KR20150017255A - Power system - Google Patents

Power system Download PDF

Info

Publication number
KR20150017255A
KR20150017255A KR1020130093291A KR20130093291A KR20150017255A KR 20150017255 A KR20150017255 A KR 20150017255A KR 1020130093291 A KR1020130093291 A KR 1020130093291A KR 20130093291 A KR20130093291 A KR 20130093291A KR 20150017255 A KR20150017255 A KR 20150017255A
Authority
KR
South Korea
Prior art keywords
operating system
power
communication
stability
packet
Prior art date
Application number
KR1020130093291A
Other languages
Korean (ko)
Inventor
김경호
Original Assignee
엘에스산전 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 엘에스산전 주식회사 filed Critical 엘에스산전 주식회사
Priority to KR1020130093291A priority Critical patent/KR20150017255A/en
Publication of KR20150017255A publication Critical patent/KR20150017255A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

BACKGROUND OF THE INVENTION [0002] The present specification relates to power systems that provide security functions for hacking, To this end, the power system according to the present invention includes an upper operating system for communicating with a power device through a predetermined protocol; And calculating a reception packet average for a packet transmitted from the upper operating system, determining whether or not the packet is hacked when the calculated average value of the received packets exceeds a predetermined setting value, And suspends data transmission / reception with the higher-level operating system.

Description

Power system {POWER SYSTEM}

BACKGROUND 1. Technical Field The present disclosure relates to power systems, and more particularly to power systems that provide security functions for hacking,

Generally, a power system is a device that generates electric power and supplies the electric power to an arbitrary system.

Such a power system uses a closed communication network which is disconnected from an external network network among constituent elements of the power system, and therefore, it does not consider a separate matter related to security, Or when an arbitrary user accesses and deliberately hack is performed, security is very weak.

In this way, when intentional hacking of the power system is attempted, due to the arbitrary data communication distortion by any user, due to the characteristics of the power SCADA, the operation of the plant due to power outage or power failure, Interruption occurs.

Korean Utility Model Application No. 20-2003-0018881

It is an object of the present disclosure to provide a power system that provides security features for external hacking while maintaining the characteristics of the power equipment when hacking directly to the endpoint of the power grid in addition to the communication channel.

The power device according to an exemplary embodiment of the present invention includes: a communication unit communicatively coupled to the upper operating system, the arbitrary power device communicatively coupled to an upper operating system included in the power system; A storage unit for storing one or more security algorithms; And calculating a reception packet average for a packet received through the communication unit. When the calculated reception packet average exceeds a predetermined setting value, the stored security algorithm is executed to check the internal memory to determine whether or not the packet is hacked And a controller.

As an example related to the present specification, the power device may be a programmable logic device such as an intelligent electronic device (IED), a remote terminal unit (RTU), a front-end processor (FEP) A programmable logic controller (PLC), a meter, and a human machine interface (HMI).

As an example related to the present specification, the controller may check the suitability of a communication frame for determining a communication address, an IP address, and a frame header value after calculating a reception packet average for the received packet.

As a result, when the hacking state is determined to be a hacking state, the control unit switches the communication port of the communication unit to the idle state and transmits / receives data to / from another device included in the power system Can be stopped.

As an example related to the present specification, the control unit may determine the suitability of a packet received periodically through the communication unit by an internal watchdog function, and when the received packet is switched to a normal state, The communication port can be switched to the active state.

In one embodiment of the present invention, the control unit generates a stability status confirmation request signal for requesting the stability status check of the power system, and transmits the generated stability status check request signal to the upper operating system Lt; / RTI >

As an example related to the present specification, the control unit may control the communication port state of the communication unit based on the stability status information transmitted from the upper operating system, in response to the transmitted stability status confirmation request signal.

As an example related to the present specification, when the stability status information transmitted from the upper operating system includes information indicating that there is a problem with the stability of the power system in response to the transmitted stability status confirmation request signal , The communication port of the communication unit can be kept in the active state.

As an example related to the present specification, when the stability status information transmitted from the upper operating system includes information indicating that there is no problem in the stability of the power system in response to the transmitted stability status confirmation request signal , The communication port of the communication unit can be switched from the active state to the normal state to perform a normal communication function with the higher-level operating system.

