2007 IEEE Canada Electrical Power Conference

New Routing Mechanism of Enabling DNP3 for Smart Distribution System Collaborative Computing
Todd Mander, Helen Cheung, Alexander Hamlyn, Richard Cheung
Abstract - Residential secondary service may account for potentially thousands of devices through networked loadmanagement collaborative computing to realize a smart
to being compromised by cyber-attackers. Use of a disjoint protocol such as DNP3 for SCADA networks provides an effective solution to the security issue. However, DNP3 does not have adequate peer-to-peer networking to support the collaborative computing. This paper proposes an extension
address structure to create a routing path between communicating devices. The routing path eliminates protocol overhead typically associated with network layers and provides a unique network address for every device in the distribution
distribution system. Although TCP/IP-based networks can provide the communication infrastructure for these devices, a severe security issue will present, as these devices are vulnerable

distribution system operations [3] [5]. In particular, a focus of this paper is residential loads with potentially hundred metering, time-of-use scheduling, dispersed generation, etc. These IEDs can be used for the collaborative management of
distribution system operations, including at the secondaryservice level. The IEDs can be used to optimize local

are being located outside of substations to support smart

also implements additional cyber-security. Increasing numbers of Intelligent Electronic Devices (IEDs)

thuad

n of

etwrkenal

Eshw l ed

andlesmr

protocol layer for DNP3 to facilitate the collaborative computing. This extension offers a routing mechanism that utilizes a variable

result, the distribution system will become more efficient in handling real-time demands and more robust to provide
enhanced self-healing to equipment failures [3] [5]. An example application for load-management collaborative computing for the smart distribution system operations is

distribu ted and parAlle operaing citi processing with the distribution system control center. As a

through distributed and parallel operating conditions tru

system. The routing mechanism is interoperable with DNP3based devices and does not alter the DNP3 specification.

dispersed generation pooling within residential load areas [6].

Index Terms--Computer networks, Computer network management, Computer network security, Power system
communication, Power system security, Protocols, Security.

I. INTRODUCTION T HIS paper proposes a routing mechanism for Distributed Network Protocol (DNP3), a popular North American utility protocol [1], as an extension protocol below the DNP3 data-link layer. The routing mechanism does not rely on IP routing capabilities as is typically relied on for DNP3 routing [2]. The routing mechanism supports the potentially vast number of network-enabled devices that will eventually facilitate collaborative computing for smart distribution system operations, e.g. particularly for residential areas with dynamic load management and distribution of dispersed generation. The routing mechanism also provides support for collaborative computing data/operation abstraction that will reduce the amount of data that needs to be handled by utility operators [3]. The routing mechanism utilizes a variable address structure to define the data transmission path amongst the DNP3 devices. The variable address structure supports an address space potentially larger than IPv4 and close to that of IPv6. The routing mechanism extends DNP3 capabilities to support the recommendation of U.S. National Institute of Standards and Technology (NIST) for using disjoint protocols for Supervisory Control and Data Acquisition (SCADA) networks, creating in-depth defense for smart distribution systems [4]. The routing mechanism proposed in this paper
Ryerson University, Canada.

With collaborative computing during power outages, the IEDs could negotiate power reductions with consumers. Concurrently, the IEDs would negotiate increased dispersed generation into the distribution system to balance the load demand. For example when the feeder power rerouting is not possible, if one local area had a small power deficit and a neighboring load area had a surplus of dispersed generation, the power could be transferred into the deficit area to balance the load. The smart distribution system collaborative computing in this example minimizes the effects of power

T. Mander (tmankdcr eciyrsow ca) is with University of Teesside, U.K. and

Load-management collaborative computing also presents potential significance in data and operation abstraction. For example, typical distribution system operations for a control center would only require the net power generation or consumption within a residential load area, but not the individual home generation and consumption information that is needed only at the end of a billing period. Additionally, in regard to the power outage example, a control center does not require the details ofthe power negotiation. The control center only requires knowing which residential load areas are maintaining power and how long they will be able to maintain the power. Although TCP/IP-based protocols, e.g. IEC 61850 and DNP3 over TCP/IP, could be utilized to support the collaborative computing, there are cyber-security issues that would be raised. The majority of the smart distribution system 1EDs would be located at the secondary-service level. Since these devices are located outside of utility facilities, they are at high risk of being physically compromised by cyber-attackers. Cyber-attackers could utilize Internet-based attacks to target
and disrupt smart distribution system operations, such as

outages.

