wilamowski-b-m-irwin-j-d-industrial-communication-systems-2011

Recommendations

Info

Security in Industrial Communication Systems 22-15 from the device is tunneled through. To secure the tunneling connection, TLS is used. OpenVPN provides several methods to ensure authentication: a pre-shared symmetric key, a username and password combination, a TLS certificate, or a combination of these methods. While IPsec manipulates the network protocol, OpenVPN encapsulates the encrypted VPN packets into untouched TCP or UDP packets of the host network. However, the VPN packets themselves are secured down to the IP layer (layer 3) in the routing mode or down to Ethernet (layer 2) in the bridging mode. 22.5.4 Security in Wireless Communication Systems Like many other sectors, wireless networks are also more and more introduced in industrial and building automation infrastructures. Main concern is the robustness to electromagnetic interference and in general the security goal of availability that can only be solved by proper organizational measures (e.g., redundant transmission paths). Also, the wireless transmission is prone to eavesdropping and message insertion since the media can be accessed by everyone. Chapter 28 introduces the security measures to fulfill the above-mentioned security goals. To combine existing physical security measures (e.g., fences, closed rooms) to increase security, new research is going in the direction of location-based security services limiting the accessibility of a network not only by the signal strength, but also by an active localization of the node. The Austrian Academy of Sciences investigates such security measures based on a localization of COTS Wireless LAN hardware via dedicated access points [TR2]. 22.6 Outlook and Conclusion The lack of state-of-the-art security measures at the field level of many industrial communication systems almost solely allows implementing security measures on top of the automation networks. This usually introduces overhead and undermines interoperability. To omit security is related to high risks. At the intranet/Internet zone, a general awareness of these risks exists and security measures are commonly implemented in terms of secured tunneling. At the field-level zone, this awareness is missing. Looking at threats to industrial communication systems, omitting security measures at the field level must be very carefully considered. Security measures (at all levels) also help to tackle other problems such as accidental errors within remote maintenance or safety issues. Therefore, it is worth the effort to integrate security measures at all levels. Yet, security must not solely be equated to network security or cryptography. Many security threats, e.g. DoS attacks, require more organizational measures and show that security must include the complete system and not only a dedicated part. Setting the appropriate boundaries for security is the most critical part in security design: Defining what is trusted and what is untrusted requires deep insight into the overall applications, especially since industrial communication and industrial process control strongly interact with its environment. In practical implementations the security goals of integrity, availability, and authentication/authorization are the most important