A A K AN K S H A D H I D H I

4th SEMESTER ELECTRONICS DESIGN

UNDER THE GUIDENCE OF -

MR.RAVI SHANKAR(SAIL) AND MR.YASHPAL GOGIA(NIELIT)

SESSION : 2014-
2015
NEED OF THE PROJECT
 Steel Authority of India(SAIL) has its own private
network connecting different production units
located at Durgapur,Bokaro,Bhilai etc and
corporate offices at Delhi, Kolkata .

 Some of the links in the private Network are also

connected to open and larger network such as
INTERNET to communicate with suppliers and
customers .

 Therefore the internal network of SAIL is private

as well as public network.
 ORDERS

CORPORATE CORPORATE
OFFICE OFFICE
(DELHI) (KOLKATA)
D D
I I
R R
E E
INTERNET
C C
T T
S S CONSUMERS

PRIVATE NETWORK
SUPLLIERS

IISCO BOKARO ROURKELA DURGAPUR BHILAI

PRODUCTION UNITS

OUTSIDE
WORLD
NEED OF THE PROJECT
 Since the private network of SAIL is indirectly connected to public
network through internet.

 Therefore PLC’s working on plants are also indirectly connected to

the outside world.

 PLC’s are connected to an OPC server and OPC Servers are

based on COM/DCOM Technology.Therefore it is not possible to
route it through Firewall.

 Since the data cannot be accessed from OPC server through

firewall and removing the firewall makes the plant network
insecure and prone to viruses like STUXNET.

 Additionally it is not possible to communicate from a platform

other than Windows like Linux.
 OPC
CLIENT
(CORPORATE
OFFICE)

WINDOWS
PC
FIREWALL IS A SYATEM THAT
DCOM SECURES THE NETWORK
FIREWALL SHEILDING IT FROM
DCOM AUTHORIZED USERS

WINDOWS
PC

OPC
(DATA SERVER)

PLC DCS
HMI
What is OPC
 OLE for process control(OPC) is a software interface
technology used to facilitate the transfer of data
between industrial control system, Human machine
Interfaces(HMI) and enterprise system such as
Historical databases.

 . OPC is based on Microsoft Distributed component

Object Model technology. And DCOM doesn’t allows
data to be accessed through Firewall.
 How OPC WORKS
 An OPC Server is a Software
application that typically gathers
information from devices(such as
PLC,DCS or SCADA controllers)
using these device’s native
protocols(such as
MODBUS,PROFIBUS).

 The server then provides access to

data via COM Objects and method
calls, allowing multiple OPC clients
to indirectly read and write to the
field Device via OPC servers
What is COM/DCOM
 COM is a Binary interface standard for
software components introduced by
Microsoft in 1993.
 It is a set of binary standard and network
standard that allows any software to
communicate with each other regardless
of the operating system, hardware and
programming language.
DCOM
 DCOM is a Model as COM but is specially
designed for distributed application.

 DCOM is a proprietary Microsoft

technology for communication among
software components Distributed across
Networked Computers.

 It tries to hide the difference between

invoking Local(on the same computer) and
remote interfaces(on two different
computers)
What is COM/DCOM
 Each DCOM object has multiple interface.
 When application access an Object they
receive an indirect pointer to interface
Functions(such as read, write control to plc
etc).
 Pointer has information on the location of
an Object.
 After receiving pointer ,the calling
application doesn’t need to know where the
object is or how it does its job since the
pointer directs the calling application to it.
WHAT IS STUXNET VIRUS
 STUXNET is a computer worm that was discovered
in June 2010.

 It was first speculated in September 2010 by

researcher Ralph Langner.

 It targeted Iranian nuclear facilities including Busnehr

Nuclear Power plant or the Natanz Nuclear Facility.

 The Virus may have shut down 1000 centrifuges, gas

pipelines.
 It has an array of capabilities to turn off pressure
inside nuclear reactor or switch off gas pipelines etc.
HOW STUXNET ATTACKS PLC
 STUXNET functions by targeting machines
using the Microsoft windows operating
system and Network, then seeking out
Siemens step7 software.

 The worm then propagates across the

Network, scanning for Siemens step7
software on computers controlling a PLC.

 In the absence of PLC & SCADA

software,stuxnet becomes dormant inside
the computer.
How STUXNET ATTACKS PLC
CONTINUED….
 If the PLC or SCADA software is found STUXNET
introduces the infected commands to the PLC and
Siemens step7 software, modifying the codes and
giving unexpected commands to the PLC.

 It returns a loop of normal operation values to the

system operators operating PLC while introducing
unexpected commands to the PLC.

 It periodically modifies the frequency from low to

high and vice-versa thus affecting the normal
operation of connected motors and centrifuges
causing them to shut down and leading to permanent
damage of the machine
SOLUTION
 Thus the use of OPC connectivity in Control systems and
servers leads to DCOM based Protocol attacks(Such as
STUXNET).

 Therefore in my project I will migrating OPC Applications

from DCOM based Architecture to potentially more secure
.NET Based Architecture or Service Oriented Architecture
in which communication will be through Firewalls.

 Web services are an implementation of Service Oriented

Architecture(SOA).

 Web Services require the communication protocol to work

through firewall.
 What is SOA
 Service-oriented architecture (SOA) is an
evolution of distributed computing based on the
request/reply design pattern.

 Service-oriented architecture (SOA) is an

approach used to create an architecture based
upon the use of services.