H. Cheung, A. Hamlyn, and R. Cheung are with Ryerson University. 1-4244-1445-8/07/$25.OO 2007 IEEE

189

2007 IEEE Canada Electrical Power Conference

causing sustained blackouts by preventing self-healing operations. The secondary service-entrance level IEDs are particularly vulnerable to attack since they will likely be multi-connected to allow consumers for remote access to the IED's data and operations. As a consequence, it may be possible for a cyber-attacker to attack the smart distribution system from multiple points by using the consumers' remote access to the IEDs via the Internet. To counter this type of security threat, the National Institute of Standards and Technology (NIST) recommends disjoint protocols [3]. With the disjoint protocol, a consumer would continue using TCP/IP, while vulnerable utility IEDs would use a DNP3. AlhuhDP rvdssoepe-ope PP DNP3 provides Although some peer-to-peer (P2P) networking support [2] [7], it is not adequate when applied to smart distribution system collaborative computing. Due to the small address space, autilitywouldhaveto exercisegreatcare in the network deployment to ensure that there would be no address conflicts. In addition, the DNP3 address space is only 2 bytes [7], which would not support the unique address assignment by a control center for hundred thousands of IEDs. This paper presents a routing mechanism to support the collaborative management for DNP3 that provides improvements over the mechanism described in [8]. The routing mechanism uses a variable address structure that provides a very large address space and cyber-security. Each IED will have a unique network address, thereby avoiding network address conflicts.
II. ROUTING MECHANISM FRAMEWORK The routing mechanism is is proposed proposed as an extension extension protocol layer to DNP3, and is located below the data-link layer. The routing mechanism operations are independent of the DNP3 protocol stack andtherefore do not alter the DNP3 specification. Additionally, the routing mechanism is interoperable with DNP3-based IEDs that do not implement the routing mechanism. The routing mechanism also supports multiple DNP3 IED addresses that are used to create multiple logical applications for a DNP3 device [2]. Data concentrators will be used for smart distribution system collaborative management and therefore must implement extensive P2P networking. The data concentrators, defined for the routing mechanism, differ from the typical DNP3 data concentrator definition due to the routing capability. For DNP3, a data concentrator does not support through traffic while the routing mechanism proposed in this does support through traffic [9]. Permitting data concentrator through traffic is an important reliability enhancement for the smart distribution system. For example, a residential home might require its service suspended due to renovation work or emergencies. The data concentrator can perform the suspension operation. It is desirable to provide the control center the capability to directly confirm from the serviceentrance level lED that performs the actual operations in order to ensure public safety. The data concentrators in this paper are therefore also routers. The basis of the routing mechanism is a variable address structure that represents the data transmission path between the source and destination 1EDs. Each router in the data
Th routing mechanism
as an

transmission path will add or remove portions of the variable address dependent on the routing mode. This eliminates the need to support routing tables since the address provides the routing information. Additionally, network layer support protocols such as route discovery are not required. The variable address structure builds upon the DNP3 network addresses in the data-link layer rather than adding an additional header onto the DNP3 frame. This reduces the impact of the routing mechanism on DNP3 operations since The ized. The in/pro datats DNP3 data-link layer headerhead iS 10 is bytes, including a 16-bit CRC [7]. Since DNP3 uses a 16-bit CRC to provide erro Cto for bloc the detection for 16bye 16 blockses, the DNP DNP3 headerhaa header has an sizes, additional 8 bytesbyte available for the variable address structure. The DNP3 destination and source addresses each use 2 bytes that may be used by the routing mechanism, dependent on the routing mode [7]. The routing mechanism therefore has a potential total of 12 bytes available for the variable address structure. The variable address structure frame field contains the destination address length (DAL) field, the source address length (SAL) field, the destination address (DA) field, and the source address (SA) field. These fields are shown in Fig.l. The DAL field indicates the number of bytes within the DA field. The SAL field indicates the number of bytes within the SA field. The DA field contains the variable sized destination address while the SA field contains the variable sized source address. Since the DAL and SAL fields are static in size, each being a half-byte, the total variable number of bytes that can be used for both the DA and SA fields is 11 bytes. The routing mechanism has the most significant byte (MSB) at the start of the address fields to support its operations more easily. This is different from DNP3, which has the MSB at the end of the

mincl

mechanism since it can use the DNP3 address's least significant byte (LSB) rather than its MSB. Destination Length Source Length Destination Source Address (4 bits) Address (O to 1O bytes)

field [7]. However, the difference does not affect the routing

Fig.1: Variable address structure. The variable address structure provides several important properties. The variable address structure implements unbalanced address sizes, i.e. the destination address does not need to be the same size as the source address. This allows a mixture of static and variable addresses within the address field to provide flexible routing operations. The routing mechanism supports the data/operation abstraction for the proposed load-management collaborative computing, since the variable address structure supports multiple levels of data concentrators (routers) between the outstations and the control center. It is immaterial to a router whether it is routing the data to another router or an outstation. Therefore each routing level can be implemented as a peer-topeer networked collaborative computing level that hides the complexity of operations to the routers closer to the control center in the SCADA network. Important outstations can have fewer routers between them and the control center. The routing mechanism implements six addressing modes based on the variable address structure, which are: Outstation

1-4244-1445-8/07/$25.OO C2007

IEEE

190

2007 IEEE Canada Electrical Power Conference

to router, Router to control center, Control center to router, Router P2P networking, Outstation P2P networking, and DNP3 to IP addressing. A router is defined as an IED that implements the routing mechanism proposed in this paper regardless whether it is an outstation or a master. Additional cyber-security for the routers, other than the DNP3 authentication security [9], can be implemented based on the data object security proposed in [10] and the security layer proposed in [11].

III. MODE 1: OUTSTATION TO ROUTER service-entrance level IEDs are the majority secondary The of IEDs within the smart distribution system, potentially thousands of units. These IEDs will be multi-connected to allow remote TCP/IP access to the IEDs by consumers. As a result, these devices are at high risk of being compromised through the consumers' Internet connections. In addition, these devices are at higher risk of being physically compromised since they are at relatively unsecured locations. Therefore, to support in-depth defense for the smart distribution system, the routing mechanism is not implemented within the secondary service-entrance level IEDs. In addition, data object security and the security layer proposed in [12] can be used to provide necessary cybersecurity for the DNP3 devices. Normal DNP3 addressing is used in Mode 1, between the outstation and the router, where the router may be a data concentrator. For this mode, the router will discard any data transmission from an outstation that does not conform to the properties for Mode 2 router to control center and Mode 5 outstation P2P networking routing operations. The routers will handle the address field to conform to the required routing operations for the outstation, but will not switch the MSB and LSB address values. Higher secure outstations can implement the routing mechanism, e.g. a secondary-service level IED normally accessible to utility staff only, such as a transformer station. However, a secure outstation does not necessarily need to implement the routing mechanism. Legacy IEDs that cannot support the routing mechanism or IEDs that do not require routing capability are treated in the same way as the secondary service-entrance level IEDs.
IV. MODE 2: ROUTER To CONTROL CENTER This section discusses Mode 2: router to control center. In this mode routers encompass outstations implementing the routing mechanism, data concentrators, and routers that IEDs concerned with the routing mechanism. Data transferred from the DNP3 network to the distribution system control centers in this mode is basically outstations transmitting responses to masters. However, this mode may transit the DNP3 to IP addressing mode to support higher bandwidth requirements, i.e. DNP3 over TCP/IP. The location for the transition of the DNP3 to IP addressing mode is dependent on the utility's data quality requirements. In Mode 2 of router to control center, the destination address is a static value representing the control center address that is known to all IEDs in the smart distribution system. A value ofO0is used to represent this address. The source address is the data transmission path from the source lED to the

control center. Each router in the data transmission path will add one byte to the source address as the data transmission passes through it. This byte represents the port from which the data transmission is received and therefore the return data transmission path from the control center. This byte value does not have a relation to the router's DNP3 address, allowing the router to easily determine if the data is for the router itself or if the data is being routed through the router, e.g. if the IED's DNP3 address is 56.98 the IED does not support port 56. Fig.2 shows this mode's operations, including its relationship to Mode 1 of outstation to router. Router Router Outstation Mode 2 Mode 2 Mode 1 address: 23.67 address: 121 address: 12
Router address field: Router address fieldDAL= I DAL= I

The router converts the DNP3 address field into the required variable address structure, e.g. the destination address from 0.0 into 0. The DNP3 address byte order is immaterial to the routers since the DNP3 address is a static value to the routing operations. The routers determine if Mode 2 is being used with the destination address length and destination address fields. For this mode, the length of the destination address always has a value of 1 while the destination address always has a value of 0. Since the destination address is 1 byte, the source address can be up to 10 bytes for this routing mode, which is equal to 8 router levels between the outstation and a router implementing the DNP3 to IP addressing routing mode. Each router has to recalculate the DNP3 header CRC value when it changes the data-link layer frame header. In Mode 2, routers are independent of each other since the current router is only concerned with the data transmission for itself, e.g. if the first byte of the destination address equals the first byte (LSB) of its DNP3 address. This independence property has the additional benefit of allowing unbalanced network structures to be implemented for DNP3. A router may connect into another router or an outstation without affecting the routing mechanism operations. For example, a group of addresses from the same port may be for multiple applications on the same IED or may be for multiple IEDs. For the serviceentrance level IEDs, the router uses a marker for the port to indicate if the received address should be translated into the variable address structure from the normal DNP3 address.
V. MODE 3: CONTROL CENTER To ROUTER

DA 1 SA= 121.12.23.67 SA= 12.23.67 Fig.2: Mode 2 of router to control center.

SAL = 4

DNP3 addressDA field: O.O SAL = 3 SA 23.67 DA =1O

1-4244-1445-8/07/$25.OO 2007 IEEE

This section presents Mode 3: control center to router. In this mode, routers encompass outstations implementing the routing mechanism, data concentrators, and routers. Data transferred from the distribution system control center to the DNP3 network in this mode is similar to Mode 2 of router to control center. Mode 3 basically handles master to outstation networking. The data transmissions using this mode may have initially used the DNP3 to IP addressing mode. In Mode 3 of control center to router, the destination address represents the data transmission path from the control center to the destination lED. Each router in the data

191

2007 IEEE Canada Electrical Power Conference

transmission path will remove one byte from the destination address as the data transmission passes through it. This removed byte is the next port over which to send the data transmission. The removed byte value does not have any relation to the router's DNP3 address, as previously discussed Mode 2 of router to control center, e.g. if the IED's DNP3 address is 56.98 the IED cannot receive a data transmission with the first byte having a value of 56 unless it is the destination. The source address is a static value representing the control center address, which has a value of 0. Fig. 3 shows the operation of Mode 3, including its relationship to Mode 1 of outstation to router mode. The operations are nearly the same as for Mode 2 of router to control center except in the reverse direction. Router Router Outstation Mode 3 Mode 3 Mode 1
address: 121 address: 12 address: 23.67
Router address field: Router address field: DNP3 address field:

DAL 4
SAL

DA= 121.12.23.67 DA= 12.23.67

SA 0

DAL 3
SAL

DA 23.67
SA 0.0

The destination address will initially contain the fully qualified transmission path to the destination router from the source router. As the data transmission is routed through the network, the routers in the data transmission path will remove their address bytes from variable address. Only the DNP3 destination address will remain when the destination router receives the data transmission. The source address will initially only contain the source router's DNP3 address. As the data transmission is routed through the network, the routers in the data transmission path will add their address bytes to the variable address. When the destination router receives the data transmission, the source address will contain the fully qualified return address to the source router. Fig.4 shows the routing from one router to another router. The source router has a different internal destination address representation than the transmitted address structure. The source internally appends the transmission port for the data transmission onto the address structure to indicate which port should be used for the data transmission. The destination IED appends the data transmission's reception port onto the address to indicate the return port for any responses.
Router DNP3 address

SA 0 Fig.3: Mode 3 of control center to router.

Router

Router

Router DNP3 address:

The routers determine if Mode 3 is being used with the source address length and source address fields. The source address length always has a value of 1 while the source address always has a value of 0 in this mode. Since the source address is 1 byte, the destination address can be up to 10 bytes for this routing mode, which is the same as for Mode 2. The router has to recalculate the DNP3 header CRC value at each hop. This mode has similar properties as Mode 2 of router to control center, including the routers being independent of each other, e.g. the port can represent an outstation with multiple DNP3 addresses or another router. For the service-entrance level IEDs, the router uses a marker for the port to indicate if
the variable address should be translated into the normal DNP3 address structure. The DNP3 address byte order is immaterial to the routers since the DNP3 address is a static value to the routing operations.

|4

Mode 4 addresses:
0

Mode 4 addresses: 2

addresses:

Mode 4

Mode 4 addresses: | o |

Address field:

VI. MODE 4: ROUTER P2P NETWORKING This section discusses Mode 4: router P2P networking. In this mode, routers encompass data concentrators, routers, and possibly outstations implementing the routing mechanism. Data is transferred amongst the routers in the DNP3 network to support the collaborative computing operations, e.g. selfhealing operations. This mode does not support DNP3 over TCP/IP in order to simplify the routing operations, e.g. multiple paths to the same destination. The router P2P networking mode combines the two previous routing modes, where both the destination and source addresses are variable. Therefore the full DNP3 destination and source addresses are required in the variable fields as static values. The byte order of the DNP3 addresses does not affect the routing operations in this mode. The static DNP3 addresses reduce the variable portion of the address structure to 7 octets, which allows 7 intermediate routers between the source and destination routers.
1 -4244-1445-8/07/$25.OO 2007 IEEE

DA=67.55 DA=91.67.55 DA=21.91.67.55 2.71.45.34 SA= SA =45.34 destination address Intemnal source address SA= 71.45.34 Intemnal DA = 0.21.91.67.55 SA = 0.2.71.45.34 Fig.4: Mode 4 router P2P networking. Fig.5 shows the routing in the opposite direction than that shown in Fig.4. The source and destination routers append the transmission/reception ports onto the stored addresses as shown in Fig.4. The routers determine if this mode is being used with the destination address length and source address length fields. For this mode, both of the address length fields are greater than 1 since the minimum value for either of these fields is 2 (the DNP3 address size). Each router has to recalculate the DNP3 header CRC value. The routers are not independent of each other in this mode since the source router requires the fully qualified path to the destination. This data can be manually configured from the control center since the P2P networking interactions will be known in advance and those connections will be permanent. Only the source and destination routers require the data transmission path information to be updated when new routers are added into or removed from the routing path.

SDAL4

Address field:

SDAL =3

Address field:

SDAL =24

192

2007 IEEE Canada Electrical Power Conference

Router DNP3 address: addresses: Router DNP3 address: Mode 4 addresses:

5
Router

67.55 Mode 4

Router

Router

Internal destination address DA = 0.2.71.45.34

4 91 0 4 0 *4 21 *0 -*2 *,71 -* 0 Address field: Address field: Address field: DAL =4 DAL 3 DAL =2 SAL =2 SAL=3 SAL=4 DA = 2.71.45.34 DA = 71.45.34 DA = 45.34 SA = 91.67.55 SA = 21.91.67.55 SA = 67.55
Internet source address DA = 0.21.91.67.55

Mode 4 addresses:

* Mode 4

45.34

addresses:

1 2

DNP3 Source Address 23.10 15.30

DNP3 Destination Address 16.53 50.90

In Port 2 5

Out Port 63 25

Address Cookie 200 200

A router determines if this mode is being used by an outstation by examining the destination address. If the destination address value is not zero, then the Mode 2 of router to control center routing is not being used. Mode 2 is the only other valid mode used for the outstations that are not dealt with as a router. The router locates the matching routing table entry for the destination address, if it exists, and converts
An intermediate router in the data transmission path determines if this mode is being used and if the source address length value is 0. The intermediate router sends the table. in the port listed routing data transmission through the other The address structure is constant in this mode, so that the routers do not have to recalculate the DNP3 header CRC
it into the variable address structure.

Fig.5: Mode 4 router P2P networking opposite direction.

VII. MODE 5: OUTSTATION P2P NETWORKING This section presents Mode 5:eoutstan P Etworkin The outstations refer to the service-entrance le . This mode could utilize therouter P2Pnetworkingmode. However, this constitutes a security risk for the smart distribution system computer network. If Mode 4 of router P2P networking mode

is used for these outstations, cyber-attackers could attack specific IEDs that would not be possible with normal DNP3 addressing, e.g. randomly creating data transmission paths to locate potential IED targets. Additionally, P2P networking at the service-entrance level is not currently essential since the router level handles the collaborative management operations. However, this may change with future networking requirements, e.g. for handling consumer-to-consumer interaction for dispersed generation sales. To support Mode 5 of outstation P2P networking while maintaining network cyber-security, the routing mechanism uses address cookies for the outstation P2P networking. The address cookies are temporary connections between outstation peers. Once these cookies have expired, the routers discard them. This effectively ends the connection since cookies cannot be reused or fabricated by cyber-attackers since the cookies are created by the control center. The source outstation will use its DNP3 address (source address) with the peer outstation. The destination address will be a random value that does not have a relation to the actual DNP3 destination address. The router translates the destination address into an address cookie from its routing table and discards the source address. Each router in the transmission path examines its routing table to determine the next transmission port for the data. The routers do not alter the address structure. If the router determines that the next port is the destination outstation, the address cookie is translated back into DNP3 addresses for the outstation. The outstation P2P networking operations are shown in Fig.6 using the two routing table entries in Table I.
DNP3 address:

The last router before the destination outstation converts the variable address structure into the DNP3 address structure using the routing table information. If both P2P outstations are connected to the same router, the router will contain two routing table entries to translate the addresses between the two devices. All of the entries in Table I would be for the same router excepting that all of the in port and out-port values would the same. Mode 5 requires extensive maintenance by the control centers to create the routing table entries at each of the routers in the transmission path. Additionally, the control centers have to verify that both outstations are requesting and require the P2P networking. The control center also has to determine an expiry for the address cookie based on the requested P2P networking parameters. This negotiation would involve all the utility corporation via such means as parties, email. Therenore, the negotiation parameters are outside the

value.

diglamng

update the routing entries using the data received from the utility corporate network. T P D ING ViII Mode 6: DNP3 This section discusses Mode 6: DNP3 to IP addressing. At
VIII. MODE 6: DNP3 To IP ADDRESSING

scopeoftheDNP3network.TheDNP3networkonlyneedsto

Outstation
15.30

Router 2

Router 1

DNP3 address:

Outstation
23.10

DA= 15.30 SA=50.90

DNP3 address field: Router address field:

Fig.6: Mode 5 of outstation P2P networking.

Table I: Mode 5 Outstation P2P Networking Routing Tables

DAL= 1 SAL=0 DA= 200

DNP3 address field:

DA= 16.53 SA=23.10

some point in the distribution system computer network it may become more practicable to transition to DNP3 over TCP/IP for communication with the control center. The transition point is dependent on the quality of service requirements for the data. Since the DNP3 frames are application data to TCP, the routers do not need to alter the variable address structure for transmission to the control center. The IP address plus the variable address structure provides the qualified transmission path to the destination IED from the control center. Due to the flexibility of the routing mechanism, the variable address structure for communication from the control center to the same destination address may change when new routers are added into the network. Therefore, the control center requires unique static address identification for each IED in the distribution system, which can be achieved with an IPv6 address. The IP address is used to access a device's particular information including the IP address used for the DNP3 over
TCP/IP segment and the variable address structure. The

1-4244-1445-8/07/$25.OO 2007

IEEE

193

2007 IEEE Canada Electrical Power Conference unique IP address initial assignment can be based on: IPv6 address equals to the IPv4 address plus the router-to-controlcan use any IP

[3] A. Dimeas, N. Hatziagyriou, "Agent based Control for Microgrids," In

[4]

center address. If the utility deploys a closed network, in the

Proc. ofIEEE PES General Meeting, JuneControl 2007. NIST SP800-82: Guide to
Supervisory

sense that it is not directly connected to the Internet, the utility address for its operations.
IX. CONCLUSION
a

Standards and Technology, September 2006. [5] C. Gellings, M. Samotyj, B.Howe, "The Future's Smart Delivery

(SCADA) and Industrial Control Systems Security, National Institute of

and Data

Acquisition

System," IEEE Power & Energy Magazine, Sep/Oct 2004, pp. 40-48. [6] B. Borowy, L. Casey, G. Davis, J. Rajda, C. Schauder, "Advanced Semiconductor Impact on Distributed Generation, Energy Storage and

the Utility Grid," In Proc. ofIEEE PES General Meeting, June 2007. A strong communication infrastructure is required to DNP3 Specification Volume 4: Data Link Layer, DNP User's Group, distribution system, support asupport smart smart distribution system, especiallytos[7] February 2007. especially to support collaborative computing for secondary-service IEDs. In [8] T. Mander, F. Chen, R. Cheung, F. Nabhani, "Mechanism of Unlimited WAN Expansion for Networks in Power Distribution Systems," In Proc. addition, the communication infrastructure must support IEEE Large Engineering Systems Conference on Power Engineering data/operation abstraction to reduce the amount of data that July 2006, pp. 72-76. mst dal wth iin opeatin 9](LESCOPE), utilityutiliy staffstff must deal with operating thedistribution the distribution [9] DNP3 Specification Volume 2 Supplement 1: Secure Authentication, system. The collaborative computing and the data/operation DNP User's Group, February 2007. abstraction can be achieved for the utility using a TCP/IP [10] T. Mander, F. Nabhani, L. Wang, R. Cheung, "Data Object Based Security for DNP3 Over TCP/IP for Increased Utility June based network. However, TCP/IP based networks pose Commercial In Proc. IEEE PES General 2007.

the utility. In particular, the secondary service-entrance level IEDs pose significant threats since they can be readily compromised attack the distribution by being compromised to attack the distribution system, either either by being physically compromised or through the device's multi-homed connection to the Internet.
to system ,

significant cyber.security significant cyber-security risks risks for for the the smart smart distribution distribution system operations since Internet based attacks can be used on

Aspects Security," of Meeting, [11] T. Mander, F. Nabhani, L. Wang, R. Cheung, "Integrated Network

[12] T. Mander, H. Cheung, A. Hamlyn, R. Cheung, "Communication Security Architecture for Smart Distribution System Operations," In

In Proc. ofIEEE PES General Meeting, June 2007.

Security Protocol Layer for Open-Access Power Distribution Systems,"

Proc. IEEE Electrical Power Conference, October 2007.

XI. BIOGRAPHIES

To counteract the risks presented by TCP/IP, a disjoint protocol can be used for the high-risk areas, specifically the secondary-service level, i.e. DNP3 can be used as the disjoint

Todd Mander

protocol. However, DNP3 does not have adequate network P2P networking capabilities to support the immense numbers
of IEDs within a smart distribution system, including the necessary support for collaborative computing. This paper has
s

provided a solution for DNP3 to support collaborative computing without requiring a DNP3 specification change. All ,

Helen Cheung received her B.Eng. from Ryerson University and is currently a M.A.Sc. student at Ryerson. She has worked as Research Assistant in LEDAR Lab and Engineer in RC Power Conversions Inc. Ryerson Alexander Hamlyn received his B.Eng. from Ryerson University and is currently a M.A.Sc. student at Ryerson. He worked as NSERC USRA and

currently working on his doctorate degree in power system computer networks at the University of Teesside through Ryerson University.

received his B.Eng.

degree from Ryerson

University.

He is

IEDs within the smart distribution system. Only the routers, which include data concentrators, implement the protocol extension routing mechanism. The mode 2 and mode 3 routing operations between routers and the control centers provide the traditional exchange of data between the masters and outstations. These modes implement a unique address for every IED within the smart distribution system computer network regardless of the how the network is deployed or how it will be deployed in the future. The mode 4 router P2P routing supports the collaborative computing and the data/operation abstraction for the smart distribution system, without the necessity of typical network layer operations such as routing protocols and path discovery mechanisms. The mode 5 outstation P2P networking supports future aggressive P2P networking at the secondary service-entrance level to support potential dispersed generation sales within a localized area. The mode 6 DNP3 to IP addressing routing supports DNP3 over TCP/IP when the TCP/IP capabilities are required for the DNP3 data.
X. REFERENCES

outstationsusing imple t outstations Implement standard DNP3 capablities the d mode 1 outstation to router routing, which is the majority of

Research Assistant in Ryerson WAN and LEDAR labs. Richard Cheung received his B.A.Sc., M.A.Sc., and Ph.D.indegrees from the of Toronto. He was a Research Ontario
Engineer Hydro. cUniversity Currently he is a Full Professor at Ryerson University, and he is an active

Power Engineering consultant and is the President of RC Power Conversions Inc.

[1] [2]

"The World Market for Substation Automation and Integration Programs in Electric Utilities: 2005-2007 Executive Summary North American Market," Newton-Evans Research Company, Sept. 2005. DNP3 Specification Volume 1: DNP3 Introduction, DNP User's Group, February 2007.

1 -4244-1445-8/07/$25.OO 2007 IEEE

194