Dissertation report 2_3

Faculty of Engineering, Science and the Built Environment

DISSERTATION REPORT
Design & Implementing SCADA System
Wireless Sensor to Control Fire Effect in
Refinery

Abubakar H. Nur
Student number: 3031355 Page 0

1. ACKNOWLEDGEMENTS
First and foremost, my thank to my supervisor Dr Perry Xiao, who stood up with shoulder to
shoulder to simplify all the problems that I encountered, and also his incontrovertible
guidance all the way to the end. Then I would like to thank my family, especially my wife
for her moral support and understanding during this difficult but productive time, whilst I
spent of my time to dedicate to the project. And my last thank goes to my friends, who were
present for their assistance and correcting my English writing when I needed them in such
difficult situations. To conclude my acknowledgement I would like to say I am grateful to all
who ever contribute to this work in any way that is possible morally or physically. I would
also like to apologize to all those people that I have unknowingly forgotten to mention her.

I consider myself very lucky to be get help all those people and those times to working with
my master dissertation report and I would like to express our gratitude to all the people who
helped realising this challenging project on a short time scale.

Our goal is to design interactive systems that are enjoyable to use, that do useful things and
that will save the lives of the people who working in Refineries. We want our interactive
systems to be accessible, usable and engaging. In order to achieve this we believe that the
design of such systems should be human centred. That is, designers need to put people rather
than technology at the centre of their design process.

My concept looks somehow like an development area which is came after sensor and wireless
communications technologies, digital ecosystems are poised to connect and even fill existing
and newly created applications connecting different environments thus giving rise to many
promising solutions to pressing problems. Imagine energy and communication webs using
software applications enabling users to better regulate

Designing such as this device take time and money. We will be analyses the time and the
financial to do this project. The balance between production and consumption of resources is
achieved and maintained as a result of competition between the market and designing for
good and very active useful product.

Research aims to understand and advance the interweaving of Design & Implementing
SCADA System Wireless Sensor to Control Fire Effect in Refinery.

Users are the primary users of the system. We have chosen to have better understanding of
different needs and to be able to compare their usage of the system, since they use the system
for different usage at different purposes. Identify the range of the wireless and use repeater or
put several more Fire Control sensor.

Abubakar H. Nur

Table of Contents
1. Acknowledgements ...........................................................................................................1
2. Abstract ..............................................................................................................................4
3. Introduction .......................................................................................................................5
4. Project Requirements .......................................................................................................6
4.1Hardware .................................................................................................................................... 6
Fire alarm Sensors ............................................................................................................................. 6
4.2Software ...................................................................................................................................... 6
5. Technical Issues.................................................................................................................7
Price looking in internet ..................................................................................................................... 8
6. Designing Topology...........................................................................................................8
6.1 Fire Alarm Sensor TGS-813 Explained ................................................................................ 9
WIRELESS ALARM ............................................................... Error! Bookmark not defined.
7. Integrate Hardware and Software ................................ Error! Bookmark not defined.
7.1TESTING RESULTS .................................................................................................................. 37
8. THE NEED FOR SECURITY IN PROCESS CONTROL .........................................13
8.1 THE NEED FOR SECURITY IN PROCESS CONTROL ................................................... 14
SYSTEMS ..................................................................................................................................... 14
8.2 Critical infrastructure .......................................................................................................... 15
8.3 Develop / explore market potential / strategies if applicable .............................................. 15
Figure 2 ( google homepage images) ................................................................................................ 16
9. Security Analyses for ZigBee Wireless Sensor Networks ................................................17
10. What's the difference between Wi-Fi and Zigbee .............................................................17
10.1 Wi-Fi or ZigBee Wireless ........................................................ Error! Bookmark not defined.
10.2 The comparison of Wi-Fi, Bluetooth and ZigBee ..................................................................... 19
11. Solution .............................................................................................................................28
11.1 SCADA Overview ............................................................................................................... 29
11.2 Security overview ................................................................................................................ 30
11.3 RTU Security ...................................................................................................................... 31
11.4 Server Security ................................................................................................................... 31
11.5 Network Security ................................................................................................................ 31
11.6 Network Access ................................................................................................................... 32
11.7 Network Segmentation ........................................................................................................ 32
11.8 External Access ................................................................................................................... 32
11.9 RF Security ......................................................................................................................... 33
11.10 The MODBUS Protocol ................................................................................................... 33
11.11 Securing MODBUS ......................................................................................................... 33
12. Wireless Networking .......................................................................................................34
12.1 Security Protocols ............................................................................................................... 35

Abubakar H. Nur

13. Conclusion ........................................................................................................................38
13.1 Future Work........................................................................................................................ 42
14. References and Bibliographies .........................................................................................43
15. Time Plan ..........................................................................................................................45

Table of Figures

Abubakar H. Nur

2. ABSTRACT
SCADA is a big topic in those days and SCADA System become more useful and very
electronics end before and it used for many spectre and widely which the first is enabling
technology of the ICT-driven and control. In this paper it would be discussed a design and
simulation Design & Implementing SCADA System Wireless Sensor to Control Fire Effect
in Refinery and it would be set a model for devices and at the same time enables their
interoperability and configurability. It would be solution which is based on the combination
of designing and feasibility of the market. It would demonstrate the possibility of getting
useful product to achieve the need of the market.

There is an understandable and strong need for a design hardware and software development
that lends itself to the design and construction of portable code systems. The current efforts to
standardise software give evidence to this need. The both Hardware and software solution
which could work together and get the best and possible solution it would be useful.
Feasibility evaluation is an assessment of how to make the product which is useful for a
stated target audience or intended customer.

It needed I comprehensive series of alarms that identify problems down to the card level. Her
it would be used microcontroller and wireless detect.

The better Human Machine interface the more users will like to use it, increasing their
satisfaction with the work that you have done. In a Design & Implementing SCADA System
Wireless Sensor to Control Fire Effect in Refinery which has different hardware architectures
and supporting software systems ranging from compilers to operating systems,

Wireless network fixed nodes must be there first, that is why it is the bases of any kind of
communication. In this project, it is based on a medium size company, which has three
branches in United Kingdom; this network uses both local area network and wide area
network to make it possible the communication between the three cities. The main office is in
London, and the other two branches are based on Birmingham and Glasgow, the routing
protocols that is being used are Open short path first and Routing information protocol using
OPNET Modeller, and the aim of this model is to find out which of the routing protocols are
performing better, the parameters being used are End node-To-End node delay, throughput
and traffic load, Link failure, traffic received, and traffic sent, the outcome of these
parameters, will be shown latter in this project.

Research in this area is large a Design & Implementing SCADA System Wireless Sensor
to Control Fire Effect in Refinery is going on and on to this topic, with recommendations
for the proper design of Input/Output, menus, icons, forms, as well as data display on the
screens in which possibility analysis is a advantageous tool.

There is future improvement both for Electronics industries and Refineries and it could
improve refineries works live save.

Abubakar H. Nur

3. INTRODUCTION
It would believe that the design of such systems should be human centred. It had seen several
area before our goals to design interactive systems for example is there place would need and
it is and it is the setup product in the market and it is. So it calculates at is useful things and
that will save the lives of the people who working in the Refineries. It wanted our interactive
systems to be accessible, usable and engaging. In order to achieve this it need to have the best
and fast technology in the market.

Before it starts to have the new alarm system it would be looked any existing alarm collection
and presentation equipment it already have. It have upgraded alarm system if the system is
old system and it is not have any communication with internet and Remote Terminal Unit and
look haw it could work to getter the existing alarm equipment and the new.

My concept looks somehow like an development area which is came after sensor and fire
alarm communications technologies, digital ecosystems are poised to connect and even fill
existing and newly created applications connecting different environments thus giving rise to
many promising solutions to pressing problems. Area Imagine energy and communication
webs using software applications enabling users to better regulate

We will be analyses the time and the financial to do this project. The balance between
production and consumption of resources is achieved and maintained as a result of
competition between the market and designing for good and very active useful product and
good rate for Refineries.

Research aims to understand and advance the interweaving of Design & Implementing
SCADA System Wireless Sensor to Control Fire Effect in Refinery remotely getting
information.

Works are the primary users of the system. We have chosen to have better understanding of
different needs and to be able to compare their usage of the system, since they use the system
for different usage at different purposes. Identify the range of the wireless and use repeater or
put several more Fire Control sensor.

The entrepreneur could help and develop this project without problem and help to setup and
maintain next 5 years. – need to write a proposal report, and submit it before the deadline.

A SCADA system includes a user interface called a Human Machine Interface (HMI). The
HMI of a SCADA system is where data is processed and presented to be viewed and
monitored by a human operator. This interface usually includes controls where the individual
can interface with the SCADA system.

HMIs are an easy way to standardise the facilitation of monitoring multiple RTUs or PLCs
(programmable logic controllers).

