Fun with Cybersecurity – Weekly Blog Posts on Cybersecurity
The purpose of these weekly blog posts is to demystify Cybersecurity concepts and present them in a demonstrable way. The approach is to present what and how; allowing the reader to think about why! The demonstrations use Windows based systems, however most of these tasks can also be performed on Linux and Mac based systems. If you would like to know “what and how” on non-windows systems, please mention that in the comments.

Integrity in Cybersecurity – Files and Fingerprints

Integrity is a central concept in Cybersecurity. Cybersecurity is the ability to protect or defend the use of cyberspace from cyber-attacks. Integrity is defined as, guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.

The focus of this post is to help readers understand modification of information.

Files have Fingerprints

A file is the basic unit of information storage in cyberspace; protecting information at rest often implies protecting files. For the purposes of this post, files and information will be used interchangeably.
Algorithms (a process or set of rules) is used to generate a unique alphanumeric string for a given file based on its contents. The alphanumeric string is called the File Hash, this File Hash serves as a fingerprint of that file. SHA256 is the name of one such algorithm used to fingerprint files.

The following illustrates the use of SHA256. It is possible to spot the smallest of changes using this concept – even if a single character is modified within, the file gets a new fingerprint!

Activity 1 – Fingerprinting a file using the Get-Filehash cmdlet in Windows PowerShell

Step 1
Open an instance of Windows PowerShell and navigate to the folder which has the file, as shown. (in my case it is the illustration1 folder)

Step 2
Copy/create the file whose hash you want to determine. Alternatively, you can navigate to the folder that contains the file!
I am creating a file called, temp1.txt in the illustration1 folder to demonstrate the concept. You can do the same, using the Notepad program. (If you type the same text you will obtain the same Hash, providing the contents are identical!)

Step 3
Use the Get-Filehash cmdlet to get the SHA-256 hash of the file.

Activity 2 – Fingerprinting the File After Changing the Contents

Step 1
Change the last period (.) on the second line into an exclamation mark (!), save the file.

Step 2
Note the size of the file – it is unchanged. Find the file hash.

Activity 3: Compare the file hashes before and after the modification.

Step 1

It is advisable to copy the strings into a Notepad file and compare them by pasting them one below the other. To copy the strings from the PowerShell window into Notepad, select the string with the mouse, when the full string is highlighted, press CTRL+c to copy it to the clipboard; paste it into Notepad by right-clicking the mouse and selecting Paste or by using CTRL+v on the keyboard.

Step 2
A visual examination of the two file hashes (before the change and after respectively) indicates that they are different. This eatablishes that different files produce different SHA-256 file hashes!

Activity 4: Find the SHA-256 of a file using Windows Explorer

It is often easier to get the SHA-256 using Windows Explorer. Navigate to the file and right click on the file. Select CRC SHA from the menu, click on the SHA-256 option.

Activity 5: The Contents of Two Files are Identical if and only if their File Hashes are Identical

Step 1
Copy the file temp1.txt to temp2.txt
Step 2
Find the file hashes of temp1.txt and temp2.txt using Get-FileHash. Compare the hashes of temp1.txt and temp2.txt. Since the contents are identical, the hashes are found to be the same. (Note: You can get the File Hashes of multiple files using a single call to Get-Filehash!)

Summary

Every file on a computer, irrespective of location has a unique fingerprint based on its contents. The fingerprint is an alphanumeric string generated by an algorithm. The fingerprint is based on the contents of the file. Fingerprints of two files are identical if and only if the contents of those files are identical. SHA-256 is an algorithm used to fingerprint files (There are others like MD5, SHA-1, etc). Fingerprinting with SHA-256 is used extensively to check if contents of the files have been modified (are identical). Installation programs, Antivirus programs, Backup and Restore programs are some examples of Software that use the concept of fingerprinting and SHA-256.

Stay safe by verifying file integrity when in doubt! Make a note of fingerprints of important files on your computer or reference documents in your project. You can always check, if they have been modified accidentally or intentionally.


* This blog follows from – Leveraging the Cloud for WinCC OA. Please check it out for an introduction to using the Cloud capabilities for WinCC OA.

** The tutorial in this blog is only meant as an introduction to using Websockets in WinCC OA and does not cover all function types. Please refer to documentation for additional details or reach out to SAM IT Industrial Automation team for further assistance by calling +1-919-800-0044 or e-mail us at [email protected]

Starting from WinCC OA version 3.15, the provided http server supports Websockets. WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. Websockets do not contain overhead data like that in HTTP and hence, require significantly less bandwidth. Moreover, once a connection is established, the server can send live updates and notifications to the client (in this case an Internet browser) without waiting for a client request. Similarly, the client can send requests to the server which will be queued until they can be served.