The power system according to an embodiment of the present invention includes an upper operating system for communicating with a power device through a predetermined protocol; And calculating a reception packet average for a packet transmitted from the upper operating system, determining whether or not the packet is hacked when the calculated average value of the received packets exceeds a predetermined setting value, And suspends data transmission / reception with the higher-level operating system.

The power system according to an embodiment of the present invention provides a security function for external hacking while maintaining the characteristics of the power equipment when hacking directly to the end point of the power network in addition to the communication channel, It is possible to enhance the security of the power device of the end point by changing the software.

1 is a block diagram illustrating a configuration of a power system according to an embodiment of the present invention.
2 is a block diagram illustrating a configuration of a power device according to an embodiment of the present invention.
3 is a flowchart illustrating a method of controlling a power system according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout.

1 is a block diagram illustrating a configuration of a power system 10 in accordance with an embodiment of the present disclosure.

As shown in FIG. 1, the power system 10 is comprised of an upper operating system 100 and a power device 200. Not all of the components of the power system 10 shown in Figure 1 are required, and the power system 10 may be implemented by more components than the components shown in Figure 1, The power system 10 may also be implemented.

The upper operating system (or upper SCADA (Supervisory Control and Data Acquisition) system) 100 may be a supervisory server or the like.

The upper operating system 100 communicates with the power device 200 through a protocol (or SCADA protocol) such as MODBUS, DNP, and IEC-61870 set in advance for communication with the power device 200 do.

Also, the upper operating system 100 communicates with the power device 200 through a communication method such as RS-232, RS-422, RS-485, and Ethernet.

Also, the upper operating system 100 transmits / receives a packet (or a frame) including various data related to measurement, control, and monitoring with various devices included in the power device 200.

In addition, the upper operating system 100 collects the data transmitted from the power device 200, provides a notification service to the user terminal, or provides report reports and the like.

As described above, the upper operating system 100 performs the monitoring and controlling function through the predetermined SCADA protocol, and collects and records the status information data of the lower power device 200 through analog and / or digital signals And.

Also, the upper operating system 100 checks the status of each of the plurality of power devices 200 connected to the upper operating system 100, and confirms whether or not the device is in a hacking state.

Also, the upper operating system 100 receives the stability status confirmation request signal transmitted from the arbitrary / specific power device 200, and transmits the stability status confirmation request signal to the power system 10 in response to the received stability status confirmation request signal To the corresponding power device 200, stability state information including information on the stability state of a plurality of (or more than one) other power devices 200 included.

In addition, the upper operating system 100 may be configured such that when any communication port of any / specific power device 200 included in the power system 10 is switched to an idle state by any hack, And the stability of the plurality of other power devices 200 included in the power device 200 is confirmed.

The power device (or lower SCADA system) 200 may include an intelligent electronic device (IED), a remote terminal unit (RTU), a front-end processor (FEP) A programmable logic controller (PLC), a measuring instrument, and a human machine interface (HMI).

The power device 200 includes a communication unit 210, a storage unit 220, a control unit 230, and a display unit 240, as shown in FIG. Not all of the components of the upper operating system 100 shown in FIG. 2 are required, and the upper operating system 100 may be implemented by more components than the components shown in FIG. 2, The parent operating system 100 may also be implemented by components.

The communication unit 210 communicates with the upper operating system 100 through protocols such as MODBUS, DNP, and IEC-61870 set in advance for communication with the upper operating system 100.

The communication unit 210 communicates with the upper operating system 100 through a communication method such as RS-232, RS-422, RS-485, and Ethernet.

In addition, the communication unit 210 transmits / receives a packet (or a frame) including various data related to the measurement, control, and monitoring of the power device 200.

The storage unit 220 stores data and programs necessary for the power device 200 to operate.

The storage unit 220 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (for example, SD or A random access memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM) , And a programmable read-only memory (PROM). In addition, the power device 200 may operate in association with the web storage or operate a web storage that performs a storage function of the storage unit 220 on the Internet.

Also, the storage unit 220 stores one or more security algorithms.

The controller 230 performs an overall control function of the power device 200.

Also, the control unit 230 calculates (or calculates) the number of packets (or the received packet average) received through the communication unit 210 per unit time set in advance.

That is, the controller 230 calculates the number of packets received (or the number of received packets) per second in the communication network per second, periodically calculates the rate of packet change by the moving average method, Packet change rate) in the storage unit 220.

