1 / 64

SCADA Telecommunications Data Integrity

SCADA Telecommunications Data Integrity. Michael L. Watson Rapid Technologies Intl, Ltd. Michael L. Watson. B.S.E.E. Texas ASU 20+ Years Industry experience Teaching AGA Measurement, Communications, and Microsoft Windows courses since 1998 Full partner Rapid Technology Intl

amadis
Télécharger la présentation

SCADA Telecommunications Data Integrity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCADA Telecommunications Data Integrity Michael L. Watson Rapid Technologies Intl, Ltd

  2. Michael L. Watson • B.S.E.E. Texas ASU • 20+ Years Industry experience • Teaching AGA Measurement, Communications, and Microsoft Windows courses since 1998 • Full partner Rapid Technology Intl • Currently consulting in 5 Countries • Committee service for GPA, ANB, ONIP

  3. Definitions • 1. Telephone (Dialup/Lease), Cellular, Radio,Microwave Physical mediums for data transmission. • 2. Radio The wireless transmission through space of electromagnetic waves in the approximate frequency range from 10 kilohertz to 300,000 megahertz. • 3. Modem A device for transmitting usually digital data over telephone wires by modulating the data into an audio signal to send it and demodulating an audio signal into data to receive it. • 4. Protocols A standard procedure for regulating data transmission between computers.

  4. Modems

  5. Modulation

  6. Radios

  7. Satellite

  8. Telemetry Methods • Conventional Radio • Trunking Radio • SpreadSpectrum Radio • Motorola DataTAC • Serial Cable • Dial Up • Serial Multi-Drop • Leased-Line • Internet IP • Ethernet TCP/IP, UDP/IP • TCP Pooling • TCP Listen • Terminal Server (TCP/IP, UDP/IP) • Satellite • VSAT • PSTN • CDPD • CDMA • GPRS

  9. Definitions • Baud rate Pronounced bawd, the number of signaling elements that occur each second. The term is named after J.M.E. Baudot, the inventor of the Baudot telegraph code. Actually BPS. For a more true indication of baud rate, the rule of thumb is to divide bps by 10 • Parity The quality of being either odd or even. The fact that all numbers have a parity is commonly used in data communications to ensure the validity of data. This is called parity checking. • CRC Cyclic Redundancy Check, another common technique for detecting data transmission errors.Data is checked against a known fomula. • Checksum A simple error-detection scheme in which each transmitted message is accompanied by a numerical value based on the number of set bits in the message.

  10. 9600,8,N,1What does it mean ? • Baud rate 1200, 2400, 4800, 9600, 19200,…115200 • Word bits 7 or 8 • Parity Even, Odd, None • Stop bits 0, 1, or 2

  11. Baud Rate

  12. Parity

  13. Checksum

  14. CRC

  15. Definitions • DTE Data Terminal Equipment • DCE Data Communications Equipment • DTE’s PC, EFM, RTU, PLC, DCS… • DCE’s Modem, Radio, CDPD, GPS, SAT…

  16. DTE to DCE

  17. Bits and Bytes • Bit = 0 or 1 (One of only two values) • Byte = 8 bits (Max. number = 255) • Character = Any 8 bit or 1 byte value • Word = 8 bit CPU = 8 bit word 16 bit CPU = 16 bit word • Float = Can be 16 bit (1 byte) or 32 bit (2 byte) Normally 32 bit int. = HB/LB HW/LW • Rev. Float = Can be 16 bit or 32 bit Normally 32 bit int. = HB/LB LW/HW

  18. Byte and word ordering • Each 16-bit register - two 8-bit bytes • High byte/Low byte • Low byte/High byte • Each 32-bit number - two 16-bit registers (called words) • High word/Low word • Low word/High word

  19. Byte and word ordering • 32-bit integer (4 bytes - 2 words) • decimal 2,309,737,967 • hex 89 AB CD EF • binary 10001001 10101011 11001101 11101111 - Most significant comes first - High byte/Low byte - High word/Low word - Big Endian (big end first)

  20. Byte and word ordering • 32-bit integer (4 bytes - 2 words) • decimal 2,309,737,967 • hex EF CD AB 89 • binary 11101111 11001101 10101011 10001001 - Most significant comes last - Low byte/High byte - Low word/High word - Little Endian (little end first)

  21. Big-Endian and Little-Endian • Terms derived from the Lilliputians of Gulliver's Travels • their major political issue was whether soft-boiled eggs should be opened on the big end or the little end. • Likewise, the big-/little-endian computer debate has much more to do with political issues than technological merits.

