Wi-Fi protected access for secure power network protection scheme

Electrical Power and Energy Systems 46 (2013) 414–424

Contents lists available at SciVerse ScienceDirect

Electrical Power and Energy Systems journal homepage: www.elsevier.com/locate/ijepes

Wi-Fi protected access for secure power network protection scheme M.M. Eissa a,⇑, Ihab A. Ali b, K.M. Abdel-Latif a a b

Electrical Power Engineering Department, Faculty of Engineering, Helwan, Cairo, Egypt Communications, Electronics and Computer Engineering Department, Faculty of Engineering, Helwan, Cairo, Egypt

a r t i c l e

i n f o

Article history: Received 4 October 2010 Received in revised form 20 May 2012 Accepted 20 October 2012 Available online 30 November 2012 Keywords: Power network Protection Wireless communication Wi-Fi protocol Data security Experimental investigation

a b s t r a c t The paper presents a major consideration for enhancement of the transmission line protection using wireless fidelity (Wi-Fi) communication protocol for data sharing between relays. The principle of using the wireless technology for transmission line protection is introduced. The proposed protection scheme proved high degree of reliability and stability. Securing data transfer is very essential to be considered in this study. Securing data transfer between relays is an important concern to guarantee sufficient protection of the network. Such major factor is very essential for enhancement of the power network protection scheme using the new technology of wireless. Three possible alternatives to this problem are discussed in this paper. Short and long term solutions are also considered. Two security mechanisms are used using D-Link DWL-G700AP Access Point cards. The cards are interfaced with a prototype transmission line model. They have the ability to transfer files with a maximum wireless signal rate up to 54 Mbps. Wi-Fi Protected Access (WPA) as a security system is proved to solve many problems with advanced encryption in addition to providing authentication. Ó 2012 Elsevier Ltd. All rights reserved.

1. Introduction Current differential relaying is a method of extending the benefits of differential protection as applied to transformers, buses or generators to the protection of transmission lines. Comparing current flowing into a line to the current flowing out of same line allows for a simple protection scheme with high sensitivity and high speed simultaneous tripping of both line terminals. The principle of using the wireless technology for transmission line protection is introduced in [1–3]. At the same time, the differential scheme is unaffected by external effects such as faults, load and power swings [4–6]. The percentage differential principle originally developed for transformer and generator protection was extended for use on short transmission lines already in the 1930s, and is still widely in use. These pilot wire relays typically use a telephone type pilot wire channel to exchange analog information between the line terminals. The electromechanical pilot wire relays were very easy to set; they either came with factory default fixed sensitivity or had a few tap settings [6]. The disadvantages of using pilot wire protection include limited line length (10–20 km) because of the resistance and capacitance of the pilot wire, the loss of relay function due to line disconnection, and the need to provide costly wire link protection. Charging

⇑ Corresponding author. Tel.: +20 1003562971; fax: +20 22558413. E-mail address: [email protected] (M.M. Eissa). 0142-0615/$ - see front matter Ó 2012 Elsevier Ltd. All rights reserved. http://dx.doi.org/10.1016/j.ijepes.2012.10.034

current is a capacitive leakage current on the transmission line. Unlike the load current, the charging current into one line end is not exiting the other. The charging current will cause a differential current when comparing the currents in the two line-ends [6]. The digital line current differential relay samples the currents, processes them and sends them over a digital communications link in digital format resulting in a time delay with respect to the realtime samples at the receiving end. This time delay is seen by the relay as a phase shift between local and remote current samples, and the phase difference is proportional to the channel delay [7]. The length of the line that can be protected by the pilot wire differential protection is limited by the effect of resistance and capacitance of the pilot wire. Moreover the relay function may be lost due to line disconnection. The wire link also needs additional protection [8]. Communication system approaches and interface techniques are one of the most important parts in the process of monitoring, control and protection of power systems. Nowadays, there are many advanced communication techniques that can be used to improve protection, control, speed outage restoration, operation analysis, maintenance and planning. These communication facilities also allow engineers to exchange operation, test and maintenance information with the neighboring utilities, and access real-time and historical relay information [9]. There are many different types of communication media such as twisted pair cable, coaxial cable, fiber optic cable and wireless communication. The wireless networks are now becoming by far the most popular choice for new network algorithm.