Let us look at some advantages to using websockets over the OLE DB Provider as mentioned in this post:

  • It can not only access archived values in HDB, but also real time data and alerts.
  • Data can be read as well as edited.
  • It can run simply using a CTRL Manager.
  • No limitations to accessing data from distributed systems.
  • No compatibility issues for Linux/Windows, neither for different versions (32-bit/64-bit).
  • Only requirement is that the client browser should support Websocket protocol.

Now I will describe how to get started with Websockets. To use Websocket, first create a control file and follow the steps below:

Step 1 – Using httpConnect() with the Websocket flag

Import the “CtrlHTTP” library and define httpServer() and httpConnect() functions within main body as follows:

#uses “CtrlHTTP”
void main()
{
httpServer(false, 8080);
//Activates an HTTP Server listening on port 8080. False means Authentication is not used.

httpConnect("websocket", "/websocketurl", "_websocket_");
//Here “_websocket_” is the flag. This flag defines the “/websocketurl” url as a websocket.
//The first argument “websocket” registers a function called websocket() as web resource.
}

We will define the Websocket function next.

Step 2 – Define the function websocket()

When a web browser sends a request to the WinCC OA http server, the server starts the callback process within a thread and passes a mapping. Mappings are simply associative arrays, or dictionaries. Hence define the function as follows:

void websocket(mapping map)
{
mixed any;
//Here, any is a variable that we will use next to read data from the Websocket Request.
}

Step 3 – Add the httpReadWebSocket() function

This httpReadWebSocket() function is a waiting Control function which waits for a Websocket message from the client. It returns 0 if a message(or many messages) has been sent and is ready to read. If the socket is closed on the client side, this function returns 1.

So now, let’s define the logic to read a request:

while ( httpReadWebSocket(map["idx"], any) == 0 )
//Here, map[“idx”] references the Internal File Descriptor of the Websocket connection.
//The second argument any, gets written by the message that is received.
{
DebugTN("Received Message", any);
//Read and display the message to Log Viewer
}

*Here, note that the received message is stored in a mixed data type ‘any’. This is because websockets support only text or binary messages, and they can be passed in an anytype/mixed variable.

Step 4 – Building Logic to respond to requests

If you are using javascript to send requests to the WinCC OA http server, it is advisable to send the messages in a JSON format converted to string. To convert this JSON data to a string, you can use the function JSON.stringify(JSON_Object). The reason for using JSON format is that data parsing becomes very easy. Like you would expect, WinCC OA has a script “json.ctl” in its library that we can leverage to parse and understand the received message.

As an example, let’s say you define a request in the following format using javascript, and send it to the http server as shown below:

websocket_object = new WebSocket("ws://" + window.location.host + "/websocketurl");
//Here websocketurl is the URL used to initiate a Websocket connection in localhost.
var req_msg = {
type: “dpGetPeriod”,
dpe: “System1:Site.Site1.Total_Energy”,
T1: “2018.02.17 10:30:05.000000000”,
T1: “2018.02.18 11:30:05.000000000”
};
websocket_object.send(JSON.stringify(req_msg))
//Here, websocket_object is a js variable of the type Websocket, that communicates with the
//Server.

After the message is read on the server side, this message can be converted to json format and can be parsed as follows:

mixed any;
anytype json_data;
while ( httpReadWebSocket(map["idx"], any) == 0 )
{
DebugTN("Received Message", any);

json_data = json_strToVal(any);
if (json_data[“type”] == “dpGetPeriod”) {
custom_function(map[“idx”], json_data);
}
}

Here, you can create a custom_function() to execute the actual dpGetPeriod() function as well as add any extra logic, however you like.

Step 5 – Send Response using httpWriteWebSocket()

Based on the variables mentioned above, your write function should be like follows:

int custom_function(int idx, const mapping &json_data)
{
mapping response_data;

//Code containing backend logic

response_data[“type”] = json_data[“type”];
response_data[“dpe”] = json_data[“dpe”];
response_data[“values”] = values_from_logic;
response_data[“times”] = times_from_logic;
//Variables values_from_logic and times_from_logic are derived from the
//actual code you have to implement using dpGetPeriod()

return httpWriteWebSocket(idx, jsonEncode(response_data));
}

After sending the response, the variable response_data can now be parsed accordingly on the client side web browser using Javascript or any other relevant tool.

