

# **SETO UCB Training Overview**

**August 28th, 2020**

# Presentation Outline

*Cybersecurity for Energy Delivery Systems*

## ❑ UCB Motivations

- Increased Research Efficiency
- Increased Cybersecurity Resources for DERs
- Common Collaborative Research Platform

## ❑ Proposed Control Architecture

- Overview
- Architecture (Components)
- Cybersecurity Benefits

## ❑ UCB Hardware

- Unboxing
- Hardware Errata
- Initial Connections/Configurations

## ❑ Demonstrations

- IDE Overview
- Code Demos

# Presentation Outline

*Cybersecurity for Energy Delivery Systems*

- UCB Motivations
  - Increased Research Efficiency
  - Increased Cybersecurity Resources for DERs
  - Common Collaborative Research Platform
- Proposed Control Architecture
  - Overview
  - Architecture (Components)
  - Cybersecurity Benefits
- UCB Hardware
  - Unboxing
  - Hardware Errata
  - Initial Connections/Configurations
- Demonstrations
  - IDE Overview
  - Code Demos

- Increased Research Efficiencies
  - Design Flexibility for Multiple Topologies
  - Lower Overall Platform Costs
  - Code and Design Reuse for Rapid Prototyping
- Increased Cybersecurity Resources for DERs
  - Communication Co-Processors
  - Software and Hardware Protection
- Common Collaborative Research Platform
  - Facilitates Collaborations Between Power Electronic, Cybersecurity, and Control System Researchers
  - Serves as a Common Point of Reference

# Presentation Outline

*Cybersecurity for Energy Delivery Systems*

- UCB Motivations
  - Increased Research Efficiency
  - Increased Cybersecurity Resources for DERs
  - Common Collaborative Research Platform
- Proposed Control Architecture
  - Overview
  - Architecture (Components)
  - Cybersecurity Benefits
- UCB Hardware
  - Unboxing
  - Hardware Errata
  - Initial Connections/Configurations
- Demonstrations
  - IDE Overview
  - Code Demos

# UCB Overview

## ❑ PCB Design

- Component Database
- 3D Modeling
- Manufacturing



6-Layer Multi-plot of UCB

### Cybersecurity for Energy Delivery Systems



UCB 3D Rendering



CIS Database of Parts

# UCB Overview

*Cybersecurity for Energy Delivery Systems*



UCB w/ Daughter Cards Installed



CSPR [UCB and PE-Eval]



# UCB Architecture



## Cybersecurity for Energy Delivery Systems





# UCB Architecture: DSPs

## Cybersecurity for Energy Delivery Systems



# UCB Architecture: DSPs

## DSPs

- 2x TI F28335 (Single Core) or
- 2x TI F28379D (Dual Core) w/  
Adapter



TI F28379D Control Card



Control Card Adapter



TI F28335 Control Card

### Cybersecurity for Energy Delivery Systems



TI F28335 Architecture (Block Diagram)

# UCB: Resources

- DSPs:
  - 2x F28335 (Single Core) or
  - 2x F28379D (Dual Core) w/ Adapter
- FPGA/CPLD:
  - Lattice MachXO2-7000
  - 6864 LUTs
  - 240 kb of EBR (RAM)
  - 256 kb of Flash
  - 484 pins w/ 334 I/O
- Communications:
  - Modbus TCP (XPORT)
  - Isolated Serial (TTL)
  - FTDI Serial for PC/Raspberry PI
  - Integrated JTAGs/Debuggers
  - 2x 8-Ch SPI ADCs
- Current Peripheral Boards:
  - Fiber Optic RX/TX
  - Isolated Voltage/Current
  - Thermocouple
  - PE-Eval (Buck/Boost/3-ph Inverter)

## Cybersecurity for Energy Delivery Systems



\*Picture Credit: TI.com

# UCB Architecture: FPGA



## Cybersecurity for Energy Delivery Systems



## Cybersecurity for Energy Delivery Systems

### ❑ FPGA

- Lattice MachXO2-7000
- 6864 LUTs
- 240 kb of EBR (RAM)
- 256 kb of Flash
- 484 pins w/ 334 I/O