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

The wireless networks are now becoming a very popular choice for limited distance protection and control applications. The wireless communication network allows the exchange of information among the protection relays. The exchange of information among the relays assists the protective relays to make the correct decision. Fig. 1 shows the new generation of differential protection principle based on communication protocol between two relays (Wi-Fi), the final decision is based on the shared information (current signals) sent through a wireless communication network. Applying this technology in transmission line protection satisfies many features. Synchronized measurements. The final decision is based on sharing information. Information exchange with the neighbors. Relays behave adaptively according to any change in system parameters.  Wireless communication (no need for pilot wires).  Lower cost compared to leased lines.  Faster response time.    

The principle of using wireless technology in transmission line protection was firstly introduced in [1–3]. Such protection scheme proved high degree of reliability and stability. Securing data transfer was not considered in this study. Securing data transfer between relays is an important concern to guarantee sufficient protection of the network. Such major factor is very essential for enhancement of the power network protection scheme using the new technology of wireless. The paper introduces three possible alternatives to this problem. Short and long term solutions are considered. The WEP and WPA security mechanisms are tested through D-Link DWL-G700AP Access Point cards. 2. Differential relay Many papers are published to enhance the power system protection and operation [10–15]. The most proper type of the protection

415

is the differential type. The current differential transmission lines protection system consists of two relays, one located at the sending end and the other at the receiving end. The final decision of two relays is based on shared information (current signals) sent through a wireless communication network, Fig. 2. The differential relay feature can be now obtained based on data available from all sides. The criterion of the current differential protection is given for each transmission line as [5,16,17]. Determining threshold values are essential in identifying the reach of the relay, especially in the case of external short circuit. However, the protection conducts the differential comparison between the phase currents, in which the load currents are involved. Therefore, the threshold should be selected based on a practical difference between sending and receiving currents before fault occurrence. In this case the relay will cover any asymmetry encountered in the system as follows:

Xk j¼1

Xk j¼1

Xk j¼1

T1

Dia;b;c ðkÞ ¼

k1   X  T1  T1 T1 Dia;b;c ðkÞ þ is a;b;c ðjÞ  ir a;b;c ðjÞ j¼1

T2

Dia;b;c ðkÞ ¼

  k1 X  T2  T2 T2 Dia;b;c ðkÞ þ is a;b;c ðjÞ  ir a;b;c ðjÞ j¼1

T3

Dia;b;c ðkÞ ¼

  k1 X  T3  T3 T3 Dia;b;c ðkÞ þ is a;b;c ðjÞ  ir a;b;c ðjÞ j¼1

P where Di is the sum of the absolute differences of the faulted current signals for each transmission line for phase a, b and c up to kth samples, is and ir denote the currents on both side of the protected lines T1, T2 and T3. As mentioned earlier, the scheme is based on obtaining data through Wi-Fi communication protocol between two relays. The Wi-Fi protocol is specified for data communication over wireless channel which is by nature more prone to noise than its wired counterpart. The reliability and security of the shared information

Fig. 1. The studied configuration system.

416

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

Fig. 2. Main parts of the protection system.

(current signals) sent through a wireless communication network is thus very important issue and should be considered. Security concerns of the Wi-Fi data shared and the suggested solution are given in the next sections. 3. Problems to be solved The following factors affecting on data security are discussed here. Confidentiality: data is only being accessible by authorized parties. This type of access includes printing, displaying, and other forms of disclosure, including simply revealing the existence of an object. Integrity: only authorized parties can modify data. Modification includes writing, changing, changing status, deleting, and creating. Authenticity: a host or service is able to verify the identity of a user. The current signals measured at each relay need to be protected against interception, malicious modification and un-authorized access. This is especially true during wartime, where the power network is one of the most important targets of an enemy. The original Wi-Fi standard has limited optional security measures. Later versions of the standard, widely available now, involves enhanced security measures (WPA). Another alternative to handle data security is through the use of IP-Sec. These alternatives are extensively discussed in the paper.

and the communicating stations, the IEEE 802.11 standard stipulates an optional encryption protocol called Wired Equivalent Privacy (WEP) [14,5]. IEEE 802.11 defines three services that provide a wireless LAN with access and privacy services. Authentication is used to establish the identity of stations to each other. In a wired LAN, it is generally assumed that access to a physical connection conveys authority to connect to the LAN. This is not a valid assumption for a wireless LAN, in which connectivity is achieved simply by having an attached antenna that is properly tuned. The authentication service is used by stations to establish their identity with stations they wish to communicate with. IEEE 802.11 supports several authentication schemes and allows for expansion of the functionality of these schemes. The standard does not mandate any particular authentication scheme, which could range from relatively unsecure handshaking to public-key encryption schemes. However, IEEE 802.11 requires mutually acceptable, successful authentication before a station can establish an association with an Access Point (AP). De-authentication: This service is invoked whenever an existing authentication is to be terminated. Privacy: Used to prevent the contents of messages from being read by other than the intended recipient. The standard provides for the optional use of encryption to assure privacy.

In this section, three alternatives of securing data exchange in the network are discussed. These are Wi-Fi security (WEP) [18,19], Wireless Protected Access (WPA) [19] and Internet Protocol Security (IP-Sec) [20]. The main features of each are presented below. In this paper, WEP and WPA are practically investigated.

The original 802.11 specification included a set of security features for privacy and authentication that, unfortunately, are quite weak. For privacy, 802.11 defined the Wired Equivalent Privacy (WEP) algorithm. The privacy portion of the 802.11 standard contained major weaknesses. Subsequent to the development of WEP, the 802.11i task group has developed a set of capabilities to address the WLAN security issues. In order to accelerate the introduction of strong security into WLANs, the Wi-Fi Alliance promulgated Wi-Fi Protected Access (WPA) as a Wi-Fi standard. WPA is a set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard. As 802.11i evolves, WPA will evolve to maintain compatibility.

4.1. Wi-Fi security

4.2. WPA

To protect the integrity of the data, ensure the privacy and authentication of over the air transmission between access points

The 802.11i task group has developed a set of capabilities to address the WLAN security issues. In order to accelerate the

4. Proposed solutions

417

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

introduction of strong security into WLANs, the Wi-Fi Alliance promulgated Wi-Fi Protected Access (WPA) as a Wi-Fi standard. WPA is a set of security mechanisms that eliminates most 802.11 security issues and is based on the current state of the 802.11i standard. As 802.11i evolves, WPA will evolve to maintain compatibility. IEEE 802.11i addresses three main security areas: authentication, key management, and data transfer privacy (see Fig. 3). To improve authentication, 802.11i requires the use of an authentication server (AS) and defines a more robust authentication protocol. The AS also plays a role in key distribution. For privacy, 802.11i provides three different encryption schemes. The scheme that provides a long-term solution makes use of the Advanced Encryption Standard (AES) with 128-bit keys. However, because the use of AES would require expensive upgrades to existing equipment, alternative schemes based on 104-bit RC4 are also defined. IEEE 802.11i makes use of another standard that is designed to provide access control functions for LANs. The standard is IEEE 802.1X, Port-Based Network Access Control. IEEE 802.1X uses the terms supplicant (wireless station), authenticator (access point), and authentication server (AS). Before a supplicant is authenticated by the AS, using an authentication protocol, the authenticator only passes control or authentication messages between the supplicant and the AS; the 802.1X control channel is unblocked but the 802.11 data channel is blocked. Once a supplicant is authenticated and keys are provided, the authenticator can forward data from the supplicant, subject to predefined access control limitations for the supplicant to the network. Under these circumstances, the data channel is unblocked. As indicated in Fig. 4, 802.1X uses the concepts of controlled and uncontrolled ports. Ports are logical entities defined within the authenticator and refer to physical network connections. For a WLAN, the authenticator (the AP) may have only two physical ports, one connecting to the Distribution System (DS) and one for wireless communication within its Basic Service Set (BSS). Each logical port is mapped to one of these two physical ports. An uncontrolled port allows the exchange of Protocol Data Units (PDUs) between the supplicant and other the AS regardless of the authentication state of the supplicant. A controlled port allows the exchange of PDUs between a supplicant and other systems on the LAN only if the current state of the supplicant authorizes such as exchange. IEEE 802.11i defines two schemes for protecting data transmitted in 802.11 MAC PDUs. The first scheme is known as the Temporal Key Integrity Protocol (TKIP) or WPA-1. TKIP is designed to require only software changes to devices that are implemented

Station

Access Point

Authentication Server

Security capabilities discovery

Authentication

Key management

Key distribution

Data protection Fig. 3. Wi-Fi protected access, WPA.