That’s it! This small tutorial should help you get started on how to use Websockets in WinCC OA. Sending and receiving messages on the client side can be easily done using Javascript, and have not been mentioned much here. You can also use Python to send and receive Websocket messages. Whatever methods you use, once you are able to get the underlying data, you can connect to a Dashboard directly and display real time values, or you can push them to a database for data analytics.

For completion, here’s the complete Pseudo code:

#uses “CtrlHTTP”
#uses “json.ctl”
void main()
{
httpServer(false, 8080);

httpConnect("websocket", "/websocketurl", "_websocket_");
}

void websocket(mapping map)
{
mixed any;
anytype json_data;

while ( httpReadWebSocket(map["idx"], any) == 0 )
{
DebugTN("Received Message", any);

json_data = json_strToVal(any);
if (json_data[“type”] == “dpGetPeriod”) {
custom_function(map[“idx”], json_data);
}
}
}

int custom_function(int idx, const mapping &json_data)
{
mapping response_data;

//Code containing backend logic

response_data[“type”] = json_data[“type”];
response_data[“dpe”] = json_data[“dpe”];
response_data[“values”] = values_from_logic;
response_data[“times”] = times_from_logic;
//Variables values_from_logic and times_from_logic are derived from the
//actual code you have to implement using dpGetPeriod()

return httpWriteWebSocket(idx, jsonEncode(response_data));
}

Should you need help implementing any of these for your environment, feel free to reach out to the Industrial Automation experts at SAM IT Solutions, we are just a phone call away. Call +1-919-800-0044 or e-mail us at [email protected]

Control Infotech, our Industrial Automation partner applies substation automation domain expertise in the realm of utility grid-tie solar generation plants. Complete solutions from Grid-tie engineering, protection & Control panel build, relay programming and PV plant asset monitoring are among the solutions they offer. The SCADA system is technologically the most advanced. It offers user friendly features on a non-proprietary commercially available platform. Customers benefit from a stable and powerful monitoring and control platform that can be seamlessly expanded and deployed on a Cloud platform.

Suyash Kanungo, BTech, MS
Computer Engineer
SAM Analytic Solutions


*This blog follows from – Leveraging the Cloud for WinCC OA. Please check it out for an introduction to using the Cloud capabilities for WinCC OA.

In the last blog, we explained about the advantages of using platforms like Elastic Stack, Web Frameworks, Python etc. with WinCC OA. In this blog, we discuss how to actually access data from WinCC OA to use with an analytics or Big Data platform or database of your choice. We will focus on the data archived in History DB (HDB), and how to pull it using OLE DB Provider.

OLE DB Provider has been provided by WINCC OA. OLE DB is a Microsoft specification for accessing data on different computers. It is based on Microsoft’s COM technology and is the successor to the older and limited ODBC technology. While ODBC uses static APIs for data access and is limited to SQL, OLE DB uses ADO (ActiveX Data Objects) to provide a quick and easy facility for programming applications.

OLE DB Provider is supposed to give access to the underlying HDB. It uses its own SQL queries to get Data Points. The examples are provided in the Help Documentation provided along with the WinCC OA software.

Let’s check out the requirements and limitations for using OLE DB with WinCC OA:

  1. WinCC OA version 2.12.1 or higher should be installed.
  2. It can access only archived Values and Alerts that exist in the History DB.
  3. Data can only be read, not edited.
  4. No direct support for Windows Excel 2000 or earlier versions.
  5. The Data Manager must be running when OLE DB Provider is started. If the Data Manager is stopped, queries using OLE DB are no longer possible.
  6. For distributed Systems, each WinCC OA instance should be running its own OLE DB Driver to provide access to external applications.
  7. Under Windows 64 bit, only single Server Systems are allowed as compared to Distributed systems having multiple Clients.
  8. OLE DB provider is a 32 bit driver, so it might not interact too well with 64-bit applications.

Based on these points, if your requirements are not met, you can refer to – Accessing HDB via Websocket using C# API. If you can work with these requirement, read on.

Let’s get started on how to set up OLE DB Access. The following steps can be found in the Help documentation provided in the WinCC OA software too:

Step 1 – Add WinCCOAoledb manager to the WinCC OA Project

Go to your project directory and navigate to the config folder within it. Open the file called progs and add the following line to the end:

windows/WCCOAoledb | manual |      30 |        2 |        2 |

 

*Make sure there are no blanks in the end.

Step 2 – Register the OLE DB drivers and executable

Open a command prompt as Administrator, and navigate to the WinCC_OA_installation_directory/bin/windows directory. Here, run these 3 commands:

WCCOAoledb.exe /regserver

regsvr32 WCCOAOleDbExeps.dll

regsvr32 WCCOAoledb.dll

 

Step 3 – Start WCCOAoledb Manager from the console

Now, when you start/restart your project, you’ll see the OLE DB Manager in the console.You can start it directly from the console.