Also, the controller 230 confirms suitability (or suitability) of the received packet.

That is, the controller 230 determines a communication frame by determining a communication address, an IP address, a frame header value, and the like.

The controller 230 generates an alarm signal and displays the generated alarm signal on the display unit 240 when there is an abnormality in the suitability of the packet that is always received as a result of the conformity check of the communication frame.

In addition, the controller 230 determines whether the calculated average received packet (or packet change rate) exceeds a predetermined set value. Here, the predetermined setting value may be a network packet rate (or a received packet average / packet change rate / packet amount) in the steady state of the power device 200 and the upper operating system 100.

The controller 230 executes a security algorithm previously stored in the storage unit 220 when the calculated received packet average (or packet change rate) exceeds the predetermined set value, The internal memory of the controller 200 is checked.

If it is determined that the internal memory of the power device 200 is in a hacking state, the controller 230 switches the communication port of the communication unit 210 to an idle state, (For example, the upper-level operating system 100) included in the upper-level operating system 10).

For example, the control unit 230 determines whether the power system 200 is in a state where a firewall (not shown) of the power system 10 is hacked and a DDos attack and an IP spoofing IP spoofing), the communication port of the communication unit 210 is switched to the idle state, and data transmission / reception with the upper operating system 100 is stopped.

The controller 230 sets the communication port to the idle state when data of several tens of times the packet amount corresponding to the preset set value is received by the hacking attack, So that the power device 200 can be prevented from failing due to a buffer overflow.

In addition, the control unit 230 may receive a packet (or a state of a communication network / communication line by the internal watchdog function) periodically received through the communication unit 210 by an internal watchdog function (watch-dog fucntion) (Or check) the suitability of the device.

When the communication port of the communication unit 210 is switched to the idle state and the packet periodically received by the internal watchdog function remains in an abnormal state as a result of the determination, And repeatedly performs a process of continuously determining suitability of a received packet by the internal watchdog function.

When the communication port of the communication unit 210 is switched to the idle state and the packet periodically received by the internal watchdog function is switched to the normal state as a result of the determination, And switches the communication port of the idle state to an active state.

The control unit 230 generates a stability status confirmation request signal for requesting the stability check of the entire power system 10 and transmits the generated stability status check request signal to the upper To the operating system (100).

The control unit 230 controls the communication port state of the communication unit 210 based on the stability status information transmitted from the upper operating system 100 in response to the transmitted stability status confirmation request signal. Here, the stability status information includes information indicating whether there is a problem with the overall stability of the power system 10.

That is, the control unit 230 adds stability state information transmitted from the upper OS 100 in response to the transmitted stability state confirmation request signal to information indicating that there is still a problem with the stability of the power system 10 (Or switches to the idle state again) while maintaining the communication port status of the communication unit 210 in the active state, and transmits the stability status confirmation request signal generated at the predetermined time interval to the upper operating system 100, and receives a response signal repeatedly.

In addition, the control unit 230 may include information indicating that there is no problem in the stability of the power system 10 in the stability status information transmitted from the upper OS 100 in response to the transmitted stability status confirmation request signal The communication port 210 of the communication unit 210 is switched from the active state to the normal state and performs various functions such as measurement, control, and monitoring of various devices through the normal communication function with the upper operating system 100 And transmits and receives various related data.

The display unit 240 can display various contents such as various menu screens by using the user interface and / or graphical user interface stored in the storage unit 220 under the control of the controller 230. Here, the content displayed on the display unit 240 includes a variety of text or image data (including various information data) and a menu screen including data such as an icon, a list menu, and a combo box. Also, the display unit 240 may be a touch screen.

The display unit 240 may be a liquid crystal display (LCD), a thin film transistor liquid crystal display (TFT LCD), an organic light-emitting diode (OLED) A display, a flexible display, a three-dimensional display, and an e-ink display.

Also, the display unit 240 displays the alarm signal generated by the controller 230.

In this way, when hacking is attempted directly to the end point of the power network in addition to the communication channel, it is possible to provide a security function for external hacking while maintaining the characteristics of the power equipment.

Hereinafter, a method of controlling the power system according to the present invention will be described in detail with reference to FIGS. 1 to 3. FIG.

3 is a flowchart illustrating a method of controlling a power system according to an embodiment of the present invention.

