Validating and Securing

Teleprotection over Packet Networks

Dr Steven Blair

University of Strathclyde, Glasgow, UK

March 2017

• Outlook – grid challenges

• Teleprotection over packet networks

• Technical challenges

• Validating a solution for stable “jittery”

networks

• Real-time encryption

• On-going and future work

Overview

Unprecedented grid changes and challenges

Nov 2016: Storm Angus – sudden loss of electrical link to France (-1000 MW)

Critical impact of disturbances:e.g. protection maloperation, cybersecurity attacks

Triggers loss of generation in Scotland (4x impact by 2035)

8 seconds

2020+ grid: volatile, distributed

2x “safe” ROCOF limit

https://www.sintef.no/globalassets/project/balance-management/gardermoen/8---gjerde-statnett---lfc-and-agc---nordic-perspective.pdf

Nordic frequency “quality”

Cost-effective

Optimised bandwidth

Low delay

Low jitter

Secure

Teleprotection overview

Teleprotection examples

Differential protection Distance protection

Current phasor data Trip “permission” or blocking signals

• Move to packet networks inevitable

– Jitter is unavoidable in real networks

– Need to support legacy teleprotection

• Timing is critical for teleprotection

– GPS- or PTP-based timing is not

always practical or cost-effective

Main Technical Challenges

Subtle but serious consequence of jitter when transporting teleprotection services

IEEE C37.94 over MPLS

1 2

3 4

Protection relay

1 2 3 4

Bytes generated at fixed rate

MPLS edge router

Packet-switched network

Packetisation

MPLS edge router

Protection relay

1 2 3 4

Bytes replayedat fixed rate

Buffering

wait 0.5 ms1

2 wait 1 ms

3

4

wait 0.5 ms

wait 1 ms

...

Variable delayVariable delayFixed delay

Impact of jitter

5 6

5 61 2 3 4

1 2

1234

1234random delay

t1 - t0

Buffer residency

time

t0 t1 t2 t3

1234

t1 - t0

+random

delay

1234

3 4

Buffer

t1

t1

Without jitter:

With jitter:

Packet header Teleprotection data

t012

t012

• Relays depend on symmetrical delays for time synchronisation

• Remote phasors are adjusted by estimated communications delay

• Asymmetrical delay leads to a (false) phasor angle offset:

Impact on teleprotection service

IA IB IA IB

No jitter Jitter during buffer initialisation

False tripNo false trip

Typical UK 400 kV transmission line settings:

• Protection settings dictate

sensitivity to asymmetrical delay

• Can calculate delay threshold

False trip threshold

IA IB

5 61 23 4

variable delay

t0 t1 t2 t3

Setting Value𝐼𝑠1 400 A𝐼𝑠2 4000 A𝑘1 30%𝑘2 150%

Asymmetrical delay tolerance

2.58 ms

False trip threshold

Typical setting: 2.58 ms tolerance

Risk of protection maloperation

No risk

Small risk

Substantial risk

Jitter ≈ 0.3 ms:

Jitter ≈ 0.5 ms:

Jitter ≈ 1.0 ms:

Dynamic Power Systems Laboratory

Laboratory validation

Real-time jitter injection

• Repeatedly reinitialise teleprotection service:

1. Edge routers analyse network traffic

2. Check for difference in actual vs. expected buffer

residence time

3. Adjust residence time by dropping or adding dummy data

(1 byte)

4. One relay message CRC check will fail, but protection

remains stable

Analysis is performed on service start, and periodically

Asymmetrical Delay Control (ADC)

Validation results

MPLS settings Jitter Gaussian distribution Relay false trips

Test Packet size (bytes)

Buffer size (ms)

Fixeddelay (ms)

Mean variable delay (ms)

Standard deviation(ms)

ADC off ADC enabled

1 16 8 1.0 3.0 0.3 3 of 10 0 of 100

2 16 8 1.0 3.0 0.5 5 of 10 0 of 100

3 16 8 1.0 3.0 1.0 7 of 10 0 of 100

Results for k1 = 0%

• End-to-end*, service-based approach

• Supports legacy devices and protocols

• Automatic, hitless key distribution

• 20 µs additional delay

Real-time encryption

IEC 61850-9-2 IEEE C37.94

Without encryption

~5.4 Mbps 0.2-2.7 Mbps

With encryption

~7.0 Mbps 0.5-5.9 Mbps

IEC Technical Specification 62351-6:2007:“For applications using GOOSE and IEC 61850-9-2 and requiring 4 msresponse times, multicast configurations and low CPU overhead, encryption is not recommended.”

*within MPLS network

Approach 1:IEC 61850-90-1

(Gateway)

Approach 2:IEC 61850-90-5

(Routable-GOOSE)

Approach 3:Service over IP/MPLS

Complex protocol stack?Potentially complex conversion required

Yes, but an open source

implementation exists

No, the complexity of the encryption is hidden from

users

Each device vendor must implement authentication and encryption software?

No YesNo; provided automatically by

the communications infrastructure vendor

Supports legacy devices? Yes No Yes

Supports real-time encryption?

NoDepends on vendor

implementationYes

Encrypted between IED and LAN?

No Yes No

Comparison of encryption approaches

• Use of white-space technologies for

emergency teleprotection arrangements

• Comprehensive evaluation and

demonstration of teleprotection

technologies

On-going work

• Funding through EU Horizon 2020

• Marie Skłodowska-Curie: “Innovative Training Networks”– European Industrial Doctorates (EID)

– 5 PhDs over 4 years

– Submit proposal in January 2018

• Dual-discipline: power systems and communications

• Seeking partners and feedback– All financing from EU!

• Overview: https://docs.google.com/document...

Future opportunity

Utility Infrastructure:

e.g. data-driven, SDNs

Applications:

e.g. early-warning systems,

faster-acting protection

Cybersecurity:

e.g. resilience, practical

solutions for utilities

Strathclyde + Nokia + other partners

• Changing grid needs ever-greater resiliency

• Calculation of risk of relay maloperation

• Proven using laboratory studies

• Careful management of jitter buffers is essential

• End-to-end, real-time encryption is now possible

• Opportunity for involvement in future work

Summary

• Contact:– steven.m.blair@strath.ac.uk

– http://personal.strath.ac.uk/steven.m.blair/

• Selected publications:– Application of MPLS-TP for transporting power system protection data,

http://strathprints.strath.ac.uk/58536/

– Validating secure and reliable IP/MPLS communications for current differential protection, http://strathprints.strath.ac.uk/55961/

– Demonstration and analysis of IP/MPLS communications for delivering power system protection solutions using IEEE C37.94, IEC 61850 Sampled Values, and IEC 61850 GOOSE protocols, http://strathprints.strath.ac.uk/48971/

– MPLS networks for inter substation communication for current differential protection applications in digital substations, http://strathprints.strath.ac.uk/48807/

– Real-time teleprotection testing using IP/MPLS over xDSL, http://strathprints.strath.ac.uk/44247/

• H2020 Marie Curie proposal:– https://docs.google.com/document/d/1BX_C5I7ZAMEk6YZmhuTg1rtgfwzds5-dSuAn_3CLKhY/edit

More information