Uncontrolled Port

Authenticati on Server Access Point

Station Controlled Port

Controlled Port To DS

To other wireless stations on this BSS Fig. 4. WPA access control.

with an older wireless LAN security approach called Wired Equivalent Privacy (WEP); it uses the same RC4 stream encryption algorithm as WEP. The second scheme is known as Counter Mode-CBC MAC Protocol (CCMP) or WPA-2. CCMP makes use of the Advanced Encryption Standard (AES) encryption protocol. Both TKIP and WPA-2 add a message integrity code (MIC) to the 802.11 MAC frame after the data field. The MIC is generated by Michael algorithm that computes a 64-bit value calculated using the source and destination MAC address values and the Data field. This value is then encrypted using a separate key from that used for encrypting the Data fields. Thus, both the data and MIC fields are encrypted. The use of a more complex algorithm, a separate encryption key, and a 64-bit length, all make the MIC a substantially stronger message authentication feature than the ICV. The MIC serves the purpose of message authentication. 4.3. IP-Sec In 1994, the Internet Architecture Board (IAB) issued a report entitled Security in the Internet Architecture (RFC 1636). The report stated the general consensus that the Internet needs more and better security, and it identified key areas for security mechanisms. Among these were the need to secure the network infrastructure from unauthorized monitoring and control of network traffic and the need to secure end-user-to-end-user traffic using authentication and encryption mechanisms. In response to these issues, the IAB included authentication and encryption as necessary security features in the next-generation IP, which has been issued as IPv6. Fortunately, these security capabilities were designed to be usable both with IPv4 and IPv6. IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. The principal feature of IPSec that enables it to support these varied applications is that it can encrypt and/or authenticate all traffic at the IP level, for all distributed applications. IPSec provides three main facilities: an authentication-only function referred to as Authentication Header (AH), a combined authentication/encryption function called Encapsulating Security Payload (ESP), and a key exchange function. For virtual private networks, both authentication and encryption are generally desired,

418

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

because it is important both to (1) assure that unauthorized users do not penetrate the virtual private network and (2) assure that eavesdroppers on the Internet cannot read messages sent over the virtual private network. Because both features are generally desirable, most implementations are likely to use ESP rather than AH. The key exchange function allows for manual exchange of keys as well as an automated scheme. The IPSec specification is quite complex and covers numerous documents. A key concept that appears in both the authentication and confidentiality mechanisms for IP is the security association (SA). An association is a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it. If a peer relationship is needed, for two-way secure exchange, then two security associations are required. Security services are afforded to an SA for the use of AH or ESP, but not both. A security association is uniquely identified by three parameters: Security parameters index (SPI): A bit string assigned to this SA and having local significance only. The SPI is carried in AH and ESP headers to enable the receiving system to select the SA under which a received packet will be processed. IP destination address: Currently, only unicast addresses are allowed; this is the address of the destination endpoint of the SA, which may be an end user system or a network system such as a firewall or router. Security protocol identifier: This indicates whether the association is an AH or ESP security association. Hence, in any IP packet, the security association is uniquely identified by the Destination Address in the IPv4 or IPv6 header and the SPI in the enclosed extension header (AH or ESP). An IPSec implementation includes a security association database that defines the parameters associated with each SA. A security association is defined by the following parameters: Sequence number counter: A 32-bit value is used to generate the sequence number field in AH or ESP headers. Sequence counter overflow: A flag indicating whether overflow of the sequence number counter should generate an auditable event and prevent further transmission of packets on this SA. Anti-replay window: determines whether an inbound AH or ESP packet is a replay by defining a sliding window within which the seq. no. must fall. AH information: Authentication algorithm, keys, key lifetimes, and related parameters being used with AH. ESP information: Encryption and authentication algorithm, keys, initialization values, key lifetimes, and related parameters are used with ESP. Lifetime of this security association: A time interval or byte count after which SA must be replaced with a new SA (and new SPI) or terminated, plus an indication of which of these actions should occur. IPSec protocol mode: Tunnel, transport, or wildcard. Path MTU: Any observed path maximum transmission unit (maximum size of a packet that can be transmitted without fragmentation) and aging variables (required for all implementations). The key management mechanism that is used to distribute keys is coupled to the authentication and privacy mechanisms only by way of the security parameters index. Hence, authentication and privacy have been specified independent of any specific key management mechanism. The authentication header provides support for data integrity and authentication of IP packets. Authentication is based on the use of a message authentication code (MAC), as described in

Fig. 5. IP-Sec authentication header.