First, the power device (or lower SCADA system) 200 receives a packet (or a frame) transmitted from the upper operating system 100 through a predetermined protocol. Here, the predetermined protocol is preset for communication between the power device 200 and the upper operating system 100, and may be MODBUS, DNP, IEC-61870, and the like. The communication method between the power device 200 and the upper operating system 100 may be RS-232, RS-422, RS-485, or Ethernet for high-speed communication. In addition, the packet includes various data related to measurement, control and monitoring of various devices. At this time, the upper operating system 100 may be a monitoring server or the like. In addition, the power device 200 includes a protection relay (IED), a remote testing device (RTU), a front end processor (FEP), a programmable logic controller (PLC), a meter, and an HMI (S310).

Thereafter, the power device 200 calculates (or calculates) the number of received packets (or the received packet average) per unit time set in advance.

That is, the power device 200 calculates the number of packets received (or the number of received packets) per second in the communication network per second and periodically calculates a rate of packet change by the moving average method (S320).

Thereafter, the power device 200 confirms suitability (or appropriateness) of the received packet.

That is, the power device 200 determines the conformity of the communication frame by determining a communication address, an IP address, a frame header value, and the like (S330).

Thereafter, the power device 200 outputs an alarm signal when the conformity of the received packet is abnormal as a result of the checking (S340).

Thereafter, the power device 200 performs the following process when there is no problem with the fitness of the received packet (or in a normal state) as a result of the checking.

That is, when the calculated received packet average (or packet change rate) exceeds the predetermined set value, the power device 200 executes a pre-stored security algorithm to check the internal memory of the power device 200 (S350).

If it is determined that the power device 200 is in the hacking state, the power device 200 may switch the communication port to the idle state and may switch the communication port to another device included in the power system 10 (for example, 100) in step S360.

Thereafter, the power device 200 determines (or inspects) the suitability of the packet periodically received (or the state of the communication network / communication line by the internal watchdog function) by the internal watchdog function (S370 ).

Thereafter, in a state where the communication port is switched to the idle state, when the packet periodically received by the internal watch dog function is maintained in an abnormal state as a result of the determination, The process of determining suitability of the received packet by the watch dog function is repeated (S380).

When the communication port is switched to the idle state and the packet periodically received by the internal watchdog function is switched to the normal state as a result of the determination, the power device (200) The communication port is switched to the active state (S390).

Thereafter, the power device 200 generates a stability status confirmation request signal for requesting the stability check of the entire power system 10, and transmits the generated stability status check request signal to the host OS 100 (S400).

Thereafter, the power device 200 controls the communication port state of the power device 200 based on the stability status information transmitted from the upper OS 100 in response to the transmitted stability status confirmation request signal . Here, the stability status information includes information indicating whether there is a problem with the overall stability of the power system 10.

That is, in response to the transmitted stability status confirmation request signal, the power device 200 determines that the stability status information transmitted from the upper OS 100 indicates that there is still a problem with the stability of the power system 10 (Or switches to the idle state again) while maintaining the communication port state of the power device 200 in the active state, and transmits the stability state confirmation request signal, which is generated at a predetermined time interval, To the system 100 and receives a response signal.

In addition, the power device 200 may transmit the stability status information transmitted from the upper operating system 100 in response to the transmitted stability status confirmation request signal, indicating that there is no problem in the stability of the power system 10 Control, and monitoring of various devices through the communication function with the upper operating system 100 by switching the communication port state of the power device 200 from the active state to the normal state, And the like (S410).

As described above, embodiments of the present invention provide a security function for external hacking while maintaining the characteristics of a power device when a hacking attempt is directly made to an end point of a power network in addition to a communication channel, It is possible to enhance the security of the power device of the end point by changing the software.

