Professional Documents
Culture Documents
Desing and Implementation of Web Based Scada System
Desing and Implementation of Web Based Scada System
by
Jumada Al-Oula
1427
June
2006
Certification
Signature:
Name
Date
Signature:
Date :
Certification
We certify, as an examining committee, that we have read this thesis
entitled Design and Implementation of Web based SCADA System,
examined the student (Ahmad Yasseen Khathair Al-Obaidy) in its content
and found it meets the standard of thesis for the degree of Master of Science
in Computer Engineering.
Signature:
Name:
Date:
Signature:
Dr. Firas Abdullah
Thweny Al-Saidi
(Supervisor)
/ /
Signature:
Name:
Date:
Name:
Date:
Signature:
Asst. Prof. Dr. Sufyan T.
Name:
Faraj
(Member)
/ /
Date:
Abstract
operations
into
networked
architectures
that
clients, PHP was selected as programming language for the server side
whereas Perl and C for the client side. MySQL was used as database server.
Both of the implemented systems were tested successfully in many
different environments, to make sure of its validity and testing its
functionality. The environments ranged from Local Area Network (LAN)
to Virtual Private Network (VPN).
II
List of Contents
Contents
Page
Abstract
List of Contents
I
III
List of Abbreviations
VI
Chapter 1: Introduction
1.1 SCADA Overview
10
12
13
14
15
16
16
17
18
19
21
22
24
25
III
26
27
28
29
2.5.2 Authentication
32
2.7.3 Authorization
33
34
35
36
37
39
42
46
46
46
46
48
52
54
3.4.6 Perl
54
54
55
59
IV
60
61
68
68
69
70
75
78
78
79
79
80
82
83
84
5.4.2 Microperl
85
85
86
87
88
96
96
98
99
References
101
List of Abbreviations
ANSI
ARM
COTS
Commercial Off-The-Shelf
CPAN
CPU
DBMS
DoS
Denial of Service
GCC
GNU C Compiler
GHz
Gigahertz
GIS
GPL
GPRS
GPS
GSM
GUI
HMI
HTTP
I/O
Input/Output
ICMP
IDE
IEEE
IP
Internet Protocol
ISDN
ISO
ISP
VI
IT
Information Technology
JAWS
JMS
LAI
LAN
LED
MAC
MD5
Message Digest 5
MMI
MSL
MTU
NAT
OS
Operating System
PBX
PC
Personal Computer
PLC
PSN
RAS
RDBMS
RISC
RSP
RTU
SCADA
SHA-1
SMS
SMTP
SQL
VII
SSL
TCO
TCP/IP
UART
UI
User Interface
URL
VLAN
Virtual LAN
VMS
VPN
VSAT
WAN
WLC
XML
VIII
CHAPTER ONE
Introduction
pressure meters all provide information that can tell an experienced operator
how well a water distribution system is performing. In addition, equipment
such as electric valve actuators, motor control switchboards, and electronic
chemical dosing facilities can be used to form the "hands" of the SCADA
system and assist in automating the process of distributing water [2].
However, before any automation or remote monitoring can be
achieved, the information that is passed to and from the field data interface
devices must be converted to a form that is compatible with the language of
the SCADA system. To achieve this, some form of electronic field data
interface is required. RTUs provide this interface. They are primarily used to
convert electronic signals received from field interface devices into the
language (known as the communication protocol) used to transmit the data
over a communication channel [2].
The instructions for the automation of field data interface devices, such
as pump control logic, are usually stored locally. This is largely due to the
limited bandwidth typical of communications links between the SCADA
central host computer and the field data interface devices [2].
RTU sites and present it to human operators in a form that the operators can
work with. Operator terminals are connected to the MTU by a LAN/WAN so
that the viewing screens and associated data can be displayed for the
operators. Recent SCADA systems are able to offer high resolution computer
graphics to display a graphical user interface or mimic screen of the site or
water supply network in question. Historically, SCADA vendors offered
proprietary hardware, operating systems, and software that was largely
incompatible with other vendors' SCADA systems. Expanding the system
required a further contract with the original SCADA vendor. The MTU
computer network was physically separated from any office-computing
domain [2].
However, with the increased use of the personal computer, computer
networking has become commonplace in the office and as a result, SCADA
systems are now available that can networked with office-based personal
computers. Indeed, many of today's SCADA systems can reside on computer
servers that are identical to those servers and computers used for traditional
office applications. This has opened a range of possibilities for the linking of
SCADA systems to office-based applications such as GIS systems, hydraulic
modeling software, drawing management systems, work scheduling systems,
and information databases [2].
client side of the SCADA systems and also enable the users to access the
system using wide range of platforms, as the browsers is now available in
most of the modern operating systems.
Web-based SCADA system has many advantages including: [5]
Using the Client/Server n-tier platforms and development tools to
develop the Web-based SCADA system will get the development cost
and time to the minimum.
Using the Infrastructure of the Internet or the corporate intranet will get
the deployment cost to the minimum.