ones to protect. Confidentiality and non-repudiation are of minor interest for industrial applications. Additionally, traceability is important during maintenance. Abbreviations AES BACnet CMAC CIM CPU DMZ DES DoS Advanced encryption standard (cryptographic cipher) Building automation control network Cipher-based message authentication code Computer-integrated manufacturing Central processing unit Demilitarized zone Data Encryption Standard (cryptographic cipher) Denial of service (attack) © 2011 by Taylor and Francis Group, LLC
22-16 Industrial Communication Systems DSA Digital signature algorithm ECC Elliptic curve cryptography ECIES Elliptic curve integrated encryption scheme ECDSA Elliptic curve digital signature algorithms FTP File transfer protocol HMAC Hashed message authentication code HTTP Hypertext transfer protocol IDS Intrusion detection system IEC International Electric Commission IKE Internet key exchange IP Internet protocol IPsec Internet protocol security ISO/OSI International Standard Organization/Open System Interface IT Information technology KNX Standard for home and building automation LAN Local area network LON Local operation network; LonWorks (fieldbus) MAC Message authentication code (cryptographic checksum) MAC Media access control MD5 Message Digest #5 NOUNCE Number used only once NX No execute PC Personal computer RAM Random access memory ROM Read only memory RSA Rivest Shamir Adelman (cryptographic cipher) SA Security Association SHA Secure hash algorithm SPI Security Parameter Index SSL Secure socket layer TCP Transmission control protocol TLS Transport layer security UDP User datagram protocol VPN Virtual private network 3-DES Triple Data Encryption Standard (cryptographic cipher) References [AES] National Institute of Standards and Technology, Advanced Encryption Standard (AES), FIPS PUB 197, Gaithersburg, MD, 2001. [BAC] BACnet—A Data Communication Protocol for Building Automation and Control Networks, American Society of Heating, Refrigerating, and Air-Conditioning Engineers or ASHRAE SSPC 135, Atlanta, GA, 2008. [BIS] M. Bishop, Computer Security: Art and Science, Addison-Wesley, Boston, MA, 2002. [CHR] C. Krügel, Network alertness: Towards an adaptive, collaborating intrusion detection system, PhD thesis, Vienna University of Technology, Vienna, Austria, 2002. [DES] National Institute of Standards and Technology, Data Encryption Standard (DES), FIPS PUB 46-3, Gaithersburg, MD, 1999. [DSS] National Institute of Standards and Technology, Digital Signature Standard, FIPS PUB 186, Gaithersburg, MD, 1994. © 2011 by Taylor and Francis Group, LLC
Page 2 and 3:
The Industrial Electronics Handbook
Page 4 and 5:
The Electrical Engineering Handbook
Page 6 and 7:
CRC Press Taylor & Francis Group 60
Page 8 and 9:
viii Contents 11 Industrial Strengt
Page 10 and 11:
x Contents 46 Profisafe............
Page 12 and 13:
Preface The field of industrial ele
Page 14 and 15:
xvi Preambles Thilo Sauter Institut
Page 16 and 17:
xviii Preambles are the same. Commu
Page 18 and 19:
xx Preambles In order to cater to h
Page 20 and 21:
xxii Preambles In this manner, it i
Page 22 and 23:
Editorial Board Dietmar Bruckner Vi
Page 24 and 25:
xxviii Editors J. David Irwin recei
Page 26 and 27:
Contributors Teresa Albero-Albero E
Page 28 and 29:
Contributors xxxiii Georg Gaderer I
