in SCADA systems. There is a simulator, run on Raspberry Pi, that generates data according to IEC 61850 and transmits the data using protocols in question. The simulation consist of various virtual devices e.g. surge protection, undervoltage protection, circuit breaker, disconnector, HMI. The MMS protocol is used for station control. Simulation can be user-defined from textual configuration file.
|
|
|
Energy protocol recognition using artificial intelligence
Racka, Jan ; Holasová, Eva (referee) ; Bohačík, Antonín (advisor)
The master's thesis focuses on classification of secure network traffic of energy protocols using convolutional neural network. The theoretical part discusses the issues of neural networks and their use in network traffic classification. In addition, the energy protocols Modbus, IEC 104, TASE.2, DNP3, GOOSE, SMV, MMS, and the standard DLMS/COSEM are analyzed, including their security. In the subsequent practical part, a convolutional neural network is implemented to recognize the mentioned protocols in their secured versions. Unsecured traffic records from publicly available repositories and from traffic simulators of the mentioned protocols, and captured data in an energy polygon were used to train the neural network. TLS and GOOSE convertotrs were developed to obtain secured traffic, which ensured that the protocols using same security mechanisms were secured uniformly. The resulting secured traffic was preprocessed into a two-dimensional format and was presented as input to the neural network for learning. The input image was created from the application parts of packets of the energy protocol session and formatted to the 28 × 28 byte image. The resulting network accuracy on the test data was 95,75 %. Furthermore, the network was tested on real traffic in an energy polygon, where it correctly recognized several protocols. A classifier for the operational state of a station that communicates using IEC 104 secured with TLS was developed as part of a partial objective of the thesis. The task of the classifier was to recognize, using encrypted messages, the state of the tested station. The classifier consisted of a convolutional neural network, which were usinga two-dimensional image consisting of information from a sequence of five consecutive packets as input. The information consisted of the interarrival time between packets, the length of the TLS encrypted application data, and the encrypted application data up to size 64 B. To obtain enough data to train the convolutional network, a simulator of characteristic messages for each state was developed. The classifier showed an accuracy of 43,05 % on the test data after the learning phase. Next, the classifier underwent testing on the test stations, where it was able to distinguish normal state of the state from events, but could not distinguish certain events of similar nature from each other.
|
|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Hardware-In-The-Loop Simulation Of A Distribution Network With An On-Load Tap Changer Controlled By An Intelligent Electronic Device Via Digital Communication
Jurák, Viktor
This paper deals with hardware-in-the-loop simulation of the distribution network, whichis equipped with the on-load tap changer on the HV / MV transformer. This tap changer in the simulationis controlled from a real physical external device - the multi-functional intelligent electronicdevice REX 640 from ABB. This device receives and processes the sampled measured values ofvoltages and currents. Based on these values, an instruction to switch the transformer tap is thengiven back into the simulation. All communication between the simulator and the external device isprovided using the IEC 61850 industrial communication protocol. The paper summarizes both thebenefits of hardware-in-the-loop simulations and the possibilities of using intelligent electronic devicesand data communication in distribution systems.
|
|
|
IEC 61850 simulation environment
Rusz, Lukáš ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
The work deals with communication protocols of the IEC 61850 standard. The protocols GOOSE (Generic Object Oriented Substation Events), SMV (Sampled Measured Values) and MMS (Manufacturing Message Specification) are described. The protocols are used to create a simulation network, which is described in this work. The simulation network is created in the OMNeT ++, program installed in the Ubuntu virtual environment.
|
|
|
IEC 61850 industrial communication simulator
Srp, Jakub ; Pospíšil, Ondřej (referee) ; Blažek, Petr (advisor)
This thesis is focused on IEC 61850 communication protocols SMV, GOOSE and MMS and their implementation in SCADA systems. There is a simulator, run on Raspberry Pi, that generates data according to IEC 61850 and transmits the data using protocols in question. The simulation consist of various virtual devices e.g. surge protection, undervoltage protection, circuit breaker, disconnector, HMI. The MMS protocol is used for station control. Simulation can be user-defined from textual configuration file.
|
|
|
Medium voltage substation automation using control system COM600 and standard IEC61850
Havelka, Tomáš ; Štaffa, Jan (referee) ; Háze, Jiří (advisor)
This work deals with problematic of standard IEC61850, mainly with chapter IEC 61850-9-2 LE which is commonly known as Process bus communication. There are described advanced tools of the control system COM600 with detail description of their configuration in this work. It also deals with configuration of IEC 61850-9-2 LE with Relion family protection relays and its implementation to the control system COM600. The main aim of this work is focused on configuration of IEC 61850-9-2 standard with protection relays, configuration and detail description of COM600 advanced tools, description of Logic processor, further custom design and appliaction configuration global reset of Logic procesor in control system COM600.
|
guest ::