|                                | XO2-256                     | XO2-640 | XO2-640U | XO2-1200 | XO2-1200U | XO2-2000 | XO2-2000U | XO2-4000 | XO2-7000 |
|--------------------------------|-----------------------------|---------|----------|----------|-----------|----------|-----------|----------|----------|
| Density LUTs                   | 256                         | 640     | 640      | 1280     | 1280      | 2112     | 2112      | 4320     | 6864     |
| EBR RAM Blocks (9 kbits/block) | 0                           | 2       | 7        | 7        | 8         | 8        | 10        | 10       | 26       |
| EBR SRAM (kbits)               | 0                           | 18      | 64       | 64       | 74        | 74       | 92        | 92       | 240      |
| Dist. SRAM (kbits)             | 2                           | 5       | 5        | 10       | 10        | 16       | 16        | 34       | 54       |
| User Flash Memory (kbits)      | 0                           | 24      | 64       | 64       | 80        | 80       | 96        | 96       | 256      |
| PLL                            | 0                           | 0       | 1        | 1        | 1         | 1        | 2         | 2        | 2        |
| DDR/DDR2/LPDDR Memory Support  | -                           | -       | Yes      | Yes      | Yes       | Yes      | Yes       | Yes      | Yes      |
| Configuration Memory           | Internal Flash              |         |          |          |           |          |           |          |          |
| Dual Boot <sup>1</sup>         | Yes                         | Yes     | Yes      | Yes      | Yes       | Yes      | Yes       | Yes      | Yes      |
| Embedded Function Blocks       | I2C (2), SPI (1), Timer (1) |         |          |          |           |          |           |          |          |
| Core Vcc 1.2 V                 | ZE                          | ZE      | -        | ZE       | -         | ZE & HE  | HE        | ZE & HE  | ZE & HE  |
| Core Vcc 2.5 - 3.3 V           | HC                          | HC      | HC       | HC       | HC        | HC       | HC        | HC       | HC       |
| Temp C                         | Yes                         | Yes     | Yes      | Yes      | Yes       | Yes      | Yes       | Yes      | Yes      |
| Temp I                         | Yes                         | Yes     | Yes      | Yes      | Yes       | Yes      | Yes       | Yes      | Yes      |

# UCB Architecture: Comms



## □ Communication Interfaces

- Modbus TCP (XPORT)
- Isolated Serial (TTL)
- FTDI Serial for PC/Raspberry PI
- Integrated JTAGs/Debuggers



TI JTAG and Serial Interface Schematic



XPORT Modbus TCP Module



XPORT Modbus TCP Internal Schematic

# UCB Architecture: External

## Cybersecurity for Energy Delivery Systems



# UCB Architecture: External

Cybersecurity for Energy Delivery Systems

## □ Additional External Interfaces

- 2x 8-Ch SPI ADCs
- 4x 40-Pin IDC Connectors
- 8 User Switches and LEDs

SPI ADC1 - 5V Input, 3.3V I/O



SPI ADC Schematic



UCB User Interface

IDC Interface (IDC-A)



IDC-A Schematic

| Pin | Function    | Signal Name   | Pin | Function    | Signal Name   |
|-----|-------------|---------------|-----|-------------|---------------|
| 1   | Digital I/O | IDC-A_GPIO-00 | 21  | Digital I/O | IDC-A_GPIO-14 |
| 2   | Digital I/O | IDC-A_GPIO-01 | 22  | Digital I/O | IDC-A_GPIO-15 |
| 3   | Digital I/O | IDC-A_GPIO-02 | 23  | Digital I/O | IDC-A_GPIO-16 |
| 4   | Digital I/O | IDC-A_GPIO-03 | 24  | Digital I/O | IDC-A_GPIO-17 |
| 5   | Digital I/O | IDC-A_GPIO-04 | 25  | Digital I/O | IDC-A_GPIO-18 |
| 6   | Digital I/O | IDC-A_GPIO-05 | 26  | Digital I/O | IDC-A_GPIO-19 |
| 7   | Digital I/O | IDC-A_GPIO-06 | 27  | Digital I/O | IDC-A_GPIO-20 |
| 8   | Digital I/O | IDC-A_GPIO-07 | 28  | Digital I/O | IDC-A_GPIO-21 |
| 9   | Digital I/O | IDC-A_GPIO-08 | 29  | Digital I/O | IDC-A_GPIO-22 |
| 10  | Digital I/O | IDC-A_GPIO-09 | 30  | Digital I/O | IDC-A_GPIO-23 |
| 11  | Digital I/O | IDC-A_GPIO-10 | 31  | Digital I/O | IDC-A_GPIO-24 |
| 12  | Digital I/O | IDC-A_GPIO-11 | 32  | Digital I/O | IDC-A_GPIO-25 |
| 13  | Digital I/O | IDC-A_GPIO-12 | 33  | Digital I/O | IDC-A_GPIO-26 |
| 14  | Digital I/O | IDC-A_GPIO-13 | 34  | Digital I/O | IDC-A_GPIO-27 |
| 15  | ADC         | ADC-A_ADC-00  | 35  | ADC         | ADC-A_ADC-04  |
| 16  | ADC         | ADC-A_ADC-01  | 36  | ADC         | ADC-A_ADC-05  |
| 17  | ADC         | ADC-A_ADC-02  | 37  | ADC         | ADC-A_ADC-06  |
| 18  | ADC         | ADC-A_ADC-03  | 38  | ADC         | ADC-A_ADC-07  |
| 19  | Power       | 5V            | 39  | Power       | 5V            |
| 20  | Power       | GND           | 40  | Power       | GND           |

