臺灣博碩士論文加值系統

先進讀表基礎設施為智慧電網中最關鍵的基礎設施，其設施結合多種資通訊技術並且提供雙向通訊與遠端控制等功能，由於先進讀表基礎設施需要廣泛佈建到每個家庭用戶當中，為了確保讀表資料能夠準確收集並保證其傳輸的安全性，以目前的做法而言，電力公司必須大量建設資料集中器，以統一管理鄰近網路區域內的先進讀表基礎設施，而每台資料集中器都需要配有兩條以上的專線，進而增加龐大的建置成本，此外，資料集中器大多設置於公共的環境下，使得該設備容易遭受實體攻擊影響，導致區域範圍內先進讀表基礎設施無法正常運作。因此，為能夠佈建完善的先進讀表基礎設施通訊架構，以增加其靈活的擴展性、可用性與資料傳輸的安全性並且避免成本的大量增加，同時亦符合現有先進讀表基礎設施標準規範，都將是佈建前必須考量的議題。

為了滿足先進讀表基礎設施的擴展性、可用性與安全性的環境，本論文分析並加以整理現有先進讀表基礎設施標準規範，用以做為系統設計的依循。本文結合軟體定義網路的概念，提出新的先進讀表基礎設施通訊架構。該架構內的先進讀表基礎設施與資料集中器將利用乙太網路進行讀表資料交換，使其擁有擴展性。而為保證架構擁有高度可用性與安全性，本論文依循相關標準並且於架構內實現了使用者介面呈現、流量隔離、保證頻寬、異常偵測與主動式阻斷，分別確保電表流量於乙太網路傳輸時的機密性、可用性與安全性。最後，本論文利用嵌入式系統搭配軟體定義網路實現該通訊架構，說明其符合的規範需求並設計相關實驗進行測試，以驗證本論文提出的架構其機密性、可用性與安全性。

The Advanced metering infrastructure (AMI) is the most crucial infrastructure in the Smart Grid, including many communication technologies and also providing functions like bidirectional communication and remote control. AMI has to be built by home users widely, so collecting the data exactly and committing the security of the transmission will be necessary.

The new generation AMI communication architecture has been built with the software-defined networking (SDN) in this paper. Using the Transport Layer Security through existing network to provide the security requirements, the present standards are analyzed and its architecture security is evaluated. In this paper, a new communication architecture has been constructed by the embedded system and Software-defined networking. The requirements it meets have been explained to verify the security of communication architecture.

目錄
摘要 I
Abstract III
目錄 IV
圖目錄 VIII
表目錄 X
1 緒論 1
1.1 動機與目的 1
1.2 背景 3
1.3 論文架構 9
2 相關研究現況 10
2.1 先進讀表基礎設施整體架構 10
2.1.1 通訊網域 11
2.1.2 關鍵設施 12
2.2 先進讀表基礎設施設施弱點與風險分析 13
2.3 相關標準制定與研擬 14
2.4 軟體定義網路應用於智慧電網之優勢 15
3 資訊安全議題17
3.1 常見攻擊行為 17
3.1.1 保密性 18
3.1.2 完整性 19
3.1.3 可用性 19
3.1.4 不可否認性 19
3.2 通訊協定運作流程 20
4 需求規範文件 23
4.1 北美電力可靠度公司關鍵基礎設施保護 23
4.2 先進讀表基礎設施安全性剖繪 27
4.3 德州電力網路資通安全報告 28
4.4 智慧讀表設備技術規範 29
4.5 先進讀表基礎設施的隱私與安全性 30
5 軟體定義網路 32
5.1 軟體定義網路簡介 32
5.2 FlowVisor 33
6 系統架構 35
6.1 先進讀表基礎設施通訊架構之比較 35
6.1.1 現有先進讀表基礎設施通訊架構 35
6.1.2 軟體定義網路之先進讀表基礎設施通訊架構 36
6.1.3 現有架構與本文提出架構之差異性 37
6.2 系統架構 39
6.2.1 控制器與交換器 39
6.2.2 資料集中器 40
6.2.3 先進讀表基礎設施 41
6.2.4 TLS交握過程 42
7 實驗與結果探討 44
7.1 圖形化使用者介面 45
7.1.1 適用需求規範 45
7.1.2 實現目的 45
7.1.3 實現結果 45
7.2 先進讀表基礎設施流量隔離之實驗與目的 47
7.2.1 適用需求規範 47
7.2.2 實驗架構與目的 47
7.2.3 實驗結果 48
7.3 服務品質之實驗與目的 52
7.3.1 適用需求規範 52
7.3.2 實驗架構與目的 52
7.3.3 實驗結果 53
7.4 異常流量阻斷 55
7.4.1 符合需求規範 55
7.4.2 實驗架構與目的 55
7.4.3 實驗結果 55
8 結論與未來展望 58
參考文獻 60