Page 30 and 31:
Contributors xxxv Peter Neumann Ins
Page 32 and 33:
Contributors xxxvii Thomas Tamandl
Page 34 and 35:
I Technical Principles 1 ISO/OSI Mo
Page 36 and 37:
Technical Principles I-3 18 Clock S
Page 38 and 39:
1-2 Industrial Communication System
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
2 Media Herbert Schweinzer Vienna U
Page 48 and 49:
Media 2-3 TABLE 2.1 Overview over S
Page 50 and 51:
Media 2-5 Single ended Differential
Page 52 and 53:
Media 2-7 2.2.6 Standards Numerous
Page 54 and 55:
Media 2-9 2.3.3 transmitters and Re
Page 56 and 57:
Media 2-11 uses light backscatterin
Page 58 and 59:
Media 2-13 G 1 Maximum intensity Av
Page 60 and 61:
Media 2-15 As an example, the three
Page 62 and 63:
Media 2-17 TABLE 2.3 Overview of Di
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
4 Routing in Wireless Networks Tere
Page 72 and 73:
Routing in Wireless Networks 4-3 me
Page 74 and 75:
Routing in Wireless Networks 4-5
Page 76 and 77:
Routing in Wireless Networks 4-7 Fi
Page 78 and 79:
Routing in Wireless Networks 4-9 in
Page 80 and 81:
Routing in Wireless Networks 4-11 R
Page 82 and 83:
Routing in Wireless Networks 4-13 1
Page 84 and 85:
Routing in Wireless Networks 4-15 [
Page 86 and 87:
5 Profiles and Interoperability Ger
Page 88 and 89:
Profiles and Interoperability 5-3 t
Page 90 and 91:
Profiles and Interoperability 5-5 S
Page 92 and 93:
Profiles and Interoperability 5-7 d
Page 94 and 95:
6 Industrial Wireless Sensor Networ
Page 96 and 97:
Industrial Wireless Sensor Networks
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
7-10 Industrial Communication Syste
Page 120 and 121:
Page 122 and 123:
© 2011 by Taylor and Francis Group
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
10-10 Industrial Communication Syst
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
16 Industrial Agent Technology Alek
Page 242 and 243:
Industrial Agent Technology 16-3 (A
Page 244 and 245:
Industrial Agent Technology 16-5 is
Page 246 and 247:
Industrial Agent Technology 16-7 fu
Page 248 and 249:
Industrial Agent Technology 16-9 An
Page 250 and 251:
Industrial Agent Technology 16-11 o
Page 252 and 253:
Industrial Agent Technology 16-13 A
Page 254 and 255:
Industrial Agent Technology 16-15 2
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
18 Clock Synchronization in Distrib
Page 270 and 271:
Clock Synchronization in Distribute
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283: 19-4 Industrial Communication Syste
Page 288 and 289: 19-10 Industrial Communication Syst
Page 294 and 295: 20 Network-Based Control Josep M. F
Page 296 and 297: Network-Based Control 20-3 Thus, th
Page 298 and 299: Network-Based Control 20-5 message
Page 300 and 301: Network-Based Control 20-7 20.5.1 D
Page 302 and 303: 21 Functional Safety Thomas Novak S
Page 304 and 305: Functional Safety 21-3 IEC 61508:20
Page 306 and 307: Functional Safety 21-5 safety engin
Page 308 and 309: Functional Safety 21-7 Hazard: tota
Page 310 and 311: Functional Safety 21-9 TABLE 21.4 S
Page 312 and 313: Functional Safety 21-11 TABLE 21.6
Page 314 and 315: TABLE 21.8 Measures Hazard Network-
Page 316 and 317: Functional Safety 21-15 implementin
Page 318 and 319: 22 Security in Industrial Communica
Page 320 and 321: Security in Industrial Communicatio
Page 336 and 337: 23 Secure Communication Using Chaos