# Cyber Benefits: Layered Approach

*Cybersecurity for Energy Delivery Systems*

- **Command Layer**
  - Command Validation
  - Communication Encryption
- **Supervisory Layer**
  - Watchdog Timers
  - Algorithmic State Machines
- **Control Layer**
  - Reference Limits
  - State Awareness
  - Dead Time Enforcement



*Cyber-Secure by Design Layered Approach*

## ❑ Firmware Updates

- Zero-Day Attack Mitigations
- Performance Enhancements

## ❑ Firmware Validation

- Error and Threat Detection
- Mitigate Insider Threats
- Real-Time Digital Twin (Future)

## ❑ Reduced Downtime

- No Downtime Required for Updates
- Switch DSP Control in Less than 1  $\mu$ s



*Hot-Patching Flow Chart*

# Cyber Benefits: Hot-Patching



## Cybersecurity for Energy Delivery Systems



*Hot-Patching Enabled Architecture*

## *Cybersecurity for Energy Delivery Systems*



Simplified VHDL Testbench Simulation of DSP Bootloader



# Cyber Benefits: Encryption

## Cybersecurity for Energy Delivery Systems

WireShark screenshot showing a packet capture from Wi-Fi interface. The packet list shows several HTTP requests, with the 2670 entry highlighted. The details pane displays the request headers and body for this packet.

Packet list details for packet 2670:

| No.  | Time      | Source        | Destination   | Protocol | Length | Info                                                                         |
|------|-----------|---------------|---------------|----------|--------|------------------------------------------------------------------------------|
| 1738 | 10.850436 | 192.168.86.46 | 192.168.86.44 | HTTP     | 547    | HTTP/1.1 404 Not Found (text/html)                                           |
| 1743 | 10.891409 | 192.168.86.44 | 192.168.86.44 | TCP      | 54     | 1757 → 80 [ACK] Seq=1314 Ack=2526 Win=130816 Len=0                           |
| 2553 | 15.751439 | 192.168.86.46 | 192.168.86.44 | TCP      | 54     | 80 → 1757 [FIN, ACK] Seq=2526 Ack=1314 Win=32512 Len=0                       |
| 2554 | 15.751518 | 192.168.86.44 | 192.168.86.46 | TCP      | 54     | 80 → 80 [ACK] Seq=1314 Ack=2527 Win=130816 Len=0                             |
| 2664 | 16.541356 | 192.168.86.44 | 192.168.86.44 | TCP      | 54     | 1757 → 80 [FIN, ACK] Seq=1314 Ack=2527 Win=130816 Len=0                      |
| 2665 | 16.542334 | 192.168.86.44 | 192.168.86.44 | TCP      | 66     | 1759 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1            |
| 2667 | 16.545205 | 192.168.86.46 | 192.168.86.44 | TCP      | 54     | 80 → 1757 [ACK] Seq=2527 Ack=1315 Win=32512 Len=0                            |
| 2668 | 16.546870 | 192.168.86.46 | 192.168.86.44 | TCP      | 66     | 80 → 1759 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128 |
| 2669 | 16.546968 | 192.168.86.44 | 192.168.86.44 | TCP      | 54     | 1759 → 80 [ACK] Seq=1 Ack=1 Win=131328 Len=0                                 |
| 2670 | 16.547420 | 192.168.86.44 | 192.168.86.44 | HTTP     | 874    | POST /accounts/login/ HTTP/1.1 (application/x-www-form-urlencoded)           |
| 2671 | 16.550841 | 192.168.86.46 | 192.168.86.44 | TCP      | 54     | 80 → 1759 [ACK] Seq=1 Ack=821 Win=32128 Len=0                                |
| 2744 | 16.953662 | 192.168.86.46 | 192.168.86.44 | HTTP     | 768    | HTTP/1.1 302 Found                                                           |

Request Headers (from packet 2670):

```
Content-Length: 126\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: http://raspberrypi\r\nContent-Type: application/x-www-form-urlencoded\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nReferer: http://raspberrypi/accounts/login/?next=/\r\nAccept-Encoding: gzip\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: csrftoken=G5kmOKANiXt1Hb3jnorWor1CcbiIKkCmcMPNWUmpM6yiqlFrE3iEMK4siFLPrZME\r\n\r\n
```

Cookie pair: csrftoken=G5kmOKANiXt1Hb3jnorWor1CcbiIKkCmcMPNWUmpM6yiqlFrE3iEMK4siFLPrZME