Increase distance, data sharing and data provision for monitoring and
control systems.
Enabling collaboration between skilled plant managers situated in
geographically diverse locations.
Enabling the business to relocate the physical location of plant
management staff easily in response to business needs.
For the educational and researching purposes; the risk involving in real
laboratory may be avoided by doing the dangerous experiments
remotely [4][5].
10
effort in which programmers improve upon the code and share the changes
within the community. Open source sprouted in the technological community
as a response to proprietary software owned by corporations [6].
The following are some of the advantages of using open source software:
Lower software costs: Open source solutions generally require no
licensing fees. The logical extension is no maintenance fees. The only
expenditures are for media, documentation, and support, if required.
Simplified license management: The software is obtained once and
installed as many times and in as many locations as needed. Theres no
need to count, track, or monitor for license compliance.
Lower hardware costs: In general, Linux and open source solutions are
elegantly compact and portable, and as a result require less hardware
power to accomplish the same tasks as on conventional servers
(Windows, Solaris) or workstations. The result is the task is done using
less expensive or older hardware.
Scaling/consolidation potential: Again, Linux and open source applications
and services can often scale considerably. Multiple options for load
balancing, clustering, and open source applications, such as database and
e-mail, give organizations the ability to scale up for new growth or
consolidate to do more with less.
Great support: Support is available for open source, often superior to
proprietary solutions. First, open source support is freely available and
accessible through the online community via the Internet. And second,
many technical companies (not the least of which is Novell) are now
supporting open source with free online and multiple levels of paid
support. All open source solutions distributed by Novell are included in
support and maintenance contracts.
11
Escape vendor lock-in: Frustration with vendor lock-in is a reality for all
IT managers. In addition to ongoing license fees, there is lack of
portability and the inability to customize software to meet specific needs.
Open source exists as a declaration of freedom of choice.
Unified management: Specific open source technologies such as Common
Information Model (CIM) and Web Based Enterprise Management
(WBEM) provide the capability to integrate or consolidate server, service,
application, and workstation management for powerful administration.
Quality software: Evidences and researches indicate that open source
software are high quality products. They are comparable to the peer
commercial ones, plus the fact that source code is available for everyone
to see, analyze and enhance, tend to drive excellence in design and
efficiency in coding [6][7].
12
13
14
CHAPTER TWO
2.1 Overview
In Web-based SCADA systems, the MTU is implemented as a distributed
web application. For that reason; it is very important to introduce the basic
concepts of this type of applications. These concepts are illustrated here in
this chapter.
An application is a computer program that solves a particular problem
or related set of problems. A simple application runs in a single process space
and often loads in utility, or helper, functions through dynamic-link libraries,
which helps the application to achieve its task.
A typical application that interacts with a user consists of three
elements: presentation, application logic, and data services. Each of these
elements (or services) has its own attributes, as shown in table 2.1 [11].
Presentation, also known as the user interface (UI), focuses on
interacting with the user. Application logic, or business rules, perform
calculations and determine the flow of the application. Business rules are
constraints, usually self-imposed, that companies or organization use to help
them operate in their particular business environments-essentially, they
encompass those practices and policies that define an organization's behavior.
Business rules often define a baseline for application requirements and
15
provide guidance to the developer. In practical terms, these business rules are
goals that developers strive to meet for their applications.
Data services manage information by storing data and providing datarelated functionality. For example, a MySQL running on a Linux Server
computer would be a data service [11].
Service Attribute
Type
Presentation
Presentation
of
information
navigation,
and
protection
and
of
functionality,
user
interface
Logic
Data
Services
16
element processes all three of these services. The data itself can be physically
stored in any location, such as on a server. However, the functionality for
accessing the data is part of the application [11].
17
18
Figure 2.1 User Interface, Business Rules, and Database Reside Separately
could
be
packaged
for
19
reuse-shared
among
multiple
the
presentation
interface
and
database
implementation.
The
20
Load balancing
Application components could be spread across multiple servers,
allowing for better scalability.
More efficient data access
Database connection limitation problem is minimized since the
database now sees only the application component, not all of its clients.
Also, database connections and drivers are not required on the client.
Database connections in two-tier applications are acquired early and
held; in three-tier applications, they are acquired late and released.
Improved security
Developer can secure middle-tier application components centrally by
using a common infrastructure. Developer can grant or deny access on
a component-by-component basis, simplifying administration.
Simplified access to external resources
Multi-tier application simplifies access to external resources, such as
mainframe applications and other databases [11].
21
user to send data to the Web server using the HTML Forms. The Web
browser does not know how the server processes these data. It only sends the
data using HTTP request and gets a response back from the server. The
browser renders the response as a normal HTML document. It does not care
how the server had generated it [11][12].
From the Web browser perspective of view, it only sends HTTP request
for the Web server. The request could be a name of an HTML document or a
name of a server side application with some data sent by the user using
HTML Forms. The Web browser then expects a HTTP response. The
response should be a HTML page which is rendered by the browser [11].
22
23
This layer refers to the components that manage an applications internal data.