Page 338 and 339: Secure Communication Using Chaos Sy
Page 350 and 351: 24 Embedded Networks in Civilian Ai
Page 352 and 353: Embedded Networks in Civilian Aircr
Page 366 and 367: 25 Process Automation Alois Zoitl V
Page 368 and 369: Process Automation 25-3 during star
Page 370 and 371: Process Automation 25-5 • An equi
Page 372 and 373: Process Automation 25-7 Recipe mana
Page 374 and 375: Process Automation 25-9 challenging
Page 376 and 377: Process Automation 25-11 Looking at
Page 378 and 379: 26 Building and Home Automation Wol
Page 380 and 381: Building and Home Automation 26-3 2
Page 382 and 383:
Building and Home Automation 26-5 p
Page 384 and 385:
Building and Home Automation 26-7 T
Page 386 and 387:
Building and Home Automation 26-9 t
Page 388 and 389:
Building and Home Automation 26-11
Page 390 and 391:
Page 392 and 393:
Page 394 and 395:
27 Industrial Multimedia Javier Sil
Page 396 and 397:
Industrial Multimedia 27-3 Multimed
Page 398 and 399:
Industrial Multimedia 27-5 FIGURE 2
Page 400 and 401:
Industrial Multimedia 27-7 which wo
Page 402 and 403:
Industrial Multimedia 27-9 is neces
Page 404 and 405:
Industrial Multimedia 27-11 with pr
Page 406 and 407:
Industrial Multimedia 27-13 [WIF01]
Page 408 and 409:
28 Industrial Wireless Communicatio
Page 410 and 411:
Industrial Wireless Communications
Page 412 and 413:
Page 414 and 415:
Page 416 and 417:
Page 418 and 419:
29 Protocols in Power Generation Tu
Page 420 and 421:
Protocols in Power Generation 29-3
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
30 Communications in Medical Applic
Page 428 and 429:
Communications in Medical Applicati
Page 430 and 431:
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
Page 442 and 443:
III Technologies 31 Controller Area
Page 444 and 445:
Technologies III-3 53 WirelessHART,
Page 446 and 447:
31 Controller Area Network Joaquim
Page 448 and 449:
Controller Area Network 31-3 TABLE
Page 450 and 451:
Controller Area Network 31-5 • Bi
Page 452 and 453:
Controller Area Network 31-7 I/O Ap
Page 454 and 455:
Controller Area Network 31-9 TTCAN:
Page 456 and 457:
Controller Area Network 31-11 nth E
Page 458 and 459:
Controller Area Network 31-13 TABLE
Page 460 and 461:
Controller Area Network 31-15 11. G
Page 462 and 463:
32 Profibus Max Felser Bern Univers
Page 464 and 465:
Profibus 32-3 TABLE 32.3 Transmissi
Page 466 and 467:
Profibus 32-5 32.3 Fieldbus Data Li
Page 468 and 469:
Profibus 32-7 in Figure 32.3. He si
Page 470 and 471:
Profibus 32-9 32.5 Cyclic Data Exch
Page 472 and 473:
Profibus 32-11 Buscycle T DP T DX G
Page 474 and 475:
Profibus 32-13 [IEC84-3] IEC 61784-
Page 476 and 477:
33 INTERBUS Juergen Jasperneite Ost
Page 478 and 479:
INTERBUS 33-3 One total frame Loopb
Page 480 and 481:
INTERBUS 33-5 interface shutdown. T
Page 482 and 483:
INTERBUS 33-7 include the entire da
Page 484 and 485:
INTERBUS 33-9 4.5 4 3.5 PL = 1 byte
Page 486 and 487:
34 WorldFip Francisco Vasques Unive
Page 488 and 489:
WorldFip 34-3 Data producer Data co
Page 490 and 491:
WorldFip 34-5 TABLE 34.1 Variable N
Page 492 and 493:
WorldFip 34-7 Write service Read se
Page 494 and 495:
WorldFip 34-9 t r (20 µs) ID_DAT(2
Page 496 and 497:
WorldFip 34-11 TABLE 34.3 BAT (Usin
Page 498 and 499:
WorldFip 34-13 Not enough time to p
Page 500 and 501:
WorldFip 34-15 47: else 48: load_fu
