Pub Date : 2019-09-01DOI: 10.1109/ISPCS.2019.8886641
Ezzeldin Shereen, Florian Bitard, G. Dán, Tolga Sel, S. Fries
The lack of integrated support for security has been a major shortcoming of Precision Time Protocol version 2 (PTPv2) for a long time. The upcoming PTPv2.1 aims at addressing this shortcoming in a variety of ways, including the introduction of lightweight message authentication. In this paper we provide an overview of the planned security features, and report results based on an implementation of the proposed integrated security mechanism based on the open source Linux PTP, including support for hardware timestamping. Our implementation includes an extension of Linux PTP to support transparent clocks. We provide results from an experimental testbed including a transparent clock, which illustrate that the extensions can be implemented in software at a low computational overhead, while supporting hardware timestamping. We also provide a discussion of the remaining vulnerabilities of PTP time synchronization, propose countermeasures, and discuss options for key management, which is not covered by the standard.
{"title":"Next Steps in Security for Time Synchronization: Experiences from implementing IEEE 1588 v2.1","authors":"Ezzeldin Shereen, Florian Bitard, G. Dán, Tolga Sel, S. Fries","doi":"10.1109/ISPCS.2019.8886641","DOIUrl":"https://doi.org/10.1109/ISPCS.2019.8886641","url":null,"abstract":"The lack of integrated support for security has been a major shortcoming of Precision Time Protocol version 2 (PTPv2) for a long time. The upcoming PTPv2.1 aims at addressing this shortcoming in a variety of ways, including the introduction of lightweight message authentication. In this paper we provide an overview of the planned security features, and report results based on an implementation of the proposed integrated security mechanism based on the open source Linux PTP, including support for hardware timestamping. Our implementation includes an extension of Linux PTP to support transparent clocks. We provide results from an experimental testbed including a transparent clock, which illustrate that the extensions can be implemented in software at a low computational overhead, while supporting hardware timestamping. We also provide a discussion of the remaining vulnerabilities of PTP time synchronization, propose countermeasures, and discuss options for key management, which is not covered by the standard.","PeriodicalId":193584,"journal":{"name":"2019 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133426153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ISPCS.2019.8886644
S. Rinaldi, Federico Bonafini, P. Ferrari, A. Flammini, M. Pasetti, E. Sisinni
Modern power systems are becoming more and more complex, in order to handle the growing spread of Renewables and of Electric Vehicle charging stations. The control capability relies on the integration of Information and Communication Technology (ICT), including accurate time distribution mechanisms, such as the IEEE 1588 protocol, to the existing distribution grid infrastructure. The validation of such complex systems can hardly be performed in real environments, for both technical and economic reasons. Power Hardware in the Loop (PHIL) emulation systems have already been demonstrated to be effective for this scope. The design of a testbed for the validation of IEEE 1588 power profile based on PHIL solutions requires the capability to synchronize the time bases of the elements forming the testbed. Commercial PHIL systems often offer proprietary synchronization solutions, but these approaches cannot be applied in the general case. In this paper, a software-based solution, able to time synchronize PHIL with IEEE 1588 devices, has been investigated. Such a solution has the advantage that it does not require dedicated hardware, thus it can be applied to different PHIL systems. The experimental characterization highlights that, using such approach, it is possible to reach a time synchronization with an expanded uncertainty (k=3) of 0.75 μs, more than enough to correctly emulate events on the power grid.