Request Body (from packet 2670):

```
\r\n0290 3d 30 2e 39 0d 0a 43 6f 6f 6b 69 65 3a 20 63 73 =0.9-Co okie: cs
02a0 rftoken= G5kmOKAN
02b0 69 58 54 6c 48 42 33 6a 6e 6f 72 57 6f 72 31 43 iXT1Hb3j norWor1C
02c0 63 62 69 49 4b 6b 43 6d 63 4d 50 4e 57 55 6d 70 cbiIKkCm cMPNWUmp
02d0 4d 36 79 69 71 4c 46 72 45 33 69 45 4d 4b 34 73 M6yiqlFr E3iEMK4s
02e0 69 46 4c 50 72 5a 4d 45 0d 0a 0d 0a 63 73 72 66 ifLPrZME ...-csrf
02f0 6d 69 64 64 6c 65 77 61 72 65 74 6f 6b 65 3d middlewa retoken=
0300 4a 70 6d 66 50 44 69 42 68 62 61 32 66 45 39 66 JpmfPDib hba2fE9f
0310 61 32 32 54 63 4f 4d 49 6d 32 70 63 39 46 32 56 a22TCOMI m2pc9F2V
0320 66 36 52 47 58 4e 34 64 4c 6b 50 5a 59 4f 4c 6e f6RGXMD LkPZYOLn
0330 72 48 54 42 41 37 50 79 73 77 53 6a 51 6b 63 64 rHTB47Py swSjQkcd
0340 26 75 73 65 6e 61 6d 65 3d 61 64 6d 69 6e 26 &username=e=admin&
0350 70 61 73 73 77 6f 72 64 3d 70 61 73 77 6f 72 password =password
0360 64 26 6e 65 78 74 3d 25 32 46 d&next=% 2F
```

No packet contained that string in its Info column.

Packets: 52606 · Displayed: 419 (0.8%)

Profile: Default

WireShark Capture of Unencrypted User Credentials (HTTP)



# Cyber Benefits: Encryption

## Cybersecurity for Energy Delivery Systems

Wi-Fi: <live capture in progress> | Packets: 34210 · Displayed: 515 (1.5%) | Profile: Default

Frame 17260: 635 bytes captured (5080 bits), 635 bytes on wire (5080 bits) on interface \Device\NPF\_{75430105-4F73-456D-B5EE-EC82BB9EEEE9}, id 0

> Ethernet II, Src: IntelCor\_77:2a:18 (00:19:34:77:2a:18), Dst: Raspberry\_25:7b:fa (dc:a6:32:25:7b:fa)

> Internet Protocol Version 4, Src: 192.168.86.44, Dst: 192.168.86.46

> Transmission Control Protocol, Src Port: 1873, Dst Port: 443, Seq: 1366, Ack: 3904, Len: 581

Transport Layer Security

- ↳ TLSv1.3 Record Layer: Application Data Protocol: http-over-tls
- ↳ Opaque Type: Application Data (23)
- ↳ Version: TLS 1.2 (0x0303)
- ↳ Length: 576
- ↳ Encrypted Application Data: 63448bb5a218b2425a369a9dfd832f938d1708a2169616fd...