Page 502 and 503:
WorldFip 34-17 1 1 2 2 3 3 4 4 5 5
Page 504 and 505:
35 Foundation Fieldbus Carlos Eduar
Page 506 and 507:
Foundation Fieldbus 35-3 Four devic
Page 508 and 509:
Foundation Fieldbus 35-5 Many desig
Page 510 and 511:
Foundation Fieldbus 35-7 35.9 Insta
Page 512 and 513:
Foundation Fieldbus 35-9 Field Inst
Page 514 and 515:
36 Modbus Mário de Sousa Universit
Page 516 and 517:
Modbus 36-3 The devices acting as M
Page 518 and 519:
Modbus 36-5 Request APDU Response A
Page 520 and 521:
Modbus 36-7 For more details regard
Page 522 and 523:
Modbus 36-9 In Modbus serial, frame
Page 524 and 525:
Modbus 36-11 sequence “CR” “L
Page 526 and 527:
Modbus 36-13 36.7 Example A typical
Page 528 and 529:
Modbus 36-15 Modbus TCP frame MBAP
Page 530 and 531:
37 Industrial Ethernet Gaëlle Mars
Page 532 and 533:
Industrial Ethernet 37-3 37.2.2 Wha
Page 534 and 535:
Industrial Ethernet 37-5 Advantage:
Page 536 and 537:
Industrial Ethernet 37-7 TABLE 37.1
Page 538 and 539:
Industrial Ethernet 37-9 Tcnet [21]
Page 540 and 541:
Industrial Ethernet 37-11 12. IEEE
Page 542 and 543:
Page 544 and 545:
Page 546 and 547:
Page 548 and 549:
Page 550 and 551:
Page 552 and 553:
Page 554 and 555:
Page 556 and 557:
Page 558 and 559:
Page 560 and 561:
Page 562 and 563:
40 PROFINET Max Felser Bern Univers
Page 564 and 565:
PROFINET 40-3 A plant unit contains
Page 566 and 567:
PROFINET 40-5 switches or a line to
Page 568 and 569:
PROFINET 40-7 For data exchange wit
Page 570 and 571:
PROFINET 40-9 31.25 μs ≤ Tsend_c
Page 572 and 573:
PROFINET 40-11 40.4 Engineering and
Page 574 and 575:
PROFINET 40-13 40.4.5 redundancy Th
Page 576 and 577:
PROFINET 40-15 Acronyms AR CR DCP D
Page 578 and 579:
Page 580 and 581:
Page 582 and 583:
Page 584 and 585:
Page 586 and 587:
Page 588 and 589:
Page 590 and 591:
Page 592 and 593:
Page 594 and 595:
Page 596 and 597:
Page 598 and 599:
Page 600 and 601:
Page 602 and 603:
Page 604 and 605:
Page 606 and 607:
Page 608 and 609:
Page 610 and 611:
Page 612 and 613:
Page 614 and 615:
Page 616 and 617:
Page 618 and 619:
Page 620 and 621:
Page 622 and 623:
Page 624 and 625:
45 LIN-Bus Andreas Grzemba Universi
Page 626 and 627:
LIN-Bus 45-3 System design tool Clu
Page 628 and 629:
LIN-Bus 45-5 Reverse battery protec
Page 630 and 631:
LIN-Bus 45-7 times, followed by a s
Page 632 and 633:
LIN-Bus 45-9 45.5.8 Frame Types The
Page 634 and 635:
LIN-Bus 45-11 The successful_transf
Page 636 and 637:
LIN-Bus 45-13 effective, and there
Page 638 and 639:
Page 640 and 641:
Page 642 and 643:
Page 644 and 645:
Page 646 and 647:
Page 648 and 649:
Page 650 and 651:
Page 652 and 653:
47 SafetyLon Thomas Novak SWARCO Fu
Page 654 and 655:
SafetyLon 47-3 is linked to the saf
Page 656 and 657:
SafetyLon 47-5 In detail, a hardwar
Page 658 and 659:
SafetyLon 47-7 Signal output Safety
Page 660 and 661:
SafetyLon 47-9 base. Typically, suc
Page 662 and 663:
SafetyLon 47-11 Input source file(s
Page 664 and 665:
SafetyLon 47-13 Acronyms 1oo2 COTS
Page 666 and 667:
48 Wireless Local Area Networks Hen
Page 668 and 669:
Wireless Local Area Networks 48-3 T
Page 670 and 671:
Wireless Local Area Networks 48-5 A
Page 672 and 673:
Wireless Local Area Networks 48-7 4
Page 674 and 675:
Wireless Local Area Networks 48-9 p
Page 676 and 677:
Wireless Local Area Networks 48-11
Page 678 and 679:
