Garibaldi Key Distribution and Management System is designed for utilities looking for a secure data transfer over wide area networks. Key distribution and access control mechanisms enables security for routable GOOSE and routable Sampled Values in IEC 61850 and DNP3 (Sav6 and AMP) networks.

Garibaldi supports GDOI protocol (specified by RFC 6407) used for key negotiation between IED and Group Controller/Key Server (GCKS). End-to-end cybersecurity is implemented according to the guidelines specified in the IEC 62351-9 standard.

Garibaldi Management System is supplemented by the intuitive web application that allows diagnosing of the system, datastream usage, importing SCL file, management certificates and statistics tracking.

Garibaldi solution:

• Manages large numbers of 61850 multicast group’s (Group Members / Devices / Apps) key.
• Distributes symmetric keys via PULL, PUSH, and multicast-PUSH mechanisms.
• Operates in centralized or de-centralized environments.
• Generates individual keys per DataStream (increases security).
• Follows cybersecurity recommended by IEC 62351-9.
• Manages system enrollment allowing revocation.
• Manages access control for DNP3 SAv6 and AMP.
• Is easy to use thanks to the dedicated web application.

Apart from Garibaldi solution JPEmbedded offers an IEC 61850 library supporting R-GOOSE, R-SMV communication with group member (GM) cybersecurity enabled. A fully-featured system including IEC 61850 IED from JPEmbedded, KDC (Garibaldi) and protection relays from GE was presented at the IEC 61850 IOP 2019 event in Charlotte and at DistribuTECH 2020.

For more information, licensing details, price quotation requests, please contact us via contact form or directly: sales@jpembedded.eu, +48 601 088 970.

We perform system tests for controllers and operator panels used in automatics of special vehicles such as cranes, excavators, concrete mixers or dumpers. Our task is to prepare launch a set of tests that verify requirements at the system level.

All tests are created from Structured Text in CODESYS (link to 3S).The testing process is an integral part of the devices certification consistent with Safety Integrity Level (SIL2) standard.

In order to improve testing, we have prepared special tools to control the inputs/outputs of the controller and to make appropriate settings. They allow for partial automation of the performed tests.

Deployment of 61850 library on EMH’s and MTE’s HYDROCAL devices

PROJECT BACKGROUND

EMH/MTE is a Swiss/German manufacturer of high voltage power transformer monitoring devices. Power transformers belong to the most expensive equipment of the high voltage grid infrastructure. Their damages might result not only in a very costly overhauls but also in blackouts. This is why, it is so important to constantly monitor the health of the transformers. The most efficient way to do this is by analyzing the gases dissolved in the transformer oil. Early detection of some irregularities helps to take protective actions.

The HYDROCAL 100x device family from EMH facilitates power transformer maintenance by measuring moisture of the oil (H20) and gasses like Hydrogen (H2), Carbon Monoxide (CO), Carbon Dioxide (CO2), Acetylene (C2H2) and Ethylene (C2H4) etc. which are dissolved in the transformer oil.

CHALLENGE

Besides monitoring the health of the transformer, it is also very important to communicate this information in real time to control centers or SCADA systems, so that appropriate actions are taken when necessary. This is why EMH/MTE decided to implement the IEC 61850 protocol, which offers several ways of communication between devices working in the grid. Measurements can be delivered using sampled values (SMV) protocol, or via reporting which is one of the features of client/server MMS protocol. At the beginning EMH/MTE were using protocol conversion gateways to enable IEC 61850 server for its devices, however due to the cost effectiveness in the long run customer decided to replace it with software solution integrated within the device. The challenge was related to the fact that HYDROCAL devices do not feature any operating system but they use a proprietary TCP/IP stack.

WHY JPEMBEDDED

One of the main advantages of the IEC 61850 stack by JPEmbedded is a platform independent design which allows to setup the product virtually on any device. By using well defined abstraction layer (aka driver) it is possible to port IEC 61850 to any target (with or without OS), with relatively small effort. Thanks to this the integration of the IEC 61850 server library on HYDROCAL it turned out to be quite smooth.

JPEmbedded currently offers a number of drivers off the shelf, and in case your device is not supported yet we are happy to assist you by providing sample drivers as well as our consulting services.

Connecting Contrel device to 61850 server

PROJECT BACKGROUND

Contrel Elettronica is an Italian manufacturer of electrical devices like energy meters, current and voltage transformers or power analyzers. With growing popularity of IEC 61850 standard, there was a need to enable connectivity between Contrel EMA-90N power analyzer and SCADA systems using this protocol.

CHALLENGE

Due to the fact that devices were already operating in the field and their hardware platform was optimized for the specific needs of given product, integration of IEC 61850 software library was not an option. With just 30KB of RAM available on the device, software solution was not feasible. Since EMA-90N offers Modbus RTU/TCP communication, using protocol converter turned out to be a viable solution for the problem.