These data are typically under the direct control of a relational database
management system (RDBMS) like MySQL or Oracle. The following section
introduces the database concepts in more details [11].
24
25
26
27
SCADA systems that monitor and control critical infrastructure such as power
generation and transmission, water and waste water and pipelines over a wide
area network, should be highly secured and out of the access of any
unauthorized party [3].
Hypothetically, by hacking into a SCADA network monitoring water
gates in a dam and taking control of the SCADA system, a malicious hacker
could make disasters by opening and closing of the gates at will.
Putting the SCADA system on the Web get things more risky, but it
also gives the solution as well. By using the available IT security solutions,
which is widely deployed, widely tested and considered to be proven
solutions, the entire problem of the security is almost disappear [3].
28
29
example, if the crypto key used to encrypt a data consisted of only four bits, a
brute force attack would only need to try up to sixteen crypto key values to
compromise the data [17].
Data integrity is achieved through the use of hash algorithms, digital
signatures, and message authentication codes [17].
To ensure the integrity of data, a hash of that data can be sent to
accompany it. The receiver can then compare a hash that it computes on the
received data with the hash that accompanied the received data. If the two
match, the received data must be the same as the data from which the received
hash was created. A hash is a fixed-length string of numbers and characters. It
is computed using a hashing algorithm, such as Message Digest 5 (MD5) or
Secure Hash Algorithm (SHA-1). Hashing is a one-way operation that cannot
be reversed to recreate the original data [17].
A digital signature takes hashing a step further by encrypting the
computed hash using a private key. This extra step can prevent an attacker
from intercepting data and its accompanying hash, modifying the data, and
then simply re-computing the new hash for the modified data. Since a digital
signature is an encrypted hash, an attacker would need access to the original
private key that was used to create the original digital signature. On the
receiving end, digital signatures can be verified using the associated public
key. Digital signatures can be used to enforce non-repudiation, which can
later be used to prove the origin, contents, and timestamp of the data [17].
Message authentication codes (MACs) are used by technologies such as
Secured Socket Layer (SSL) to verify that data has not been altered while in
transit. However, since MACs use a common key for encryption and
verification, they cannot be used to enforce non-repudiation [17].
SSL Provides encryption services to several applications by using
public and private keys to encrypt data transmitted between a server and a
30
31
2. The Web server returns the Web server's certificate and public key to
the Web client. The Web client requires the public key to encrypt any
transmissions sent to the Web server.
3. The Web client and Web server enter into a negotiation to determine
encryption levels. The Web server and Web client negotiate to
determine if 40-bit, 56-bit, or 128-bit encryption will be used for the
session key.
4. The Web client generates a session key and encrypts the session key
with the Web server's public key. The session key is set to be the length
negotiated between the Web client and the Web server. Once the
session key is encrypted, the encrypted session key is transmitted to the
Web server.
5. The Web server decrypts the session key using the Web server's private
key. Only the Web server has access to this private key, ensuring that
the connection attempt isn't intercepted by an attacker.
6. The session key is used to encrypt all further data exchanged between
the Web client and the Web server.
The benefit of using application-level security is that the encryption
requires no additional work by the user. The only noticeable change is that the
user must use https: in the URL rather than http: [17].
2.5.2 Authentication
32
may want to verify the identity of the authenticating host, which is called
mutual authentication [17].
2.5.3 Authorization
33
CHAPTER THREE
3.1 Introduction
This chapter presents a chosen case study. The case study is about
implementing a Web-based SCADA system for monitoring and controlling
the level of water in a network of dams. The system was named Water Level
Control or WLC for short.
The system provides the ability to monitor and control dams distributed on
a large geographical area. The first problem arises, is how to interconnect
such a system. The WLC could work on a wide variety of networks. There are
two requirements in the network to be satisfied:
1. The RTUs and the operator terminals should be able to route IP pockets
to the MTU and the inverse is not necessary. The system needs only
one routable (public) IP address. Other components (i.e. the RTUs and
the operator terminals) could be located behind Network Address
Translation (NAT). This would reduce the cost of the interconnection
of the system dramatically. It also provides a great flexibility in
choosing Internet Service Provider (ISP).
2. The network should support the HTTP protocol, which is a universal
protocol supported by all the ISPs. It is also supported by most of the
intranets.
It is obvious that the Internet could be a good choice, especially for
countries with no infrastructures. For example, when the MTU is connected
to the global Internet, dams and the operator terminals could be located in any
place as far as it can access the Internet.
34
The operator could log to the system to monitor the level of water in any
RTU. The authorized operator could also change the setting of any dam. The
settings include the frequency of data logging (i.e. the number of times the
RTU sends the level of the water to the MTU per hour or day) and the desired
levels of water to be kept by the RTU automation program.
This chapter presents the big picture of how the overall system works.
Then, the implementation of the MTU and the RTU is illustrated.
When the RTU start working, it reads the water level from the sensor, and
sends the reading to the MTU with the RTUs ID and a secret key. The RTU
sends them as an HTTPS request. HTTPS is used to guarantee the security of
the connection.