为了应对日益普及的可再生能源和电动汽车充电站,现代电力系统正变得越来越复杂。控制能力依赖于信息和通信技术(ICT)的集成,包括精确的时间分配机制,如IEEE 1588协议,到现有的配电网基础设施。由于技术和经济原因,这种复杂系统的验证很难在真实环境中进行。Power Hardware in the Loop (PHIL)仿真系统已经被证明是有效的。为了验证基于PHIL解决方案的IEEE 1588功率剖面,设计一个测试平台需要能够同步组成测试平台的元件的时间基。商业PHIL系统通常提供专有的同步解决方案,但这些方法不能应用于一般情况。本文研究了一种基于软件的解决方案,能够使PHIL与IEEE 1588设备进行时间同步。这种解决方案的优点是不需要专用硬件,因此可以应用于不同的PHIL系统。实验表征强调,使用这种方法,可以达到扩展不确定性(k=3)为0.75 μs的时间同步,足以正确模拟电网上的事件。
{"title":"Software-based Time Synchronization for Integrating Power Hardware in the Loop Emulation in IEEE1588 Power Profile Testbed","authors":"S. Rinaldi, Federico Bonafini, P. Ferrari, A. Flammini, M. Pasetti, E. Sisinni","doi":"10.1109/ISPCS.2019.8886644","DOIUrl":"https://doi.org/10.1109/ISPCS.2019.8886644","url":null,"abstract":"Modern power systems are becoming more and more complex, in order to handle the growing spread of Renewables and of Electric Vehicle charging stations. The control capability relies on the integration of Information and Communication Technology (ICT), including accurate time distribution mechanisms, such as the IEEE 1588 protocol, to the existing distribution grid infrastructure. The validation of such complex systems can hardly be performed in real environments, for both technical and economic reasons. Power Hardware in the Loop (PHIL) emulation systems have already been demonstrated to be effective for this scope. The design of a testbed for the validation of IEEE 1588 power profile based on PHIL solutions requires the capability to synchronize the time bases of the elements forming the testbed. Commercial PHIL systems often offer proprietary synchronization solutions, but these approaches cannot be applied in the general case. In this paper, a software-based solution, able to time synchronize PHIL with IEEE 1588 devices, has been investigated. Such a solution has the advantage that it does not require dedicated hardware, thus it can be applied to different PHIL systems. The experimental characterization highlights that, using such approach, it is possible to reach a time synchronization with an expanded uncertainty (k=3) of 0.75 μs, more than enough to correctly emulate events on the power grid.","PeriodicalId":193584,"journal":{"name":"2019 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130591746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ispcs.2019.8886636
{"title":"[ISPCS 2019 Front Matter]","authors":"","doi":"10.1109/ispcs.2019.8886636","DOIUrl":"https://doi.org/10.1109/ispcs.2019.8886636","url":null,"abstract":"","PeriodicalId":193584,"journal":{"name":"2019 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132133651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ISPCS.2019.8886646
Faten Mkacher, A. Duda
In this paper, we propose a method of improving the accuracy of NTP time synchronization by taking into account asymmetric transmission delays due to different bandwidth or routing on the forward and backward paths. The method consists of calibrating NTP synchronization by: i) deploying a time box with a GPS clock at a given client, ii) measuring the one-way transmission delay on the forward and backward path and finding the minimal delays, iii) using the minimal delays in the estimation of the clock offset at the client to take into account path asymmetry, and iv) recalibrating if routes change. The paper first reports on the measurements of one-way transmission delays between a client and a server interconnected by several routers. We then use the parameters of the delay distributions to estimate the clock offset at the client. To validate the proposed method, we have compared the clock offsets computed by standard NTP and calibrated NTP based on the GPS time reference. The measurements show significant improvement of the NTP time synchronization accuracy and precision.
{"title":"Calibrating NTP","authors":"Faten Mkacher, A. Duda","doi":"10.1109/ISPCS.2019.8886646","DOIUrl":"https://doi.org/10.1109/ISPCS.2019.8886646","url":null,"abstract":"In this paper, we propose a method of improving the accuracy of NTP time synchronization by taking into account asymmetric transmission delays due to different bandwidth or routing on the forward and backward paths. The method consists of calibrating NTP synchronization by: i) deploying a time box with a GPS clock at a given client, ii) measuring the one-way transmission delay on the forward and backward path and finding the minimal delays, iii) using the minimal delays in the estimation of the clock offset at the client to take into account path asymmetry, and iv) recalibrating if routes change. The paper first reports on the measurements of one-way transmission delays between a client and a server interconnected by several routers. We then use the parameters of the delay distributions to estimate the clock offset at the client. To validate the proposed method, we have compared the clock offsets computed by standard NTP and calibrated NTP based on the GPS time reference. The measurements show significant improvement of the NTP time synchronization accuracy and precision.","PeriodicalId":193584,"journal":{"name":"2019 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134108467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ISPCS.2019.8886635
Johannes Neyer, L. Gassner, C. Marinescu
The nature of communication networks is forcing scientists to consider security mechanisms, in order to protect their protocols from different manipulations and cyber-security attacks. The upcoming revision of IEEE 1588 will include concrete suggestions on how to harden the PTP time synchronization protocol against such attacks. One of the most important options is the use of redundant paths and/or participants. This paper discusses different issues that arise when using redundancy in combination with time synchronization. It further focuses on a certain attack specific to time synchronization protocols, the delay attack. A flexible attacker device was developed and used to prove the effectiveness of the implemented measures.