| No.   | Time      | Source        | Destination   | Protocol | Length | Info                                                                                     |
|-------|-----------|---------------|---------------|----------|--------|------------------------------------------------------------------------------------------|
| 17200 | 81.582175 | 192.168.86.46 | 192.168.86.44 | TCP      | 54     | [TCP Retransmission] 443 → 1872 [FIN, ACK] Seq=241 Ack=623 Win=30464 Len=0               |
| 17201 | 81.582207 | 192.168.86.44 | 192.168.86.46 | TCP      | 54     | [TCP ZeroWindow] 1872 → 443 [ACK] Seq=623 Ack=242 Win=0 Len=0                            |
| 17219 | 81.732138 | 192.168.86.46 | 192.168.86.44 | TLSv1.3  | 1514   | Application Data                                                                         |
| 17220 | 81.732142 | 192.168.86.46 | 192.168.86.44 | TCP      | 1514   | 443 → 1873 [ACK] Seq=1988 Ack=1366 Win=31872 Len=1460 [TCP segment of a reassembled PDU] |
| 17221 | 81.732194 | 192.168.86.44 | 192.168.86.44 | TCP      | 54     | 1873 → 443 [ACK] Seq=1366 Ack=3448 Win=131328 Len=0                                      |
| 17222 | 81.732570 | 192.168.86.46 | 192.168.86.44 | TLSv1.3  | 510    | Application Data, Application Data, Application Data                                     |
| 17260 | 81.772469 | 192.168.86.44 | 192.168.86.46 | TLSv1.3  | 635    | Application Data                                                                         |
| 17261 | 81.775771 | 192.168.86.46 | 192.168.86.44 | TLSv1.3  | 576    | Application Data                                                                         |
| 17268 | 81.816653 | 192.168.86.44 | 192.168.86.46 | TCP      | 54     | 1873 → 443 [ACK] Seq=1947 Ack=4420 Win=130304 Len=0                                      |
| 17275 | 81.851105 | 192.168.86.44 | 192.168.86.44 | TLSv1.3  | 642    | Application Data                                                                         |
| 17278 | 81.864781 | 192.168.86.46 | 192.168.86.44 | TLSv1.3  | 1514   | Application Data                                                                         |
| 17279 | 81.864785 | 192.168.86.46 | 192.168.86.44 | TLSv1.3  | 1513   | Application Data                                                                         |

```

0000 dc a6 32 25 7b fa 80 19 34 77 2a 18 08 00 45 00 .. 2%{... 4w*...E
0010 02 6d 3a cd 40 00 80 06 90 12 c0 a8 56 2c c0 a8 ..m: @... V...
0020 56 2e 07 51 01 bb eb 25 35 01 c8 d0 56 c9 50 18 ..V. Q...% 5...V-P.
0030 01 ff 3b e8 00 00 17 03 03 02 40 63 44 8b b5 a2 ..;...@cD...
0040 18 b2 42 5a 36 9a 9d fd 83 2f 93 8d 17 08 a2 16 ..BZ6... /...
0050 96 16 fd 71 fb c4 cf 85 d2 0c 0e 84 5e d2 6f cb ..q....^o...
0060 21 fe 18 33 a3 24 e4 80 07 45 fb f6 59 64 7e 39 !..3$...E~d~9
0070 4a 74 57 cf 00 a0 ca 88 be 2c 4f 4e 6e 20 44 26 JtW.....,Onh D&
0080 d6 ae b0 ad 7e 82 f0 5e 8b 91 3f da d3 8c 28 9d .....~?..(-.
0090 e6 44 a4 a6 34 32 54 33 88 00 40 b5 84 4b 24 c1 D..42T3 ..@.K$.
00a0 61 3a 84 a4 84 3d c7 ae 8f 06 64 14 e6 47 da 9f a:...=..d..G..
00b0 eb 6c 88 71 ad e3 f1 ea f0 17 43 41 67 e6 03 4f ..l-q...CAG..0
00c0 43 72 64 26 b1 d3 58 a5 33 fe 98 dc b0 cf 1a Crd&..X..3... .
00d0 c3 b5 0b 94 d2 56 f1 ad b8 e5 43 7c af 92 7a ..V...C|..z

```

WireShark Capture of Encrypted User Credentials (HTTPS)

- Trusted Platform Module (TPM)
  - Generation and Management of Secure Certificates/Keys
  - Encrypted Secure Communications
- PowerWatch
  - Real-Time System Call Monitoring
  - Collaborative Project with FIU
- Real-Time Digital Twin
  - Hardware Emulation for Verification of Firmware
  - Monitoring for Equipment Aging and Failure Modes

# Example Projects

## Cybersecurity for Energy Delivery Systems



GRAPES MV BESS MMC



700 kW Interleaved Buck



UCB Controller for 700 kW Buck



SEEDS CSPR



MV-UCSC w/ 208 Fiber Transceivers



O-Scope Interface PCB

# Presentation Outline

*Cybersecurity for Energy Delivery Systems*

- UCB Motivations
  - Increased Research Efficiency
  - Increased Cybersecurity Resources for DERs
  - Common Collaborative Research Platform
- Proposed Control Architecture
  - Overview
  - Architecture (Components)
  - Cybersecurity Benefits
- UCB Hardware
  - Unboxing
  - Hardware Errata
  - Initial Connections/Configurations
- Demonstrations
  - IDE Overview
  - Code Demos

# UCB Hardware

- SETO UCB Kit Contents
- UCB [Control Board]
- PE-Eval [Demo Board]
- [TMDSCNCD28335 DSP](#)
- 14-Pin IDC Cable
- 40-Pin IDC Cable
- [GST25U24-P1J 24 Vdc 25 Watt Supply](#)
- [GST90A24-P1M 24 Vdc / 90 Watt Supply](#)
- [PLUG-P1J-P1MR DC Plug Adapter](#)
- Mini-USB Cable
- 1kΩ 5 Watt resistors