  22. Common Big Endian file formats • Motorola • Adobe Photoshop -- Big Endian • IMG (GEM Raster) -- Big Endian • JPEG -- Big Endian • MacPaint -- Big Endian • SGI (Silicon Graphics) -- Big Endian • Sun Raster -- Big Endian • WPG (WordPerfect Graphics Metafile) -- Big Endian (on a PC!) • TIFF --Both, Endian identifier encoded into file • DXF (AutoCad) --Variable

  23. Common Little Endian file formats • Intel • BMP (Windows and OS/2 Bitmaps) -- Little Endian • GIF -- Little Endian • FLI (Autodesk Animator) -- Little Endian • PCX (PC Paintbrush) -- Little Endian • QTM (Quicktime Movies) -- Little Endian (on a Mac!) • Microsoft RTF (Rich Text Format) -- Little Endian • TGA (Targa) -- Little Endian • Microsoft RIFF (.WAV & .AVI) -- Both • XWD (X Window Dump) -- Both, Endian identifier encoded into file

  24. Protocol Defined • A standard procedure for regulating data transmission between computers. • An agreed-upon format for transmitting data between two devices. The protocol determines the following: • the type of error checking to be used • data compression method, if any • how the sending device will indicate that it has finished sending a message • how the receiving device will indicate that it has received a message • There are a variety of standard protocols from which programmers can choose. Each has particular advantages and disadvantages; for example, some are simpler than others, some are more reliable, and some are faster. • From a user's point of view, the only interesting aspect about protocols is that your computer or device must support the right ones if you want to communicate with other computers. • The protocol can be implemented either in hardware or in software.

  25. Native Protocols • ABB Totalflow • Allen Bradley DF1 • Amocams AINET • Barton ScanCom • Bristol Babcock BSAP • Bytel • Cutler Hammer IMPACC   • Control Microsystems SCADAPack • Daniels DSI • DNP 3.0 • Eagle Research   • Emerson (Fisher) FloBoss   • Emerson (Fisher) ROC • Galvanic Gas Micro • GE 90 Series SNPX, Ethernet & Multilin • Hewlett Packard 48000 • Kimray • Mercury Instruments • Motorola MOSCAD • OMNI Flow Computers • Opto 22 • Reynolds Equipment • Siemens 505 • Siemens CAMP • Siemens TIWAY • Teledyne CANet • Teledyne CSNet • Teledyne TGP Module • Thermo Automation  

  26. Modbus Protocols ABB TotalFlow   • Baker CAC 8800    • Barton   ScanMod • Bristol   • Control Microsystems SCADAPack   • Daniels   • Enron   • Emerson (Fisher) FloBoss   • Emerson (Fisher) ROC   • Flow Automation   • GE 90 Series SNPX, Ethernet & Multilin • Halliburton • Lufkin Automation DXREM 

  27. MODBUS Basics Modbus Request: read 40006 to 40009 01 03 0005 0004 5408 | | | | | | | | | CRC (cyclic redundancy check) | | | | | | | # registers to read | | | | | 1st register to read (40001 offset) | | | function code (03=read 40000 series registers) | Modbus address

  28. MODBUS Basics Modbus Reply: 01 03 08 42E7 676C 4340 F4E6 CC34 | | | | | | | | | | | | | | | CRC | | | | | | 40009 | | | | | 40008 | | | | 40007 | | | 40006 | | data bytes to follow | | | function code (03=read 40000 series registers) | Modbus address