Abubakar H. Nur

It would try to solve if that area employs working in remote areas that could not be reached
by telephone lines/cables/optical fibres etc. It would be specify how to deal with issues such
as bandwidth, scalability, and security.
4. PROJECT REQUIREMENTS
4.1 Hardware
Fire alarm with smoke detector, wireless transmitter circuit, RTU (Router or Switches),
Server in save place in the Refineries, Human interface, embedded real time systems
assembler for embedded real time systems.

Fire alarm Sensors - The most basic way to fire alarm sensor. This project will use 16F876A
and smoke detector to detect smoke and sound a buzzer when smoke detected. Circuit
schematic is using very similar to a smoke detector. When these presents are exceeded, you get a
contact closure alarm, which translates to a basic high or low fire alarm.

More advanced fire alarm sensors output analogue values. Analogue monitoring allows you to
monitor shifting sensor levels at your remote sites. With the right SCADA system, you can use your
analogue readings to send alarms based on configurable wireless. Smoke detector wireless connection
with build in remote control
encoder and RF transmitter and operate with 9V battery. Wireless
Receiver would be Routers or Switches and I would need computer, which are connected to
the internet so it can transfer to Human Computer Interface (HCI).

Remote Terminal Units, or RTU’s, is the local control system used to collect the information
from the various sensors using fibre-optics, data cable or other hard wiring. In large regional
systems, the information may be communicated through radio or wireless technology to the
RTU, which is acting like a middle man in the transmission of information. It collects local
information and sends it on to the central control station.

The author end it could be server and HMI which are showing the fire alarm are ON or OFF
of the room. SCADA is similar, on a smaller scale, to home monitoring systems. Information
is collected from the sensors located on each door, window, motion detectors and smoke
alarm. Wiring connects these sensors to a home-based control system. This local control
system sends the information on to a central control station where people are notified in the
event of a Fire station.

4.2 Software

Levels: Applications, Device drivers, embedded real time systems
Programming Languages: C, C++, Assembler, Visual Basic etc.
Databases: MySQL and SQL Server, Microsoft Access
Operating systems: Most Microsoft operating systems example 98/XP/windows 7 etc.
and Linux platforms.
SCADA system is a general term that encompasses several types of control systems,
including supervisory control and data acquisition (SCADA) systems, and other control
system configurations such as skid-mounted Programmable Logic Controllers (PLC) often

Abubakar H. Nur

found in the industrial sectors and critical infrastructures. Critical infrastructures are often
highly interconnected and mutually dependent systems. This system would save live for
approximately 70 per cent end the old fire alarm system in the Refineries.

5. TECHNICAL ISSUES
Smoke detector is device where it uses a battery to operate and transfers the data via RF
transmitter and a remote control encoder inside the smoke detector. The interface between
Smoke detector and RF transmitter would involve a Microcontroller, which is very important
to have this project. Analogue Digital Converter (ADC), which receive data from Smoke
detector and converters to the Digital where microcontroller could send to the RF transmitter.

In pig Refineries remotely monitor the room fire alarm of Refineries and fire station staffs. It
tries to detector fire for early time and before it could become big damage for the Refineries.
It needed to demonstrate and get search and knowledge about the latest technologies in the
market, and need to specify what fire alarm detector you are going to use, how data should be
transmitted with wireless to the Router or Switch wireless receiver, which are connected to
the internet and displayed. Please note that some of the

It needs Fire alarm sensors it can detector smoke in the area, which it monitored and the data
could send through internet with help PLC, RTU and routers. Data should be stored a servers
which located in different places. The data could display in WWW.

The Servers could install JDS , JAVA, MySQL, TOMECAT and Visual Studio which it help
to design and build in the web page and connect to the MySQL database which it save the
data for each patient.

Sensors within the process monitor the Remote Terminal Units, or RTU’s, is the local control
system used to collect the information from the various sensors using fibre-optics, data cable
or other hard wiring. In large regional systems, the information may be communicated
through radio or wireless technology to the RTU, which is acting like a middle man in the
transmission of information. It collects local information and sends it on to the central control
station of input and output at each step of the way. Temperature, flow rate and valves are all
monitored by sensors. From a simple process, such as milk pasteurization, to a complex
distribution system covering an entire city, SCADA has the capability to monitor a few
sensors or millions of sensors.

The monitoring can even be performed remotely from the operator’s home, resulting in fewer
calls for alarm situations after hours. SCADA takes the complicated task of monitoring
millions of point of information and uses computer technology to present it in centralized,
easy to understand ways.

All the technology that is necessary for a device like this is already used in other gadgets, and
in matter of software, there are many libraries with code for speech recognition and almost all
the features mentioned above, but yet, to the extent of my knowledge, there is no program
like this, designed for educational purposes.

Abubakar H. Nur

My concept looks good understanding designing SCADA and sensors.
In matter of software, the device should be able to:
Design a hardware device which is SCADA Fire alarm detector with RF transmitter
Sensor.
Detector can detect the smoke if there is Fire alarm in the Refineries.
RF transmitter can send data in the router or through PLC.
Price looking in internet

Synology Disk Station DS212 NAS £214
server - Serial ATA-300
Gigabit EN

GSM GPRS RTU -- £110

JDS , JAVA, MySQL, TOMECAT and free
Visual Studio
Fire alarm Sensors £20
Use a Fire Station staffs No paid
Total £823.95

Figure 5.1 is not exactly price

6. DESIGNING TOPOLOGY

Smoke Detector Circuit - Schematic Diagram which the simple schematic diagram of a
smoke detector presented here utilizes the gas sensor TGS 813 as the main detecting

Abubakar H. Nur

component. The circuit is pretty easy to build and performs useful fire detection once
installed into a possible fire prone zone. They say there cannot be a smoke without a fire; the
present concept of smoke alarms is based on this saying and exploits the fact that every fire
starts with smoke before taking a foothold. Here the proposed circuit is intended to be used as
a warning device against a possible fire hazard by detecting the involved smoke, which
fortunately tends to develop before the fire.

Smoke detector is one of the common devices in a house security system. This project will
demonstrate how microcontroller will read the smoke detector and react when the smoke
detector detects smoke.

6.1 Fire Alarm Sensor TGS-813 Explained

We all know that during combustion or burning of any substance smoke is involved. This
smoke is generally a mixture of a number of gases like carbon dioxide, carbon monoxide,
carbon hydroxide, methane, propane, butane, isobutene, etc., to name a few. These emanate
due to the breaking of the chemical bonds of substances being consumed under the influence
of heat or fire.

A gas sensor, as can be understood from the name itself, is a device which can detect or sense
the presence of any gaseous element in the atmosphere surrounding it.

They find an important place in numerous applications, with the most common being in fire
alarm systems where they are configured as sensors to detect the presence of any smoke
content in the air due to a possible fire. Thus an alarm is raised before the fire is able spread
to drastic levels.

In this article we will discuss the technical data of gas leakage sensor, and we will take the
example of the well-known Japanese made Figaro TGS-813 gas sensor and study its
specifications.

Basically TGS-813 is a sintered type of semiconductor primarily made up of tin dioxide
(SnO2). When it comes in contact with any gaseous element, its internal resistance
immediately drops.

Abubakar H. Nur

As the concentration of the gas rises, its resistance drops proportionately and can become as
low as 20 times to its normal value.

As shown in the diagram, it consists of six terminals, two of which are connected to a heater
coil, while the other four contacts are wired across a gas sensing resistor.

To initiate the sensor, a preheating of the heater coil is necessary. It may take approximately
three to five minutes before the actual sensing of the gases can take place.

Figure 6.1 Smoke detector

The electrical parameters of the sensor are as follows:

This causes the resistance of LDR to increase and the voltage at base of the transistor is
pulled high due to which the COB (chip-on board) is completed. The sensitivity of the smoke
detector depends on the distance between bulb and LDR as well as setting on presses VR1.
Thus by placing the bulb and the LDR at appropriate distances, one may vary presses VR1 to
get optimum sensitivity.

Figure 6.2 Smoke detector Circuit.

Abubakar H. Nur

Interface PIC16F876A with Smoke detector
Smoke detector is a wireless device where it uses a 9V battery to operate and send the signal
via RF transmitter and a remote control encoder inside the smoke detector. The interface
between PIC16F876A and Smoke detector will involve a RF receiver to receive data from
Smoke detector and a remote control decoder PT2272 to decode the received data.
Smoke detector connected to RF transmitter:

Figure 6.2 Smoke Detector, RF transmitter with microcontroller and build in Siren.

In this process, the integration of the hardware was implemented with the system that was
created before it can be tested to find the weaknesses. The system works. First is to check the
hardware connection and make sure it is properly set-up. After that is to test the hardware. If
the hardware is working, then it can be processed with the running of a Web based
temperature Monitoring System. If there is a problem, the hardware setup must be checked
because it may not have been configured correctly.

Abubakar H. Nur

PIC16F876A

In this project it have been used Microcontroller PIC16F876A which t is easy to program and
it is powerful (200 nanosecond instruction execution). CMOS FLASH-based 8-bit
microcontroller packs Microchip's powerful PIC architecture into an 28-pin package and is
upwards compatible with the PIC16C5X, PIC12CXXX and PIC16C7X devices.

Feature of the device:
• 256 bytes of EEPROM data memory
• Self programming
• ICD (In Circuit Debugging function)
• 2 Comparators
• 5 channels of 10-bit Analogue-to-Digital (A/D) converter
• 2 capture/compare/PWM functions
• The synchronous serial port can be configured
as either 3-wire Serial Peripheral Interface
(SPI™) or the 2-wire Inter-Integrated Circuit
(I²C™) bus
• Universal Asynchronous Receiver Transmitter
(UART)

Figure 6.3 the pin diagram for PIC16F876A.

For more information about the PIC microcontroller, please refer to the datasheet.

Abubakar H. Nur

7. THE NEED FOR SECURITY IN
PROCESS CONTROL
PCS is pervasive in manufacturing and infrastructure processes. Often, enormous potential
safety impacts to the general populace are possible if PCS malfunctions; moderate to severe
economic damage is also feasible. At a minimum, PCS unreliability will encourage public
discontent and unease.

Security for PCS should be paramount given the potential consequences, and will only grow
in importance as newer PCS (with more acute vulnerabilities) are installed. Unfortunately,
budgetary restrictions for utilities are often manifest in PCS administration, where funding
for personnel and equipment are many times clearly inadequate. Another problem is natural
attrition through aging of key personnel in PCS administration and also in utility operations.
Finally, corporate social pressures between PCS administrators and IT departments often lead
to counterproductive suspicion and inefficient communication between fiefdoms. Often, the
arcane nature of PCS implementations is considered the primary defence mechanism through
the ―security through obscurity‖ argument. This chimerical theory unfortunately contributes
to false confidence. Obscure systems are merely difficult to understand so that the malefactor
must make a larger up-front investment to understand the system. Once the requisite
knowledge is attained, attack paths are clear and consequences fated.

Another option involves the use of known encryption and authentication standards for
TCP/IP, such as IPSec or SSL. These are well-defined and mature options that have
numerous implementations. They have been analyzed extensively and have been shown to
provide strong security. Linksys, Inc. provides an inexpensive Virtual Private Network
(VPN) solution that encapsulates data and transmits it across an insecure TCP/IP network.
There are many serial-to- Ethernet transceivers on the market that will convert an existing
serial (EIA-232) data source into TCP/IP over Ethernet. The converted packets can then be
secured with a VPN solution. The reverse operation at the other end of the data link will
return the secure (encrypted and authenticated by the IPSec protocol) TCP/IP packets back to
the original serial signal.

Abubakar H. Nur

The remote monitoring generally focus on patients and their families, although some examine
benefits to providers, communities and the health care system. This paper focuses on the
patient/family unit and the responsible clinical providers.

Core parameters addressed and evaluated in these patient/family include one or more of the
following: access, support, E-health outcomes, quality of care, social isolation and quality of
life. These parameters tend to be studied in the context of overall cost, cost effectiveness,
health services utilization, acceptability and satisfaction.

-------------------------------------------------------------------------------------------------------------

Industrial control system (ICS) is a general term that encompasses several types of control
systems, including supervisory control and data acquisition (SCADA) systems, distributed
control systems (DCS), and other control system configurations such as skid-mounted
Programmable Logic Controllers (PLC) often found in the industrial sectors and critical
infrastructures. ICS are typically used in industries such as electrical, water and wastewater,
oil and natural gas, chemical, transportation, pharmaceutical, pulp and paper, food and
beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods.) These
control systems are critical to the operation of the U.S. critical infrastructures that are often
highly interconnected and mutually dependent systems. It is important to note that
approximately 90 per cent of the nation's critical infrastructures are privately owned and
operated. Federal agencies also operate many of the industrial processes mentioned above;
other examples include air traffic control and materials handling (e.g., Postal Service mail
handling.) This section provides an overview of SCADA, DCS, and PLC systems, including
typical architectures and components.

7.1 THE NEED FOR SECURITY IN PROCESS CONTROL
SYSTEMS
PCS is pervasive in manufacturing and infrastructure processes. Often, enormous potential
safety impacts to the general populace are possible if PCS malfunctions; moderate to severe
economic damage is also feasible. At a minimum, PCS unreliability will encourage public
discontent and unease.

Security for PCS should be paramount given the potential consequences, and will only grow
in importance as newer PCS (with more acute vulnerabilities) are installed. Unfortunately,
budgetary restrictions for utilities are often manifest in PCS administration, where funding
for personnel and equipment are many times clearly inadequate. Another problem is natural
attrition through aging of key personnel in PCS administration and also in utility operations.
Finally, corporate social pressures between PCS administrators and IT departments often lead
to counterproductive suspicion and inefficient communication between fiefdoms. Often, the
arcane nature of PCS implementations is considered the primary defence mechanism through
the ―security through obscurity‖ argument. This chimerical theory unfortunately contributes

Abubakar H. Nur

to false confidence. Obscure systems are merely difficult to understand so that the malefactor
must make a larger up-front investment to understand the system. Once the requisite
knowledge is attained, attack paths are clear and consequences fated.

7.2 Critical infrastructure

Electric power is often credited with being the first infrastructure sector to deploy PCS
extensively. Originally known as SCADA, the system was designed to allow irregular
operation of remote devices, and often used tone control as a protocol. Water sourcing,
treatment, and distribution utilities later added remote sensing and control, as did fossil fuel
refining and distribution networks. Eventually, the original primitive technology was replaced
with modern digital/analog hybrid networks based on contemporary communication
protocols and microprocessors.

Currently, infrastructure utilities rely very heavily on their PCS systems in real-time, and they
have been in use for so long that it is unclear how successful or efficient manual operations
would actually be. Furthermore, there are considerations concerning the uncertain results of
intrusion, as these scenarios have not been adequately enumerated. Each utility should
address their PCS as a hypercritical system by using very tight security safeguards. The PCS
has enormous value by reducing costs and improving performance through automation, and
this value must be reflected in the system’s security.

7.3 Develop / explore market potential / strategies if applicable
The Refinery Monitoring and Control System There are currently 35,000 sensors and
actuators in use in the refinery to perform real-time monitoring of industrial operations such
as leakage detection, measurement of pressure in the pipes, fluid levels and of the overall
environment. The monitoring of the environment in a refinery provides essential information
to ensure the good health of the refinery and its production processes. In the oil refinery three
subsystems exist for the monitoring and control of the plant: the indicator system, the control
system, and the emergency system, as shown in Figure 2.

Refineries are in need and around 60% - 70% have old system which is was very old and
need to new system and very active in it was before.

Abubakar H. Nur

Figure 2 ( google homepage images)

All the technology that is necessary for a device like this is already used in other gadgets, and
in matter of software, there are many libraries with code for speech recognition and almost all
the features mentioned above, but yet, to the extent of my knowledge, there is no program
like this, designed for educational purposes.

My concept looks somehow like an big project which is give me good understanding
designing SCADA and sensors.

In matter of software, the device should be able to:
Design a hardware device which is control, SCADA WIRELESS SENSOR.
Sensor can detect the fire with wirelessly.
Sensor can give alarm and alarmed could heard.

Abubakar H. Nur

8. SECURITY ANALYSIS FOR ZIGBEE WIRELESS
SENSOR NETWORKS
Wireless sensor networking is a challenging and emerging technology that will soon become
an inevitable part of our modern society. Today wireless sensor networks are broadly used in
industrial and civilian application areas including environmental monitoring, surveillance
tasks, healthcare applications, home automation, and traffic control.

The challenges for research in this area are due to the unique features of wireless sensor
devices such as low processing power and associated low energy. On top of this, wireless
sensor networks need secure communication as they operate in open fields or unprotected
environments and communicate on broadcasting technology. As a result, such systems have
to meet a multitude of quantitative constraints (e.g. timing, power consumption, memory
usage, communication bandwidth) as well as security requirements (e.g. authenticity,
confidentiality, integrity).

One of the main challenges arise in dealing with the security needs of such systems where it
is less likely that absolute security guarantees can be sustained {because of the need to
balance security against energy consumption in wireless sensor network standards like
ZigBee.

This dissertation builds on existing methods and techniques in different areas and brings them
together to create an efficient verification system. The overall ambition is to provide a wide
range of powerful techniques for analyzing models with quantitative and qualitative security
information.

We stated a new approach that first verifies low level security protocol s in a qualitative
manner and guarantees absolute security, and then takes these very _ed protocols as actions
of scenarios to be verified in a quantitative manner. Working on the emerging ZigBee
wireless sensor networks, we used probabilistic verification that can return probabilistic
results with respect to the trade off between security and performance.

In this sense, we have extended various existing ideas and also proposed new ideas to
improve verification. Especially in the problem of key update, we believe we have
contributed to the solution for not only wireless sensor networks but also many other types of
systems that require key updates. Besides we produced automated tools that were intended to
demonstrate what kind of tools can developed on different purposes and application domains.

9. WHAT'S THE DIFFERENCE BETWEEN WI-FI AND
ZIGBEE
There are many different wireless protocols out there, but the ones that most people have
heard of are Wi-Fi and Bluetooth because these are used in devices that lots of us have,
mobile phones and computers. There is a third alternative called ZigBee that is designed for
control and instrumentation. What are the differences?

Abubakar H. Nur

Wi-Fi is a direct replacement for a wired Ethernet cable and is used in the same situations to
avoid running wires everywhere. The benefit of Wi-Fi is that it can connect to an existing
network hub or router, which means that a PC doesn’t have to be left on to access a device
using Wi-Fi. Remote access products like IP cameras use Wi-Fi so they can be connected to a
router and accessed across the Internet. Wi-Fi is useful but not simple to implement unless
you just want to connect a new device to your existing network.

Bluetooth is generally used for point to point communication, although Bluetooth networks
can be established quite easily. Typical applications we are all familiar with allow data
transfer from mobile phones to PCs. Bluetooth wireless is the best solution for these point to
point links, as it has high data transfer rates and, with the right antenna, very long ranges of
up to 1KM in ideal circumstances.

The commonest application we deal with is replacement of serial cables by using a serial to
Bluetooth converter on one end e.g. solar panel array, and a USB to Bluetooth adapter to
connect to a laptop or PC on the other end. These types of link are very easy to setup, often
by just pressing a pairing button on the units to create a permanent Bluetooth link.

Bluetooth can also be used to create small ad-hoc networks, often with one USB to Bluetooth
convertor as the master and up to 4 serial to Bluetooth adapters as slaves. Have a look at our
Bluetooth Wireless Guide for more information.

What about ZigBee wireless? This is a wireless protocol that also operates in the 2.4GHz
band, like Wi-Fi and Bluetooth, but it operates at much lower data rates. The main
advantages of ZigBee wireless are

Low power consumption
Very robust network
Up to 65,645 nodes
Very easy to add or remove nodes from the network

This makes it ideal for control and monitoring applications, such as home automation or
smart metering. A Guide to ZigBee Wireless Networks covers ZigBee in more depth. This
guide also has a full comparison between Wi-Fi, Bluetooth and ZigBee wireless solutions.

1. Both are short-range wireless communications technology;
2. Are using 2.4GHz frequency band;
3. Are based on DSSS technology;

Differences:
1. Transmission at different speeds.
ZigBee transmission speed is not high (raw data rate250Kbps), but low power
consumption, battery-powered general can use more than 3 months; Wi-Fi, is often

Abubakar H. Nur

said that the wireless LAN, a large rate (11Mbps), power consumption is also large,
the general external Power;

2. different applications.
ZigBee for low rate, low-power situations, such as wireless sensor networks for
industrial control, environmental monitoring, smart home control and other fields.
Wi-Fi, is generally used to cover a certain range (such as a building) wireless network
technology (about 100 meters range).
Zigbee generally needs an always-on coordinator node. Wi-Fi generally needs a
wireless router. Wi-Fi is widely used for wireless Internet access.
LinkSprite developed a mesh-network Wi-Fi street lighting control system that
doesn't need a Wi-Fi router.

3. ZigBee market status as an emerging technology, from 2004 released the first version
of the standard has been in the midst of rapid development and promotion of them;
now because of cost, reliability reasons, no large-scale promotion; Wi-Fi, Technology
very mature, the application has a lot. In general, the larger the difference between the
two, positioning is different between those competitions is not great. But technically
the two have most in common; mutual interference between the two is quite large,
especially for the ZigBee Wi-Fi interference.

9.1 The comparison of Wi-Fi, Bluetooth and ZigBee
In this month, I’d like to introduce the comparison of Wi-Fi, Bluetooth and ZigBee.

Wi-Fi is a trademark of the Wi-Fi Alliance that may be used with certified products that
belong to a class of wireless local area network (WLAN) devices based on the IEEE 802.11
standards.

Wi-Fi allows local area networks (LANs) to be deployed without wires for client devices,
typically reducing the costs of network deployment and expansion. Spaces where cables
cannot be run, such as outdoor areas and historical buildings, can host wireless LANs.

Abubakar H. Nur

Wireless network adapters are now built into most laptops. The price of chipsets for Wi-Fi
continues to drop, making it an economical networking option included in even more devices.
Wi-Fi has become widespread in corporate infrastructures.

Different competitive brands of access points and client network interfaces are inter-operable
at a basic level of service. Products designated as ―Wi-Fi Certified‖ by the Wi-Fi Alliance are
backwards compatible. Wi-Fi is a global set of standards. Unlike mobile phones, any standard
Wi-Fi device will work anywhere in the world.

A typical wireless router using 802.11b or 802.11g with a stock antenna might have a range
of 32 m (120 ft) indoors and 95 m (300 ft) outdoors. Due to reach requirements for wireless
LAN applications, power consumption is fairly high compared to some other standards.

Because of the very limited practical range of Wi-Fi, mobile use is essentially confined to
such applications as inventory taking machines in warehouses or retail spaces, barcode
reading devices at check-out stands or receiving / shipping stations.

ZigBee is a low-cost, low-power, wireless mesh networking proprietary standard. The low
cost allows the technology to be widely deployed in wireless control and monitoring
applications, the low power-usage allows longer life with smaller batteries, and the mesh
networking provides high reliability and larger range.

ZigBee operates in the industrial, scientific and medical (ISM) radio bands; 868 MHz in
Europe, 915 MHz in the USA and Australia, and 2.4 GHz in most jurisdictions worldwide.
The technology is intended to be simpler and less expensive than other WPANs such as
Bluetooth.

Because ZigBee can activate (go from sleep to active mode) in 15 msec or less, the latency
can be very low and devices can be very responsive — particularly compared to Bluetooth
wake-up delays, which are typically around three seconds. Because ZigBees can sleep most
of the time, average power consumption can be very low, resulting in long battery life.

ZigBee protocols are intended for use in embedded applications requiring low data rates and
low power consumption. ZigBee’s current focus is to define a general-purpose, inexpensive,
self-organizing mesh network that can be used for industrial control, embedded sensing,
medical data collection, smoke and intruder warning, building automation, home automation,
etc. The resulting network will use very small amounts of power – individual devices must
have a battery life of at least two years to pass ZigBee certification.

The ZigBee work in 2.4GHz band, this is free band and multi of networks have a high power, high
data rate and high frequency work in this band. This networks have adversely effect on the ZigBee;
interference problem. In this paper we studied the mutual interference effect between ZigBee and Wi-

Abubakar H. Nur

Fi devices. In the future we can proposed scheme comes to reduce from one of the major problems
facing the ZigBee; interference.

4. The key characteristics of Wi-Fi and Zigbee.

ZigBee Wi-Fi
Range 10-100 meters 50-100 meters
Networking Topology Ad-hoc, peer to peer, star, or Point to hub
mesh
Operating Frequency 868 MHz (Europe) 2.4 and 5 GHz
900-928 MHz (NA), 2.4
GHz (worldwide)
Complexity (Device and Low High
application impact)

Power Consumption Very low (low power is a High
(Battery option and life) design goal)

Security 128 AES plus application
layer security

Typical Applications Industrial control and Wireless LAN connectivity,
monitoring, sensor networks, broadband Internet access
building automation, home
control and automation, toys,
games

This entry was posted on Thursday, February 25th, 2010 at 5:06 am and is filed under
Bluetooth. You can follow any responses to this entry through the RSS 2.0 feed. You can
leave a response or trackback from your own site.

Security Issues with Wi-Fi and ZigBee

There is hardly a consumer product today that does not have one or more wireless interfaces.
Cell phones typically add Wi-Fi radios. In home thermostats, ―smart appliances,‖ and power
meters using ZigBee® are starting to enable power monitoring and regulation via the Smart
Grid, while ZigBee RF4CE-powered remote controls make life even easier for ―couch
potatoes.‖

Each of these protocols has security issues that, if not recognized and addressed at the design
stage, can have serious repercussions. This article will examine the security issues with these
widely used wireless protocols. It will take a chip- and protocol-oriented approach and avoid
issues like computer security or problems relating to different network topologies, each of
Abubakar H. Nur

which deserves a separate article, if not a book.

Wi-Fi

With over a billion Wi-Fi chipsets shipping each year, the Wi-Fi Alliance’s claim that ―Wi-Fi is
everywhere‖ is hardly an exaggeration. While Wi-Fi is by far the most widely used wireless
networking protocol, it has gone through numerous iterations in an attempt to resolve its
security problems, which are now arguably behind it – with one caveat.

WEP
When the original IEEE 802.11 standard was ratified in September 1997, it relied on the
wireless equivalency protocol (WEP) for security. In the shared-key authentication version of
WEP, the client sends an authentication request to the access point, which replies with a plain
text challenge; the client then encrypts the challenge using a WEP key and sends it back. If the
returned key matches, access is granted.

WEP uses the RC4 stream cipher, the same one used in secure socket layers (SSL) to protect
Internet traffic. Initially 64-bit WEP used a 40-bit key (later 104 bits) that was concatenated
with the 24-bit initialization vector (IV) to form the RC4 key. Unfortunately the IV key was
transmitted as plain text and used repeatedly, making it fairly straightforward for an
eavesdropper to recover the key. When the FBI was able to crack WEP encryption within three
minutes, the search for a better mousetrap began.

WPA
While the IEEE was working on IEEE 802.11i, in April 2003 the Wi-Fi Alliance rolled out Wi-
Fi Protected Access (WPA) based on a subset of that pending standard. For encryption, WPA
used the Temporal Key Integrity Protocol (TKIP), which generated a new 128-bit key for each
packet, thereby plugging the major security hole in WEP.

To verify the integrity of packets, WPA uses much stronger message authentication codes than
the cyclical redundancy checks (CRC) used by WEP. WPA relies on IEEE 802.1X, which
defines an authentication mechanism for 802.11 networks. For enterprise users, WPA uses the
Extensible Authentication Protocol (EAP) – specifically EAP-TLS, which provides transport
layer security; for residential and consumer users, WPA uses a pre-shared key (PSK) system.
While WPA is far more secure than WEP from passive attacks, its PSK implementation can be
fairly easily cracked by a brute force attack if you have a weak password.

WPA was always intended as an interim solution until IEEE 802.11i was ratified. WPA is far
more robust than WEP but not nearly as strong as WPA2, which replaced it.

WPA2
The Wi-Fi Alliance rolled out WPA2 based on IEEE 802.11i after it was ratified in June 2004.
IEEE 802.11i added two new handshake protocols to the original 802.11 specification in order
to enable robust security network associations (RSNAs).

For encryption, WPA2 utilizes the Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP), which does AES encryption using a 128-bit key and a
128-bit block size. CCMP replaced TKIP, which had proved vulnerable to a variety of attacks.
Without getting into the details of AES encryption, suffice it to say it has been the Mount

Abubakar H. Nur

Everest of code crackers since the National Institute of Standards and Technology (NIST) first
introduced it in 2001. It took ten years before the first successful key recovery attack on AES-
128, which required 2 operations. Bottom line: Wi-Fi with WPA2 is quite secure.
126.1

Table 1 summarizes the major differences between WEP, WPA, and WPA2. Texas
Instruments’ ―Introduction to Wi-Fi Technology‖ product training module (PTM) provides a good
overview of the technology, including security protocols.

WEP WPA WPA2
Encryption Manual key TKIP based on RC4 Counter Mode with
assignment shared stream cipher Cipher Block
keys using Rivest Chaining Message
cipher 4 (RC4) Authentication Code
stream) cipher Protocol (CCMP)
with 128 bit AES
block cipher
Data Integrity Linear hash function Cryptographic hash
function
Key Management No Yes
Replay detection No Yes

Table 1: Her is Comparison table of WEP, WPA, and WPA2 (Courtesy Wi-Fi Alliance).

There is still one weak spot in Wi-Fi security: Wi-Fi Protected Setup. For the average non-geek
user, setting up a Wi-Fi network can be a daunting task. In 2007, the Wi-Fi Alliance introduced
Wi-Fi Protected Setup, which greatly simplifies the procedure. Now instead of having to
manually enter PSKs and SSIDs, users can simply enter a PIN code or even push a button on
the router while the access point is nearby, quickly pairing the two devices. But the usual trade-
off for increased simplicity is decreased complexity, which in this case resulted in reduced
security. Wi-Fi Protected Setup has some well-documented design flaws that leave it open to
equally well-documented brute force attacks. The bottom line is if your router features Wi-Fi
Protected Setup and you're a geek – turn it off. SSIDs just aren’t that intimidating. If you’re
designing an embedded device that uses Wi-Fi, don’t enable this feature.

Abubakar H. Nur

Figure 1: Three generations of Wi-Fi share the air.

In 2004, the Wi-Fi Alliance officially deprecated WEP, and since 2006, WPA2 has been
mandatory in order to receive official certification. So it was with considerable surprise when I
turned on my 2.4 GHz packet sniffer and discovered that some of my neighbors were still using
the older technology (see Figure 1). While three of us are using WPA2 (RSNA-CCMP),
2WIRE464 is using WPA (WPA-TKIP) and two others are relying on WEP. If you’re
concerned about Wi-Fi security, start by checking out your existing equipment. New embedded
designs will certainly use the newer protocols.

Wi-Fi Solutions
The simplest way to resolve problems is to avoid them in the first place; when adding Wi-Fi to
your embedded design, choosing to go with a module ensures that security issues are covered.
Digi-Key stocks quite a number of Wi-Fi modules, including the RabbitCore RCM5400W from Digi
International, a C-programmable Wi-Fi core module; a Wi-Fi adaptor board from Future Designs;
plus an assortment of modules from Multi-Tech Systems, RFM, and Sagrad.

If you choose to develop your own Wi-Fi designs, several manufacturers make evaluation
and/or development kits to assist in that effort. CSR PLC makes the Radio Pro™ reference design kit
for developing Wi-Fi-based Internet applications. RFM’s WSN802GDK-A development kit
includes a router and a board based on its WSN802G transceiver module designed for 802.11g
sensor networks. Texas Instruments’ CC3000FRAMEMK is a full turnkey Wi-Fi evaluation and
demonstration tool for MSP430™ FRAM MCUs and TI's Simplelink™ Wi-Fi. Freescale
Semiconductor’s TWR-WI-FI-G1011MI kit enables you to design 802.11b-based applications using
their Kinetis® Tower development system. Finally, Digi International’s Wi-ME S integration kit lets
you evaluate their Digi Connect Wi-ME modules for your intended design.

ZigBee

Abubakar H. Nur

Some of the spikes on the panoramic display in Figure 1 are from nearby ZigBee devices.
ZigBee – like Bluetooth, 6LoWPAN, WirelessHART, and a number of others – is based on
IEEE 802.15.4, which defines the PHY and MAC layers for low cost, low power, low data rate
wireless personal area networks (LR-WPANs). ZigBee typically operates in low-power mesh or
star sensor networks, providing a maximum data rate of 250 kbps.

The IEEE 802.15.4-2003 specification defines not one, but several different PHYs depending
on the modulation type and operating frequency. Three of the PHYs support DSSS in the
868/915 MHz bands using either OBPSK or QPSK, the latter being used in the 2.4 GHz ISM
band. ZigBee uses the two PHY layers that operate in the 868/915 MHz and 2.4 GHz bands.
ZigBee occupies 16 non-overlapping channels in the 2.4 GHz band (worldwide) and ten
channels on the 915 MHz band in the U.S.

The IEEE 802.15.4-2003 MAC sub-layer controls access to the radio channel using a CSMA-
CA mechanism. Its responsibilities may also include transmitting beacon frames,
synchronization, and providing a reliable transmission mechanism.

ZigBee implements most security procedures (see Figure 4) at the network (NWK) and
application support sub-layer (APS). These services include methods for key establishment, key
transport, frame protection, and device management. The security suite is AES-CCM, a 128-bit
symmetric key block cipher algorithm, making ZigBee basically as secure as Wi-Fi – if you set
it up correctly. There are several suites of ZigBee security services with ascending security
levels:

No security
Confidentiality: AES-CTR
Authentication: AES-CBC-MAC with 32-, 64-, or 128-bit MAC
Confidentiality and Authentication: AES-CCM with 32-, 64-, or 128-bit MAC

Abubakar H. Nur

Figure 4: Security in the ZigBee Stack (Courtesy ZigBee Alliance).

The available security services depend on the security suite. There are also some recommended
implementation options:

Use a key sequence counter
Use the ―Protected-ACK‖ frame type
Use a Trust Reference Value (TRV)
Use Flash memory to store nonce states

ZigBee RF4CE
ZigBee RF4CE is an even lower power, simplified version of the ZigBee architecture (see
Figure 5) designed to replace IR-based remote controls in consumer electronics. Operating in
the 2.4 GHz band, RF4CE only hops over three channels instead of ZigBee’s 16; and it
simplifies the pairing mechanisms while still utilizing an AES-128 CCM security scheme.
While it is possible, it is unlikely that anyone will be able to hack into your RF4CE-connected
embedded device. However, if you are considering using RF4CE for a mission critical
application, think twice before using such a simple protocol.

Abubakar H. Nur

Figure 5: ZigBee RF4CE architecture (Courtesy ZigBee Alliance).

ZigBee Solutions
The increasing popularity of ZigBee in embedded applications is apparent from the large
number of evaluation and/or development boards available from Ember, Digi
International/MaxStream, LS Research, CEL, NXP Semiconductors, and STMicroelectronics.

If you’re looking for a ZigBee RF front-end – integrating a PA and LNA – Skyworks, RFMD, Texas
Instruments, and CEL have it covered. If you would rather design from scratch, as of this writing
Digi-Key stocks 211 ZigBee transceivers from which to choose.

If you’re still not convinced that ZigBee makes sense for your application, check out the RFM
ZigBee product training module, which addresses the question ―Why ZigBee?‖ in some detail.

Summing Up

Embedded designs are increasingly wireless, often sporting several different RF interfaces.
While this makes them more capable it also opens up potential security holes that must be
understood during the planning phase and addressed at the design stage. By understanding the
potential risks and designing around them, security drops out of the equation and the choice
between Wi-Fi, Bluetooth, and ZigBee comes back to features, functions, and price—which is
as it should be.

Abubakar H. Nur

10. SOLUTION

Modern public infrastructure systems use Supervisory Control and Data Acquisition
(SCADA) systems for daily operation. This includes water treatment systems; electric power
transmission, distribution, and generation; petroleum storage and refineries; and other public
infrastructure systems. The SCADA system provides monitoring, data analysis, and control
of the equipment used to manage most public infrastructure systems. The SCADA network is
comprised of various communication devices. Routers, switches, wireless equipment, serial
connections, proprietary hardware monitors, and various computers are used. This project
will examine common SCADA control network implementations to determine possible
weaknesses and solutions.

SCADA Systems

SCADA systems are used to control dispersed assets where centralized data acquisition is as
important as control [3] [4]. These systems are used in distribution systems such as water distribution
and wastewater collection systems, oil and natural gas pipelines, electrical utility transmission and
distribution systems, and rail and other public transportation systems. SCADA systems integrate data
acquisition systems with data transmission systems and HMI software to provide a centralized
monitoring and control system for numerous process inputs and outputs. SCADA systems are
designed to collect field information, transfer it to a central computer facility, and display the
information to the operator graphically or textually, thereby allowing the operator to monitor or
control an entire system from a central location in real time. Based on the sophistication and setup of
the individual system, control of any individual system, operation, or task can be automatic, or it can
be performed by operator commands.

SCADA systems consist of both hardware and software. Typical hardware includes an MTU placed at
a control centre, communications equipment (e.g., radio, telephone line, cable, or satellite), and one or
more geographically distributed field sites consisting of either an RTU or a PLC, which controls
actuators and/or monitors sensors. The MTU stores and processes the information from RTU inputs
and outputs, while the RTU or PLC controls the local process. The communications hardware allows
the transfer of information and data back and forth between the MTU and the RTUs or PLCs. The
software is programmed to tell the system what and when to monitor, what parameter ranges are
acceptable, and what response to initiate when parameters change outside acceptable values. An IED,
such as a protective relay, may communicate directly to the SCADA Server, or a local RTU may poll
the IEDs to collect the data and pass it to the SCADA Server. IEDs provide a direct interface to
control and monitor equipment and sensors. IEDs may be directly polled and controlled by the
SCADA Server and in most cases have local programming that allows for the IED to act without
direct instructions from the SCADA control centre. SCADA systems are usually designed to be fault-
tolerant systems with significant redundancy built into the system architecture.

Figure 13.1 shows the components and general configuration of a SCADA system. The control centre
houses a SCADA Server (MTU) and the communications routers. Other control centre components
include the HMI, engineering workstations, and the data historian, which are all connected by a LAN.
The control centre collects and logs information gathered by the field sites, displays information to the
HMI, and may generate actions based upon detected events. The control centre is also responsible for
centralized alarming, trend analyses, and reporting. The field site performs local control of actuators
and monitors sensors. Field sites are often equipped with a remote access capability to allow field
operators to perform remote diagnostics and repairs usually over a separate dial up modem or WAN
connection. Standard and proprietary communication protocols running over serial communications

Abubakar H. Nur

are used to transport information between the control centre and field sites using telemetry techniques
such as telephone line, cable, fibre, and radio frequency such as broadcast, microwave and satellite.

MTU-RTU communication architectures vary among implementations. The various architectures
used, including point-to-point, series, series-star, and multi-drop [5], are shown in Figure 2-3. Point-
to-point is functionally the simplest type; however, it is expensive because of the individual channels
needed for each connection. In a series configuration, the number of channels used is reduced;
however, channel sharing has an impact on the efficiency and complexity of SCADA operations.
Similarly, the series-star and multi-drop configurations’ use of one channel per device results in
decreased efficiency and increased system complexity.

Figure 10.1 General Layout for SCADA System

10.1 SCADA Overview

SCADA systems are used in industrial and civil engineering applications to control and
monitor distributed systems from a central location. SCADA solutions are implemented
in a wide variety of industries including Electric power generation, transmission, and
distribution, Environmental Control Systems, Traffic Signals, Water management systems,
and Manufacturing systems. Hardware solutions utilize switches, pumps, and other devices
that are controlled by Remote Telemetry Units (RTU). Sever units then monitor the hardware
and collect values, as well as provide control features that allow the operator remotely
manage the physical equipment. The server unit runs a management package that typically
runs on top of a Unix variant, although many vendors are beginning to provide Microsoft
Windows support. A Human-machine interface allows the operator to view the state of the
plant equipment. Dumb terminals or PC’s usually host this interface. Alarms are used to alert
the operator that intervention is required to keep things running smoothly. A wide variety of
networking equipment is then used to connect all of these components together. Wireless
technology is popular for its ability to span long distances with minimal equipment. Fiber
gives greater reliability but incurs far more expense. Serial technologies utilize dedicated
copper wiring or Telco POTS lines. Common protocols include Modbus and DNP3.
Although originally designed to run on low-bandwidth proprietary networks, many protocols
have included extensions to operate over TCP/IP. Figure 1 shows a simple SCADA network
implementation. The system involves a Server unit that controls a serial based traffic signal
Abubakar H. Nur

system, as well as a water treatment plant and several stream flow monitors connected using
wireless technology in the 2.4 GHz range. Two monitoring stations provide user control of
the system.

10.2 Security overview
Due to the nature of what they control, SCADA networks are part of our nation’s critical
infrastructure and require protection from a variety of threats. When initially designed,
SCADA equipment was designed for maximal functionality. As a result many security risks
were exposed to maximize the communication efficiency. This makes many SCADA
networks potentially vulnerable to attack. These attacks could result in disruption of service,
manipulation of data, or unauthorized control of the connected equipment. The United States
Department of Energy states that: ―Action is required by all organizations, government or
commercial, to secure their SCADA networks as part of the effort to adequately protect the
nation’s critical infrastructure.‖ (U.S. Dept. Of Energy, 2002) This paper will address several
potential vulnerabilities of SCADA systems and possible solutions. The report will be broken
down into 5 parts: RTU’s, Server security, Protocol Analysis, Network infrastructure
security, as well as miscellaneous topics.

Figure 10.2 Single Firewall using in SCADA

Because of the stringent requirements of SCADA systems with regard to timing, availability,
and data processing, firewall rules have to be tailored for the various protocols and network
services. The Industrial Automation Open Networking Association (IAONA) developed
protocol guidelines for network services that accommodate the unique SCADA system

Abubakar H. Nur

characteristics. These guidelines for communications with SCADA systems are summarized
in Table 3-6. The services provided by the protocols are summarized in Tables 3-3 and 3-5.
Protocols supporting real-time data acquisition and control in manufacturing and process
control applications began as proprietary solutions offered by control equipment
manufacturers. These protocols and associated communication buses met the needs of users
and were widely applied. The next steps in the evolution of SCADA protocols were the
development of open-standard protocols and the adoption of Ethernet and Internet
technologies. With these changes, particularly the use of the Internet architectural elements
and connections to transmit and receive data involving SCADA systems, security issues are
now of concern. Proper use of the SCADA protocols coupled with network security devices
such as firewalls can provide SCADA users with secure, efficient, and cost-effective
communication means.

10.3 RTU Security
The RTU, or Remote Telemetry Unit is a device which interfaces objects in the physical
world to a SCADA system. An example of this is attaching an RTU to a water pump to
allow monitoring and control of the pump. Serial and Ethernet interfaces are common on
these units, as well as null-modem management interfaces. Physical security must first be
evaluated. Secure facilities must be acquired which limits access to authorized personnel
only. Secondly, the RTU configuration must be analyzed. Management interfaces should be
disabled or utilize the strongest authentication. Firmware should be upgraded to the latest
stable release. All unused features should be disabled.

10.4 Server Security
The Server unit is vulnerable to several types of attack. Unauthorized access may be obtained
using a network or modem based attack, or by visiting the physical location. Another risk is
an attack that damages the server and makes it inoperable. Security must first be obtained
through restricting access to authorized users only. Physically locate the server in a safe
location that restricts access to authorized users only. Proper access controls should be
implemented to verify the identity of the user. If passwords are used they should be changed
frequently. Biometric devices are also helpful. The operating system must also be hardened.
Any unnecessary software and services should be removed. Apply all stable patches to the
system. Communication protocols must be configured for maximal security. Protocol security
is covered in greater depth in the section labeled ―Protocol Security.‖

10.5 Network Security

The network infrastructure is the most visible piece of the SCADA system, which makes it an
obvious location for attack. As security provider Riptech points out, there is a common
misconception that SCADA networks use strong access controls. In reality most SCADA
systems utilize hardware from many different manufactures which require the integration of
different communication standards. (Riptech Inc, 2001) The result is often usually a very
functional system, but due to the increased complexity security concerns are often ignored. A
second misconception is the belief that the SCADA system resides on a separate standalone
network. Most SCADA systems were originally built on separate standalone networks, but
were eventually bridged as a result of
Abubakar H. Nur

changes in information management practices. The need for real-time data became desirable
on the corporate network. Corporate decision makers wanted the critical data from their
operations systems. Many of these connections are implemented without a full understanding
of the security risks. In addition to these misconceptions certain network mediums present
their own set of security risks. Sniffing, Denial of Service (DOS) and spoofing attacks are all
serious threats. There are several steps that can be taken to minimize the threat and impact of
such vulnerabilities and attacks.

10.6 Network Access
All network connection points must be identified. This includes Ethernet ports, Wireless
Links, and Serial connections. All unused and unnecessary ports need to be disabled. The
network architecture should be segmented in such a way to provide access control between
different segments. Data warehousing and server network segments should be especially well
secured.

10.7 Network Segmentation
In spite of the best security practices there still exists a possibility that an attacker may gain
unauthorized access. Network IDS systems provide an additional layer of monitoring to alert
you to the presence of unauthorized access. An IDS system is basically a network vacuum
that contains advanced data analysis tools to examine network traffic and identify likely
attacks. Network IDS systems should be established on both the internal network, as well
as the connecting external networks to monitor for incidents.

10.8 External Access
In certain instances external access to the SCADA network may be necessary. Vendors may
need access, or connections to the corporate network may be necessary. Every one of these
connections presents a serious threat. It is extremely important that all external access points
be identified. Determine what specific access is needed. Identify the methods used to connect.
All access points should implement proper security measures. Firewalls and IDS monitors
should be used. Firewall rules should be as specific as possible, allowing only the bare
minimum access to the SCADA network. Make sure to implement outbound filtering as well
to prevent internal SCADA hosts from accessing hosts on the external networks. Any
communication that is happening between the SCADA network and other networks should
utilize secure protocols. Plaintext protocols present the greatest threat and should be secured.

One technique of securing plaintext communication is to wrap the communication inside a
VPN tunnel. A VPN creates a virtual route between two networks where all data that is
transmitted is encrypted. Desirable VPN products utilize IPSEC and SSL encryption. Avoid
products using PPTP as it has been shown defective. Access controls should also be
implemented to restrict access to specific IP address ranges to minimize the likelihood that a
potential attacker would even discover the service as is shown in

Abubakar H. Nur

10.9 RF Security
Wireless communications devices are popular for SCADA networks due to the long distances
between monitoring stations. A typical architecture involves point-to-point links operating at
either 900 MHz or 2.4 GHz. Newer systems are adopting the 802.11 standards while legacy
utilize proprietary data link level protocols. The security of 802.11 is an entire subject to
itself and this paper will not attempt to cover it. The focus of this section is to identify the
common wireless threats to the RF transmission. Wireless communication presents a huge
security and stability problem. The broadcast nature of the data allows it to be recorded and
analyzed at a later date. At this point 128 bit encryption provides adequate protection from
this attack. The control features of SCADA networks require that adequate bandwidth be
available to transmit data to the RTU. This is hard to guarantee when using wireless
technologies. Each frequency has a limited amount of bandwidth so competing devices may
take bandwidth. A hostile attack is also possible using an RF generation device. By
transmitting random RF noise it is possible to flood the available frequency space and block
the SCADA control traffic. This attack is easily tracked with the proper directional antennas,
but the temporary loss of control could prevent corrective action at the RTU and cause an
accident. Several actions can be taken to reduce the risk of this attack, but it is physically
impossible to prevent it when using the public airspace for transmission. Highly directional
antennas will reduce the amount of interfering RF signal. Acquiring licenses for limited use
commercial frequencies will reduce interference, but the potential for signal jamming still
exists. Wireless does not provide the service guarantee needed for mission critical control
systems. It is however a good method for monitoring and control of non-essential RTU’s
where the loss of communication is unlikely to cause an incident.

10.10 The MODBUS Protocol
The MODBUS protocol is currently one of the most popular protocols for use with SCADA
systems. It is an application layer messaging protocol that provides client/server
communication between devices connected through different types of busses or networks. It
has been an industry standard for device automation using serial communication since 1979.
Today the protocol has been adapted to function over TCP/IP, where it uses TCP port 502.
Figure 3 shows the basic protocol structure for both serial and TCP/IP communication.
MODBUS is a request/reply protocol. The packet is broken down into an application data
unit (ADU) which contains a simple protocol data unit (PDU). The PDU contains a one byte
function code and the data field. The data field contains additional information that the server
uses to take the defined action.

10.11 Securing MODBUS
When MODBUS was developed in the 70’s it provided adequate security for the current
threats being faced. Most communication was taking place on isolated serial networks using
private lines. Attacks required a very specific knowledge of which lines were being use, and
generally required physical access. With the TCP implementation the security rules have
changed. Interconnected networks span the globe allowing creative attackers to potentially
exploit the system from anywhere around the globe. The clear-text nature of the protocol
makes it especially vulnerable. Monitoring data can be gathered with ease, and passwords
may be gleaned from the transmission. In order to protect this protocol we must wrap it inside
an encryption medium. An IPSEC VPN connection should be used to encapsulate the traffic
Abubakar H. Nur

whenever it is traveling across a vulnerable medium. Some examples of vulnerable mediums
include non-SCADA and wireless networks.

11. WIRELESS NETWORKING

The ZigBee work in 2.4GHz band, this is free band and multi of networks have a high power, high
data rate and high frequency work in this band. This networks have adversely effect on the ZigBee;
interference problem. In this paper we studied the mutual interference effect between ZigBee and Wi-
Fi devices. In the future we can proposed scheme comes to reduce from one of the major problems
facing the ZigBee; interference.

Wireless networking refers to a broad topic that in essence associated with communication
networks that use electromagnetic waves such as radio waves as carrier and thus provides
greater flexibility and convenience compared to wired networks.

A common classification of the wireless networks is done by the range or the area that is
covered by the wireless network. Instead of going through details, we will locate the position
of ZigBee in wireless networking area using a top-down approach.

Wireless Wide Area Networks provide communication links across metropolitan, regional, or
national boundaries by using technologies such as Universal Mobile Telecommunications
System, General Packet Radio Service, and 3G to carry voice and data traffic.

Wireless Metropolitan Area Networks are a type of wireless network that connects several
Wireless Local Area Networks. A good example for such networks is speci_ed by the iMAX
standard which is built on the IEEE 802.16 standard and preserves connection in a whole
city.

Wireless Local Area Networks enable users to establish connection in a local area setting
(e.g. inside a building) and provide connection to wider networks such as internet. These type
of networks are widely used on a worldwide scale, and Wi-Fi is a well-known technology
certification that belongs to WLANs which is based on IEEE 802.11 standard.

Finally, Wireless Personal Area Networks (WPAN) connect network devices within personal
area, which is a low cost and short range type of connection. Bluetooth and ZigBee are both
examples of WPANs, based on the same Medium Access Control (MAC) layer family i.e.
IEEE 802.15 standard.

ZigBee is at the same time a wireless sensor network (WSN) standard, in terms of a
classification based on the type of the devices that form the network. A WSN is a network
that is formed by a large number of sensor devices. A sensor device is equipped with at least
one sensor that detects physical occurrences such as light, heat, motion, or sound.

WSNs are used in many different application areas including automation, monitoring,
security, entertainment, and asset tracking. Many of these applications require large number
of sensor devices hence to limit the costs WSN devices have severe resource constraints.

Abubakar H. Nur

These constraints are mainly in terms of computation, memory, and energy. Therefore,
security is difficult to achieve, and many well-known methods and approaches become
infeasible.

At this point we would like to mention the relation between WSN and CPS. A CPS is
generally composed by a set of networked agents, including sensors, actuators, control
processing units, and communication devices [CAS08]. In Fig. 1.2 a sample CPS is sketched
where corresponds to an actuator corresponds to a sensor, as corresponds to a device with
both actuator and sensor, and c being a controller.

While some forms of CPS are already in use, the widespread growth of wireless embedded
sensors and actuators is stimulating several new applications in areas such as medical
devices, autonomous vehicles, and smart structures and increasing the role of existing ones
such as Supervisory Control and Data Acquisition (SCADA) systems.

WSN is one of the key technologies that enable the concept of CPS. Besides, common
applications of CPS typically fall under WSNs and autonomous systems.

11.1 Security Protocols
A security protocol is a protocol that is used for performing security functions and generally
incorporates cryptographic algorithms. The security protocols are widely used for securing
the data communication in application level. Those protocols are commonly used for data
confidentiality, data integrity, security key establishment, security key exchange, entity
authentication, message authentication, non-repudiation, etc.

Security protocols generally make use of cryptography, so that a virtual secure channel can
be established to provide secure communication over insecure media. Cryptography requires
cryptographic keys to be established and distributed among the sides of the communication,
and such a sequence of message exchanges for key establishment and distribution is a good
example of a security protocol.

As we mentioned, security protocols are usually executed in insecure media where malicious
users or software can be present. The adversaries are capable of performing many different
types of attacks, making it complex to design sound security protocols. Even cryptography
cannot save the protocol in most of the situations, which is one of the reasons of security
protocols being so error prone. Security protocols are desired to maintain certain security
properties. If these security properties cannot be preserved, certain flaws are likely to take
place. Those flaws will cause serious attacks in the real implementations. Therefore, both
design and verification of the protocols are very important.

Abubakar H. Nur

12. WORLD WIDE WEB ARE USEFUL

At Web based Temperature Monitoring System, all the data are saved into the database. The
user must ensure that the temperatures are saving in the database before proceeding to the
next step. If everything runs smoothly, run the TomCat Web Server, and access the current
temperature using the web page. The system is considered successful if there is no error
detected during the testing. Because the hardware device was not built with expensive
materials, so it can only be used in a limited geographical area. It can only be used for indoor
temperature monitoring and limited only for one room because there is only one sensor
attached to the sensor board. Other limitation is if the electricity is cut off it will shut down
the entire operating system. It can have one with working with betters and wirelessly could
connect to the mobile or satellite.

Figure 12.1 Flow chart for WWW.

Abubakar H. Nur

12.1 TESTING RESULTS
Testing phase is used to evaluate the system’s function whether it meets the intended functionality. The system
was successfully implemented and developed. However, to ensure that the system will perform correctly, the
temperature sensor device and monitoring system need to be tested. Two method of testing was carried out to
make sure the hardware and software is functioning according to the objectives.

Figure 3.

Figure 12.2.

Abubakar H. Nur

13. CONCLUSION

The quality of the proposed Refineries process is one of the few ways a client can judge the
quality of the end result while still in the design stage. A proposal with save a lives.

Improve Project is good and useful.
Cost Justifying if it orders more.
Reliability for system in the internet.
Increase live save for patients.
Increase Project in all UK.

Finally, it is important that a user interface be visually pleasing. It is possible for a user
interface to be intuitive, easy to monitor, and efficient and still not be terribly nice to look at.
While aesthetics do not directly impact the effectiveness of a user interface, families for the
patient’s will be happier

SCADA networks are diverse systems. The integration of legacy hardware with new
technologies leads to a vast array of technologies and protocols being used. The integration of
the technologies is typically oriented towards functionality with little thought for security. On
the other hand SCADA networks are used to monitor and control many mission-critical
systems used for power generation, water management, transportation system control, and
other industrial applications. A security breach of these mission-critical services could have
devastating effects. In some instances lives could be lost and financial losses could be
immense. The security of these systems is critical for the operation of our society. Security of
these services should have high priority. The security of the system is dependent on the
individual security of each component. Breaches can happen on all levels. RTU units most be
properly configured to limit exposure and physical plant security must be implemented to
limit access. Server security consists of hardening the underlying operating system and
eliminating all unnecessary services. Network security is a diverse topic. Disconnect all
unnecessary connections. Segment the network into logical groupings and use Access
Controls to restrict unwanted traffic. Monitor your network and be aware of what is enter and
leaving. Intrusion Detection packages should be used to automate this monitoring. Eliminate
all plain-text communication traversing the corporate network but wrapping it inside an
encryption layer with VPN technology. To summarize, implement proper physically security,
properly configure all devices to permit only necessary communication, and use monitoring
tools to verify security policy is being followed and warn of attacks.
2.4 Glossary of Terms

IDS: An intrusion detection system (IDS) inspects all inbound and outbound network activity
and identifies suspicious patterns that may indicate a network or system attack from someone
attempting to break into or compromise a system. IPSEC: Short for IP Security, a set of
protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec
has been deployed widely to implement Virtual Private Networks (VPN). SSL: Short for
secure Sockets Layer, a protocol developed by Netscape for transmitting private documents

Abubakar H. Nur

via the Internet. SSL works by using a private key to encrypt data that's transferred over the
SSL connection. PPTP: Short for Point-to-Point Tunnelling Protocol, a new technology for
creating Virtual Private Networks (VPN) , developed jointly by Microsoft Corporation, U.S.
Robotics, and several remote access vendor companies, known collectively as the PPTP
Forum. VPN: Short for Virtual Private Network, a network that is constructed by using
public wires to connect nodes. DOS: Short for Denial-Of-Service attack, a type of attack
on a network that is designed to bring the network to its knees by flooding it with useless
traffic.

Modbus: An open, serial communications protocol based on the master/slave architecture.
Modbus is a protocol that provides the internal standard that Modicon controllers use for
parsing messages. Commonly used for SCADA communication.

DNP3: A protocol for transmission of data from point A to point B using serial
communications.

SCADA: Acronym for Supervisory Control and Data Acquisition, a computer system for
gathering and analysing real time data.

RTU: Short for remote Telemetry Unit. In SCADA systems, an RTU is a device installed at a
remote location that collects data, codes the data into a format that is transmittable and
transmits the data back to a central station, or master.

POTS: Short for Plain Old Telephone Service, which refers to the standard telephone service
that most homes use.

In this paper we presented the simulations students performed in the framework of a design
project. Getting acquainted with OPNET Modeller required a good deal of time and effort
from the students. A lot of creative problem solving was needed, but the results are quite
satisfactory. Students gained a lot of insights into networking by using OPNET Modeller.

We believe that simulation has an important role here, since it allows students to examine
problems with much less work and of much larger scope than are possible with experiments
on real hardware. Simulation can give more understanding in real world reproduce all the
details of the real world and they can be easily instrumented. In addition, simulation of
dozens or hundreds of nodes are easy on limited hardware, many more than is affordable if
physical hardware was required.

We have been very happy with our use of the OPNET simulator. Our experiences show that
students benefit from the OPENT simulation laboratory in many ways. The open design of
the labs encourages active learning. In addition, students gain the knowledge of modelling
and simulation technique for performance evaluation of networking systems.
To get better performance when designing a network, the Frame Relay is useful. The
distribution of the services between multiple servers versus services handled by one server
impacts the CPU utilization depending on the kind of services supported. If there is a balance
between frequently used services and less frequently used services, it does not make sense to
deploy more than one server to support different services.

Abubakar H. Nur

An ever increasing number of highly reliable and high availability systems are being
deployed that need 100% up time; that is, the user must never experience a situation where
data cannot be accessed. While no system component can ever be guaranteed to work 100%
of the time, the goal of a System Management solution is to mitigate and control failures at
system level. The ideal situation is that enough data has been logged to allow the system
controller to determine that a fault is about to happen. Detection before a failure occurs
allows the controller to take action and prevent the failure from causing any downtime
To achieve these design goals, a typical System Management solution has three interactive
parts: a microcontroller or similar device for communicating with remote systems, a
programmable logic device that offers flexibility and live-at-power-up attributes, and some
discrete analogue components for monitoring temperature, voltage and current. Microsemi’s
SmartFusion devices integrate a microprocessor subsystem, a non-volatile FPGA fabric and
programmable analogue components into one monolithic device. SmartFusion cSoCs meet all
of the requirements for a System Management solution, from power sequencing to
temperature monitoring to in-system reprogramming. The available System Management
reference design and GUI help you put your own System Management design together.

As data centres and web hosting sites proliferate, the need for physical security at the facility
is every bit as great as the need for cyber security of networks. Intruders who falsify their
identity or intentions can cause enormous damage, from physically disabling critical
equipment to launching a software attack at an unsecured keyboard. Even the ordinary
mistakes of well-intentioned staff pose a significant daily threat to operations, and can be
minimized by restricting access to only the most essential personnel.

Technologies are in place, and getting less expensive, to implement broad range solutions
based on the identification principles you have, what you know and who you are.

By combining an assessment of risk tolerance with an analysis of access requirements and
available technologies, an effective security system can be designed to provide a realistic
balance of protection and cost.

In summation, it is easy to observe that SCADA technology holds a lot of promise for the
future. The economic and performance advantages of this type of system are definitely
attractive. However, since the vulnerabilities of current implementations are in proportion to
the advantages, it is essential that measures be taken to mitigate the risk to current systems
and to ensure that future systems are designed with sound policies and design. We in India
stand a lot to gain from such systems, and having the foreknowledge of the possible risks can
take adequate measures to ensure our continued safety and prosperity. In the words of Master
Sun Tzu from ―The Art of War‖:
Those who are first on the battlefield, and await the opponents are at ease; those who are last,
and head into battle are worn out.
In this report we have presented a design and simulation environment for Design &
Implementing SCADA System Wireless Sensor to Control Fire Effect in Refinery. Other
intelligent functions possibly can be easily added. The developed architecture simplifies
adding intelligence to logical nodes as an extra layer extending the capabilities of substation
automation devices and not interfering with their safety-critical functions. Future work will
be dedicated to the implementation of Design & Implementing SCADA System Wireless
Sensor to Control Fire Effect in Refinery.

Abubakar H. Nur

Dissertation report 2_3

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (15)

Similar to Dissertation report 2_3

Similar to Dissertation report 2_3 (20)

Dissertation report 2_3