KR20150017255A - Power system - Google Patents
Power system Download PDFInfo
- Publication number
- KR20150017255A KR20150017255A KR1020130093291A KR20130093291A KR20150017255A KR 20150017255 A KR20150017255 A KR 20150017255A KR 1020130093291 A KR1020130093291 A KR 1020130093291A KR 20130093291 A KR20130093291 A KR 20130093291A KR 20150017255 A KR20150017255 A KR 20150017255A
- Authority
- KR
- South Korea
- Prior art keywords
- operating system
- power
- communication
- stability
- packet
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
BACKGROUND OF THE INVENTION [0002] The present specification relates to power systems that provide security functions for hacking, To this end, the power system according to the present invention includes an upper operating system for communicating with a power device through a predetermined protocol; And calculating a reception packet average for a packet transmitted from the upper operating system, determining whether or not the packet is hacked when the calculated average value of the received packets exceeds a predetermined setting value, And suspends data transmission / reception with the higher-level operating system.
Description
Generally, a power system is a device that generates electric power and supplies the electric power to an arbitrary system.
Such a power system uses a closed communication network which is disconnected from an external network network among constituent elements of the power system, and therefore, it does not consider a separate matter related to security, Or when an arbitrary user accesses and deliberately hack is performed, security is very weak.
In this way, when intentional hacking of the power system is attempted, due to the arbitrary data communication distortion by any user, due to the characteristics of the power SCADA, the operation of the plant due to power outage or power failure, Interruption occurs.
It is an object of the present disclosure to provide a power system that provides security features for external hacking while maintaining the characteristics of the power equipment when hacking directly to the endpoint of the power grid in addition to the communication channel.
The power device according to an exemplary embodiment of the present invention includes: a communication unit communicatively coupled to the upper operating system, the arbitrary power device communicatively coupled to an upper operating system included in the power system; A storage unit for storing one or more security algorithms; And calculating a reception packet average for a packet received through the communication unit. When the calculated reception packet average exceeds a predetermined setting value, the stored security algorithm is executed to check the internal memory to determine whether or not the packet is hacked And a controller.
As an example related to the present specification, the power device may be a programmable logic device such as an intelligent electronic device (IED), a remote terminal unit (RTU), a front-end processor (FEP) A programmable logic controller (PLC), a meter, and a human machine interface (HMI).
As an example related to the present specification, the controller may check the suitability of a communication frame for determining a communication address, an IP address, and a frame header value after calculating a reception packet average for the received packet.
As a result, when the hacking state is determined to be a hacking state, the control unit switches the communication port of the communication unit to the idle state and transmits / receives data to / from another device included in the power system Can be stopped.
As an example related to the present specification, the control unit may determine the suitability of a packet received periodically through the communication unit by an internal watchdog function, and when the received packet is switched to a normal state, The communication port can be switched to the active state.
In one embodiment of the present invention, the control unit generates a stability status confirmation request signal for requesting the stability status check of the power system, and transmits the generated stability status check request signal to the upper operating system Lt; / RTI >
As an example related to the present specification, the control unit may control the communication port state of the communication unit based on the stability status information transmitted from the upper operating system, in response to the transmitted stability status confirmation request signal.
As an example related to the present specification, when the stability status information transmitted from the upper operating system includes information indicating that there is a problem with the stability of the power system in response to the transmitted stability status confirmation request signal , The communication port of the communication unit can be kept in the active state.
As an example related to the present specification, when the stability status information transmitted from the upper operating system includes information indicating that there is no problem in the stability of the power system in response to the transmitted stability status confirmation request signal , The communication port of the communication unit can be switched from the active state to the normal state to perform a normal communication function with the higher-level operating system.
The power system according to an embodiment of the present invention includes an upper operating system for communicating with a power device through a predetermined protocol; And calculating a reception packet average for a packet transmitted from the upper operating system, determining whether or not the packet is hacked when the calculated average value of the received packets exceeds a predetermined setting value, And suspends data transmission / reception with the higher-level operating system.
The power system according to an embodiment of the present invention provides a security function for external hacking while maintaining the characteristics of the power equipment when hacking directly to the end point of the power network in addition to the communication channel, It is possible to enhance the security of the power device of the end point by changing the software.
1 is a block diagram illustrating a configuration of a power system according to an embodiment of the present invention.
2 is a block diagram illustrating a configuration of a power device according to an embodiment of the present invention.
3 is a flowchart illustrating a method of controlling a power system according to an embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout.
1 is a block diagram illustrating a configuration of a
As shown in FIG. 1, the
The upper operating system (or upper SCADA (Supervisory Control and Data Acquisition) system) 100 may be a supervisory server or the like.
The
Also, the
Also, the
In addition, the
As described above, the
Also, the
Also, the
In addition, the
The power device (or lower SCADA system) 200 may include an intelligent electronic device (IED), a remote terminal unit (RTU), a front-end processor (FEP) A programmable logic controller (PLC), a measuring instrument, and a human machine interface (HMI).
The
The
The
In addition, the
The
The
Also, the
The
Also, the
That is, the
Also, the
That is, the
The
In addition, the
The
If it is determined that the internal memory of the
For example, the
The
In addition, the
When the communication port of the
When the communication port of the
The
The
That is, the
In addition, the
The
The
Also, the
In this way, when hacking is attempted directly to the end point of the power network in addition to the communication channel, it is possible to provide a security function for external hacking while maintaining the characteristics of the power equipment.
Hereinafter, a method of controlling the power system according to the present invention will be described in detail with reference to FIGS. 1 to 3. FIG.
3 is a flowchart illustrating a method of controlling a power system according to an embodiment of the present invention.