## Cybersecurity for Energy Delivery Systems



*SETO UCB Evaluation Kit Contents*

- ❑ **Input Voltage Range Silkscreen**
  - Reads 9-36 Vdc, Upgraded Recom supplies only support 24 Vdc.
- ❑ **Voltage Sense Resistors**
  - The optional RK73H1JTTD4991D resistors specified for sensing voltage are only rated to 200 Vdc maximum
- ❑ **DC Power Module Change (Noise Issue)**
  - Schematic shows older EC4SAW-24SXXN Isolated Power Modules.
  - Replaced with the pin compatible Recom equivalents:
    - RS6-243.3S
    - RS6-2405S

## □ UCB Jumpers

- JP24: FTDI/JTAG Serial Communication, must be removed when initially programming FTDI Chip.
- JP22: 3.3V supply to JTAG connector, should remain unpopulated.
- JP23: Not Used
- JP8 – JP14: DSP Boot Mode, Leave unpopulated for Flash Boot.
- JP15 – JP21 : DSP Boot Mode, Leave unpopulated for Flash Boot.

## □ DSP ControlCard Jumpers

- SW1: Turn Off (Down) to enable Serial Communications

## □ PE-Eval Jumpers

- JP1: Used to tie “Vin” and “DC\_Link”. Remove if using separate supply.
- JP2: Used to bypass reverse protection diode. For AFE operation.
- JP3: Used to select between “Ia” and “I\_L4” SPI-ADC inputs.
- JP4: Used to select between “V\_Buck” and “DC\_Link” SPI-ADC inputs.

# Presentation Outline

*Cybersecurity for Energy Delivery Systems*

- UCB Motivations
  - Increased Research Efficiency
  - Increased Cybersecurity Resources for DERs
  - Common Collaborative Research Platform
- Proposed Control Architecture
  - Overview
  - Architecture (Components)
  - Cybersecurity Benefits
- UCB Hardware
  - Unboxing
  - Hardware Errata
  - Initial Connections/Configurations
- Demonstrations
  - IDE Overview
  - Code Demos



# IDE Overview: XPORT



UNIVERSITY OF  
ARKANSAS

College of Engineering  
National Center for  
Reliable Electric Power Transmission

## Cybersecurity for Energy Delivery Systems

Lantronix DeviceInstaller 4.4.0.7

File Edit View Device Tools Help

Search Options Exclude Assign IP Upgrade Import Provisioning File Generate Device File

Lantronix Devices - 1 device(s)  
Ethernet 2 (192.168.100.241)  
XPort  
↳ XPort-IAP-05 - firmware v3.3  
↳ 192.168.100.241

Device Info Configuration Records Status Records Web Configuration Telnet Configuration

IP Address: 192.168.100.241 Port: 9999 Disconnect Clear

Modbus/TCP to RIU Bridge  
MAC address 0080A3E22D33  
Software version V3.3.0.6 (180102) XPTE

Press Enter for Setup Mode

Model: Device Server Plus+! (Firmware Code:YM)

Modbus/TCP to RIU Bridge Setup

1) Network/IP Settings:  
IP Address ..... 0.0.0.0/DHCP/BOOTP/AutoIP  
Default Gateway ..... --- not set ---  
Netmask ..... --- not set ---

2) Serial & Modem Settings:  
Protocol ..... Modbus/RTU,Slave(s) attached  
Serial Interface ..... 115200,8,N,1,RS232

3) Modem/Configurable Pin Settings:  
CP1 ..... Not Used  
CP2 ..... Not Used  
CP3 ..... Not Used

4) Advanced Modbus Protocol settings:  
Slave Addr/Unit Id Source .. fixed to 001  
Modbus Serial Broadcasts ... Disabled (Id=0 auto-mapped to 1)  
MB/TCP Exception Codes .... Yes (return 00AH and 00BH)  
Char, Message Timeout ..... 00050msec, 05000msec

7) Security Settings:  
SNMP ..... Enabled  
SNMP Community Name ..... public  
Telnet Setup ..... Enabled  
TFTP Download ..... Enabled  
Port 77FEh ..... Enabled  
Web Server ..... Enabled  
Enhanced Password ..... Disabled  
Port 77FOh ..... Enabled

Default settings, S)ave, Q)uit without save  
Select Command or parameter set (1..7) to change:

Ready



UNIVERSITY OF  
ARKANSAS™



# IDE Overview: XPORT



UNIVERSITY OF  
ARKANSAS

**College of Engineering**  
*National Center for  
Reliable Electric Power Transmission*

# **Cybersecurity for Energy Delivery Systems**

#### Telnet Session (Port 3000) for Debug

- ## ▪ MobaXterm

The screenshot shows the MobaXterm interface. The title bar displays "192.168.100.241". The menu bar includes Terminal, Sessions, View, X server, Tools, Games, Settings, Macros, and Help. Below the menu is a toolbar with icons for Session, Servers, Tools, Games, Sessions, View, Split, MultiExec, Tunneling, Packages, Settings, Help, X server, and Exit. A "Quick connect..." search bar is present. On the left, there are vertical tabs for Sessions, Tools, and Macros. The main window shows a Telnet session to 192.168.100.241. The session output area contains the following text:

```
• MobaXterm 10.8 •  
(SSH client, X-server and networking tools)  
► Telnet session to 192.168.100.241  
► Your DISPLAY is set to 19.1.114.196:0.0  
► For more info, ctrl+click on help or visit our website
```

The session output also shows "Modbus Test version - DEBUG".