WHY JPEMBEDDED

JPEmbedded offers a family of protocol converters for different applications, starting with PAPILIO which is a low cost option for IoT application where large volumes are expected. For applications which require support of redundancy protocols APIS module could be an alternative. Finally at the high end there is Crabro which could be equipped with wireless communication or fiber Ethernet. It turned out that PAPILIO module in terms of functionality perfectly meets the requirements of Contrel. Additionaly JPEmbedded customised the baseboard so that it fits the housing of the product it is used with.

For many years we have been designing hardware and developing software for automotive systems based on CAN buses for the aftermarket.

The purpose, and at the same time, the main difficulty of this type of projects is to create hardware and software in a way that allows for a non-invasive addition of certain functionalities. One example is enabling a rear view camera and displaying the recorded image on the main screen of a car which did not have it as standard. The key task is to integrate the added functionality with the systems already existing in the vehicle.

Providing the highest quality software is an important area of our business. Our expertise and solid experience combined with our tools enable us to achieve a high efficiency test process.
Since the foundation of our company, we have been developing automated unit tests and integration tests for SIL or ISO 26262 product certification.. One element of the test process is verification of source code coverage at various levels.
In our work we mainly use TESSY environment, and VECTOR’s VectorCAST, and the static code analysis tool (required by the MISRA standard).

PROJECT BACKGROUND:

B&R Industrial Automation GmbH, a leading manufacturer of automation technology and the global center of ABB overseeing machine and factory automation in the business area (ABB Robotics & Discrete Automation), stands as the sole company worldwide to provide a comprehensive portfolio spanning robotics, automation, and software.

CHALLENGE:

The collaboration with JPEmbedded evolved in response to the need to expand the functionality of PLC controllers offered by B&R, with communication standards used in the energy industry. The launch required a thorough understanding of the specific programming environment used by B&R, setup of the appropriate controller, and the integration of the IEC 61850 server library, which is JPEmbedded’s flagship product.

WHY JPEMBEDDED:

Collaborating with JPEmbedded was characterized by a profound understanding of our needs, flexibility, and unwavering commitment. Particularly notable is the high quality of technical support during and after the project, which JPEmbedded continues to provide for both us and our clients.

One of our interesting long-term projects was the implementation of the TCP / IP family for embedded systems. The implementation included the most popular protocols, including UDP, TCP, DHCP, and DNS, as well as TFTP, FTP and HTTP servers and assumed IPv4 and IPv6 compliance.
The project was prepared with the assumption of operating microcontrollers independently of the operating system. Thanks to this, the solution is universal and allows for quick adaptation to a wide range of devices.
The implementation is in line with the “Zero-Copy” principle, in order to improve the data stream processing performance and efficiency. The project was complemented by the later implementation of cryptographic algorithms (TLS / SSL, IPsec, elliptic curves). The TCP / IP stack is currently one of the most popular commercial solutions used in embedded systems.

The Minix operating system is a solution for real enthusiasts. It was created by Professor Tanenbaum of Vrije University in Amsterdam, who is a legend and a pioneer in IT. Minix is supposed to be a highly reliable operating system where one application’s crash does not affect the other components. The interesting fact is that in the initial period, the works on the system were conducted by the person, who is considered to be the creator of another currently popular operating system.
Our contribution to the development of Minix was to create USB and Ethernet drivers for the BeagleBone platform. Thanks to cooperation with Professor Tanenbaum, we were invited to his farewell lecture in 2015 which was a real pleasure and a great honour for us.

HCC’s Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) is a highly optimized software module designed to provide secure network communications for embedded devices. The software is developed using a rigorous adherence to MISRA C:2004 and is available with a full MISRA compliance report. The importance of using a strong development process and source code control has been emphasized by a number of high-profile security problems caused by source code errors. Network security requires a high degree of quality and traditional methods of ‘freestyle coding’ and test do not provide sufficient guarantees of correctness.

Offered TLS/DTLS is a framework for secure communication in computer networks, based on the TCP/IP or UDP protocols. The module supports Secure Sockets Layer (SSL) 3.0 but this is deprecated as TLS 1.2 is the recommended standard. The TLS and DTLS module forms part of HCC’s MISRA-compliant TCP/IP stack and is designed specifically for use with it.

This module provides three options:

• TLS interfacing to either HCC’s MISRA-compliant TCP or to a TCP Sockets interface.
• DTLS interfacing to either HCC’s MISRA-compliant UDP or to a UDP Sockets interface.
• TLS interfacing to HCC’s EAP-TLS module (EAP is the Extensible Authentication Protocol). The EAP-TLS module interfaces to the TLS RAW interface.

The TLS/DTLS implementation can be used as client or server (host). The module provides the following guaranteed capabilities, regardless of the components that lie beneath it:

• Privacy – it ensures that nobody else can read the message.
• Authenticity – it ensures that each party really is talking to the peer they think they are talking to.
• Integrity – it ensures that the data payload has not been modified/tampered with.

Note: You may not require all three of the above capabilities for all use cases; We can advise on this.

EAP-TLS

The module uses HCC’s Embedded Encryption Manager (EEM) to provide encryption and certificate management.

The TLS RAW interface can be used to interface TLS to HCC’s EAP-TLS module.

Features

• Conforms to the HCC Advanced Embedded Framework.
• Designed for integration with both RTOS and non-RTOS based systems.
• MISRA-compliant. A full MISRA compliance report is provided and, for specialized applications, a full UML description is available that can be licensed as a separate component.
• Designed for microcontrollers, ensuring a low memory footprint. This is typically around 20 KB of ROM or 8 KB of RAM.
• Typically uses a standard Sockets interface, allowing easy integration with many embedded applications.
• Supports TLS 1.0, 1.1 and 1.2 (RFC 5246) and SSL 3.0 and is verifiable.
• Supports DTLS version 1.2 (RFC 6347) and version 1.0 (RFC 4347).
• Supports HCC’s EAP-TLS module (through its RAW interface).
• Supports heartbeat extensions (RFC 6520).
• Supports HTTP over TLS (RFC 2818).
• Provides HTTP or FTP Server support for HTTPS and FTPS implementations, or for connection to any other secure client or server application.
• Uses HCC’s Embedded Encryption Manager (EEM) to provide full certificate management.
• Supports all the algorithms supported by the EEM, including AES, 3DES, DSS, EDH, MD5, RSA, SHA-1, SHA-256, SHA-384, and SHA-512. These acronyms are expanded below.
• Supports all the mandatory cipher suites required by different versions of TLS.
• Supports Elliptic Curve Cryptography (ECC) (RFC 4492).
• Supports Authenticated Encryption with Associated Data (AEAD).

The supported algorithms are:

• Advanced Encryption Standard (AES).
• Digital Signature Standard (DSS).
• Elliptic Curve Digital Signature Algorithm (ECDSA).
• Ephemeral Diffie-Hellman (EDH) algorithm.
• Message Digest Algorithm 5 (MD5).
• RSA Signature Algorithm (RSA).
• Secure Hash Algorithm SHA-1, SHA-1 HMAC, SHA1-HMAC-96, SHA-256, SHA-384 and SHA-512). (HMAC stands for Hash Message Authentication Code.)
• Tiger/128, Tiger/160, Tiger/192 and Tiger/192 HMAC.
• Triple Data Encryption Standard (3DES).

For more information, licensing details, price quotation requests, please contact us via contact form or directly: sales@jpembedded.eu, +48 601 088 970.

Lightweight, highly configurable, platform agnostic, delivered as a source code IEC 61850 library for embedded devices.

IEC 61850 is an international standard describing data model and communication services for power grid devices also known as IEDs (intelligent electronic device). Main protocols specified by the standard are MMS (Manufacturing Message Specification), GOOSE (Generic Object Oriented Substation Event), and SV (Sampled Values). Beside generic functionality of power systems, IEC 61850 defines profiles like 61850-7-420 for distributed energy resources (DER)) or hydroelectric power plants which are defined in IEC 61850-7-420.

IEC 61850 library by JPEmbedded exhibits object-oriented design and is implemented in C ++ language. This hardware platform independent solution, is easy to integrate on any device with or without operating system. Other advantages of our product are its high configurability in terms of functionality and resources used, and very low memory footprint which is especially important for embedded devices. Depending on data model and functionality of the specific device memory usage could be as low as 240kB of Flash and 150kB of RAM. Library supports 2nd edition of the standard.

The main components of the solution are: IEC 61850 core library, hardware abstraction layer (HAL), configuration module and user application (please refer to the ‘61850 library architecture’ picture in the product gallery below). Core library implements bulk of the functionality specified by the standard. It handles data model initialization and access APIs, handling of data sets, control blocks and control model. Hardware Abstraction Layer (HAL) also known as ‘driver’ provides abstraction of hardware platform and operating system (if used). This layer implements well defined API used by the core library for handling TCP/IP connections, transmission of Ethernet frames, thread creation and synchronization, timers and file system access. Configuration file configures library to meet the needs of specific device or application. User application realizes logic specific for given device (e.g. protection relay or merging unit functionality). User application is a top level component, usually implemented by the customer. It initializes IEC 61850 library and defines user specific callback functions. Library is delivered as a source code and it features royalty-free licensing model.

Implemented features:

• MMS server.
• Object oriented data model.
• Data sets.
• Reporting (buffered & unbuffered).
• GOOSE (subscriber & publisher).
• R-GOOSE (routable GOOSE).
• Sampled Values (subscriber & publisher).
• R-SMV (routable Sampled Values).
• Control Model.
• Logging.
• Substitution.
• Setting groups.
• Cybersecurity (IEC 62351).

Compliance of JPEmbedded’s library with EN 61850 standard has been confirmed by a certificate issued by Instytut Energetyki in Gdańsk. The certification process was implemented thanks to the European Regional Development Fund.

To request a FREE EVALUATION version of the library, please send us an e-mail containing information about the target platform microcontroller and operating system. For more information, licensing details, price quotation requests, please contact us directly: sales@jpembedded.eu, +48 601 088 970

IEC 61850 has been created by IEC Technical Committee 57 which is responsible for development of standards for information exchange for power systems and other related systems including Energy Management Systems, SCADA, distribution automation & teleprotection.