When the MTU receive the request, it checks the RTU ID and the
secret key (a value known only by the RTU and the MTU used to authenticate
the RTU) with its database. If no match found, the MTU would return an error
code and ignore the request, otherwise if the RTUs ID and the secret key is
matched with the database, the MTU will add a record to the readings table
conforming that the RTU had sent the received reading in the current time and
date. Also, the MTU will send new configuration settings back to the RTU as
the HTTPS response. The configurations will contain the new desired levels
of water in that dam and the frequency of logging the readings from the RTU.
When the RTU gets the response back, the RTU updates its
configurations. Then, the RTU decides to open or close the dam gate
according the new downloaded desired levels and the water level got from the
sensor.
35
The RTU will wait for some time (according to the logging frequency)
and start the cycle again.
36
37
38
terminal and the period of time the terminal should wait between each
logging of data from the terminal to the MTU. Each terminal should
have one row in this table.
wlc_des_levels table: The table stores the planned or desired level of
water for each dam in each month of year. The values are set by
authorized system operator throw the HMI. The RTU will receive those
values from the MTU using the HTTP/HTTPS.
wlc_readings table: The table stores a historical values of the level of
water for each dam. This achieved by storing the terminal ID which had
logged the level, the level itself and the date and time which the level is
logged in. The RTU will log these levels to MTU using the
HTTP/HTTPS. The HMI will use this table to build its report and to
monitor the dams activities.
39
After that, the RSP returns back a response to the RTU. The response is
formatted using eXtensible Markup Language (XML). XML is standard for
data exchange in the Internet applications. XML allows user defined tags that
make XML document handling flexible.
The response contains two main parts; the first one is a conformation code
to tell the RTU that the logging was done successfully. The second part is the
new settings for the RTU. These settings are extracted from the database. The
settings are consisted of:
1. How may times the RTU should log the level of water to the MTU.
2. The desired minimum and maximum level of water for each month of
year.
Figure 3.3 shows the flowchart of the RSP subsystem.
40
Other aspect of the RSP is to provide alerting system for the users. The
MTU could be configured to send emails and SMSs to the persons in charge
when the level of water on one or more of the dams is out of the desired
range.
41
The HMI provides a Web-based GUI to the users to monitor and configure
the system. Operators use Web browsers to access the HMI of the system.
The HMI Provider generates HTML code that is rendered in the operator
terminals.
The HMI Provider enforces the authentication and the authorization in
the system. It will not let any unauthorized person to access a restricted area
in the system. This is done by using single point of entry. Users are not
allowed to access Web pages directly, instead, they have to access the main
page index.php and pass it the request they want to be done. The main page
performs security checks, and if every think is okay, it transfers the control to
the wanted page.
Authentication is done by asking the user to send his credentials (user
name and password), and compare them with the users name and passwords
stored in the users table. If there is such a pair, the user is considered
authenticated and will be given a user type by the system. The user type is
determined using the usertype field in the users table. Figure 3.4 shows a
flowchart of the authentication and authorization in the system.
42
43
2. Manage Users
System administrators can add and delete users. They can also limit the
privileges of the users. This operation requires accessing the users
table. Figure 3.6 shows how HMI Provider manages users.
44
45
The MTU is implemented using PHP and MySQL. Both of them are
supported by many platforms and operating systems. The list of supported
operating systems includes: Linux, Windows, AIX, FreeBSD, MacOS and
Solaris.
Moreover, they could be run on Intel or AMD made processors both for
32-bit and 64-bit. Sun Sparc and Alpha based servers are supported too.
The MTU is tested successfully on:
Operating System : Linux and Windows 2003 Advanced Server.
CPU
RAM
: 512 MB.
5 GB for Linux.
System
46
The field data interface device carries two functions; sensing the level of
water and controlling the operation of the opening and closing the gate of
dam. The device is interfaced to the RTU computer using the parallel port to
guarantee the compatibility of the device with a wide range of commercially
available computers on the market. The following subsections describe how
the device works.
Parallel port is one of the most widely used ports for embedded projects. This
port allows the input of up to 9 bits or the output of 12 bits at any given time,
thus requires minimal external circuitry to implement many tasks. The port is
composed of 4 control lines, 5 status lines and 8 data lines. Parallel pot is
found on most of personal and industrial computers as a standard part.
47
Single computer may have more than one parallel port. Each port is
assigned a base IO address to be accessed from.
Parallel port works in many modes. The simplest mode (compatibility
mode) is used in the thesis. In this mode, Parallel port lines are grouped by
three different groups:
Data group: It is used to send data from computers to external devices.
It has eight latched output lines and the group is associated with an 8bit CPU port. The address of this group is: base address of the port.
Control group: It is used to control the operation of external devices.
It contains four latched output lines. The address of this group is: base
address+2.