**UNREGISTERED VERSION** - Please support MobaXterm by subscribing to the professional edition here: <https://mobaxterm.mobatek.net>

**UNREGISTERED VERSION** - Please support MobaXterm by subscribing to the professional edition here: <https://mobaxterm.mobatek.net>



UNIVERSITY OF  
ARKANSAS<sup>TM</sup>

# IDE Overview: LabVIEW

Cybersecurity for Energy Delivery Systems

- LabVIEW Application Running using Runtime and NI-VISA (32-Bit)
  - To Run without LabVIEW 2018, install Runtime Engine and NI-VISA.



# IDE Overview: TI CCS

Cybersecurity for Energy Delivery Systems

- ❑ Code Composer Studio v8.1.3.00004
- ❑ ControlSuite v3.4.9



The screenshot shows the TI Code Composer Studio (CCS) interface. The top menu bar includes File, Edit, View, Navigate, Project, Run, Scripts, Window, Help, and Quick Access. The left sidebar contains the Project Explorer, which lists several projects and files under the 'Buck\_Boost\_Inverter\_Pl\_v0.3.2' workspace. The main area displays the source code for the 'Buck\_Boost\_Inverter\_Pl\_v0.3.2' project. The code is a C program for a DSP2833x processor, defining structures for ADC, PWM, SPI, Serial, and various peripherals. It includes comments explaining the implementation of a Buck and Boost converter along with a 3-Phase inverter. The right side of the interface shows the Problems view, indicating 0 errors, 3 warnings, and 0 others.

```

1 /**
2 *   Engineers: Chris Farnell
3 *   Contact: cfarnell@uark.edu
4 *   Company: University of Arkansas (NCREPT)
5 *   Website: https://ncrept.uark.edu/
6 *
7 *   Create Date: 10Aug2010
8 *   Update Date: 10Aug2010
9 *   Design Name: Buck_Boost_Inverter_Pl
10 *  Project Version: v0.3.2
11 *  Target Devices: TMS320F28335
12 *  Hardware: UCB_S2833_v1.1c; UCB_PF-EVAL_v1.6a; UCB v1.4a (Optional)
13 *  Tool Versions: Code Composer Studio v8.1.3.00004
14 *                 Controlsuite v3.4.9
15 *
16 * *** Brief Description:
17 * This project part of a series of tutorials for learning to program DSPs.
18 * In this program we will expand upon the previous tutorials to create Buck and Boost Converter along with a 3-Phase inverter.
19 * All of the aforementioned converters have been modified from previous examples and now run closed-loop.
20 * We have also updated the serial input packets to use Fixed-Point representation instead of being based on duty cycles.
21 * Reference parameters will be sent via serial communication. Modbus RTU packets and will use I1Q8 Fixed-Point representation.
22 * Controller PI parameters will be sent using Q10 Representation for finer resolution.
23 * We will also be implementing controls from the "PmuFastRTS" and the "OCL" libraries.
24 *
25 *
26 * *** Operational Overview:
27 * In this program we will expand on the previous "ADC PWM SPI Serial" Example.
28 * We will now incorporate PI control as well as IQ Fixed-Point References.
29 * This example uses I1Q8 Fixed-Point representation for inputs.
30 * This allows us to send values in a decimal format.
31 * The sign-bit number is divided into two sections, an 11-bit section which represents the integer portion and a 5-bit section which represents the decimal portion.
32 * For this example, there is no sign-bit as it is not needed for our purposes.
33 * The I1Q8 representation allows us to enter values from 2047 to 0 in 0.03125 increments.
34 * The Q10 representation allows us to enter values from 63 to 0 in 0.000976 increments.
35 * The Buck and Boost converters use a simple PI Control method by implementing the Digital Logic Control (DCL) library provided by TI.
36 * The 3-phase inverter uses a feed-forward control method which to maintain the output magnitude based on the input voltage.
37 *
38 * *** Includes Information:
39 * This section defines the Includes section for the project.
40 * This section is for TOOL_AutoInclude
41 * "C:\ti\controlSUITE\device_support\T2833x\v142\OSPF2833x_common\include"
42 * "C:\ti\controlSUITE\device_support\T2833x\v142\OSPF2833x_headers\include"
43 * "C:\ti\controlSUITE\lib\math\PUFastRTS\W100\include"
44 * "C:\ti\controlSUITE\lib\control\OCL\v1_00_00_00\include"
45 * "C:\ti\controlSUITE\lib\app\lib\math\I1Q8\include"
46 * "C:\ti\controlSUITE\lib\math\I1Q8\math\v100\include"
47 */

