-
8/9/2019 05157821
1/4
-
8/9/2019 05157821
2/4
only takes one tenth of the whole investment. At the same
time,considering the important role of SCADA system in PV
powerplants, device redundancy can be seen as a feasible method
tosolve equipment failure and improve the reliability of
SCADAsystem.
This paper focuses on improving communication reliabilityof
SCADA system in PV power plants through adoptingeffective security
strategy and redundancy mechanism. Section
2 presents the component of SCADA system in PV powerplants.
Section3 studies security communication mechanism indistributed PV
power plants network. SCADA systemredundant structure is shown in
section 4, and in this sectionredundancy switching mechanism is
discussed. Finally, somefunctions of the SCADA system were verified
through SCADAserver configuration software.
II. SCADA SYSTEM STRUCTURE
In this study, the structure of a grid-connected PVgeneration
system is depicted in Fig. 2.The design scheme thatone DSP chip
integrated system controller with local SCADARTU was adopted. This
design scheme improved controlperformance and saved system costs.
Control circuits, PWMdrive circuit, as well as signal conditioning
circuit were omittedin Fig.2.
dci
a
b
c
T1 T3 T5
T T6
C U
dcV
U
U
4 T2
1
2C
D2
D1
SCADA-RTU
LCL
Filter
PT1
ACT1
DCT
PT
PWM1 PWM6
Port 1: Ethernet
(RJ45) Port 2: RS485
ACT2
A B
ACT3
temperature
irradiance
Fig.2. SCADA in grid-connected PV system
Local SCADA system in PV power plants is composed ofdata
acquisition unit, RTU, and communications unit. TheSCADA system
could measure and collect PV arraytemperature, irradiance, DC
output voltage and current, inverteroutput AC voltage and current
relay switch state and so on.Data acquisition unit consisted of
current transformer (DCTand ACT) and voltage transformer (PT). The
design of SCADAsystem communication unit depended on the selection
of
communication method. At present in RES power generationsystem
several communication methods were adopted inremote monitoring,
such asRS485, Internet, GSM, GPRS, GPS,industrial fieldbus
[8]-[10].
Although GSM, GPRS, and GTS have their uniqueadvantages, the
high costs of investment cause thesecommunication methods not to be
suitable for PV powersystems. The costs contain device investment
and additionalcommunication costs. Internet WEB communication
isextensively used in many areas, but it is also not suitable
forsending control information in power systems for its high
communication latency (about 0.5-2s) and low
reliability.Nowadays in industrial communication area, there are
anumber of fieldbus (such as PROFIBUS. HART, FF.etc).Among these
fieldbus, industrial Ethernet fieldbus displays itspredominant
advantages in many fields for its hightransmission rate, strong
compatibility and networkmanagement. Combining with actual network
requirement ofPV power plants, our system adopted industrial
Ethernetfieldbus which was based on TCP (UDP) / IP protocol as
workcommunication bus. And RS485 was adopted as
redundantcommunication bus at the same time. As shown in Fig.2,
Port1was Ethernet communication interface (RJ-45). Port2 wasRS485
communication interface and A / B were RS485differential signal
output.
III. COMMUNICATION SECURITY
A. Security communication strategyDistributed PV power plants
are an open network
communication system .If processes are monitored andcontrolled
by devices connected over the SCADA system then
a malicious attack has the potential to cause significant
damageto PV power plants. A set of communication mechanismbetween
SCADA RTU with SCADA server was presented inFig. 3.
SCADA-RTUSCADA
Server
Link request
Link respond
Date or Service
ACK R
KDC
Security certificate
Apply key Apply or Distribute Key
Device announcement
Security certificate
Request or Respond
Fig.3.Security communication mechanism
As shown in Fig.3, before data communication betweenSCADA RTU
and server, a secure connection should beestablished to ensure that
unauthorized entities cant gain entryinto the network. Firstly, RTU
sent link request message toSCADA server and could not do any
operation before gettingback link respond message from SCADA
server. In order toidentify whether the RTU was a legal device or
not, RTUrequested to the server for certification and applied for a
newsecurity key. SCADA server identified the RTU through
Keydistribution center (KDC) (KDC could be an independentserver or
integrated with the SCADA server). If the RTU waslegal device, KDC
distributed a new sub-key return to the RTU.After completing
security certification operation, if the
equipment was identified as a security device, RTU began
tobroadcast device announcement message. In order to
improvecommunication quality of SCADA system, Confirmmechanism was
provided. When RTU didnt receive ACK inone cycle after performing a
data or service message sendingoperation, it should perform a
retransmission and didnt need tore-establish connection.
B. security measureThe proposed communication mechanism involved
three
security measures.
-
8/9/2019 05157821
3/4
1) Security certification. Security certification performed
theoperation of validating Security License. Security
Licenseincluded device authority (License ID,Authorized device
list,)and key information (key type, key length). It was used
toidentify the device privileged.2)Encryption. Data encryption can
prevent data destruction or
illegal wiretapping. Ethernet data packet encryption process
inSCADA system is shown in Fig. 4. AES (Advanced Encryption
Standard) algorithm was adopted to encrypt Ethernet mediaaccess
control access layer protocol data unit (MAC-PDU).And XOR algorithm
was used to encrypt application layerprotocol data unit (APL-PDU).
Both these two encryptionalgorithm carried with transmission key
distributed by KDC.Thus the encrypted PDU could avoid malicious
damage orillegal eavesdropping.
AES
encrypt
KDC
MAC-PDU PDU APL-PDU
Transport Key XOR
encrypt
PDU with Key Fig.4. Data packet encryption process
3) Role based access control. In Power generation
systems,different users should have different rights. Role based
accesscontrol (RBAC) strategy was introduced. Three
roles(administrator, operator and ordinary user) were set in
thissystem. Ordinary users could only view parameters of thesystem
and didnt have the authority to change the parameters.But operators
could modify the parameters. Systemadministrator was the highest
authority owner, who took chargeof SCADA system control strategy,
and had the rights of adding
or reducing users number and their privileges.IV. REDUNDANCY
MECHANISM
To further enhance the reliability of SCADA system,redundant
technology was presented.
A. redundancy topology
SCADA system redundant topology in PV power plants isshown in
Fig.5. Redundant system consisted of two sets ofredundant bus
(based on TCP / IP Ethernet fieldbus and basedon Modbus RS485 bus).
The active device and alternatedevice should be produced by the
same manufacturers and bethe same type. Type and communications
port number ofdevice could be assigned by SCADA Server
configuration.
Under normal circumstances, active device was running. Andwhen
this device was malfunction, alternative RTU wasenabled through
redundancy switching operation. Ethernetand RS485 Bus switched
through different port (Port1 andPort2). The realization of network
redundancy and deviceRedundancy switching operation depended on
correspondingredundant services.
B. redundancy services
In order to achieve redundancy switching operation, fourservices
was defined as follows: Redundant state
announcement service, Synchronization request
service,Synchronization service and Device Switching service
[11].These services aimed at industrial Ethernet fieldbus, not
forRS485.
1
2
1
2
1
2
RS485 Centralized
ControllerGateway
...
PV1
Port 1 TCP/IP
Port2 Modbus
...
1
2
...
PV2
Switch
Fig.5. SCADA system redundant topology
Redundant state announcement service(R_DeviceActiveAnouncement)
is broadcasted in every cycleby active device. Synchronization
request service(R_SynRequest) is sent by new device to request
configurationinformation and operating information. Synchronization
service
(R_Syn) implements the function that active device
sendsconfiguration and operating information to new access
device.When the active device was malfunction, alternate
devicebroadcast device switching service (R_DeviceSwitch)
message.And the service included PD Tag, active device IP and
faileddevice IP.
C. Redundancy switching
1) Device redundancy switching
R_SynRequest
R_DeviceSwitch
Active device Alternate device
R_DeviceActiveAnouncement
R_Syn
Fault device
Active device
Work
Device message
...
T
T
T Fault
R_DeviceActiveAnouncement
R_SynRequest Resp(+)
R_Syn Resp(+)
Fig.6. Redundancy switching mechanism
Active RTU, alternate RTU and their communication portcan be
assigned by SCADA configuration server when devicespowered on
.Device switching mechanism was shown in Fig. 6.In normal
condition, alternate RTU sent Synchronizationrequest service
message (R_SynRequest) to active device.
Active device gave a respond back to alternate device
afterreceiving this message, and then called
redundantsynchronization service (R_Syn) which was used to send
todevice information and data to the alternate device. Activedevice
should broadcast a device announcement servicemessage
(R_DeviceActiveAnouncement) in eachcommunication cycle T. This
message included time stamp. Ifalternate device did not receive
this message in two cycle(check the time-stamp), device redundancy
switching service(R_DeviceSwitch) would be triggered immediately.
Alternatedevice became operating device, and the active device
was
-
8/9/2019 05157821
4/4
defined as fault device.2) Network redundancy switching
Available communication network is a prerequisite fordevice
redundancy. Aiming at network failure, RS485 serialcommunication
bus was designed as redundant network bus inSCADA system.