First, the power device (or lower SCADA system) 200 receives a packet (or a frame) transmitted from the
Thereafter, the
That is, the
Thereafter, the
That is, the
Thereafter, the
Thereafter, the
That is, when the calculated received packet average (or packet change rate) exceeds the predetermined set value, the
If it is determined that the
Thereafter, the
Thereafter, in a state where the communication port is switched to the idle state, when the packet periodically received by the internal watch dog function is maintained in an abnormal state as a result of the determination, The process of determining suitability of the received packet by the watch dog function is repeated (S380).
When the communication port is switched to the idle state and the packet periodically received by the internal watchdog function is switched to the normal state as a result of the determination, the power device (200) The communication port is switched to the active state (S390).
Thereafter, the
Thereafter, the
That is, in response to the transmitted stability status confirmation request signal, the
In addition, the
As described above, embodiments of the present invention provide a security function for external hacking while maintaining the characteristics of a power device when a hacking attempt is directly made to an end point of a power network in addition to a communication channel, It is possible to enhance the security of the power device of the end point by changing the software.
The present invention may be embodied in many other specific forms without departing from the spirit or essential characteristics thereof. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.
10: Power system 100: Upper operating system
200: Power device 210:
220: storage unit 230:
240:
Claims (9)
A communication unit for establishing communication with the upper operating system;
A storage unit for storing one or more security algorithms; And
Calculates a reception packet average for a packet received through the communication unit and, when the calculated reception packet average exceeds a predetermined setting value, executes the stored security algorithm to check the internal memory to determine whether or not it is in a hacking state And a control unit.
(IED), a remote terminal unit (RTU), a front-end processor (FEP), a programmable logic controller (PLC), a measuring instrument, and an HMI Machine Interface).
An IP address, and a frame header value after calculating a reception packet average for the received packet.
Wherein the control unit switches the communication port of the communication unit to an idle state when it is determined that the hacking state is a hacking state and stops data transmission / reception with another device included in the power system.
Wherein the internal watchdog function periodically determines the suitability of a packet received through the communication unit and switches the communication port in the idle state to an active state when the received packet is switched to a normal state. Power equipment.
Generates a stability status confirmation request signal for requesting the stability status check of the power system, and transmits the generated stability status check request signal to the host operating system through the communication unit.
And controls the communication port status of the communication unit based on the stability status information transmitted from the upper operating system in response to the transmitted stability status confirmation request signal.
When the stability status information transmitted from the upper operating system includes information indicating a problem in stability of the power system in response to the transmitted stability status confirmation request signal, the communication port of the communication unit is maintained in an active state Wherein said power device comprises:
Wherein when the stability status information transmitted from the upper operating system includes information indicating that there is no problem in the stability of the power system in response to the transmitted stability status confirmation request signal, And performs a normal communication function with the upper operating system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130093291A KR20150017255A (en) | 2013-08-06 | 2013-08-06 | Power system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130093291A KR20150017255A (en) | 2013-08-06 | 2013-08-06 | Power system |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20150017255A true KR20150017255A (en) | 2015-02-16 |
Family
ID=53046205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020130093291A KR20150017255A (en) | 2013-08-06 | 2013-08-06 | Power system |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20150017255A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018139708A1 (en) * | 2017-01-24 | 2018-08-02 | 엘지전자 주식회사 | Apparatus for testing hacking of vehicle electronic device |
-
2013
- 2013-08-06 KR KR1020130093291A patent/KR20150017255A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018139708A1 (en) * | 2017-01-24 | 2018-08-02 | 엘지전자 주식회사 | Apparatus for testing hacking of vehicle electronic device |
US11284262B2 (en) | 2017-01-24 | 2022-03-22 | LG Electronics Inc. and Korea University Research and Business Foundation | Apparatus for testing hacking of vehicle electronic device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103209439B (en) | The method of a kind of data traffic monitoring, device and equipment | |
JP6073287B2 (en) | Method and apparatus for sending a device description file to a host | |
US9021431B2 (en) | System and method for developing, deploying and implementing power system computer applications | |
US9270109B2 (en) | Exchange of messages between devices in an electrical power system | |
US20140282021A1 (en) | Visualization of Communication Between Devices in an Electric Power System | |
CN103117879A (en) | Network monitoring system for computer hardware processing parameters | |
EP2795855B1 (en) | System and method for using a network to control a power management system | |
US20140280673A1 (en) | Systems and methods for communicating data state change information between devices in an electrical power system | |
CN103533084A (en) | Real-time DMS (device management system) of B/S (browser/server) framework and method thereof | |
CN104065526A (en) | Server fault alarming method and device thereof | |
CN106776243A (en) | A kind of monitoring method and device for monitoring software | |
CN104980293A (en) | Method and device for quickly transmitting and detecting OAM message | |
US20140280713A1 (en) | Proxy Communication Between Devices in an Electrical Power System | |
US20140280672A1 (en) | Systems and Methods for Managing Communication Between Devices in an Electrical Power System | |
CN116436823B (en) | State monitoring method of intelligent network card and related equipment | |
EP3565217B1 (en) | Method for realizing value-added service and cloud server | |
KR20150017255A (en) | Power system | |
JP2023116791A (en) | loop interface | |
CN110609533A (en) | Safety architecture of SCADA data acquisition system | |
US20130179569A1 (en) | Systems and methods for gateway status information handling | |
CN104486415B (en) | The determination method and device of monitored object working condition | |
CN105208079A (en) | SAN switch monitoring system and method | |
CN103873299B (en) | The method and its device of a kind of equipment state polling | |
CN105530461B (en) | Method, device and system for realizing bypass switching access | |
KR20140134113A (en) | Digital protection relay and controlling method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |