Natalia Castro Fernandes

Geese: A traffic generator for performance and security evaluation of IEC 61850 networks

Automation systems for substations based on IEC 61850 simplify the design, installation, and maintenance of the system with a significant cost reduction. Indeed, the industry considers safety and reliability of real-time systems an essential factor. In this scenario, GOOSE messages used in IEC 61850 communication networks for protection, control, and automation of substation are very important. This paper addresses the development of a traffic generator to adequately evaluate and test system functionalities according to IEC 61850 traffic model. We design and implement Geese, a GOOSE message generator for performance and reliability of IEC 61850 networks evaluation. Generator results are also presented.

Centralized channel allocation algorithm for IEEE 802.11 networks

The sharing of the wireless spectrum is a major concern of network administrators. Access points in the same network interfere with each other, degrading the aggregate performance of stations. Moreover, wireless networks usually coexist with others applications that share the same spectrum and negatively impact the packet transmission. To overcome these issues, we propose the channel allocation algorithm designed for central controllers of infra-structured IEEE 802.11 networks. Our algorithm reduces the interference in controlled access points through the dynamic choice of their operating channels and, unlike other proposals, was designed to operate in a network composed of low cost devices from different brands, and open source software. Furthermore, we also consider the interference caused by unmanaged networks, adjusting the settings of the managed access points according to the wireless environment. The proposal was implemented and evaluated in an open testbed, and the results show that our controller efficiently manages the spectrum with low cost equipment and a low complexity algorithm.

SMARTFlow: a solution for autonomic management and control of communication networks for smart grids

Smart grids depend on a solid foundation of communications. Although standards like IEC 61850 proposes interoperability, autoconfiguration, and autonomous control solutions for the communication network, there are still open problems on how to efficiently forward high priority sensitive data. This work proposes a complete architecture for autonomic management and control of communication networks for substations based on IEC 61850. The proposed solution, called SMARTFlow, uses OpenFlow in order to achieve granularity and flexibility in the treatment of data flows. SMARTFlow proactively calculates Layer 2 multicast trees to forward the high priorities GOOSE and Sampled Values messages and reconfigures all flow entries in case of network failures. Also, the proposed system monitors the network and defines the configuration of client-server flows on-demand. The proposal was implemented and tested using Mininet and showed a total load up to 44 % lower than the load using typical switches.

FIT@BR - a Future Internet Testbed in Brazil

A major objective of the Brazil-EU FIBRE project is the deployment in Brazil of FIT@BR, a wide-area network testbed to support user experimentation in the design and validation of new network architectures and applications. In such a testbed, a high degree of automated resource sharing between experimenters is required, and the testbed itself must be instrumented so that precise measurements and accounting of both user and facility resources may be carried out. In this article, we describe the design and implementation of the Control and Monitoring Framework (CMF) for the FIT@BR testbed, which is based on three CMFs developed in existing testbed projects. In order to take best advantage of different testbed functionalities at different sites, FIT@BR is being created as a federated testbed, which will facilitate future interoperation with international initiatives.

ARES: An autonomic and resilient framework for smart grids

In smart grids, the broad use of Distributed Energy Resources (DERs) in distribution networks introduces the need for protective relaying schemes similar to those used in high-voltage networks. The introduction of intermittent DERs, as solar panels, also requires more autonomic and dynamic SCADA networks. Hence, power systems experience an increased demand for resilience in the distribution communication network. However, resilience methods currently in use still cannot meet those protection requirements. This work proposes ARES, a framework for autonomic and resilient communication for smart grids. ARES provides resilient, robust, and flexible communication for smart grids with Software Defined Network (SDN). Our proposal also provides autonomic services for SCADA that can improve smart grid application performance and efficiency. ARES fault resilience module is implemented and tested using Mininet 2.2.1 and RYU controller and presents maximum recovery time of 610 microseconds, which is an important advance compared to other proposals. In addition, ARES is transparent to end devices, keeping compatibility with legacy measurement and actuation devices.