Status group: This group is used by the computer to obtain the status
of the external devices. It contains five lines (-ERROR, SLCT, PE, ACK and BUSY), which are directed from the external device to the
computer. It is fed into a CPU port, the address of which is: base
address +1 [18].
The water level sensor device detects immersion of the bare ends of the
sounding wires by taking advantage of the fact that water conducts electricity
better than air. The sensor provides eight level detectors. By sensing
immersion of each end of these detectors, the sensor determines the level of
water. The output of the sensor consists of four digital signals. They represent
the higher probe number immersed by water. Then, by using a look-up table
(set by RTUs operator), the RTU software determines the real value of the
water level in meters referenced to the Mean Sea Level (MSL). Table 4.1
shows a sample look-up table.
48
40.5
37.5
34.5
31.5
27.5
24.5
21.5
17.5
49
Stage one contains the electrodes or probes which are simply bare ends
of sounding wires. When both ends immersed by water; current will
begin to flow. This is used by the second stage to detect the immersion.
Stage two is digital buffer which serves as a voltage threshold detector
and also it protect the other stages from the outside conditions such us
50
static discharge. The 74244 IC was used for this purpose. It provides
octal buffer/line driver with Schmitt trigger actions. Schmitt trigger
logic reduces the problem of a noisy input by using two voltage
thresholds: a high threshold (1.5 volt) to switch the circuit during lowto-high transitions and a lower threshold (0.9 volt) to switch the circuit
during high-to-low transitions. Such a trigger scheme is immune to
noise as long as the peak-to-peak amplitude of the noise is less than the
difference between the threshold voltages. A gate with the Schmitt
trigger feature has a small hysteresis curve drawn inside the gate
symbol. Schmitt triggers are mostly used in inverters or simple gates to
condition slow or noisy signals before passing them to more critical
parts of the logic circuit.
Stage three determines the higher probe immersed by water. The input
to this stage is eight digital signals come from the digital buffer. Each
signal indicates whether the corresponding probe is immersed by water
or not. If the signal is logic one, then it indicates the immersion of the
detector. Logic zero indicates the detector is not immersed. The output
of this stage is the higher number of immersed probes. For example if
probes number one to probe number five is all immersed; the output
would be digital five (0110)2. This is done using a priority encoder. A
priority encoder determines the index of the most significant 1 in the
data input. This value is then placed in the output. A 74148 IC is used
to implement this function. Table 4.2 shows the truth table of the 74148
(8 to 3 priority encoder).
51
Output
IN8
IN7
IN6
IN5
IN4
IN3
IN2
IN1
GS
A2
A1
A0
Stage four contains a buffer used before the direct connection to the
Parallel Port of the RTU computer, in order to protect the port from any
damage caused by failure in the device.
Figure 3.3 shows the circuit diagram of the water level sensor. The four
signals are interfaced to be read from the parallel port using the status
group.
RTU opens or closes the gate of the dam by sending a digital signal to dam
gate actuator. Sending logic 1 on the signal (OPEN) cause the opening of dam
gate. On the other hand, sending logic 1 on the signal (CLOSE) causes the
closing of dam gate as shown in Figure 3.9. To be able of driving the actuator
with a relatively larger current, a signal driver (ULN2803) is used.
52
Figure 3.9 Detailed Schematic Diagram of the Field Data Interface Devices
53
3.4.6 Perl
the
Comprehensive
Perl
Archive
Network
(CPAN)
at
LAI program allows RTU operator to configure and maintain the RTU. The
application provides a GUI to edit the RTU configuration file.
The program is implemented as a plug-in to the Webmin. Webmin is an
open source, Web-based interface for system administration for Unix/Linux
host. Using any browser that supports tables and forms (and Java for the File
54
Manager module); it is possible to get all the administration tasks done to the
computer, for example adding user, formatting disk, installing programs, etc.
Webmin consists of a simple Web server, and a number of modules
which directly update system configuration files. The web server and all
modules are written in Perl version 5, and use no non-standard Perl libraries
[21].
Webmin provides extendable infrastructure allowing developers to
extend its functionality. Developers are able to develop plug-ins modules.
These modules, usually, provide a Web-based user interface to administrate
software running on the system.
Webmin provides the security roles and API framework that greatly
simplify the development of such programs [21].
The RTU Automation Software (RAS) is where the real work is done. LAI
only provides a method of configuration of the RTU. The RTU automation
software performs the following tasks:
1. Reads the water level from the sensor.
2. Sends the level value to the MTU, and update the configuration file
back from the MTU.
3. Decides the appropriate action to do with dam gate, according the new
settings and the obtained water level.
The RTU automation program is implemented mainly in Perl. The
hardware is accessed using programs written in C language.
1. Configuration Files
RAS needs two configuration files:
55
settings-lcl.config: This file contains RTU ID, secret key, RSP URL,
parallel port base address and the look up table to map detector number
to level MSL in meter. RTU operator could modify these values using
the LAI only.
settings-mtu.config: This file contains the desired level (minimum and
maximum) and the logging frequency. These values could be modified
using LAI or by the MTU.
The function of this program is to write the value to the port address
port_add.
inb port_add
The program reads the input value from the port address port_add, and prints
this value to the standard IO device. Both of the programs are simple
56
wrappers to the inb and the outb functions existed in the <sys/io.h> header
file [22].
The interfacing between those programs and the Perl is done using
backquotes(`) feature of the Perl programming language. The backquotes
simply runs the program named inside it, and store its output to the variable
left of it. For example:
$thedate=`date`;
This runs the date command of the operating system and instead of displaying
the date in the screen, the date is stored in the variable $thedate.
The program gets the base address of the parallel port from the
configuration file.
To read the water level sensor, the program read the status group of the
parallel port:
$stts_add=$base_add+1;
$stts=`in $stts_add`;
$stts &=120;
$stts /=8;
To open the gate of the dam, the program should send (00000001)2 to the data
port:
57
`out 1 $base_add`
To close the gate, the program should send (00000010)2 to the data port:
`out 2 $base_add`
https://mtu-address/rsp.php?rtu=rtuID&secret=secretKey&level=number
When the RTU sends this request, it gets the response back, and checks
the response. If the response contains error (Invalid RTU or secret key for
58
example); the RTU logs this error to the system log. Otherwise, if every thing
is ok, the RTU will replace the old configuration file with the new one.
Schmitt trigger logic is used to decide to open or to close the gate of the dam.
For each month of the year there are two values, maximum and the minimum
level of water desired to keep the real level of water within.
If the measured level is within these values no action is done, which
means the gate is kept as it is whether it was opened or closed. If the
measured level is above the maximum value, the program sends a signal to
the gate to be opened. So that the reserved water would be discharged and
then the level of water would get down. And if the measured level is below
the minimum value, the program sends a signal to the gate to be closed.
Figure 3.10 shows a flow chart of the RTU automation software.
Since Perl is a scripting language available on the most modern (and even
old) operating systems, the Perl part of the application is portable as it is to all
of these operating systems. The list of the supported operating systems by
Perl includes: Linux, Windows, MacOS, FreeBSD, AIX and Solaris. It would
also run on any processor architecture supported by these operating systems,
including: x86, Alpha, ARM, etc.
The part written in C language is a source portable to all the real
POSIX operating system. The list includes: Linux, FreeBSD, AIX and
Solaris. Moreover, porting it to Windows or MacOS is very easy.
59
This section describes the steps and instruction that should be followed by the
operator to configure and use the WLC system.
60
The access of the MTU is done across the HMI. As the HMI is a browserbased application, the operator has to use a web browser (such as Mozilla
Firefox or Microsoft Internet Explorer) to get things done. For example, the
operator should write (http://hitech-iraq.com/wlc) address in the address bar
of the browser. The browser would then show the main HMI page. From
there, all the functions of the system could be accessed. Figure 3.11 shows the
front page of the system.
61
1. Logging in
The user should provide a user name and password to be able to access
the administration part of the HMI. Non authenticated users would only
able to monitor the dams, but could never modify anything. The user
name and password (by default admin for both) should be entered in
the specified field in login form, as shown in Figure 3.11.
2. Managing RTUs
Authenticated user who has operator privileges can add, remove and
modify the settings of any RTU. Figure 3.12 shows a screenshot of the
RTU administration main page. The page could be accessed by clicking
the RTU Administration on the main menu.
62
operator should fill the form and then click the submit button.
Sample form page is shown in Figure 3.13.
63
3. Managing Users
Authenticated user who has administration privileges can add, remove and
modify the settings of any user in the system.
To access user management area, the `Administration` hyperlink in the
main menu in the front page should be clicked, then `User Manger`. Figure
3.15 shows the users managements main page.
64
From the above page, one of the following operations could be done:
Adding user: `New` button of the tool bar should be clicked, and
then the operator should fill the appeared list. And click Save, as
in Figure 3.16. The new user should be assigned to one of the listed
groups. Administrator group provide the user with full control of the
system. Operator group provide the user with ability to control the
RTUs and to monitor them.
65
Removing user: The operator should check the check box to the
left of the users name to be deleted, and then click the `Delete`
button in the tool bar of Figure 3.15.
Modify the information of some user: From the page showed in
Figure 3.15, the operator should click the name of the user in
concern and then modify the information existed in the appearing
form as shown in Figure 3.17.
66
4. Building Reports
The system gives the public Internet users the ability to monitor and
getting reports of the system. The system administrator can restrict the
access to this area to specific groups only. To access the monitoring
and reporting area, user should click the `Monitoring & Reports` button
in the main menu. Figure 3.18 shows the reporting main page.
67
Configuring the RTU means the process of defining the MTU and the
ID/secret key to be used by the automation program. This information is
stored in a configuration file called rtu.config. The process of configuration
could be achieved either by modifying the file manually using any test editor
(such us vi or gedit). Otherwise, the LAI provides a Web-based GUI to do the
same job.
68
69
70
connection. VSAT services are very expensive and less reliable than the fiber
based ones.
On the other hand, RTUs need a limited bandwidth to achieve its task.
The failure of the connection of the RTU would bring only the corresponding
node down, while the failure of the connection of the MTU would bring the
entire system down. Moreover, RTUs are often located in rare areas where no
fiber connection is deployed. From economical point of view, the system
would usually have a connection for each RTU, which mean a low cost
connection would bring the overall cost of the system down dramatically. For
these reasons the connection of the RTU to the Internet usually selected from
a different category of those for the MTU.
The System has been tested on many connections type for both of the
MTU and the RTUs. The following sections describe those environments.
1. VSAT modems Connection
The system has been tested on two deferent approaches. The first one is
a home hosted server, whereas the other approach is to rent virtual host
in a shared server. The RTU and the Operator workstations connection
to the Internet had been tested on variety of options. In the home hosted
server scenario, the MTU was installed on a local server which is
connected to the Internet using a VSAT modem. The server was fully
configured and maintained locally. Figure 3.20 shows a diagram of the
implemented system. A public (routable) IP was obtained for the
server.
71
2. Shared Server
The previous approach is quite expensive as the MTU should be online
all the time and should be provided with a reliable connection to the
Internet. The server should be also maintained by highly skilled
administration staff. The cost of all of these items plus the hardware of
the server could cost more than $1,000 per month. For a smaller budget
projects the shared Web hosts are a better solution. Commercial shared
Web hosts are providing a very suitable space and processing power for
a reasonable monthly fee. Most of these hosts guarantee the availability
and the security of the system to their customers. The system has been
tested
on
shared
host
provided
from
Yahoo,
Inc.
on
72
for extra $50 to enable the SSL for the site. Figure 3.21 shows the
implemented network.
73
Uruklink ISP which is the largest dialup ISP in Iraq as shown in Figure
3.22.
74
75
76
The other which connects the RTU to the Internet was using virtual IP
(behind NAT) addresses. Each VSAT was obtained from different ISP. Two
VPN routers were configured to fit the appropriate requirements to establish a
VPN connection with the other end.
At each end two or more computers were connected to each other via a
hub/switch to form a network. Figure 3.25 shows an illustrated diagram for
the network.
Although, the test was done using VSAT to connect the RTU to the
Internet, all the other type of connection described in the pervious sections
could use VPN to enforce a better security to the system.
77
CHAPTER FOUR
4.1 Introduction
This chapter introduces a second case study to show how simple it is to port
the system to serve a completely different application. The new application is
a Very Small Aperture Terminal (VSAT) modems monitoring system (VMS).
Its function is to monitor the network traffic of VSAT modems and
generating reporting charts and tables. The system was implemented
practically and tested successfully in a production environment. The
following sections describe the system briefly.
78
pinging delay (described later) and send these values to the MTU. Figure 4.1
shows a block diagram of the VMS system.
79
80
upload values to the modem_traffic table and mark them with the receiving
time and date. It sends back an acknowledgment code to the RTU to prompt
successfully done. Figure 4.3 shows a flowchart of the RSP of the VMS.
The RSP also provides alerting system for end users. The MTU could
be configured to send e-mails and SMSs to the persons in charge if one or
more modems got down or have a high error rates.
81
82
provides APIs that allow developers to integrate maps and show their
information over it and integrate all of these in their sites.
Figure 4.4 shows a block diagram of the MTU of the VMS.
83
Such type of devices, where the computer is inside the device without a
clear appearance to the end users, is usually called embedded computers.
Usually, the computer is characterized with limited resources (CPU power,
memory and storage size) and other power and size constrains. The system,
usually, required to boot and response fast. Because of the flexibility and
source availability of Linux, it became a major player in the embedded OSes
industry.
The iDirect modem uses an Advanced RISC Machine (ARM) based
processor (IXP420). IXP420 is designed by Intel especially to server as a
network processor. This processor has a completely different instructions set
and architecture from those of the x86 processors used in the standard PCs.
For this reason a cross compilation was required.
84
4.4.2 Microperl
Microperl is the absolute bare minimum build of Perl with no outside
dependencies other than ANSI C compiler. Default configuration files are
provided with the bare minimum settings that allow the core Perl interpreter
to build properly. None of the language's core features are missing from this
interpreter. Of course it does not support the features provided by the plug-in
modules, which is come by default with standard Perl, but it is sufficient to
run basic Perl applications. Microperl was compiled using the GCC produced
from the crosstools [23].
85
The traffic rate for each of these values could be calculated simply by
watching the delta of each value and dividing it by the delta time.
value= (value2-value1)/T
On the other hand, the program measures the ping delay too. Ping is a
diagnostic tool (program) used for verifying connectivity between two hosts
on a network. It sends Internet Control Message Protocol (ICMP) echo
request packets to a remote IP address and watches for ICMP responses and
measure the time between them. The RTU uses the standard ping program
installed with Linux extract the ping delay.
86
87
1. Logging in
Similarly to WLC, users should provide a user name and password to be able
to access the administration part of the HMI.
