validating and securing teleprotection over packet … and securing teleprotection over...validating...
TRANSCRIPT
![Page 1: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/1.jpg)
Validating and Securing
Teleprotection over Packet Networks
Dr Steven Blair
University of Strathclyde, Glasgow, UK
March 2017
![Page 2: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/2.jpg)
• Outlook – grid challenges
• Teleprotection over packet networks
• Technical challenges
• Validating a solution for stable “jittery”
networks
• Real-time encryption
• On-going and future work
Overview
![Page 3: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/3.jpg)
Unprecedented grid changes and challenges
Nov 2016: Storm Angus – sudden loss of electrical link to France (-1000 MW)
Critical impact of disturbances:e.g. protection maloperation, cybersecurity attacks
Triggers loss of generation in Scotland (4x impact by 2035)
8 seconds
2020+ grid: volatile, distributed
2x “safe” ROCOF limit
https://www.sintef.no/globalassets/project/balance-management/gardermoen/8---gjerde-statnett---lfc-and-agc---nordic-perspective.pdf
Nordic frequency “quality”
![Page 4: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/4.jpg)
Cost-effective
Optimised bandwidth
Low delay
Low jitter
Secure
Teleprotection overview
![Page 5: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/5.jpg)
Teleprotection examples
Differential protection Distance protection
Current phasor data Trip “permission” or blocking signals
![Page 6: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/6.jpg)
• Move to packet networks inevitable
– Jitter is unavoidable in real networks
– Need to support legacy teleprotection
• Timing is critical for teleprotection
– GPS- or PTP-based timing is not
always practical or cost-effective
Main Technical Challenges
Subtle but serious consequence of jitter when transporting teleprotection services
![Page 7: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/7.jpg)
IEEE C37.94 over MPLS
1 2
3 4
Protection relay
1 2 3 4
Bytes generated at fixed rate
MPLS edge router
Packet-switched network
Packetisation
MPLS edge router
Protection relay
1 2 3 4
Bytes replayedat fixed rate
Buffering
wait 0.5 ms1
2 wait 1 ms
3
4
wait 0.5 ms
wait 1 ms
...
Variable delayVariable delayFixed delay
![Page 8: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/8.jpg)
Impact of jitter
5 6
5 61 2 3 4
1 2
1234
1234random delay
t1 - t0
Buffer residency
time
t0 t1 t2 t3
1234
t1 - t0
+random
delay
1234
3 4
Buffer
t1
t1
Without jitter:
With jitter:
Packet header Teleprotection data
t012
t012
![Page 9: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/9.jpg)
• Relays depend on symmetrical delays for time synchronisation
• Remote phasors are adjusted by estimated communications delay
• Asymmetrical delay leads to a (false) phasor angle offset:
Impact on teleprotection service
IA IB IA IB
No jitter Jitter during buffer initialisation
False tripNo false trip
![Page 10: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/10.jpg)
Typical UK 400 kV transmission line settings:
• Protection settings dictate
sensitivity to asymmetrical delay
• Can calculate delay threshold
False trip threshold
IA IB
5 61 23 4
variable delay
t0 t1 t2 t3
Setting Value𝐼𝑠1 400 A𝐼𝑠2 4000 A𝑘1 30%𝑘2 150%
Asymmetrical delay tolerance
2.58 ms
![Page 11: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/11.jpg)
False trip threshold
Typical setting: 2.58 ms tolerance
![Page 12: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/12.jpg)
Risk of protection maloperation
No risk
Small risk
Substantial risk
Jitter ≈ 0.3 ms:
Jitter ≈ 0.5 ms:
Jitter ≈ 1.0 ms:
![Page 13: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/13.jpg)
Dynamic Power Systems Laboratory
![Page 14: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/14.jpg)
Laboratory validation
![Page 15: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/15.jpg)
Real-time jitter injection
• Repeatedly reinitialise teleprotection service:
![Page 16: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/16.jpg)
1. Edge routers analyse network traffic
2. Check for difference in actual vs. expected buffer
residence time
3. Adjust residence time by dropping or adding dummy data
(1 byte)
4. One relay message CRC check will fail, but protection
remains stable
Analysis is performed on service start, and periodically
Asymmetrical Delay Control (ADC)
![Page 17: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/17.jpg)
Validation results
MPLS settings Jitter Gaussian distribution Relay false trips
Test Packet size (bytes)
Buffer size (ms)
Fixeddelay (ms)
Mean variable delay (ms)
Standard deviation(ms)
ADC off ADC enabled
1 16 8 1.0 3.0 0.3 3 of 10 0 of 100
2 16 8 1.0 3.0 0.5 5 of 10 0 of 100
3 16 8 1.0 3.0 1.0 7 of 10 0 of 100
Results for k1 = 0%
![Page 18: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/18.jpg)
• End-to-end*, service-based approach
• Supports legacy devices and protocols
• Automatic, hitless key distribution
• 20 µs additional delay
Real-time encryption
IEC 61850-9-2 IEEE C37.94
Without encryption
~5.4 Mbps 0.2-2.7 Mbps
With encryption
~7.0 Mbps 0.5-5.9 Mbps
IEC Technical Specification 62351-6:2007:“For applications using GOOSE and IEC 61850-9-2 and requiring 4 msresponse times, multicast configurations and low CPU overhead, encryption is not recommended.”
*within MPLS network
![Page 19: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/19.jpg)
Approach 1:IEC 61850-90-1
(Gateway)
Approach 2:IEC 61850-90-5
(Routable-GOOSE)
Approach 3:Service over IP/MPLS
Complex protocol stack?Potentially complex conversion required
Yes, but an open source
implementation exists
No, the complexity of the encryption is hidden from
users
Each device vendor must implement authentication and encryption software?
No YesNo; provided automatically by
the communications infrastructure vendor
Supports legacy devices? Yes No Yes
Supports real-time encryption?
NoDepends on vendor
implementationYes
Encrypted between IED and LAN?
No Yes No
Comparison of encryption approaches
![Page 20: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/20.jpg)
• Use of white-space technologies for
emergency teleprotection arrangements
• Comprehensive evaluation and
demonstration of teleprotection
technologies
On-going work
![Page 21: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/21.jpg)
• Funding through EU Horizon 2020
• Marie Skłodowska-Curie: “Innovative Training Networks”– European Industrial Doctorates (EID)
– 5 PhDs over 4 years
– Submit proposal in January 2018
• Dual-discipline: power systems and communications
• Seeking partners and feedback– All financing from EU!
• Overview: https://docs.google.com/document...
Future opportunity
Utility Infrastructure:
e.g. data-driven, SDNs
Applications:
e.g. early-warning systems,
faster-acting protection
Cybersecurity:
e.g. resilience, practical
solutions for utilities
Strathclyde + Nokia + other partners
![Page 22: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/22.jpg)
• Changing grid needs ever-greater resiliency
• Calculation of risk of relay maloperation
• Proven using laboratory studies
• Careful management of jitter buffers is essential
• End-to-end, real-time encryption is now possible
• Opportunity for involvement in future work
Summary
![Page 23: Validating and Securing Teleprotection over Packet … and Securing TeleProtection over...Validating and Securing Teleprotection over Packet Networks ... Typical UK 400 kV transmission](https://reader033.vdocument.in/reader033/viewer/2022050804/5adb3e817f8b9a6d318dcf61/html5/thumbnails/23.jpg)
• Contact:– [email protected]
– http://personal.strath.ac.uk/steven.m.blair/
• Selected publications:– Application of MPLS-TP for transporting power system protection data,
http://strathprints.strath.ac.uk/58536/
– Validating secure and reliable IP/MPLS communications for current differential protection, http://strathprints.strath.ac.uk/55961/
– Demonstration and analysis of IP/MPLS communications for delivering power system protection solutions using IEEE C37.94, IEC 61850 Sampled Values, and IEC 61850 GOOSE protocols, http://strathprints.strath.ac.uk/48971/
– MPLS networks for inter substation communication for current differential protection applications in digital substations, http://strathprints.strath.ac.uk/48807/
– Real-time teleprotection testing using IP/MPLS over xDSL, http://strathprints.strath.ac.uk/44247/
• H2020 Marie Curie proposal:– https://docs.google.com/document/d/1BX_C5I7ZAMEk6YZmhuTg1rtgfwzds5-dSuAn_3CLKhY/edit
More information