  29. Data Types • Discretes • Integers • Real Numbers • ASCII Strings • Time and Date types

  30. Data Types - Integers • 16-bit Integers (one register each) 0 to 65535 (unsigned) -32768 to 32767 (signed) • 32-bit Integers (two registers each) 0 to 4294967295 (unsigned) -2147483648 to 2147483647 (signed)

  31. Data Types - Real Numbers • IEEE Floating Point • 32 bit (two registers each)

  32. Numeric Data Types BOOLEAN 1 bit 0 or 1 INTEGER 16 bits HB LB (-32768 to 32767) UINTEGER 16 bits HB LB (0 to 65535) LONG1 32 bits HB LB / HW LW (-2.1 to 2.1 billion) LONG2 32 bits HB LB / LW HW (-2.1 to 2.1 billion) ULONG1 32 bits HB LB / HW LW (0 to 4.2 billion) ULONG2 32 bits HB LB / LW HW (0 to 4.2 billion) FLOAT1 32 bits HB LB / HW LW - IEEE Floating point FLOAT2 32 bits HB LB / LW HW - IEEE Floating point - reverse float

  33. Data Types - ASCII Strings Each character is one 8-bit byte Two characters per register Name size attributes STRING4 32 bits String of 4 chars (2 registers) STRING8 64 bits String of 8 chars (4 registers) STRING12 96 bits String of 12 chars (6 registers) STRING16 128 bits String of 16 chars (8 registers) STRING124 992 bits String of 124 chars (62 registers) STRING128 1024 bits String of 128 chars (64 registers)

  34. Time and Date Types Name size attributes CCYY 16 bits Year as two 8-bit integers MMDD 16 bits Date as two 8-bit integers HHMM 16 bits Time as two 8-bit integers YEAR 16 bits Year as one 16-bit integer MONTH 16 bits Month as one 16-bit integer (1-12) DAY 16 bits Day as one 16-bit integer (1-31) HOUR 16 bits Hour as one 16-bit integer (0-23) MINUTE 16 bits Minute as one 16-bit integer (0-59) SECOND 16 bits Second as one 16-bit integer (0-59)

  35. Time and Date Types Name size -type description DAY1970 32 bit int HW LW Days since Jan 1, 1970 DAY1970_R 32 bit int LW HW Days since Jan 1, 1970 MSECMID 32 bit int HW LW Milliseconds since midnight MSECMID_R 32 bit int LW HW Milliseconds since midnight TIME1970 32-bit Float HW LW Days since Jan 1, 1970 TIME1970_R 32-bit Float LW HW Days since Jan 1, 1970 - decimal is time of day ± 1.4 minutes TIME1900 32-bit Float HW LW Days since Jan 1, 1900 TIME1900_R 32-bit Float LW HW Days since Jan 1, 1900 - decimal is time of day ± 5.6 minutes

  36. Enron MODBUS Basics • Register Addresses: (and function codes) • 1000 - 1999 (discrete input coils - function code 2 to read) • 1000 - 1999 (discrete output coils - 1read, 5write, 15 write multiple) • 3001 - 3999 (16-bit output holding registers - 3 r, 6 w, 16 wm) • 4001 - 4999 (16-bit analog input registers - fc 4 to read ) • 5001 - 5999 (32-bit INT holding registers - 3 read, 16 w/mult) • 7001 - 7999 (32-bit FLOAT holding registers - 3 read, 16 wm) • 0032 Event Archives (function code 3 to read) • 0701-0702 History, Daily/Hourly Archives (function code 3 to read)

  37. Enron MODBUS Basics Modbus Request: read 7006 to 7008 01 03 1B5E 0003 62FD | | | | | | | | | CRC | | | # registers to read | | 1st register to read (7006 no offset) | function code (03 = read holding registers) Modbus address

  38. Enron MODBUS Basics Modbus Reply: 01 03 0C 42E7676C 4340F4E6 676CF4E6 CC34 | | | | | | | | | | | | | CRC | | | | | 7008 | | | | 7007 | | | 7006 | | data bytes to follow (0C hex = 12 dec) | function code (03 = read holding registers) Modbus address