Click for larger image
We have been able to get access using MS Excel as well as a Python Script with WIN32COM library. To find instructions on how to access HDB data using MS Excel, please refer to the help documentation provided with WinCC OA. Moreover, MS Access will also be able to access the underlying Data. An example output using python is shown below:


Click for larger image
To use OLE DB Provider with Python, a 32 bit version of python should be installed, and you should download the win32com library to use the communication client. The win32com client is distributed as a part of pywin32 library, which you can download from here.

If you have any questions, or need help implementing any of the Industrial Automation tools mentioned in this and other Blog posts, please feel free to contact us with any questions at +1-919-800-0044 or e-mail us at [email protected]

Control Infotech, our Industrial Automation partner applies substation automation domain expertise in the realm of utility grid-tie solar generation plants. Complete solutions from Grid-tie engineering, protection & Control panel build, relay programming and PV plant asset monitoring are among the solutions they offer. The SCADA system is technologically the most advanced. It offers user friendly features on a non-proprietary commercially available platform. Customers benefit from a stable and powerful monitoring and control platform that can be seamlessly expanded and deployed on a Cloud platform.

Suyash Kanungo, BTech, MS
Computer Engineer
SAM IT Solutions


The SIMATIC WinCC Open Architecture (WinCC OA) is a versatile SCADA system that can be used to control, monitor and supervise plants and operations in almost any line of business. It can be used as a standalone system, or can be scaled to a distributed system, connecting up to 2,048 standalone systems. It can also be connected to a Databases to archive process data from machines and production flows. Having seen numerous companies leveraging the flexibility of WinCC OA to fit their custom needs, we at SAM IT Solutions have taken the initiative to help them further leverage some modern cloud platform capabilities, that might help them stand out in the industry.

With all modern technologies drifting towards the cloud, we try to identify a few areas within WinCC OA that might benefit from the cutting edge technologies being used worldwide. Here are three key areas of improvement:

  1. Data Analytics – There is already a powerful tool within WinCC OA for analytics – SmartSCADA. However, with so much advancement made in Big Data, using platforms like Elasticsearch and Kibana might help your company save valuable time and resources. Logstash can be used to gather data from all alerts. Once your data is migrated to Elasticsearch, graphs and visualizations can be created very rapidly, and you can easily see trends for key  indicators from your WinCC OA setup.
  2. Reporting – WinCC OA has provided a SOAP(Simple Object Access Protocol) reporting interface to facilitate creating reports from third party tools. Some tools to integrate with are BIRT, Reporting tools from the Elastic Stack X-pack, or simply a custom made Python script implemented from Reportlab, Jinjas or/and WeasyPrint libraries.
  3. Dashboards and UI – Using web frameworks like Django, Flask, Ruby on Rails, Express etc. can give your web interface the look and feel of a modern application. Using these frameworks, you can create and host your UI in the Cloud. Below is an example of a Dashboard created by us for a customer using WinCC OA for their solar plant. This dashboard is directly connected to the WinCC OA server and displays real-time data and trends as you can see above.

Now you might be wondering how to connect the WinCC OA system to the tools and frameworks mentioned above. The answer is simple — really — transfer the concerned data points from the underlying database to a modern DB of your choice. If you use Oracle DB with WinCC OA, then your task ahead is even simpler. While some tools can readily integrate with Oracle directly, it is nevertheless easy to migrate data from Oracle to another database like MySQL DB, MongoDB or PostgreSQL. However, if you use History DB in your WinCC OA application, then you have to use some programming tricks to leverage some packaged WinCC OA interface libraries. To find out more, you can refer to our blogs below:

The possibilities of integrating a cloud infrastructure are endless, and not at all limited to the points above, maybe you just want to use the programming capabilities of the latest python libraries on your data points. If you have any ideas that you might want to share with us, or if you are curious about how we can help you with your custom WinCC OA architecture and needs, please do not hesitate to give us a call at +1-919-800-0044 or e-mail us at [email protected].

Control Infotech, our Industrial Automation partner applies substation automation domain expertise in the realm of utility grid-tie solar generation plants. Complete solutions from Grid-tie engineering, protection & Control panel build, relay programming and PV plant asset monitoring are among the solutions they offer. The SCADA system is technologically the most advanced. It offers user-friendly features on a non-proprietary commercially available platform. Customers benefit from a stable and powerful monitoring and control platform that can be seamlessly expanded and deployed on a Cloud platform.

Suyash Kanungo, BTech, MS
Computer Engineer
SAM IT Solutions