Credential translations in Future Internet testbeds federation

With current advances in the deployment of testbeds for Future Internet (FI), a new challenge arises: identity management in a globally distributed environment. In this context, it is necessary to understand local and federated models of identity management to integrate testbeds. This paper presents the design and implementation of a module for credential translation that enables a user of an academic authentication and authorization (A&A) federation, such as CAFe (the Brazilian Federated Academic Community), to access the FI testbed federation. The proposed model supports the integration of testbed federations and academic federations. The proposal generates X.509 certificates and other standard credentials used in the testbed federation, following the SFA standard, based on user attributes obtained from the A&A federation (CAFe). The developed module also allows an attribute-based access control, denying or allowing a user access according to his/her attributes obtained from CAFe. Other contributions are based on facilities for the user to delegate his SFA credential to an experimenter control interface. The study was conducted using a real experimentation laboratory (GIDLab), in which mirrors of the CAFe federation and of the MySlice platform were set up to allow the comparison of security features of our scheme to other proposals.

ACROSS: A generic framework for attribute-based access control with distributed policies for virtual organizations

Abstract Research interests about access control mechanisms for distributed resources have recently increased. In this scenario, users from different institutions access distributed resources, maintained by different organizations, in order to participate in a common research project, network, or testbed. Several challenges arise from these virtual organizations in order to give different types of access privileges to distinct types of resources, depending on the user profile and considering local and global access policies from partners. This work presents a generic and extensible authentication and authorization framework, named ACROSS, based on policies and attributes for virtual organizations. Our proposal creates a granular and scalable access control, which supports different authentication technologies and is independent of the kind of resource federation. In addition, ACROSS introduces a new concept of attribute generalization for access control, providing a transparent management based on access level computed from user attribute values and weights. Other works with similar goals have limitations restricting their integration with any kind of identity and resource federations. Also, these works present restrictions concerning environment and resource types. Hence, they are specific for usage in grid computing, testbed experimentation, or other distributed-resource environment. Differently from other proposals, ACROSS is a framework for supporting the development of new virtual organizations using any kind of resource sharing. ACROSS provides all A&A functionalities so that creating the virtual organization is no longer a challenge for new applications. We validate ACROSS using it on two scenarios: a real testbed and a testing environment composed of resources simulating a distributed open lab. The results show the feasibility to apply the proposal to different scenarios.

Identifying vulnerabilities in smart gric communication networks of electrical substations using GEESE 2.0

The use of Intelligent Electronic Devices (IEDs) in electrical substations has brought a great improvement in terms of speed, costs, maintenance, and reliability. In this context, the use of IEC 61850 standard appears as one of the main recommendations for substation automation in smart grids that digitally perform the electrical network control and protection. Nevertheless, this improvement may be prone to a number of security issues. Therefore, security threats in substation networks must be detected in order to improve cyber security solutions. GEESE is a command-line packet generator software following the IEC 61850 standard. In this work, we propose GEESE 2.0, an extension to GEESE that provides a graphical user interface that easily allows substation cyber security threat evaluation. Moreover, GEESE 2.0 can sniff, capture, modify and send GOOSE packets on the network, so that it can create different attacks in order to evaluate the substation security. We have locally deployed a substation network emulation and used GEESE 2.0 to perform network attacks in order to analyze the impact of an attack in a substation protection scheme.

Quality of Service for Wireless Network Implementation in Advanced Metering Infrastructure

The implementation of a robust communication system is essential for smart grids. This new system should provide an excellent quality of service (QoS) and a robust communication infrastructure, which must integrates the various devices on the network and its areas. This paper presents a study of the major networks needs, and describes the main applications of smart grids, and its QoS requirements. Some proposals in the literature are presented, and QoS needs in electrical grids are discussed. Because of its importance, the Advanced Metering Infrastructure (AMI) is evaluated and tested. The tests are made in an AMI with QoS implemented and also without QoS. The results indicate that the mechanisms and parameters for QoS in AMI are needed an also improving the messages speed.