```

# IDE Overview: Lattice

*Cybersecurity for Energy Delivery Systems*

- ❑ Lattice Diamond\_x64 Build 3.10.2.115.1
- ❑ LCMXO2-7000HC-4FG484C

Lattice Diamond - Source Editor - [C:/Users/cfarnell/Desktop/NCREPT/Projects/SEEDS/CSPR/CSPR\_Programming\_Local/Bus\_Interface\_v1.0/Bus\_Interface\_Top.vhd]

File Edit View Project Design Process Tools Window Help

File List Start Page Reports Bus\_Interface\_tb.vhd Bus\_Interface\_Top.vhd

```

-- Company: University of Arkansas (NCREPT)
-- Engineer: Chris Farnell
-- 
-- Create Date: 19Mar2019
-- Version: 1.0
-- Description: Bus Interface Example
-- Module Name: Bus_Interface- Behavioral
-- Project Name: Bus Interface- Example
-- Target Devices: LCMXO2-7000HC-4FG484C (UCB v1.3a)
-- Tool versions: Lattice Diamond_x64 Build 3.10.2.115.1
-- Description:
-- This project was developed to demonstrate a system-level design which incorporates shared registers and communications.
-- Eight individual on-board LEDs will be controlled via a simple PWM interface.
-- Each PWM will have its duty cycle set via system registers which may be modified via the serial interface.
-- 
-- PinOut:
-- Signal          CFLED_Pin   Description
-- R1              LED1       LED1
-- R1_1             LED2       LED2
-- R1_2             LED3       LED3
-- R1_3             LED4       LED4
-- R1_4             LED5       LED5
-- R1_5             LED6       LED6
-- R1_6             LED7       LED7
-- R1_7             LED8       LED8
-- PWM_Test_Out    K2        PWM Test
-- Usr_Tx           W1        Serial-TX
-- Usr_Rx           V2        Serial-RX
-- 
-- Register and Memory Map Information:
-- This section describes the Memory Map used in this project.
-- This design contains a SRAM Module which is 16 bits wide and 1024 entries deep.
-- Register addresses are from X"0000" to X"03FF".
-- All register are 16-bits wide.
-- SRAM Module is located in the Bus_Master portion of the code.
-- This RAM Module must be accessed externally using Serial Port interface.
-- Reserved for future use.
-- X"0300" - X"03FF"
-- LED Configuration Values-
-- Range is X"0100" - X"010A"
-- Range is X"0210" - X"021F"
-- Register Map is found as constants in Bus_Interface_Common and shared with all submodules of this program.
-- 
-- Serial Settings
-- Baud Rate: 9600
-- Flow Control: None
-- Data Bits: 8
-- Parity: None
-- Stop Bits: 1
-- 
-- Example Serial Commands
-- << Set Registers
-- << 00000000...#<#>

```

File List Process Hierarchy

Output

```

Starting: "prj_src add "C:/Users/cfarnell/Desktop/NCREPT/Projects/SEEDS/CSPR/CSPR_Programming_Local/Bus_Interface_v1.0/edsf/edsf.spf"
Starting: "prj_src add "C:/Users/cfarnell/Desktop/NCREPT/Projects/SEEDS/CSPR/CSPR_Programming_Local/Bus_Interface_v1.0/gfd/gfd.spf"

```

Td Console Output Error Warning Info

Ready

Weber Meeting Reminder

SETO Cyber Inverter (UCB Controller U...  
1:00 PM - 3:00 PM  
Host: Chris Farnell

Snooze Start Meeting

Mem Usage: 177,620 K



SEEDS

# VHDL: GCD ASM and Datapath



UNIVERSITY OF  
ARKANSAS

College of Engineering  
National Center for  
Reliable Electric Power Transmission

Cybersecurity for Energy Delivery Systems



UNIVERSITY OF  
ARKANSAS™

# VHDL: GCD Waveforms

*Cybersecurity for Energy Delivery Systems*



# VHDL: Multi-Device Bus

*Cybersecurity for Energy Delivery Systems*



# Notes

*Cybersecurity for Energy Delivery Systems*

- Check Jumpers (Most common issue)
- O-Scope Grounding
- Debug vs Release Modes (DSP)
- Code Repository for SETO Collaborations
- Create a FAQ and Checklist (Living Document)