[21]; hence the two parties must share a secret key. The authentication header consists of the following fields, as shown in Fig. 5: Next Header (8 bits): The type of header immediately following this header. Payload Length (8 bits): Length of authentication header in 32bit words, minus 2. Reserved (16 bits): For future use. Security Parameters Index (32 bits): Identifies a security association. Sequence Number (32 bits): A monotonically increasing counter value. Authentication Data (variable): A variable-length field (must be an integral number of 32-bit words) that contains the integrity check value (ICV), or MAC, for this packet. The authentication data field is calculated over: IP header fields that either do not change in transit (immutable) or that are predictable in value upon arrival at the endpoint for the AH SA; the AH header other than the Authentication Data field; and the entire upperlevel protocol data, which is assumed to be immutable in transit. The encapsulating security payload provides confidentiality services, including confidentiality of message contents and limited traffic flow confidentiality. As an optional feature, ESP can also provide an authentication service. Fig. 6 shows the format of an ESP packet. It contains the following fields: Security Parameters Index (32 bits): Identifies a security association.

Fig. 6. ESP packet format.

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

Sequence Number (32 bits): A monotonically increasing counter value. Payload Data (variable): This is an upper-level segment protected by encryption. Padding (0–255 bytes): May be required if the encryption algorithm requires the plaintext to be a multiple of some number of octets. Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this field. Next Header (8 bits): Identifies the type of data contained in the payload data field by identifying the first header in that payload (for example, an extension header in IPv6, or an upper-layer protocol such as TCP). Authentication Data (variable): A variable-length field (must be an integral number of 32-bit words) that contains the integrity check value computed over the ESP packet minus the Authentication Data field. 5. Overall structure of the laboratory model The main parts of the laboratory model used to test the proposed technique of protecting the transmission line with security are shown in Fig. 7. A single machine connected to a constant voltage bus was physically modeled in the power research laboratory at the University of Calgary. A software program has been developed. The software program for the digital relay at both ends of the transmission line is applied using LABVIEW package [22]. 5.1. Physical model A three-phase 3 kVA, 208 V synchronous micro- alternators driven by a 7.5 hp separately excited DC machine is employed to model the generating station. The station is connected to the city constant voltage system (infinite bus) through a transmission line. The micro-alternator has a 60 Hz direct axis inductive reactance,

419

Xd, of approximately 30 X. The amount of transferred power as well as the power factor at the micro-alternator terminals can be adjusted. 5.2. Transmission line modeling The transmission line is modeled by a lumped element physical model consisting of six identical K-sections, each section representing 50 km of a 500 kV transmission line, cascaded together to form 300 km line length. Each K section consists of two shunt capacitors, CK, with capacitance 7.5 lF each and one inductor with a 60 Hz inductive reactance, XK, of 0.7 X and an internal resistance of approximately 0.1 X. On a per unit basis, the physical model represents a large system of approximately 600 MVA [23]. Line currents are used as the input signals to the current differential relay. The currents are obtained through three current transducers. The current transducers convert the current signals to low voltage signals suitable for the input channels of the data acquisition card. 5.3. Data Acquisition Card (DAC) The purpose of the Data Acquisition Card (DAC) is to convert the analog data into a form usable by a digital processor. The data acquisition card is characterized by 14-bit input resolution and the sampling rate is 48 kHz. Three input channels for three phase currents are used with a sampling frequency of 10 kHz for each channel. Fig. 8 shows the data acquisition card used in the study. 5.4. Wireless communication network The Main parts of the wireless communication network used are Wireless Access Point and Wireless Access Point/Bridge. These can be explained as follows:

Fig. 7. Laboratory model main parts of the protection system.

420

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424 Table 1 Specifications of the wireless access point. Standards Device management Wireless signal rates Wireless frequency range Security

Wireless transmit power Power

IEEE 802.11g Web-based – Internet Explorer v6 or later 802.11 g: 54 Mbps 2.412–2.462 GHz 64/128-bit WEP WPA (Wi-Fi Protocol access) MAC addressing filter 15dBm (32 mW) ± 2 dB External power supply: DC 5 V/2A AC adapter: 100–120 V

Fig. 8. Data acquisition card used in study.

G700AP is also backwards compatible to 802.11b. The Access Point features Wi-Fi Protected Access (WPA) and 64/128-bit WEP Encryption to provide an enhanced level of security for wireless data communication. The DWL-G700AP also includes additional security features to keep the wireless connection safe from unauthorized access.