Generally, all messages should be sent in TCP/ IP Industrial
Ethernet fieldbus in PV power plants. In eachCycle (T) RTU sent a
device announcement message in
communication network. If configuration server didnt receivethis
announcement in four communication cycle (double timeof redundancy
switching time), the server judged that the activeEthernet was
malfunction and switched to RS485 busautomatically. And
communications port switched from Port1to Port2. RS485 bus based on
Modbus communicationprotocol followed "inquiry - response" mode. In
this modeConfiguration server sent inquiry command to RTU and
waitedto receive information from RTU.
V. EXPERIMENTAL TESTS
The complete three-phase PV generation system was set upin
laboratory as shown in Fig.7. PV modules were placed onthe roof of
our department. RTU in SCADA collected data andsent to remote PC
(configuration server).
Fig.7 Experimental set-up in laboratoryFig.8 shows security
access monitoring interface of
SCADA system. Before operating in this interface, the usermust
enter his/her user ID, password, and priority. If either userID or
password is wrong or incorrect, the user was refused toaccess.
Fig.9 shows the page of devices running state. ST2bakis a
redundancy device of ST1.The parameter andcommunication state of
ST2bak, such as device cycle, activetag, enable operate time, can
be seen in Fig.9.
Fig.8. Security access interface
Fig.9 Redundancy device running stateRedundancy device switching
process was shown in
Fig.10.The service messages were captured through a
protocolanalysis softwareEthereal. When active device
(128.128.2.17)was malfunction, alternate device (128.128.2.15) was
switchedto be active device and sent device announcement
messages.
Fig.10 Device switching process
VI. CONCLUSIONS
In this paper, a complete SCADA system of PV powerplants has
been present. Concentrating on the communicationreliability of
SCADA system, security communication strategyand redundancy
mechanism have been provided. Securitycommunication strategy
ensured reliable communicationbetween SCADA RTU and server. It can
avoid the system
being disturbed or breached by invalid message. Simultaneity,the
realization of redundancy mechanism improved thereliability of
SCADA communication network. The proposedtwo methods are used in
grid-connected PV generation systemin Laboratory and could be
effectively employed in RESremote communication areas.
REFERENCES[1]J. M. Carrasco, L. G. Franquelo, J. T.
Bialasiewicz, E. Galvn,R. C. Portillo,M. . Martn Prats, J. E. Len,
and N. Moreno-Alfonso,Power-electronicsystems for the grid
integration of renewable energy sources: A survey,IEEETransaction
on Industrial Electronics, Vol.53, No.4, pp.10021016, Aug.2006.[2]
Benghanem, M.Maafi, A.Data acquisition system for photovoltaic
systems
performance monitoring, IEEE Transactions on Instrumentation
andMeasurement, Vol.15, No.1, pp.30 33, Feb. 1998.[3] Hamoud, G.
Chen, R.-L. Bradley, Risk assessment of power systemsSCADA,
IEEEPower Engineering Society General Meeting, 2003,Vol.2,
Jul.2003.[4]Zimmermann, C.G, The Impact of Mechanical Defects on
the Reliability ofSolar Cells in Aerospace Applications,IEEE
Transactions on Device andMaterials Reliability,Vol.6,No
3,pp.486-494, Sep. 2006.[5]Calogero Cavallaro,Angelo
Raciti,Antonino Torrisi, Reliabilityimprovement of photovoltaic
power conversion systems by an optimalremote-management controller,
Fourth IEEE International CaracasConference on Devices, Circuits
and System, Aruba, Apr 17-19,2002.[6] Chan, F, Calleja, H
,Reliability: A New Approach in Design of Invertersfor PV
Systems.10th IEEE International Power Electronics Congress,
pp.16,Oct. 2006.[7] Vinay M. Igure, Sean A. Laughter, Ronald
D.Williams, Security issues in
SCADA networks, Computers & Security.Vol.25, No. 7, pp.
498-506, Oct.2006.[8] Krauter, Stefan,Depping, Thomas. Satellite
monitoring system for remotePV-systems, Conference Record of the
IEEE Photovoltaic SpecialistsConference, 2002, pp.
1714-1717.[9]Gagliarducci, M,Lampasi,D.A,Podesta, GSM-based
monitoring and controlof photovoltaic power generation ,
Measurement: Journal of the InternationalMeasurement Confederation,
Vol.40, No.3, pp.314-321,Apr.2007.[10] Wang Li,Liu Kuo-Hua,
Implementation of a web-based real-timemonitoring and control
system for a hybrid wind-PV-battery renewable
energysystem,Engineering Intelligent Systems, Vol.15, No.2,
pp.99-105, Jun. 2007.[11]IEC 62409: Specification of EPA system
architecture and communicationfor industrial measurement and
control system[S], 2006.