  39. EFM Numeric Data Types BOOLEAN 1-bit 0 or 1 INTEGER 16-bit HB LB (-32768 to 32767) UINTEGER 16-bit HB LB (0 to 65535) ENRON_LONG 32-bit signed INT HB LB / HW LW ENRON_FLOAT 32-bit HB LB / HW LW ENRON_DATE 32-bit float HB LB / HW LW whole number MMDDYY Dec 3, 2004 = 120304.00 ENRON_TIME 32-bit float HB LB / HW LW whole number HHMMSS 2:16:34 PM = 141634.00

  40. EFM String Data Types Name size attributes ENRON_STRING4 32 bits String of 4 chars ENRON_ STRING8 64 bits String of 8 chars ENRON_ STRING12 96 bits String of 12 chars ENRON_ STRING16 128 bits String of 16 chars ENRON_ STRING124 992 bits String of 124 chars ENRON_ STRING128 1024 bits String of 128 chars

  41. Enron MODBUS Events Events are changes to mapped items. Modbus Request: read 1 event 01 03 0020 0001 85C0 | | | | | | | | | CRC (cyclic redundancy check) | | | number of events to read | | read events (0020 hex = 0032 decimal) | function code (03 = read holding registers) Modbus address

  42. Enron MODBUS Events Modbus Reply: 01 03 14 0201 1B5F 483366C0 47EAF800 | | | | | | | | | | | | | Date of change 32 | | | | | Time of change 32-bit Float | | | | Register that changed (7007) | | | operator/alarm bit map | | data bytes to follow (14 hex = 20 decimal) | function code (03 = read holding registers) Modbus address 407FFFFF 40200000 7990 | | | | | CRC | new value 32-bit float (2.5) old value 32-bit float (4.0)

  43. Enron MODBUS History Modbus Request: read 1 event 01 03 02BE 001E A45E | | | | | | | | | CRC (cyclic redundancy check) | | | | | | | record number (1E hex = 30 decimal) | | | | | read history (02BE hex = 0702 decimal) | | | function code (03 = read holding registers) | Modbus address

  44. Enron MODBUS History Modbus Reply: 01 03 14 04DBBC00 47EAF800 43C8EEAD | | | | | | | | | | | 1st item logged (401.86) | | | | Record Time 32-bit Float | | | Record Date 32-bit float | | data bytes to follow (14 hex = 20 decimal) | function code (03 = read holding registers) Modbus address 4400436B 4287FFFF 221C | | | | | CRC | 3rd item logged (68.00) 2nd Item logged (513.05)

  45. DCS, SCADA, MMI, HMIWhat does it all mean? • DCS Direct Control System (Full Control of a system) • SCADA Supervisory Control And Data Acquisition (Supv. Control of a system) • MMI Man Machine Interface • HMI Human Machine Interface A machine interface is just the layer that separates the user (human) from the machine (Computer). Man vs. Human is simply a political issue.

  46. PC HMI COM1 EFM Historical Database RS232

  47. PC HMI COM1 EFM Historical Database RS232 COM2 RS232 RADIO EFM RADIO EFM RS232 EFM RS485/23 2 EFM RS485

  48. PC Host Program Historic al Data Te xt Impor ter COM1 EFM File s AES Historical Database RS232 Ser ver Rea l T ime Data COM2 DDE HMI Soft ware RADIO RS232 or Excel EFM RADIO EFM RS232 EFM RS485/23 2 EFM RS485

  49. PC HMI Proprietary Converter Historic al Data Te xt Impor ter COM1 EFM File s Historical AUTOSOL Database RS232 Ser ver Rea l T ime Flow-Cal Data (Enron Mod) COM2 DDE Edit Soft ware RS232 Fiber Con Historical Database EFM Fiber Con EFM RS485 EFM RS485/23 2 EFM RS232

More Related