Wireless Local Area Networks 48-13
Page 680 and 681:
Page 682 and 683:
Page 684 and 685:
Page 686 and 687:
Page 688 and 689:
Page 690 and 691:
50 ZigBee Stefan Mahlknecht Vienna
Page 692 and 693:
ZigBee 50-3 Wireless communication
Page 694 and 695:
ZigBee 50-5 Table 50.2 Physical Cha
Page 696 and 697:
ZigBee 50-7 Coordinator Router End
Page 698 and 699:
ZigBee 50-9 ZigBee router (FFD) Sen
Page 700 and 701:
51 6LoWPAN: IP for Wireless Sensor
Page 702 and 703:
6LoWPAN: IP for Wireless Sensor Net
Page 704 and 705:
Page 706 and 707:
Page 708 and 709:
Page 710 and 711:
Page 712 and 713:
Page 714 and 715:
52 WiMAX in Industry Milos Manic Un
Page 716 and 717:
WiMAX in Industry 52-3 However, the
Page 718 and 719:
WiMAX in Industry 52-5 represents a
Page 720 and 721:
WiMAX in Industry 52-7 Technical St
Page 722 and 723:
53 WirelessHART, ISA100.11a, and OC
Page 724 and 725:
WirelessHART, ISA100.11a, and OCARI
Page 726 and 727:
Page 728 and 729:
Page 730 and 731:
Page 732 and 733:
Page 734 and 735:
Page 736 and 737:
Page 738 and 739:
Page 740 and 741:
Page 742 and 743:
TABLE 54.1 Characteristics of Some
Page 744 and 745:
Page 746 and 747:
Page 748 and 749:
FIGURE 55.1 CPU IN-Log IN-Num OUT-l
Page 750 and 751:
START FIGURE 55.3 COLD WARM STOP E_
Page 752 and 753:
START RUNSTOP COLD INIT INITO WARM
Page 754 and 755:
Page 756 and 757:
FIGURE 55.9 Different addresses of
Page 758 and 759:
EtherNet FIGURE 55.11 Device: LED1
Page 760 and 761:
Page 762 and 763:
Page 764 and 765:
Page 766 and 767:
Page 768 and 769:
Page 770 and 771:
Page 772 and 773:
Page 774 and 775:
Page 776 and 777:
Page 778 and 779:
Page 780 and 781:
Page 782 and 783:
Page 784 and 785:
Page 786 and 787:
Page 788 and 789:
Page 790 and 791:
Page 792 and 793:
Page 794 and 795:
Page 796 and 797:
Page 798 and 799:
Page 800 and 801:
Page 802 and 803:
Page 804 and 805:
Page 806 and 807:
Page 808 and 809:
Page 810 and 811:
Page 812 and 813:
60 User Datagram Protocol—UDP Ale
Page 814 and 815:
User Datagram Protocol—UDP 60-3 8
Page 816 and 817:
User Datagram Protocol—UDP 60-5 F
Page 818 and 819:
User Datagram Protocol—UDP 60-7 F
Page 820 and 821:
User Datagram Protocol—UDP 60-9 I
Page 822 and 823:
61 Transmission Control Protocol—
Page 824 and 825:
Transmission Control Protocol—TCP
Page 826 and 827:
Page 828 and 829:
Page 830 and 831:
Page 832 and 833:
Page 834 and 835:
Page 836 and 837:
Page 838 and 839:
Page 840 and 841:
Page 842 and 843:
Page 844 and 845:
Page 846 and 847:
Page 848 and 849:
Page 850 and 851:
Page 852 and 853:
Page 854 and 855:
Page 856 and 857:
Page 858 and 859:
Page 860 and 861:
Page 862 and 863:
Page 864 and 865:
Page 866 and 867:
Page 868 and 869:
Page 870 and 871:
Page 872 and 873:
65 Semantic Web Services for Manufa
Page 874 and 875:
Semantic Web Services for Manufactu
Page 876 and 877:
Page 878 and 879:
Page 880 and 881:
Page 882 and 883:
Page 884 and 885:
Page 886 and 887:
Page 888 and 889:
Page 890 and 891:
Page 892 and 893:
V Outlook 67 Trends and Challenges
Page 894 and 895:
Page 896 and 897:
Page 898 and 899:
68 Processing Data in Complex Commu
Page 900 and 901:
Processing Data in Complex Communic
Page 902 and 903:
Page 904 and 905:
Page 906 and 907:
Page 908 and 909:
show all

wilamowski-b-m-irwin-j-d-industrial-communication-systems-2011

Create successful ePaper yourself

Delete template?

Save as template?