5.4.1. Wireless access point The D-Link DWL-G700AP Access Point has the ability to transfer files with a maximum wireless signal rate of up to 54 Mbps. Fig. 9 shows the wireless access point. The DWL-G700AP is Wi-Fi IEEE 802.11 g compliant, meaning that it can connect and interoperate with other 802.11 g compatible wireless client devices. The

5.4.2. Wireless access point bridge The Wireless Bridge D-Link DWL-810+ is a high-speed wireless networking product capable of transfer rates up to 22Mbps. The D-Link Air plus DWL-810+ Ethernet-to-Wireless Bridge is a device that can be implemented in a variety of ways to provide wireless

Fig. 9. Detailed view and connection terminals of the wireless access point.

Fig. 10. Detailed view and connection terminals of the wireless access point/Bridge.

421

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

Share data Ib2 with WEP/WPA /IPSec security

Share data Ib1with WEP/WPA /IPSec security

Share data Ic2 with WEP/WPA /IPSec security

Share data Ic1 with WEP/WPA /IPSec security

Share trip CB1with WEP/WPA /IPSec security

Share trip CB1with WEP/WPA /IPSec security

Fig. 11. Data transmission security between two stations using DWL-G700AP.

422

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

access by converting an Ethernet connection. The DWL-810+ also features 256-bit WEP encryption for a higher level of security for the communication between relays. This inexpensive, compact bridge can be used to expand the number of devices and peripherals available on the wireless network. Fig. 10 shows the wireless bridge.

6. Laboratory model operation 6.1. Setup of wireless communication network The DACs are interfaced at the two ends of the transmission lines. After reading the data, they are sent through two wireless access points using the Wi-Fi protocol. In the study the DWL-G700AP Wi-Fi IEEE 802.11 g is used. The lab View program controls the capacity of data files. Unauthorized use of the network is a serious concern for wireless network operators. Illicit clients rob the network of bandwidth and resources in addition to constituting an information security risk for the clients on the network. Typical Wi-Fi security has been faulted for being weak. Smart antenna products overcome these weaknesses by employing several advanced methods for securing a wireless network. Wi-Fi Protected Access (WPA) security solves this problem with advanced encryption in addition to providing authentication. For encryption, WPA uses a method called Temporary Key Integrity Protocol (TKIP). TKIP requires that the key be changed frequently. It first determines which keys will be used, then transmits the global key to each client on the network and validates the security settings of the clients. WPA also uses Message Integrity Code (MIC) to validate the data sent and received on the network. This provides a ‘‘trusted’’ source for each packet of data on the network preventing

Fig. 12. Expanded WEP data format [19].

rogue clients from spoofing connections. WPA also authenticates clients onto the network. The combination of strong encryption and authentication has made WPA the choice of many security professionals securing wireless networks. An additional way of controlling access to a wireless network is MAC address filtering. Each client bridge or client device that can access a wireless network has a MAC address coded into its network adapter. These addresses are unique and advertised to the access point when requesting access to the network. Smart Antenna products allow connections to be refused if their MAC address is not on an approved list of MAC addresses. To grant access to a network, the MAC address is easily entered into the access point. Any client that does not have its MAC address on the approved list is simply not granted a connection (See Table 1). 6.2. Synchronization element To evaluate the differential protection based on current signals measured at both ends of the transmission line, the current samples have to be taken at the same time on both terminals. This requires that relay clocks be synchronized; any time difference between the relays clocks will translate into a differential current that may cause a relay to miss-operate. The protection scheme described above has been implemented as a software program and applied at both ends of the transmission line using LABVIEW package [1–3]. The laboratory experimental model is setup to test the performance of the relays when data sharing between two computers. When IP-Sec is used, this would require encrypting the data to be shared prior to sending it over the non-secure channel. On the other hand, when WPA is used, there is no need for such encryption (i.e., this is taken care through the WPA-enabled WiFi device NIC, Router, etc.). Generator bus relay performance during a three phase solidly grounded fault at 100 km from the generator side without any delay in communication network is shown in Fig. 11. The current signals measured at the generator bus side (Ia1, Ib1 and Ic1) and at the city bus side (Ia2, Ib2 and Ic2) are exchanged through the wireless communication network (Wi-Fi protocol) [1–3], Fig. 11a–c. Deviation signals for phases A, B and C for the transmission line are shown in Fig. 11e. The deviation signals of phases A, B and C are greater than the threshold value. This means that the fault is an internal three phase fault. The relays at both the generator bus and city Bus ends again use the wireless communication network to exchange the decision. After exchanging the decision the relays at both ends of the line are certain that the line is faulted and they produce tripping signals to CB1 and CB2 to disconnect. The tripping signal of the relay at generator bus is shown in Fig. 11f. The current signals at the generator and city bus ends are also measured during

Fig. 13. Construction of WPA-1 PDU [19].