圖目錄
1.1 設置於電桿上的資料集中器 [1] 2
1.2 雙向通訊示意圖[2] 3
1.3 先進讀表與傳統電表比較圖[3] 4
1.4 IEC62056標準規範示意圖[2] 7
1.5 智慧電網匭應用與感測通訊網路[4] 8
2.1 先進讀表基礎設施通訊架構示意圖[5] 11
3.1 攻擊行為與資安要素關係圖[6] 18
3.2 TLS通訊協定運作流程圖[7] 21
5.1 網路切片示意圖 33
5.2 多台控制器共同管理交換器示意圖 34
6.1 現今先進讀表基礎設施通訊架構[5] 36
6.2 軟體定義網路之先進讀表基礎設施通訊架構 37
6.3 實現先進讀表基礎設施通訊架構 39
6.4 資料集中器運作流程 40
6.5 Raspberry Pi[8] 41
6.6 先進讀表基礎設施運作流程 41
6.7 TLS建立連線成功 42
6.8 TLS建立連線失敗 42
7.1 拓樸狀態 46
7.2 流量狀態 46
7.3 流量隔離示意圖 48
7.4 實驗環境 48
7.5 未實現FlowVisor時，GUI呈現出一個完整的網路拓樸圖，共有五個設備 49
7.6 實現FlowVisor時，GUI呈現其網路內所有完整的終端設備相關資訊 49
7.7 配置FlowVisor規則 50
7.8 電網營運商控制器的GUI所呈現出先進讀表基礎設施的網路拓樸圖.50
7.9 電網營運商控制器的GUI呈現其網路內所有先進讀表基礎設施的相關資訊 50
7.10 網路服務供應商控制器的GUI所呈現出終端設備的網路拓樸圖 51
7.11 網路服務供應商控制器的GUI呈現其網路內所有終端設備的相關資訊51
7.12 實現QoS之網路環境 53
7.13 先進讀表基礎設施傳送資料前後之頻寬使用率 54
7.14 紀錄異常連線資訊 56
7.15控制器接收異常連線資訊 56
7.16阻斷先進讀表基礎設施 57
7.17先進讀表基礎設施無法連線資訊 57


表目錄
1.1 高階需求書要求[9] 5
3.1 SSL3.0與TLS1.0之間主要差異[10] 20
4.1 先進讀表基礎設施建議項目[11] 28
6.1 現有通訊架構與軟體定義網路通訊架構之比較 38
6.2 加密套件之演算法[12] 43
7.1 實現QoS之網路配置 53

