Case of study of a Profinet network using Asset Detection Methods

Its setup provides star and line topologies, besides a ring topology using manage switches. The results show the operation of MRP protocol and achieved values for the performance indicators in real factory automation applications. Keywords-Profinet; Programmable Logic Controller (PLC); Profibus; GRASSMARLIN; CBA (Component Based Automation) I. INTRODUCTION According to Dolejs (2004 p. 39), industrial control systems security presents a challenge for asset owners who may not have expertise in this area. 5) defined profinet as an open standard leading industrial Ethernet standard for automation which is supported by Profibus and Profinet International (PI). In an ISO (International Standard Corporation) communication model, the procedures are divided into interfaced components. Profinet is important in providing maximum flexibility in that it enables firms to establish tailored concepts.

Secondly, it’s more efficient to use profinet due to its ability to ensure maximum use of Plant’s resources thus boosting productivity. This study presents a performance analysis based on some performance indicators of a large Profinet network using Asset Detection Methods: Passive Asset Detection and Active Detection. IDS has become an important component in multilayer cyber security. It is the system designed for monitoring and evaluation ICT networks and systems. Moreover, IDS dynamically detects malicious activity and triggers alerts for administrators in order to take appropriate actions. The detection methodologies are a crucial part of a considerable number of cyber security systems like firewalls, antivirus software or IDS. Moreover, there are two main groups of detection methodologies. It provides important benefits for automation systems like real-time communication, security, diagnostics, performance, energy management, and safety.

There are two types of PROFINET: PROFINET CBA (Component Based Automation) and PROFINET IO (Input Output). In our study, the sample network is created by using PROFINET IO devices which provide communication between distributed devices in the field. It offers many benefits like high speed operation, support for time critical motion control, short startup, and distributed systems. PROFINET IO was designed for fast communication between field devices. PLC has two main units Input side which has modules with 8, 16 or 32 inputs depending on the model. This unit converts signals from other devices such electrical signals into digital signals for interpretation. Another elements found in input side are LED indicators which helps in indicating the status of a given input. They allow for fast problem recognition and send signals if any of the inputs is not working properly.

For the proper management of inputs signals, PLC uses multiplexers which select one of many analog and digital signals and forward the selected input into a single line. Asset Management is essential in information security as it keeps track on the devices on the same network GRASS MARLIN This is a tool used for mapping passive network and is crucial in performing initial analysis. The Logical View of RASSMARLIN maps IP networks from PCAPs (packet capture) and has the ability to perform live capturing. Its ability to draw a logical map of connections, both one way and two way connections makes it an important tool. Grass Marlin helps in maintaining Industrial Control Systems (ICS) and detects any failures in the system which may lead to loss of assets and lives.

It is used to perform passive mapping of the all the industrial devices in the same network. The measurement system used in this study is structured by hardware and software that intercepts and re cords network data flow, providing its storage for offline analysis. Hardware consists of a sniffer called Industrial Ethernet TAP. This equipment was installed at link that connects the 10-Controller and switch "1. It is important to highlight that this link provides acquisition of all Profinet packets exchanged between Controllers and Devices, due to the centralized control. Profinet network in this case of study has 54 devices, divided into: one 10-Controller and 10 types of IO-Devices. Concerning data flow direction, even though results shown better determinism from IO-Controller to IO-Device, confirming the influence of device type, but some more experiments is suggested once the measurement point location, in this case, could deteriorate results in packets transmission from IO-Device, inserting delays mainly by switches.

Sniffer installation leads on a brief downtime, therefore it is recommended to be done in scheduled stop. T AP is almost transparent to the network and does not interfere in its performance as it inserts time delay, which could be negligible. It also inserts a timestamp in network packets with are solution of I nanosecond. The same measurement system was employed in others researches. In this example, the Human Machine Interface (HMI) will provide commands while PLC executes them. The industrial Protocol is using S7Comm and the role of devices is well explained. It’s the role of the personnel to locate the devices in the fields. After comparing the captured packets and GRASS MARLIN’s signatures, the information is generated with determined level of confidence of one to five (Ferrarri et al, 2008 p 65).

The S7 communication data is relayed as payload (COTP data packets) with the first byte being 0x32 protocol identifier. I addition to identifying devices, it showed a well generated fill with the necessary information on the output end. However, the study showed some notable limitations such as non-concurrence of the signatures. This is because GRASS MARLIN chooses only one signature from multiple signatures matched by devices. This poses a challenge to HMI because there is a possibility of it communicating multiples PLCs using various communicating protocols on the network. In addition, there was lack of verbosity of some signatures because most signatures have description fields on their payload for identification purposes. Proceedings. Piscataway: IEEE Operations Center, 2004. p. 39-44 WARREN, J. C.