88
The user name and password (by default admin for both) should be entered in
the specified field as shown in figure 4.6.
2. Managing Modems
Authenticated user who has operator privileges can add, remove and modify
the settings of any modem. To access the modems administration main page
which showed in Figure 4.7, the Monitoring Modems link in the
navigation menu should be clicked.
To add modem: From the modems main page showed in Figure 4.7,
new modem should be clicked. After that, the operator should fill the
new modem form, as showed in Figure 4.8, and then click the submit
button.
89
90
To remove a modem from the system: From the modems main page
showed in Figure 4.7, the operator should open the editing form of the
modem to be deleted, and then click the delete button.
3. Managing Users
Authenticated user who has administration privileges can add, remove and
modify the settings of any user in the system.
To access user management area, the administrator hyperlink in the
main menu in the front page should be clicked, then users. Figure 4.10
shows the users managements main page.
91
From the above page, one of the following operations could be done:
Adding user: add user button of the tool bar should be clicked, and
then the operator should fill the appeared list. And click Submit, as in
Figure 4.11. The new user should be assigned to one of the listed
groups.
92
Modify the information of some user: From the page showed in Figure
4.10, the operator should click the name of the user in concern and then
modify the information existed in the appearing form as shown in
Figure 4.12.
93
Removing user: The operator should click on the name of the user to be
deleted, when the editing form of the user is showed, as in Figure 4.12,
the operator should click on the Delete button.
94
5. Browsing Map
Figure 4.14 shows a screenshot of the VMS. The system shows a
geographical map and projecting the modems on it using the real coordinates
which had been found using Global Positioning System (GPS). The system
provides the ability to zoom in and out to any location on the earth. As stated
in the previous chapter, the map is implemented using a free service provided
by Google.
95
96
running on it use the satellite link to access the Internet. Figure 4.15 shows a
network diagram of the implemented system.
97
CHAPTER FIVE
5.1 Conclusions
During the implementation of the case studies, number of conclusions has
been considered based on the practical results obtained from the implemented
systems and the following are the most important ones:
1. The implemented systems were cost effective solutions compared with
other approaches to build such systems. A basic PC or other low cost
hardware platform (such as embedded computers) could serve as RTU
to the system. Also, the central MTU machine needs relatively very low
resources to achieve its task. The use of the open source software has
even led to a lower cost due to the avoidance of the licensing cost for
the operating system and the servers for both the RTU and MTU.
2. The use of PHP and MySQL for the MTU subsystem had reduced the
total cost of ownership (TCO), the time and cost needed for the
development of the system because of the stability, reliability, ease of
use, and well documentation of these products.
3. Building the system on the top of the selected infrastructure (Linux,
Apache, PHP, MySQL and Perl) which are all proven production
quality software and widely deployed in mission critical applications
have initially made the system very reliable. The system had been
tested in a heavy load environment and proved to be able to work
continuously for a very long time without breakdown.
98
4. The system (MTU, RTU, HMI and the network) is easy to use and
setup. The knowledgebase needed by the system administrator and
operators are very common in the IT field. There are many large
companies that provide courses and certifications which cover most of
knowledge required to setup and use the implemented systems.
5. Because of the use of standard-based security implementation, the
system is very secure. The SSL has provided a high level of privacy
and data integrity. Moreover, the authentication and authorization of
the system is designed to be very strong.
99
100
References
1. Wikipedia,
The
Free
Encyclopedia,
2005.
URL:
http://en.wikipedia.org/wiki/.
2. Communication Technologies, Inc., Supervisory Control and Data
Acquisition
(SCADA)
Systems,
2004.
URL
http://www.ncs.gov/library/tech_bulletins/2004/tib_04-1.pdf
3. Ronald L. Krutz, Securing SCADA Systems, Wiley Publishing, Inc.,
2006.
4. Mike Clayton et. al., A SCADA-Web Interconnection with TCP in Java,
2002. URL:
http://ess.web.cern.ch/ESS/GIFProject/PVSSJava/pvssweb.0.8.pdf
5. Duo Li et. al., Concept Design for Web-based SCADA System, 2002.
6. All
About
Open
Source,
2001.
URL:
http://www.webopedia.com/DidYouKnow/Computer_Science/2005/op
en_source.asp
7. Open Source Initiative (OSI), http://www.opensource.org.
8. B. Qiu, Web-Based SCADA Display Systems (WSDS) for Access via
Internet,
1999.
URL:
http://ieeexplore.ieee.org/iel5/59/18773/00867159.pdf?arnumber=8671
59
9. Kostas Kalaitzakis et. al., Development of a data acquisition system for
remote monitoring of renewable energy systems, 2003.
10. Andrew K. Wright et al., Low-Latency Cryptographic Protection for
SCADA Communications, 2004. URL:
http://scadasafe.sourceforge.net/security.pdf
101
102
SCADA
.
.
.
.
/.
.
. .
.
.
.
.
.
. .
.
) (LAN ).(VPN
.
. .
) (2003
1427
2006