[1]Case Study: Oncor''s AMI. Available at: http://www.elp.com/articles/powergrid_international/print/volume-18/issue-5/features/case-study-oncors-ami.html.
[2]鍾昌庭.智慧型電錶資通訊相關標準之研究.中原大學電機工程研究所碩士論文,桃園縣,2012.
[3]Soma Shekara Sreenadh Reddy Depuru, Lingfeng Wang, and Vijay Devabhaktuni. Smart meters for power grid : Challenges, issues, advantages and status. Renewable and Sustainable Energy Reviews, 15(6):2736－2742, August 2011.
[4]Young-Jin Kim, Keqiang He, M. Thottan, and J. G. Deshpande. Virtualized and self-configurable utility communications enabled by software-defined networks. In 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm), pages 416－421, November 2014.
[5]A Standardized and Flexible IPv6 Architecture for Field Area Networks. Available at: http://cisco.com/c/en/us/products/collateral/routers/1000-series-connected-grid-routers/white-paper-c11-730860.html.
[6]F. M. Cleveland. Cyber security issues for Advanced Metering Infrastructure (AMI). In2008 IEEE Power and Energy Society General Meeting – Conversion and Delivery of Electrical Energy in the 21st Century, pages 1-5, July 2008.
[7]阮一峰. SSL/TLST議運行機制的概述 | MCUapps. Available at: https://www.mcuapps.com/communication/http/ssl-tls.
[8]Raspberry Pi台灣樹莓派. Available at: http://www.raspberrypi.com.tw/.
[9]UtilityAMI. High-Level Requirements v2-7. August 2006. Available at: http://www.metering.com/wpcontent/uploads/Erich%20Gunther%20paper.pdf.
[10]Hongqian Karen Lu, Michael Andrew Montgomery, and Asad Mahboob Ali. Method and apparatus for secure networking between a resource-constrained device and a remote network node.國際專利分類號H04L12/28, G06F21/00, G07F7/10, H04L29/06;.
[11]ASAP-SG. AMI Security Profile - v2_1. October 2012.
[12]yawl.用openssl編寫SSL,TLS程序.Available at: http://www.yiii.net/app/club/viewbig5.jsp?Information_Id=I00001857.
[13]F. Bouhafs, M. Mackay, and M. Merabti. Links to the Future: Communication Requirements and Challenges in the Smart Grid. IEEE Power and Energy Magazine, 10(1): 24－32, January 2012.
[14]IEC 62056,May 2015. Page Version ID:663496255.
[15]I.E Commission. IEC 62056 Electricity metering - Data exchange for meter reading, tariff and load control - Part 61: Object identification system (OBIS). 2006.
[16]I.E Commission. IEC 62056 Electricity metering - Data exchange for meter reading, tariff and load control - Part 62: Interface classes. 2006.
[17]IE Commission. IEC 62056 Electricity metering - Data exchange for meter reading, tariff and load control - Part 53: COSEM application layer. 2006.
[18]IE Commission. IEC 62056 Electricity metering - Data exchange for meter reading, tariff and load control - Part 47: COSEM transport layers for IPv4 networks. 2006.
[19]IE Commission. IEC 62056 Electricity metering - Data exchange for meter reading, tariff and load control - Part 46: Data link layer using HDLC protocol. 2007.
[20]IE Commission. IEC 62056 Electricity metering Data exchange for meter reading, tariff and load control - Part 42: Physical layer services and procedures for connection-oriented asynchronous data exchange. 2002.
[21]IE Commission. IEC 62056 Electricity metering - Data exchange for meter reading, tariff and load control - Part 21: Direct local data exchange. 2002.
[22]R. Berthier, W. H. Sanders, and H. Khurana. Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions. In2010 First IEEE International Conference on Smart Grid Communications (Smart-GridComm), pages 350-355, October 2010.
[23]台灣電力公司. 1000812低壓讀表器採購規範(100-08)-送廠商參考版. August100. Available at: http: //waoffice.ee.kuas.edu.tw/download/%E5%BB%BA%E5%BE%B7%E7%A0%94%E7%A9%08%29-%E9%80%81%E5%BB%A0%E5%95%86%E5%8F%83%E8%80%83%E7%89%88.pdf.
[24]Trilliant | Smart Grid Communications: RF Mesh AMI (SecureMeshNAN). Available at: http: //trilliantinc.com/platform/communications/ami-mesh-securemesh-nan.
[25]V. Novak and M. Prokysek. Large smart metering system security. In 2014 International Conference on Intelligent Green Building and Smart Grid(IGBSG), pages 1-5, April 2014.
[26]Ping-Hai Hsu, Wenshiang Tang, Chiakai Tsai, and Bo-Chao Cheng. Two-Layer Security Scheme for AMI System in Taiwan. In2011 Ninth IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops (ISPAW), pages 105-110, May 2011.
[27]ASAP. AMI System Security Requirements. December 2008.
[28]Department of Energy and Climate Change. Smart Metering Equipment Technical Specifications v1.58. November 2014.
[29]Netbeheer Nederland. Privacy and Security of the Advanced Metering Infrastructure. September 2010.
[30]NERC. Available at: http://www.nerc.com/Pages/default.aspx.
[31]A. Cahn, J. Hoyos, M. Hulse, and E. Keller. Software-defined energy communication networks: From substation automation to future smart grids. In 2013 IEEE International Conference on Smart Grid Communications (SmartGrid-Comm), pages 558-563, October 2013.
[32]Xinshu Dong, Hui Lin, Rui Tan, Ravishankar K. Iyer, and Zbigniew Kalbarczyk. Software-Defined Networking for Smart Grid Resilience: Opportunities and Challenges. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, CPSS’15, pages61-68, New York, NY, USA, 2015. ACM.
[33]Jianchao Zhang, Boon-Chong Seet, Tek-Tjing Lie, and Chuan Heng Foh. Opportunities for Software-Defined Networking in Smart Grid. In Communications and Signal Processing (ICICS) 2013 9th International Conference on Information, pages 1-5, December 2013.
[34]Po-Wen Chi, Chien-Ting Kuo, He-Ming Ruan, Shih-Jen Chen, and Chin-Laung Lei. An AMI Threat Detection Mechanism Based on SDN Networks. SECUR-WARE 2014, page 219, 2014.
[35]IE Commission. IEC /TS62351 Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP.
[36]TheSmartGridInteroperabilityPanel-SmartGridCybersecurityCommittee. Guidelines for smart grid cyber security. Technical Report NIST IR 7628r1, National Institute of Standards and Technology, September 2014.
[37]R. Barnes, M. Thomson, A. Pironti, and A. Langley. Deprecating Secure Sockets Layer Version3.0. Technical Report RFC7568, RFC Editor, June2015.
[38]Federal Energy Regulatory Commission. Order No. 791. November2013.
[39]NERC. NERC CIP 002-4-Cyber Security-Critical Cyber Asset Identification.
[40]NERC. NERC CIP 003-4-Cyber Security-Security Management Controls .
[41]NERC. NERC CIP 004-4-Cyber Security-Personnel &; Training.
[42]NERC. NERC CIP 005-4-Cyber Security-Electronic Security Perimeter(s).
[43]NERC. cip-005_compliance_analysis_report. August 2012.
[44]NERC. NERC CIP 006-4-Cyber Security-Physical Security of Critical Cyber Assets.
[45]NERC. NERC CIP 007-4-Cyber Security-Systems Security Management.
[46]NERC. NERC CIP 008-4-Cyber Security-Incident Reporting and Response Planning.
[47]ES-ISAC-Home. Available at: https://www.esisac.com/SitePages/Home.aspx.
[48]NERC. NERC CIP 009-4-Cyber Security-Recovery Plans for Critical Cyber Assets.
[49]Public Utility Commission of Texas. Electric Grid Cybersecurity in Texas. November 2012.
[50]Home-Open Networking Foundation. Available at: https://www.esisac.com/SitePages/Home.aspx.
[51]What is FlowVisor?-Definition from WhatIs.com. Available at: http://searchsdn.techtarget.com/definition/FlowVisor.
[52]Floodlight OpenFlow Controller-. http://www.projectfloodlight.org/floodlight/.
[53]OpenSSL: The Open Source toolkit for SSL/TLS. Available at: https://www.opennetworking.org/.
[54]Wireshark. Go Deep. Available at: https://www.wireshark.org/.
[55]iPerf-The TCP, UDP and SCTP network bandwidth measurement tool. Available at: https://iperf.fr/.
[56]J. W. Konka, C. M. Arthur, F. J. Garcia, and R. C. Atkinson. Traffic generation of IEC 61850 sampled values. In 2011 IEEE First International Workshop on Smart Grid Modeling and Simulation (SGMS), pages 43-48, October 2011.