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

an internal three phase short circuit fault at 100 km from the generator bus. The security mechanisms discussed earlier to such network is applied. It should be noted that stations in Wi-Fi protocol (here protection relays support stations) are allowed to exchange data through one of two modes. In Infrastructure mode, stations communicate through a centralized relay point (the AP) while in Ad Hoc mode, the stations themselves act as data relays among themselves. It is considered that existing commercial Wi Fi devices (network interface cards NIC’s, Access Points AP’s, etc.) support only WEP, so the choice on the short-term is made between an Infrastructure mode Wi Fi implementing WEP inherent in the devices and Ad Hoc Wi-Fi implementing IP-Sec into the OS of the Ad Hoc stations. On the other hand, the long-term solution considers the choice between WPA in Infrastructure mode and IP-Sec in Ad Hoc mode. 6.3. Short-term solution Here we consider the fact that on short term NIC’s and AP’s support only WEP and not WPA, so we present a side-by-side comparison between an infrastructure mode Wi-Fi implementing WEP inherent in the devices and Ad Hoc Wi-Fi implementing IP-Sec into the OS of the Ad Hoc stations. In infrastructure mode, the measurement data at each relay are encapsulated in WEP PDU as shown in Fig. 12 which is then encapsulated in MAC/LLC standard frames before transmission over the wireless link. In Ad Hoc mode, the measurement data are first encapsulated at the IP layer within an IP datagram with optional AH and ESP headers as indicated in Figs. 5 and 6 included in the datagram. The security level offered by this option is far better than that offered by the simple WEP option. This comes at the expense of delayed S/W oriented processing. One of WEP’s weaknesses is that it uses a small static key to initiate encryption. This 64 bit key is entered manually on the AP and on all relays that communicate with the AP. It does not change unless it is manually re-entered on all devices. We still recommend the use of IP-Sec option at this stage to ensure secure operation of the protection network. 6.4. Long-term solution In this case WEP is no longer supported but replaced with the stronger WPA security mechanism, so we present a side-by-side comparison between an Infrastructure mode Wi-Fi implementing WPA inherent in the devices and Ad Hoc Wi-Fi implementing IPSec into the OS of the Ad Hoc stations. In Infrastructure mode, the measurement data at each relay is encapsulated in WPA-1 PDU as shown in Fig. 13 which is then encapsulated in MAC/LLC standard frames before transmission over the wireless link. In Ad Hoc mode, the measurement data are first encapsulated at the IP layer within an IP datagram with optional AH and ESP headers as indicated in Figs. 5 and 6 included in the datagram. The security level offered by both schemes are so close that we prefer at that stage the choice of the less-latent WPA option. TKIP used in WAP uses a key hierarchy and key management methodology. The message integrity check (MIC) is designed to prevent an attacker from capturing data packets. The MIC provides a strong mathematical function in which the receiver and the transmitter each computer and then compare the MIC. If they do not match, the data is assumed to have been tampered with and the packet is dropped. Also, the main function of the WAP is the automatic distribution of keys and dynamic sessions keys used per user, per session and per packets. Now suppose the unsecure Wi-Fi communication channel is secured through either IP-Sec (short-term operation scenario),

423

or WPA (long-term operation scenario), the data shared between the communicated relays is exchanged without fear of compromising confidentiality, authenticity and/or integrity of shared data.

7. Conclusion Novel philosophy for protecting the transmission line using WiFi technology is proposed. The problem of securing data exchange in power network protection scheme based on Wi-Fi protocol was explained. Three alternatives security methods (WEP, WPA and IPSec) are discussed and the features of each one are also presented. A case study comparing the three systems on short and long term is also given which indicates that the third option (IP-Sec) is preferred on the short term over the first option (WEP) where the second option (WPA) is not available. It also indicates that on the long-term the first option is no longer in use, the second option (WPA) would be then preferred over the IP-Sec. A practical investigation is given to show the capability of using the second option (WPA) on the long-term when data handled between two relays. The DWL-G700AP Access Point features the Wi-Fi Protected Access (WPA) and 64/128 bit WEP Encryption. The DWL-F700AP also includes an embedded DHCP server that can automatically assign IP addresses network clients. These tools helped in proving the level of security for wireless data communications based on WPA. The main function of the WPA is the automatic distribution of keys and dynamic sessions keys used per user, per session and per packets. The new philosophy of protecting the transmission lines using the Wi-Fi technology with high security have been practically proved.