The present invention may be embodied in many other specific forms without departing from the spirit or essential characteristics thereof. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

10: Power system 100: Upper operating system
200: Power device 210:
220: storage unit 230:
240:

Claims (9)

In any power device communicatively coupled to a host operating system included in the power system,
A communication unit for establishing communication with the upper operating system;
A storage unit for storing one or more security algorithms; And
Calculates a reception packet average for a packet received through the communication unit and, when the calculated reception packet average exceeds a predetermined setting value, executes the stored security algorithm to check the internal memory to determine whether or not it is in a hacking state And a control unit. The power device according to claim 1,
(IED), a remote terminal unit (RTU), a front-end processor (FEP), a programmable logic controller (PLC), a measuring instrument, and an HMI Machine Interface). The apparatus of claim 1,
An IP address, and a frame header value after calculating a reception packet average for the received packet. The apparatus of claim 1,
Wherein the control unit switches the communication port of the communication unit to an idle state when it is determined that the hacking state is a hacking state and stops data transmission / reception with another device included in the power system. 5. The apparatus of claim 4,
Wherein the internal watchdog function periodically determines the suitability of a packet received through the communication unit and switches the communication port in the idle state to an active state when the received packet is switched to a normal state. Power equipment. 6. The apparatus of claim 5,
Generates a stability status confirmation request signal for requesting the stability status check of the power system, and transmits the generated stability status check request signal to the host operating system through the communication unit. 7. The apparatus of claim 6,
And controls the communication port status of the communication unit based on the stability status information transmitted from the upper operating system in response to the transmitted stability status confirmation request signal. 7. The apparatus of claim 6,
When the stability status information transmitted from the upper operating system includes information indicating a problem in stability of the power system in response to the transmitted stability status confirmation request signal, the communication port of the communication unit is maintained in an active state Wherein said power device comprises: 7. The apparatus of claim 6,
Wherein when the stability status information transmitted from the upper operating system includes information indicating that there is no problem in the stability of the power system in response to the transmitted stability status confirmation request signal, And performs a normal communication function with the upper operating system.
KR1020130093291A 2013-08-06 2013-08-06 Power system KR20150017255A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130093291A KR20150017255A (en) 2013-08-06 2013-08-06 Power system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130093291A KR20150017255A (en) 2013-08-06 2013-08-06 Power system

Publications (1)

Publication Number Publication Date
KR20150017255A true KR20150017255A (en) 2015-02-16

Family

ID=53046205

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130093291A KR20150017255A (en) 2013-08-06 2013-08-06 Power system

Country Status (1)

Country Link
KR (1) KR20150017255A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018139708A1 (en) * 2017-01-24 2018-08-02 엘지전자 주식회사 Apparatus for testing hacking of vehicle electronic device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018139708A1 (en) * 2017-01-24 2018-08-02 엘지전자 주식회사 Apparatus for testing hacking of vehicle electronic device
US11284262B2 (en) 2017-01-24 2022-03-22 LG Electronics Inc. and Korea University Research and Business Foundation Apparatus for testing hacking of vehicle electronic device

Similar Documents

Publication Publication Date Title
CN103209439B (en) The method of a kind of data traffic monitoring, device and equipment
JP6073287B2 (en) Method and apparatus for sending a device description file to a host
US9021431B2 (en) System and method for developing, deploying and implementing power system computer applications
US9270109B2 (en) Exchange of messages between devices in an electrical power system
US20140282021A1 (en) Visualization of Communication Between Devices in an Electric Power System
CN103117879A (en) Network monitoring system for computer hardware processing parameters
EP2795855B1 (en) System and method for using a network to control a power management system
US20140280673A1 (en) Systems and methods for communicating data state change information between devices in an electrical power system
CN103533084A (en) Real-time DMS (device management system) of B/S (browser/server) framework and method thereof
CN104065526A (en) Server fault alarming method and device thereof
CN106776243A (en) A kind of monitoring method and device for monitoring software
CN104980293A (en) Method and device for quickly transmitting and detecting OAM message
US20140280713A1 (en) Proxy Communication Between Devices in an Electrical Power System
US20140280672A1 (en) Systems and Methods for Managing Communication Between Devices in an Electrical Power System
CN116436823B (en) State monitoring method of intelligent network card and related equipment
EP3565217B1 (en) Method for realizing value-added service and cloud server
KR20150017255A (en) Power system
JP2023116791A (en) loop interface
CN110609533A (en) Safety architecture of SCADA data acquisition system
US20130179569A1 (en) Systems and methods for gateway status information handling
CN104486415B (en) The determination method and device of monitored object working condition
CN105208079A (en) SAN switch monitoring system and method
CN103873299B (en) The method and its device of a kind of equipment state polling
CN105530461B (en) Method, device and system for realizing bypass switching access
KR20140134113A (en) Digital protection relay and controlling method thereof

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application