 Services (such as Web services) carry out some

small function, such as producing data, validating a
customer, or providing simple analytical services.
What is SOA(Service Oriented Architecture)

 Service-oriented architecture (SOA) is an

evolution of distributed computing based on the
request/reply design pattern

 In Service Oriented Architecture we have a two

Software that communicate with each other i.e. Service
Provider ,Service Registry and Service Consumer
software
 SERVICE
REGISTRY

GATEWA
Y

FIREWALL

SERVICE SERVICE
PROVIDER CONSUMER

OPC SERVER
CORPORATE OFFICE
(DATA SERVER)
(DATA CLIENT)

PLC
COMMUNICATION
THROUGH FIREWALL IN
What is SOA(Service Oriented
Architecture)
 Service Provider-Service Provider is the owner of
web services. It holds the implementation of web
services application and makes it accessible via
web.

 Service Consumer- Service consumer represents

a human or a software agent that intends to make
use of some service to achieve certain goal.

 Service Registry-Service registry is a searchable

registry providing service descriptions.
HOW SOA works
 Service Provider publishes its service description
in a certain directory called Service Registry.

 Service Registry implements a set of mechanism

to facilitate service providers to publish their
service description. It also enables service clients
to enable services and get the binding
information.

 Service Consumer software make queries against

this service registry to find out what services are
available and how to communicate with the
provider
 SERVICE REGISTRY

FIND
PUBLISHES

SERVICE
SERVICE BIND
CONSUMER
PROVIDER INVOKE

SERVICE ORIENTED ARCHITECTURE

How SOA works
 Service is a well defined function that does not
depend upon the state of other services.

 Consumer software needs to know how to call a

service and what to expect in response.

 SOA is a solution for making to software

communicate with each other.

 Web services is an implementation of service

oriented architecture.
How SOA works
 Service Description is written in special
language called web service description
language(WSDL).
 Service Description has to be placed in a
service repository in this industry accepted
language .
 Service provider communicate to service
registry using SOAP protocol.
 SOAP is a Industry standard protocol to
communicate to the service registry.
Service registry WSDL Service Registry
SERVICE REGISTRY facilitate service
also enables ()
Service providers to publish
consumers to their service description
find services
and get the SOAP

binding
information SOAP
SOAP

SERVICE REQUEST
SOAP
XML
SERVICE
SERVICE CONSUMER
PROVIDER XML
XML
XML

SERVICE REQUEST

SERVICE ORIENTED ARCHITECTURE

How SOA works
 Service consumer also performs queries against
service registry using to find out how to
communicate with a services and what services
are available using SOAP protocol.

 Consumer formulates its message that is to be

send to the provider software based on service
description using tag based language XML.

 The response generated by the service provider

in XML language is also based on the specification
defined in service description using WSDL.
WHAT IS XML
 XML stands for Extensible mark up
language.

 XML provides structure to the data.

 XML is used for storing and transporting

data.
Introduction to Web services
 Web services may be deployed at
different organization across the internet
which requires the communication
protocol to work through firewalls.

 Interaction with Web services that sit

behind firewalls requires messaging
model(SOAP) to be combined with
HTTP.
Web services continued…
 Web service is defined as a software system
designed to support interoperable machine
to machine interaction over a Network. It
has an interface described in machine
processable format(specifically WSDL).

 A web service is a unit of application logic

providing data and services to other
applications. Application access web services
via web protocols and data formats such as
Http,xml,soap with no need to worry
about How each service is implemented
Interaction Between service provider, service
consumer and service registry
 Service Publication-Service publication is to
make the service available in the registry so that
service client can find it.
 Service Lookup- Service lookup is to query
the registry for certain type of service and then
retrieve the service description.
 Service Binding- Service Binding is to locate
contact and invoke service based on the binding
information in the service Description
Service Provider Architecture
 Service Provider contain two Entry point
socket.
 Entry point socket1-From Entry point
socket1 it publish its service to the
service registry.
 Entry point socket 2- It used for binding
service provider and service consumer .
 Service provider also had several exposed
interfaces for data access(like read ,write
and control).
 PUBLISH
SERVICE
REGISTRY
INTERFACE1
TO PUBLISH
SERVICE
READ
ENTRY P
POINT1
S
(SOCKET R E INTERFACE2
)1 O R WRITE
V
V
I
ENTRY
I
POINT D
(SOCKET
E C
2) INTERFACE3
R E CONTROL

TO BIND
SERVICE

SERVICE SERVICE PROVIDER

CONSUMER
FIND ARCHITECTURE
DESIGN
Service Registry Architecture
 Service Registry also had two Entry point socket.

 Entry point socket1- It is used for continue listening for published

services from service provider.

 Entry point socket 2- It used by service consumer to find published

services.

 Service Registry has several exposed interfaces to add, update and

delete Published services.

 Service Registry database used to store published service metadata

information(binding , endpoint address etc).

 Service registry Database schema defines the structure of database.

 Consumer Maintenance
Interface Screen
SERVICE REGISTRY
Consumer
service
Registry ARCHITECTURE
Maintenance

FIND
SERVICE
ENTRY
POINT 1 EXPOSED
REGISTRY INTERFACE
INTERFACE
ADD
REGISTRY
SERVICE REMOVE
ENTRY
POINT 2
UPDATE

PUBLISH PROVIDER
INTERFACE
SERVICE

SERVICE SERVICE PROVIDER

SERVICE
REGISTRY DATABASE
DATABASE SCHEMA
 SERVICE REGISTRY

FIND
PUBLISHES

SERVICE
SERVICE BIND
CONSUMER
PROVIDER INVOKE

SERVICE ORIENTED ARCHITECTURE

Extensions
 Service Oriented Architecture Gateway is
not limited only for OPC client and
servers.

 It can be used for any control system

application by placing that application in
place of OPC clients and servers.