References [1] Eissa MM, Ali AS, Masoud ME, Abdel-Latif KM. A new protection scheme for short transmission lines using IEEE 802.11 protocol. Transmission & distribution construction, operation and live-line maintenance, ESMO 2006. In: IEEE 11th International conference, October 15–19, 2006. [2] Ali AS, Eissa MM, Masoud ME, Abdel-Latif KM. Efficient protection scheme for short transmission lines using Wi-Fi technology. In: International conference on communication, computer & power (ICCCP’07). Muscat; February 19–21, 2007. p. 379–84. [3] Abdel-Latif KM, Eissa MM, Ali AS, Malik OP, Masoud ME. Laboratory investigation of using Wi-Fi protocol for transmission line differential protection. IEEE Trans Power Delivery 2009;24(3):1087–94. [4] Walter A Elmore. Protective relaying theory and application; 2004. [5] Eissa MM, Malik OP. A new digital directional transverse differential current protection technique. IEEE Trans Power Deliv 1996;11(3):1285–91. [6] Horowitz SH, Phadke AG. Power system relaying. Taunton (Somerest, England): Research Studies Press; 1992. [7] Ilia Voloh, Ray Johnson, Multilin GE. Applying digital line current differential relays over pilot wires. Protective relay engineers, 2005. In: 58th Annual conference, April 2005. p. 287–90. [8] Yalla Murty, Adamiak Mark, Apostolov A, Beatty J, Borlase S, Bright J, et al. Application of a Peer-to-peer communication for protective relaying. IEEE Trans Power Deliv 2002;17(2):446–51. [9] Wang XR, Hopkinson KM, Thorp JS, Giovanini R, Birman K, Coury D. Developing an agent-based backup protection system for transmission networks. In: Power systems and communications infrastructures for the future. Beijing, September 2002. [10] Vaisakh K, Praveena P, Rama Mohana Rao S, Meah Kala. Solving dynamic economic dispatch problem with security constraints using bacterial foraging PSO-DE algorithm. Int J Electr Power Energy Syst 2012;39(1): 56–67. [11] Dash PK, Padhee Malhar, Barik SK. Estimation of power quality indices in distributed generation systems during power islanding conditions. Int J Electr Power Energy Syst 2012;36(1):18–30. [12] da Rosa Mauro A, Leite da Silva Armando M, Miranda Vladimiro. Multi-agent systems applied to reliability assessment of power systems. Int J Electr Power Energy Syst 2012;42(1):367–74. [13] Olson Arne, Jones Ryan. Chasing grid parity: understanding the dynamic value of renewable energy. Electric J 2012;25(3):17–27. [14] Hernández JC, De la Cruz J, Ogayar B. Electrical protection for the gridinterconnection of photovoltaic-distributed generation. Electric Power Syst Research 2012;89(August):85–99.

424

M.M. Eissa et al. / Electrical Power and Energy Systems 46 (2013) 414–424

[15] Eissa MM. A new digital relaying scheme for EHV three terminals transmission lines. Electric Power Syst Res 2004;73:107–12. [16] Eissa MM. Development and investigation of a new high-speed directional relay using field data. IEEE Trans Power Deliv 2008;23(3): 1302–8. [17] Eissa MM. A new digital feed circuit protection using directional element. IEEE Trans Power Deliv 2009;24(2):531–7. [18] IMT-2000. Geneva 2001–2002. [19] IEEE standard for Information technology. Telecommunications and information exchange between systems – Local and metropolitan area networks – specific requirements. Part 11: Wireless LAN medium access

[20] [21] [22] [23]

control (MAC) and PHYSICAL layer (PHY) specifications. IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999). William Stallings. Data and computer communications. 8th ed. Pearson Education; 2009. Khan J, Khwaja A. Building secure wireless networks with 802.11. Wiley Publishing Inc.; 2003. Johnson Gary W, Jennings Richard. LAB VIEW graphical programming. McGrawHill; 2006. Gilany M. A microprocessor-based relay for parallel transmission line. Ph.D. Dissertation. Canada: Dept. of Electrical and Computer Eng., University of Calgary; 1992.