{"title":"Redundant Schemes or How to Counter the Delay Attack on Time Synchronization Protocols","authors":"Johannes Neyer, L. Gassner, C. Marinescu","doi":"10.1109/ISPCS.2019.8886635","DOIUrl":"https://doi.org/10.1109/ISPCS.2019.8886635","url":null,"abstract":"The nature of communication networks is forcing scientists to consider security mechanisms, in order to protect their protocols from different manipulations and cyber-security attacks. The upcoming revision of IEEE 1588 will include concrete suggestions on how to harden the PTP time synchronization protocol against such attacks. One of the most important options is the use of redundant paths and/or participants. This paper discusses different issues that arise when using redundancy in combination with time synchronization. It further focuses on a certain attack specific to time synchronization protocols, the delay attack. A flexible attacker device was developed and used to prove the effectiveness of the implemented measures.","PeriodicalId":193584,"journal":{"name":"2019 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133310274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ISPCS.2019.8886642
S. Rinaldi, P. Bellagente, P. Ferrari, A. Flammini, E. Sisinni
In the last years, the industrial automation has experienced a deep transformation known as Industry4.0, and it is driven by Internet of Things (IoT) paradigm. The IoT-based automation is based on well-defined data models, which make easy the interaction among devices. Generally, the data generated by IoT sensors are elaborated to obtain value added services (such as predictive maintenance), exploiting cloud services and remote servers. An accurate timestamp of the data generated by sensors is required to maintain an adequate level of such services: an “easy” task in the case of a new deployment, but a nightmare when existing plants or machinery are retrofitted. In this case, the data are timestamped at cloud level, using the remote time. In such situations, a knowledge of the sense of time of cloud services is fundamental to guarantee the quality of data elaboration. The target of the research is an experimental characterization and a comparison of time awareness of different commercial cloud service providers (i.e. Amazon AWS, Google Cloud and Microsoft Azure). The characterization highlights as, generally, the performance provided by different platform is comparable each other. The time offset of NTP (Network Time Protocol) clients running on different Virtual Machines (VMs) has an uncertainty ranging from 0.05 ms up to 0.6 ms depending by the client configuration. Such results demonstrate that extreme care must be taken when using the time of remote VMs.
在过去的几年里,工业自动化经历了被称为工业4.0的深刻变革,它是由物联网(IoT)范式驱动的。基于物联网的自动化基于定义良好的数据模型,这使得设备之间的交互变得容易。通常,利用云服务和远程服务器,对物联网传感器产生的数据进行细化,以获得增值服务(如预测性维护)。传感器产生的数据的准确时间戳需要保持足够的服务水平:在新部署的情况下,这是一项“容易”的任务,但在现有工厂或机器进行改造时,这是一场噩梦。在这种情况下,使用远程时间在云级别对数据进行时间戳。在这种情况下,了解云服务的时间感是保证数据阐述质量的基础。本研究的目标是对不同商业云服务提供商(即亚马逊AWS、谷歌云和微软Azure)的时间意识进行实验表征和比较。该特性的重点在于,通常不同平台提供的性能是相互比较的。运行在不同虚拟机上的NTP (Network time Protocol)客户端的时间偏差,根据客户端的配置,其不确定性在0.05 ms到0.6 ms之间。这样的结果表明,在使用远程虚拟机的时间时必须非常小心。
{"title":"Are Cloud Services Aware of Time? An Experimental Analysis oriented to Industry 4.0","authors":"S. Rinaldi, P. Bellagente, P. Ferrari, A. Flammini, E. Sisinni","doi":"10.1109/ISPCS.2019.8886642","DOIUrl":"https://doi.org/10.1109/ISPCS.2019.8886642","url":null,"abstract":"In the last years, the industrial automation has experienced a deep transformation known as Industry4.0, and it is driven by Internet of Things (IoT) paradigm. The IoT-based automation is based on well-defined data models, which make easy the interaction among devices. Generally, the data generated by IoT sensors are elaborated to obtain value added services (such as predictive maintenance), exploiting cloud services and remote servers. An accurate timestamp of the data generated by sensors is required to maintain an adequate level of such services: an “easy” task in the case of a new deployment, but a nightmare when existing plants or machinery are retrofitted. In this case, the data are timestamped at cloud level, using the remote time. In such situations, a knowledge of the sense of time of cloud services is fundamental to guarantee the quality of data elaboration. The target of the research is an experimental characterization and a comparison of time awareness of different commercial cloud service providers (i.e. Amazon AWS, Google Cloud and Microsoft Azure). The characterization highlights as, generally, the performance provided by different platform is comparable each other. The time offset of NTP (Network Time Protocol) clients running on different Virtual Machines (VMs) has an uncertainty ranging from 0.05 ms up to 0.6 ms depending by the client configuration. Such results demonstrate that extreme care must be taken when using the time of remote VMs.","PeriodicalId":193584,"journal":{"name":"2019 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)","volume":"545 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116712009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: