DOCSLIB.ORG

Security Issues and Mitigation in Ethernet POWERLINK

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Issues and Mitigation in Ethernet POWERLINK Security of cyber-physical systems: an old idea Security Issues and Mitigation in Ethernet POWERLINK Jonathan Yung, Hervé Debar and Louis Granboulan AIRBUS Group Innovations & Télécom SudParis February 10th, 2017 Recurrent issues in cyber-security I Name changes, keywords and buzzwords I Information systems security ! cyber-security I Intrusion detection ! anomaly detection I Big data I Artificial intelligence I Really represent persistent issues in IT I Security as an afterthought I Security as an overkill I Security without expectations I Security without specifications I ... Can we construct a better approach ? I Safety has clear pre-specified expectations. I Standardized constraints I Industrial control systems have clear specifications. I Control loop I Can we leverage these two old ideas for better security ? I Old keyword: Resilience Outline Introduction to Industrial Control protocols Ethernet POWERLINK Protocol Attacks Defense and Mitigation Detection and Protection Lessons learned ICS Industrial Control System System composed of devices producing data (sensors), and of devices which will act depending of this data (actuator) and of a program. ICS Industrial Control System System composed of devices producing data (sensors), and of devices which will act depending of this data (actuator) and of a program. Programming station HMI Data Historian Site A PLC PLC MTU Sensor Sensor Actuator Sensor Site B Site C Sensor Sensor RTU RTU Sensor IO Module Actuator Sensor Sensor Actuator Actuator Actuator Actuator Process network Control network Industrial Ethernet Protocols I Adaptation of the Fieldbus protocols on Ethernet. I Classified in three types: I Class 1 (soft real-time): MODBUS/TCP, EtherNet/IP I Class 2 (hard real-time): PROFINET (RT) I Class 3 (isochronous real-time): PROFINET IRT, Ethernet POWERLINK, EtherCAT Attack State of the Art Attack MODBUS/TCP (C1) EtherNet/IP (C1) PROFINET RT (C2) Eavesdropping Huitsing et al.[5] Bristow[4] Interruption Huitsing et al.[5] Digital Bond[3] Paul et al.[6] Queiroz[7] Modification Huitsing et al.[5] Antonioli et al.[2] Åkerberg et al.[1] Paul et al.[6] Insertion Huitsing et al.[5] Digital Bond[3] Åkerberg et al.[1] Goal of this presentation I Literature already presents attacks and mitigation measures... I ... but only for class 1 and/or 2 protocols. I The goal of this presentation is to: I test the security of a type 3 protocol: Ethernet POWERLINK I propose security improvements Outline Introduction to Industrial Control protocols Ethernet POWERLINK Protocol Attacks Defense and Mitigation Detection and Protection Lessons learned Architecture MN I It is specified by the EPSG (Ethernet POWERLINK Standardization Group). Hub I It uses the Master/Slave paradigm. CN Hub I A Slave can send a message only if asked by the Master. Hub CN Hub I It is composed of: I one master called Managing Node (MN) Hub I up to 240 slaves called Controlled Node (CN) CN Hub I The master and slaves are connected through Hubs. Cycle Structure Composed of three periods: Isochronous period I Isochronous period SoC MN → all I Asynchronous period PReq CN 1 MN → CN 1 I Idle period PRes CN 1 CN 1 → all ... PReq CN n MN → CN n Cycle PRes CN n CN n → all PRes MN MN → all Asynchronous period SoA MN → all ASnd MN or one CN → all Idle period Network Management I The Network Management (NMT) State init Configuration Machine describes a device behavior. is done not_active I The master can change the NMT state of a Does not receive slave through an ASnd command. any SoC or SoA pre_operational_1 A slave can ask the master to send an NMT I Reset All mandatory CN command to change the NMT state of a slave are identified or of the master. pre_operational_2 MN configuration OK CN lost All CN in ready_to_operate I The NMT states of an master are (non exhaustive list): ready_to_operate No error after a complete cycle I init operational I not_active I pre_operational_1 I pre_operational_2 I ready_to_operate I operational Network Management Reset The Network Management (NMT) State init I Configuration Does not receive is done any SoC or SoA Machine describes a device behavior. (SoC timeout) not_active I The master can change the NMT state of a SoC or SoA basic_ethernet slave through an ASnd command. pre_operational_1 Receives POWERLINK traffic I A slave can ask the master to send an NMT Reset SoC command to change the NMT state of a slave pre_operational_2 NMT-Enable-Ready Error or of the master. -to-Operate ready_to_operate I The NMT states of a slave are (non exhaustive NMT- Enter- NMT-Start-Node list): Pre- ope2 I init operational I pre_operational_1 NMT-Stop-Node I pre_operational_2 stopped I ready_to_operate I operational I stopped Outline Introduction to Industrial Control protocols Ethernet POWERLINK Protocol Attacks Defense and Mitigation Detection and Protection Lessons learned Attacker Model I Our attacks are on the Ethernet POWERLINK MN protocol. Hub I We consider an attacker connected to the CN Hub Ethernet POWERLINK network. Hub I We need physical access. CN Hub I We need a free port. I Attacker positions Hub CN Hub Attacker I Most likely position: end of bus (free port) I Inserted after the master (requires interruption) I Attacker capabilities I Listen to and analyze traffic I Sufficiently fast to impersonate any slave I With enough computational power for crypto operations I Acyclic command insertion I slave impersonation I master reset I master impersonation Attacks Description I Denial of service Send many SoCs I slave impersonation I master reset I master impersonation Attacks Description Measure time I Denial of service between two SoAs I Acyclic command insertion Wait for SoA Void ? Yes No Wait for ASnd Time to No send another ASnd ? Yes Send ASnd I master reset I master impersonation Attacks Description I Denial of service ASnd message Acyclic command insertion insertion: I stop slave I slave impersonation Wait for PReq Send PRes Wait for SoA SoA for the CN ? No Yes Send ASnd I master impersonation Attacks Description I Denial of service I Acyclic command insertion I slave impersonation CN impersonation I master reset Send PRes with PR=0b111 and RS=0b001 Wait for the ASnd for this PRes Send NMT request Attacks Description I Denial of service I Acyclic command insertion I slave impersonation I master reset I master impersonation MN reset Init MN state machine I one using B&R components for the master and slave I one using openPOWERLINK for the master on the same computer as the attacker, and B&R components for the slave Testbed for the implementation of the attacks I Composed of an master, a slave and an attacker MN (attacker is a computer, with Linux 3.13.0-95-lowlatency kernel). I Two testbeds implemented: CN Attacker I one using openPOWERLINK for the master on the same computer as the attacker, and B&R components for the slave Testbed for the implementation of the attacks I Composed of an master, a slave and an attacker X20CP1585 (attacker is a computer, with Linux 3.13.0-95-lowlatency kernel). I Two testbeds implemented: I one using B&R components for the master and slave X20BC0083 Attacker Testbed for the implementation of the attacks I Composed of an master, a slave and an attacker OpenPOWERLINK (attacker is a computer, with Linux 3.13.0-95-lowlatency kernel). I Two testbeds implemented: I one using B&R components for the master and slave X20BC0083 I one using openPOWERLINK for the master on the same computer as the attacker, and B&R components for the slave Attacker Results Attacks B&R components openPOWERLINK Denial of service OK OK Acyclic command insertion OK OK CN impersonation ~OK OK MN reset OK OK MN impersonation OK OK Outline Introduction to Industrial Control protocols Ethernet POWERLINK Protocol Attacks Defense and Mitigation Detection and Protection Lessons learned Summing Up the Attacks I The Master/Slave paradigm simplifies any DoS attacks. I we do not handle mitigation against DoS attacks here I The other attacks are due to weaknesses in the asynchronous period: I no basic authentication of the command I no verification that the ASnd and SoA are consistent I several ASnd can be accepted by a slave DLL State Machine Modification - master Wait SoC trigger SoC trigger → send SoC+PReq last PRes → send SoA, [ASnd] ASnd last PRes timeout → send SoA, [ASnd] Wait PRes Wait ASnd SoC trigger → send SoC + PReq PRes → send PReq PRes timeout → send PReq DLL State Machine Modification - master Wait SoC trigger SoC trigger → send SoC+PReq First correct ASnd Incorrect ASnd → error last PRes → send SoA, [ASnd] Extra ASnd → error last PRes timeout → send SoA, [ASnd] Wait PRes Wait ASnd SoC trigger → send SoC + PReq PRes → send PReq PRes timeout → send PReq DLL State Machine Modification - slave ASnd PReq PRes SoA SoC timeout PReq Wait_SoC SoC timeout PRes SoA ASnd SoA SoA → [ASnd] SoC SoC timeout Wait_SoA PReq→PRes SoC Wait_PReq PRes SoC ASnd DLL State Machine Modification - slave First correct ASnd PReq PRes SoA SoC timeout PReq Wait_SoC SoC timeout PRes SoA ASnd SoA SoA → [ASnd] SoC SoC timeout Wait_SoA PReq→PRes SoC Wait_PReq PRes SoC ASnd DLL State Machine Modification - slave Incorrect ASnd Extra ASnd First correct ASnd PReq PRes SoA SoC timeout PReq Wait_SoC SoC timeout PRes SoA ASnd SoA SoA → [ASnd] SoC SoC timeout Wait_SoA PReq→PRes SoC Wait_PReq PRes SoC ASnd NMT master State Machine Modification init Configuration is done not_active Does not receive any SoC or SoA pre_operational_1 Reset All mandatory CN are identified pre_operational_2 CN lost MN configuration OK All CN in ready_to_operate ASnd error ready_to_operate
Load more

Recommended publications
  • Industrial Ethernet Technologies Page 1 © Ethercat Technology Group, January 2011
    Industrial Ethernet Technologies Page 1 © EtherCAT Technology Group, January 2011 Industrial Ethernet Technologies: Overview Approaches Modbus/TCP Ethernet/IP Powerlink PROFINET SERCOS III EtherCAT Summary © EtherCAT Technology Group Industrial Ethernet Technologies Editorial Preface: This presentation intends to provide an overview over the most important Industrial Ethernet Technologies. Based on published material it shows the technical principles of the various approaches and tries to put these into perspective. The content given represents my best knowledge of the systems introduced. Since the company I work for is member of all relevant fieldbus organizations and supports all important open fieldbus and Ethernet standards, you can assume a certain level of background information, too. The slides were shown on ETG Industrial Ethernet Seminar Series in Europe, Asia and North America as well as on several other occasions, altogether attended by several thousand people. Among those were project engineers and developers that have implemented and/or applied Industrial Ethernet technologies as well as key representatives of some of the supporting vendor organizations. All of them have been encouraged and invited to provide feedback in case they disagree with statements given or have better, newer or more precise information about the systems introduced. All the feedback received so far was included in the slides. You are invited to do the same: provide feedback and – if necessary – correction. Please help to serve the purpose of this slide set: a fair and technology driven comparison of Industrial Ethernet Technologies. Nuremberg, January 2011 Martin Rostan, [email protected] Industrial Ethernet Technologies Page 2 © EtherCAT Technology Group, January 2011 Industrial Ethernet Technologies: Overview Approaches Modbus/TCP Ethernet/IP Powerlink PROFINET SERCOS III EtherCAT Summary © EtherCAT Technology Group Industrial Ethernet Technologies All Industrial Ethernet Technologies introduced in this presentation are supported by user and vendor organizations.
    [Show full text]
  • Opensafety Basics 2013
    openSAFETY The open safety standard for all communication protocols What does Safety normally look like? • Safety Relays within the cabinet • Safety application by discrete wiring PLC I/O Servo Safety Relays What does Safety normally look like? • Safety Relays within the cabinet • Safety application by discrete wiring PLC I/O Servo Additional DI/DO module Safety Relays What does Safety normally look like? • Safety Relays within the cabinet • Safety application by discrete wiring PLC I/O Servo Additional DI/DO module Extra wiring of safe sensors Safety Relays What does Safety normally look like? • Safety Relays within the cabinet • Safety application by discrete wiring PLC I/O Servo Additional DI/DO module Extra wiring of safe sensors Safety Extra wiring required to Relays control safe actuators What does Safety normally look like? • Safety Relays within the cabinet • Safety application by discrete wiring PLC I/O Servo Additional DI/DO module Speed Monitor Extra wiring of safe sensors Safety Extra wiring required to Relays control safe actuators Extra speed monitor for safe motion control functions What does Safety normally look like? • Safety Relays within the cabinet • Safety application by discrete wiring PLC I/O Servo Additional DI/DO module Speed Monitor Extra wiring of safe sensors Safety Timer Extra wiring required to Relays Relays control safe actuators Extra speed monitor for safe motion control functions Timer Relays for synchronous shutdown What Safety should look like! • Integrated • Flexible PLC
    [Show full text]
  • Basics Why Real-Time Industrial Ethernet?
    System Overview POWERLINK Basics Why Real-time Industrial Ethernet? Over the course of the last two decades, it has combination with an Internet protocol like TCP/IP is become hard to keep track of the numerous field- unsuitable for data transmission in hard real-time. bus systems that have been developed in the auto- Data traffic can be delayed in unforeseeable ways mation industry specifically for purposes of process due to the CSMA/CD mechanism (Carrier Sense and factory production control. Yet there remain Multiple Access/Collision Detection). An integral various restraints that are impeding their perform- part of the Ethernet standard IEEE 802.3, that ance. Demand has therefore become more mechanism helps prevent data collisions on the pressing for a reliable communication system that bus that can occur in Ethernet environments due would offer high flexibility and across-the-board to the particular nature of Ethernet transmissions. compatibility. A new solution in this vein was also In order to develop Ethernet-based, but real-time expected to allow for ongoing improvements and capable fieldbuses, manufacturers have pursued future upgrades. Ethernet first rose to that chal- various approaches in their efforts to eliminate such lenge: it was a tried and tested technology that delays. These solutions are commonly referred to as was free of patents and was widely standardized. “Real-time Industrial Ethernet” technologies. This Moreover, it had great potential to serve as a booklet will introduce you to POWERLINK, which consistent, integrated communication solution, i.e. has become one of the most successful Real-time allow for an interconnection of the control, process, Industrial Ethernet systems in the world today.
    [Show full text]
  • POWERLINK Basics Why Real-Time Industrial Ethernet?
    System Overview POWERLINK Basics Why Real-time Industrial Ethernet? Over the course of the last two decades, it has combination with an Internet protocol like TCP/IP is become hard to keep track of the numerous field- unsuitable for data transmission in hard real-time. bus systems that have been developed in the auto- Data traffic can be delayed in unforeseeable ways mation industry specifically for purposes of process due to the CSMA/CD mechanism (Carrier Sense and factory production control. Yet there remain Multiple Access/Collision Detection). An integral various restraints that are impeding their perform- part of the Ethernet standard IEEE 802.3, that ance. Demand has therefore become more mechanism helps prevent data collisions on the pressing for a reliable communication system that bus that can occur in Ethernet environments due would offer high flexibility and across-the-board to the particular nature of Ethernet transmissions. compatibility. A new solution in this vein was also In order to develop Ethernet-based, but real-time expected to allow for ongoing improvements and capable fieldbuses, manufacturers have pursued future upgrades. Ethernet first rose to that chal- various approaches in their efforts to eliminate such lenge: it was a tried and tested technology that delays. These solutions are commonly referred to as was free of patents and was widely standardized. “Real-time Industrial Ethernet” technologies. This Moreover, it had great potential to serve as a booklet will introduce you to POWERLINK, which consistent, integrated communication solution, i.e. has become one of the most successful Real-time allow for an interconnection of the control, process, Industrial Ethernet systems in the world today.
    [Show full text]
  • Opensafety – the Open Source Safety Solution
    MMC 2013 CAN in Automation Opensafety – the open source safety solution Miodrag Veselic (Bernecker & Rainer) The safety requirements for mobile machinery have increased considerably since the introduction of the new Machinery Directive (2006/42/EC). The new standards have resulted in new approaches to the design of safety technology. Integrated safety solutions allow safety signals to be used for automation as well. New features increase machine availability, reduce the number of required sensors and decrease the overall complexity of safety solutions. Opensafety is the world’s only open-source safety protocol that enables safety communication via any protocol available on the market. In addition, the Opensafety stack is pre-certified for SIL3 by TÜV-SÜD and TÜV-Rheinland. With no licensing costs and a free, pre-certified software stack, users benefit from greatly accelerated time-to-market. Basic safety requirements The procedure for reducing risk to an acceptable minimum is defined in EN ISO The failure of components – in vehicles for 12100 - Risk assessment and risk example – can be minimized through well- reduction - see also Figure 1. defined rules and regulations. The In the first step, hazards and hazardous transformation of the Machinery Directive situations are evaluated on the bare into the Product Safety Act (ProdSG) machine. The assessment must be carried provides a solid technical basis and, in out throughout the entire life cycle of the Germany, a legal framework as well. machine (manufacture, transport, commissioning, etc.). In the second step, risk is estimated by determining the likely extent of damage and its probability of occurrence. The last step, risk evaluation, involves an assessment of whether objectives for risk reduction have been achieved.
    [Show full text]
  • The 5 Major Technologies
    February2013 / Issue 2 SYSTEM COMPARISON The 5 Major Technologies PROFINET, nd POWERLINK, Edition EtherNet/IP, 2 EtherCAT, SERCOS III How the Systems Work The User Organizations A Look behind the Scenes Investment Viability and Performance Everything You Need to Know! Safety protocols Learn the basics! EPSG_IEF2ndEdition_en_140416.indd 1 16.04.14 16:02 Luca Lachello Peter Wratil Anton Meindl Stefan Schönegger Bhagath Singh Karunakaran Huazhen Song Stéphane Potier INTRODUCTION 4 · Selection of Systems for Review Preface Outsiders are not alone in finding the world of Industrial Ethernet somewhat confusing. Experts who examine the matter are similarly puzzled by a broad and intransparent line-up of competing HOW THE SYSTEMS WORK 6 · Approaches to Real-Time systems. Most manufacturers provide very little information of that rare sort that captures tech- · PROFINET Communication nical characteristics and specific functionalities of a certain standard in a way that is both com- · POWERLINK Communication prehensive and easy to comprehend. Users will find themselves even more out of luck if they are · EtherNet/IP Communication seeking material that clearly compares major systems to facilitate an objective assessment. · EtherCAT Communication · SERCOS III Communication We too have seen repeated inquiries asking for a general overview of the major systems and wondering “where the differences actually lie”. We have therefore decided to dedicate an issue ORGANIZATIONS 12 · User Organizations and Licensing Regimes of the Industrial Ethernet Facts to this very topic. In creating this, we have tried to remain as objective as a player in this market can be. Our roundup focuses on technical and economic as well as on strategic criteria, all of which are relevant for a consideration of the long-term viability CRITERIA FOR INVESTMENT VIABILITY 16 · Compatibility / Downward Compatibility · Electromagnetic Compatibility (EMC) · Electrical Contact Points of investments in Industrial Ethernet equipment.
    [Show full text]
  • POWERLINK Safety
    Issue 1 / October 2009 The Magazine for the Industrial Ethernet Standard Volume 4, FACTS POWERLINK Safety How does POWERLINK Safety work? openSAFETY: Stage 1 Christian Schlegel Interview with Anton Meindl EPSG Executive Offi cer 2 EDITORIAL 1/2009 POWERLINK openSAFETY expands the open world of POWERLINK With their open source release of the POWERLINK Safety stack, IXXAT adds a safety-oriented transfer protocol to the open source world of POWERLINK. A renowned service provider for data communication systems in the automation industry and a leading member of the Ethernet POWERLINK Standardiza- tion Group, IXXAT will make the stack available for download free of charge from their website on the occasion of the upcoming SPS/IPC/Drives exhibi- tion. We take that cue to give you a POWERLINK FACTS issue that focuses exclusively on POWER- LINK Safety. You will fi nd a brief explanation of what POWERLINK Safety actually is, and how the soft- ware works. Christian Schlegel, IXXAT‘s CEO, tells you in our interview why his company has decided to take this step. You also get the views of Anton Meindl, EPSG Executive Offi cer, as well as of Dr. Till Jaeger. A distinguished expert in the fi eld of open source law, Jaeger discusses the specifi c liability issues anyone involved in the open source release and distribution of safety-oriented products should consider. The closing article provides information ■■ The purpose of tromagnetic interference also threa- safety systems tens the integrity of information trans- about the requirements for standard-compliant missions. In bus-based safety systems, developments of safety software and hardware In order to prevent any damage to per- performance free from defects must be according to IEC 61508.
    [Show full text]
  • Flyer Opensafety "The Future Is Wide Open"
    The safety standard The safety standard Ot Et her herCat 4% THE FUTURE IS WIDE OPEN. s 5% LEADING MANUFACTURERS IEC APPROVES openSAFETY POWERLINK PROFINET 11% 28% TRUST IN openSAFETY AS WORLDWIDE STANDARD | | Modbus TCP/IP 22% Market shares of The fieldbus-independent openSAFETY protocol was tested Ethernet/IP according to IEC 61784-3 FSCP 13 and approved by national 30% Industrial Ethernet (Source: IMS Research 3rd quarter 2009) IEC committees representing 27 countries including China, USA and Germany, and is therefore released for international standardization. Because openSAFETY is bus independent, n 91 % realised with openSAFETY it can be used with all fieldbus or industrial Ethernet systems. End customers have been requesting a uniform and manufacturer- independent standard for years, and openSAFETY is the response to those requests. It allows increases in productivity that are currently Highlights at a glance:| not possible with other safety protocols. n n o n e single,uniformstandardforallleadingfieldbuses n n maximumproductivityduetoefficientcross-communication n n reducedcommissioningandmaintenancetime BE ON THE SAFE SIDE! n n automaticsafeparameterization Automotive OEMs SIL3 certification by TÜV Rheinland and TÜV Süd n n perfectlysuitedtosafemodularmachineconcepts and suppliers EthernetPOWERLINKStandardizationGroup(EPSG) POWERLINK-Office n n Building Construction s o l e 100%opensafetysolution automation industry Bonsaiweg 6 · 15370 Fredersdorf · Germany n n f a s t e s t IEC61508SIL3communicationsolution Phone: +49 33439 539
    [Show full text]
  • 5 Ways to Improve Safety & Profitability
    VOL 08 | OCT-NOV 2015 www.AandD24.in AUTOMATIONAutomation & DRIVES & Drives UNLOCKING HIDDEN POTENTIAL 5 ways to improve safetyEfficient &Manufacturing profitability Also available in China, Taiwan, Singapore, Malaysia, Thailand & Hong Kong Malaysia, Singapore, Taiwan, Also available in China, FOCUS Semiconductor & Electronics P. 32 A&D - Interview A&D - Interview Dr Karl Tragl Hans Bangert President of the Executive Board Managing Director Bosch Rexroth AG Bosch Rexroth India (p.24) (p.24) In association with Advt Meistermacher. Made in Germany. Rainer Scholl, Master – Gripping System Components Jens Lehmann, German Goalkeeper legend, brand ambassador of SCHUNK, the family-owned company since 2012, represents precise gripping and concentrated, safe holding. German champion with Borussia Dortmund 2002 English champion with Arsenal London 2004 www.gb.schunk.com/robotaccessories SCHUNK Robot Accessories End-of-arm Competence with more than 1,200 Modules SCHUNK robot accessories. The unique standard line of modules for mechanical, sensor and power connections of handling modules and robots for every industry and handling task. 50% more moment load DDF 2 Rotary feed-through The latest standard for modern robots. Quick-change Collision and Compensation 6-axis force / moment system SWS. overload sensor OPR. unit AGE. sensor FT. 90% faster Protection class IP65. Compensation Measurement is effector changing. in 3 directions. possible in KG GmbH & Co. SCHUNK © 2015 6 degrees of freedom. INNOVATION INTELLIGENCE® Page 2_Igus.pdf 10/13/2014 5:06:37
    [Show full text]
  • Sercos News 01/2014
    sercos Issue 01/2014 the automation bus magazine An existential Heinz Gall, Global Business Field Manager at TÜV Rheinland in conversation with Sercos International issue Cost efficient Optimized Transparent Cost reduction by one third, Reduction of machine down Ethernet communication reduction of energy requirements times while increasing with Sercos and Hilscher's by about 25 percent transmission rates in parallel netSWITCH sercos sercos Editorial News Events Technology Application Cover Story New Products Review & Outlook Editorial News Events Technology Application Cover Story New Products Review & Outlook Safety for Higher Economic Contents Efficiency and Flexibility News The requirements of operational safety for machinery 03 Sercos Webinar Series Available as Download are rising continuously. Automation solutions must not only protect people, machines and the en- 04 New Brochures for Users and Vendors Available vironment in a reliable manner but at the same time Webinar Recordings must fulfill high standards of economic efficiency and 05 Events flexibility. “Moving Forward with Tradition and Innovation” Technology “Sercos in Practice: Easy, Fast, Flexible” Bus systems, which not only transmit process data but also safety-relevant data, play an important role 06 Ethernet Connectivity with Sercos “Sercos in Practice: Efficient, Reliable and Economic” here. Enormous amounts are saved in installation and engineering, safe periphery components can be com- 08 Multi Vendor Solution: Plastic Electronics “CIP Safety on Sercos & EtherNet/IP” bined with standard components, and safe data can be used for diagnostic purposes at the standard level 10 Flexible Topologies with Sercos III “Benefits of a Common Sercos III and EtherNet/IP Infrastructure” as well. Application However, these advantages are countered by higher 12 Sercos Replaces Signalbus complexity both for device manufacturers and for engineers.
    [Show full text]
  • New Lift Safety Architecture to Meet PESSRAL Requirements Ayoub Soury, Denis Genon-Catalot, Jean-Marc Thiriet
    New lift safety architecture to meet PESSRAL requirements Ayoub Soury, Denis Genon-Catalot, Jean-Marc Thiriet To cite this version: Ayoub Soury, Denis Genon-Catalot, Jean-Marc Thiriet. New lift safety architecture to meet PESSRAL requirements. WSWAM 2015 - 2nd World Symposium on Web Applications and Networking, Mar 2015, Sousse, Tunisia. 5 p., 10.1109/WSWAN.2015.7210314. hal-01233766 HAL Id: hal-01233766 https://hal.univ-grenoble-alpes.fr/hal-01233766 Submitted on 2 Dec 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. New lift safety architecture to meet PESSRAL requirements Ayoub Soury∗†, Denis Genon-Catalot† and Jean-Marc Thiriet∗‡ ∗Univ. Grenoble Alpes, Gipsa-lab, F-38000 Grenoble, France † Univ. Grenoble Alpes, LCIS, F-26000 Valence, France ‡ CNRS, Gipsa-lab, F-38000 Grenoble, France Email: {ayoub.soury, denis.genon-catalot}@lcis.grenoble-inp.fr; [email protected] Abstract — Industrial control and automation systems are The main contribution in this paper is an analysis case of evolving towards infrastructures more connected. Its the adopted standard IEC 61508 requirements specification component’s interconnection makes them more dependent targeting the development of a new safety chain for lift on the networks and communication protocols used.
    [Show full text]
  • Opensafety – Stejné Bezpečí Pro Všechny
    téma OpenSafety – stejné bezpečí pro všechny Bezpečnostní komunikační protokol OpenSafety je první zcela otevřený protokol pro Výrobci strojů a zařízení ale profitují z in- přenos dat spjatých s funkční bezpečností vhodný pro všechny oblasti průmyslové au- tegrovaných a rychlých bezpečnostních systé- tomatizace. V článku jsou uvedeny důvody vzniku, základní vlastnosti a přednosti toho- mů i jinak. Rychle reagující systém umožňu- to univerzálního protokolu. je reagovat na nebezpečné situace později či používat větší provozní rychlosti. Zjednodu- Trend v systémech zajišťujících funkční výrobců strojů a zařízení je nuceno vybavo- šeně řečeno, rychlý systém pohyb bezpečně vat své výrobky řídicími systémy podle přání „ubrzdí“ z větší rychlosti za stejnou dobu jako bezpečnost svých odběratelů. Pokud jde jen o řídicí sys- pomalý systém z menší rychlosti. Ne proto, Asi před deseti lety se na trhu začaly ob- tém, znamená to programátorskou práci na- že by brzdil intenzivněji, ale proto, že zarea- funkční bezpečnostfunkční jevovat první systémy zajišťující funkční bez- víc. V případě bezpečnostních systémů však guje rychleji, vydá povel k brzdění dříve než pečnost strojů a strojních zařízení (bezpeč- nostní systémy), které pro bezpečný přenos zpráv mezi prvky systému používají komu- nikační sběrnice. Jejich přednosti oproti kon- venčním, „zadrátovaným“ bezpečnostním systémům jsou nepřehlédnutelné a přispíva- jí k rozvoji a upevnění pozice těchto nových systémů na trhu. K nesporným přednostem bezpečnostních systémů založených na ko- munikačních
    [Show full text]